diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index aa525f00dc21..0605be0399c1 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -30,6 +30,7 @@
"streetsidesoftware.code-spell-checker",
"alistairchristie.open-reusables",
"AlistairChristie.version-identifier",
+ "peterbe.ghdocs-goer",
"GitHub.copilot",
"GitHub.copilot-chat"
]
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 0acb8a96e5f1..146c40f1f5a0 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -11,7 +11,7 @@
src/ghes-releases/lib/enterprise-dates.json @github/docs-content-enterprise
# Requires review of #actions-oidc-integration, docs-engineering/issues/1506
-content/actions/deployment/security-hardening-your-deployments/** @github/oidc
+# content/actions/deployment/security-hardening-your-deployments/** @github/oidc
# RAI - CELA
data/reusables/rai/** @github/legal-product
diff --git a/.github/actions/setup-elasticsearch/action.yml b/.github/actions/setup-elasticsearch/action.yml
index 34199495b9dd..667e1fe6155e 100644
--- a/.github/actions/setup-elasticsearch/action.yml
+++ b/.github/actions/setup-elasticsearch/action.yml
@@ -1,3 +1,4 @@
+# For the sake of saving time, only run this step if the test-group is one that will run tests against an Elasticsearch on localhost.
name: Set up local Elasticsearch
description: Install a local Elasticsearch with version that matches prod
@@ -6,20 +7,83 @@ inputs:
token:
description: PAT
required: true
+ elasticsearch_version:
+ description: Version of Elasticsearch to install
+ required: true
+ # Make sure the version matches production and is available on Docker Hub
+ default: '8.12.0'
runs:
using: 'composite'
steps:
- - name: Install a local Elasticsearch for testing
- # For the sake of saving time, only run this step if the test-group
- # is one that will run tests against an Elasticsearch on localhost.
- uses: getong/elasticsearch-action@95b501ab0c83dee0aac7c39b7cea3723bef14954
+ # Cache the elasticsearch image to prevent Docker Hub rate limiting
+ - name: Cache Docker layers
+ id: cache-docker-layers
+ uses: actions/cache@v2
with:
- # Make sure this matches production
- # It might also need to match what's available on Docker hub
- elasticsearch version: '8.12.0'
- host port: 9200
- container port: 9200
- host node port: 9300
- node port: 9300
- discovery type: 'single-node'
+ path: /tmp/docker-cache
+ key: ${{ runner.os }}-elasticsearch-${{ inputs.elasticsearch_version }}
+ restore-keys: |
+ ${{ runner.os }}-elasticsearch-
+
+ - name: Load cached Docker image
+ shell: bash
+ if: steps.cache-docker-layers.outputs.cache-hit == 'true'
+ run: docker load -i /tmp/docker-cache/elasticsearch.tar || echo "No cache found for elasticsearch, pulling image"
+
+ - name: Pull Docker image
+ shell: bash
+ if: steps.cache-docker-layers.outputs.cache-hit != 'true'
+ run: docker pull elasticsearch:${{ inputs.elasticsearch_version }}
+
+ - name: Save Docker image to cache
+ shell: bash
+ if: steps.cache-docker-layers.outputs.cache-hit != 'true'
+ run: |
+ mkdir -p /tmp/docker-cache
+ docker save -o /tmp/docker-cache/elasticsearch.tar elasticsearch:${{ inputs.elasticsearch_version }}
+
+ # Setups the Elasticsearch container
+ # Derived from https://github.com/getong/elasticsearch-action
+ - name: Run Docker container
+ shell: bash
+ env:
+ INPUT_ELASTICSEARCH_VERSION: ${{ inputs.elasticsearch_version }}
+ INPUT_HOST_PORT: 9200
+ INPUT_CONTAINER_PORT: 9200
+ INPUT_HOST_NODE_PORT: 9300
+ INPUT_NODE_PORT: 9300
+ INPUT_DISCOVERY_TYPE: 'single-node'
+ run: |
+ docker network create elastic
+
+ docker run --network elastic \
+ -e 'node.name=es1' \
+ -e 'cluster.name=docker-elasticsearch' \
+ -e 'cluster.initial_master_nodes=es1' \
+ -e 'discovery.seed_hosts=es1' \
+ -e 'cluster.routing.allocation.disk.threshold_enabled=false' \
+ -e 'bootstrap.memory_lock=true' \
+ -e 'ES_JAVA_OPTS=-Xms1g -Xmx1g' \
+ -e 'xpack.security.enabled=false' \
+ -e 'xpack.license.self_generated.type=basic' \
+ --ulimit nofile=65536:65536 \
+ --ulimit memlock=-1:-1 \
+ --name='es1' \
+ -d \
+ -p $INPUT_HOST_PORT:$INPUT_CONTAINER_PORT \
+ -p $INPUT_HOST_NODE_PORT:$INPUT_NODE_PORT \
+ -e discovery_type=$INPUT_DISCOVERY_TYPE \
+ elasticsearch:$INPUT_ELASTICSEARCH_VERSION
+
+ # Check if Elasticsearch is up and running
+ for i in {1..120}; do
+ if curl --silent --fail http://localhost:9200; then
+ echo "Elasticsearch is up and running"
+ exit 0
+ fi
+ echo "Waiting for Elasticsearch to be ready..."
+ sleep 1
+ done
+ echo "Elasticsearch did not become ready in time"
+ exit 1
diff --git a/.github/branch_protection_settings/main.json b/.github/branch_protection_settings/main.json
index 4d69edc2e33b..ff86b4b242e3 100644
--- a/.github/branch_protection_settings/main.json
+++ b/.github/branch_protection_settings/main.json
@@ -39,7 +39,8 @@
"frame",
"products",
"workflows",
- "lint-code"
+ "lint-code",
+ "secret-scanning",
],
"contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
"checks": [
@@ -81,7 +82,8 @@
{ "context": "frame", "app_id": 15368 },
{ "context": "products", "app_id": 15368 },
{ "context": "workflows", "app_id": 15368 },
- { "context": "lint-code", "app_id": 15368 }
+ { "context": "lint-code", "app_id": 15368 },
+ { "context": "secret-scanning", "app_id": 15368 }
]
},
"restrictions": {
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7c3423e8d88f..f55b6cdde90c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,7 +11,8 @@ updates:
# Because whatever we have needs to match what @primer/react also uses
- dependency-name: 'styled-components'
- dependency-name: '*'
- update-types: ['version-update:semver-patch']
+ update-types:
+ ['version-update:semver-patch', 'version-update:semver-minor']
- package-ecosystem: 'github-actions'
directory: '/'
@@ -20,7 +21,8 @@ updates:
day: wednesday
ignore:
- dependency-name: '*'
- update-types: ['version-update:semver-patch']
+ update-types:
+ ['version-update:semver-patch', 'version-update:semver-minor']
- package-ecosystem: 'docker'
directory: '/'
diff --git a/.github/workflows/azure-preview-env-deploy-public.yml b/.github/workflows/azure-preview-env-deploy-public.yml
index fde6c90618b7..1be9f7664868 100644
--- a/.github/workflows/azure-preview-env-deploy-public.yml
+++ b/.github/workflows/azure-preview-env-deploy-public.yml
@@ -66,7 +66,7 @@ jobs:
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out main branch
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -112,7 +112,7 @@ jobs:
run: src/workflows/prune-for-preview-env.sh
- name: 'Build and push image'
- uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+ uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
push: true
diff --git a/.github/workflows/azure-preview-env-deploy.yml b/.github/workflows/azure-preview-env-deploy.yml
index be10e7fd36e5..2b9c192d8d90 100644
--- a/.github/workflows/azure-preview-env-deploy.yml
+++ b/.github/workflows/azure-preview-env-deploy.yml
@@ -79,7 +79,7 @@ jobs:
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out PR code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -171,7 +171,7 @@ jobs:
run: src/workflows/prune-for-preview-env.sh
- name: 'Build and push image'
- uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+ uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
push: true
diff --git a/.github/workflows/azure-prod-build-deploy.yml b/.github/workflows/azure-prod-build-deploy.yml
index b70523dbd8a9..254ca141255b 100644
--- a/.github/workflows/azure-prod-build-deploy.yml
+++ b/.github/workflows/azure-prod-build-deploy.yml
@@ -49,12 +49,9 @@ jobs:
password: ${{ secrets.PROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out repo
- # If any of the steps above fail, we'll need a checkout so we
- # have access to the `.github/actions/slack-alert/action.yml` file.
- if: ${{ always() && github.event_name != 'workflow_dispatch' }}
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.sha }}
@@ -67,6 +64,11 @@ jobs:
node-version-file: 'package.json'
cache: npm
+ # Currently we only need this to run dependencies in
+ # src/workflows/check-canary-slots.js
+ - name: Install dependencies
+ run: npm install
+
- name: Clone docs-early-access
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
@@ -90,7 +92,7 @@ jobs:
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
- name: 'Build and push image'
- uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+ uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
push: true
diff --git a/.github/workflows/azure-staging-build-deploy.yml b/.github/workflows/azure-staging-build-deploy.yml
index 1769d2ebb23e..c02e8a864c48 100644
--- a/.github/workflows/azure-staging-build-deploy.yml
+++ b/.github/workflows/azure-staging-build-deploy.yml
@@ -57,7 +57,7 @@ jobs:
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -91,7 +91,7 @@ jobs:
run: src/early-access/scripts/merge-early-access.sh
- name: 'Build and push image'
- uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+ uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
push: true
diff --git a/.github/workflows/codeowners-legal.yml b/.github/workflows/codeowners-legal.yml
index 23820f24adcb..7190176c8154 100644
--- a/.github/workflows/codeowners-legal.yml
+++ b/.github/workflows/codeowners-legal.yml
@@ -30,10 +30,16 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ # Picking this number is a "best guess". If we make it too large,
+ # the checkout will take potentially unnecessariily long.
+ # This reduces the chance that tj-actions/changed-files has to
+ # fetch deeper history. But if it needs to, it will.
+ fetch-depth: 10
- name: Get changed files
id: changed-files
- uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0
+ uses: tj-actions/changed-files@40853de9f8ce2d6cfdc73c1b96f14e22ba44aec4 # v45.0.0
with:
files: 'content/**'
output_renamed_files_as_deleted_and_added: true
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a27be1874a02..67fdbd0d6702 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -36,13 +36,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+ - uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
with:
languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp, ruby}
config: |
paths-ignore:
- 'src/open-source/scripts/add-pr-links.js'
- - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+ - uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
continue-on-error: true
- uses: ./.github/actions/slack-alert
diff --git a/.github/workflows/content-lint-markdown.yml b/.github/workflows/content-lint-markdown.yml
index 39164171a360..80490a9440d7 100644
--- a/.github/workflows/content-lint-markdown.yml
+++ b/.github/workflows/content-lint-markdown.yml
@@ -30,7 +30,7 @@ jobs:
- name: Get changed content/data files
id: changed-files
- uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0
+ uses: tj-actions/changed-files@40853de9f8ce2d6cfdc73c1b96f14e22ba44aec4 # v45.0.0
with:
# No need to escape the file names because we make the output of
# tj-actions/changed-files be set as an environment variable. Not
diff --git a/.github/workflows/delete-orphan-translation-files.yml b/.github/workflows/delete-orphan-translation-files.yml
index 1862bae8b943..da1e7cec5edb 100644
--- a/.github/workflows/delete-orphan-translation-files.yml
+++ b/.github/workflows/delete-orphan-translation-files.yml
@@ -95,7 +95,7 @@ jobs:
changes=$(git diff --name-only | wc -l)
untracked=$(git status --untracked-files --short | wc -l)
if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
- echo "There are no changes to commit after running src/rest/scripts/update-files.js. Exiting..."
+ echo "There are no changes to commit or untracked files. Exiting."
exit 0
fi
diff --git a/.github/workflows/main-preview-docker-cache.yml b/.github/workflows/main-preview-docker-cache.yml
index 918cd886c6d2..db137ac78113 100644
--- a/.github/workflows/main-preview-docker-cache.yml
+++ b/.github/workflows/main-preview-docker-cache.yml
@@ -42,7 +42,7 @@ jobs:
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -68,7 +68,7 @@ jobs:
run: src/workflows/prune-for-preview-env.sh
- name: 'Build and push image'
- uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+ uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
push: true
diff --git a/.github/workflows/repo-sync-stalls.yml b/.github/workflows/repo-sync-stalls.yml
deleted file mode 100644
index 2ff7b8a78196..000000000000
--- a/.github/workflows/repo-sync-stalls.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-name: Repo Sync Stalls
-
-# **What it does**: This lets us know in Slack if repo-sync doesn't happen in a timely manner.
-# **Why we have it**: We want repo-sync to keep the two repositories in sync with each other.
-# **Who does it impact**: Open-source contributors, docs engineering.
-
-on:
- workflow_dispatch:
- schedule:
- - cron: '20 */2 * * *' # Run every 2nd hour at 20 minutes after
-
-permissions:
- contents: read
- pull-requests: read
-
-jobs:
- repo-sync-stalls:
- if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
- runs-on: ubuntu-latest
- steps:
- - name: Check if repo sync is stalled
- uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
- with:
- script: |
- let pulls;
- const owner = context.repo.owner
- const repo = context.repo.repo
- try {
- pulls = await github.rest.pulls.list({
- owner: owner,
- repo: repo,
- head: `${owner}:repo-sync`,
- state: 'open'
- });
- } catch(err) {
- throw err
- return
- }
-
- // Remove all pull requests that don't have the
- // 'automated-reposync-pr' label
- pulls.data = pulls.data.filter(pr =>
- pr.labels.some(label => label.name === 'automated-reposync-pr')
- )
-
- // Search for pull requests that have been open too long
- pulls.data.forEach(pr => {
- const timeDelta = Date.now() - Date.parse(pr.created_at);
- const minutesOpen = timeDelta / 1000 / 60;
-
- if (minutesOpen > 180) {
- core.setFailed('Repo sync appears to be stalled')
- }
- })
-
- - name: Check out repo
- if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
- - uses: ./.github/actions/slack-alert
- if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
- with:
- slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
- slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml
index 5dd70d12a8c9..d4f549a1f7f1 100644
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@@ -10,7 +10,7 @@ name: Repo Sync
on:
workflow_dispatch:
schedule:
- - cron: '20,50 * * * *' # Run every hour at 20 and 50 minutes after
+ - cron: '20 */3 * * *' # Run every 3rd hour at 20 minutes after
permissions:
contents: write
diff --git a/.github/workflows/sync-audit-logs.yml b/.github/workflows/sync-audit-logs.yml
index d2e938bd45bf..f0226617d16b 100644
--- a/.github/workflows/sync-audit-logs.yml
+++ b/.github/workflows/sync-audit-logs.yml
@@ -55,7 +55,7 @@ jobs:
changes=$(git diff --name-only | wc -l)
untracked=$(git status --untracked-files --short | wc -l)
if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
- echo "There are no changes to commit after running src/rest/scripts/update-files.js. Exiting..."
+ echo "There are no changes to commit or untracked files. Exiting..."
exit 0
fi
diff --git a/.github/workflows/sync-openapi.yml b/.github/workflows/sync-openapi.yml
index e80f1a3a30e8..7e28c4294484 100644
--- a/.github/workflows/sync-openapi.yml
+++ b/.github/workflows/sync-openapi.yml
@@ -49,7 +49,7 @@ jobs:
# Needed for gh
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
run: |
- src/rest/scripts/update-files.js --source-repo rest-api-description --output rest github-apps webhooks rest-redirects
+ npm run sync-rest -- --source-repo rest-api-description --output rest github-apps webhooks rest-redirects
git status
echo "Deleting the cloned github/rest-api-description repo..."
rm -rf rest-api-description
@@ -73,7 +73,7 @@ jobs:
# If nothing to commit, exit now. It's fine. No orphans.
changes=$(git diff --name-only | wc -l)
if [[ $changes -eq 0 ]]; then
- echo "There are no changes to commit after running src/rest/scripts/update-files.js. Exiting..."
+ echo "There are no changes to commit after running `npm run sync-rest` Exiting..."
exit 0
fi
diff --git a/.github/workflows/sync-secret-scanning.yml b/.github/workflows/sync-secret-scanning.yml
index d8d65f65af11..8a1ef68e338a 100644
--- a/.github/workflows/sync-secret-scanning.yml
+++ b/.github/workflows/sync-secret-scanning.yml
@@ -74,9 +74,9 @@ jobs:
/cc @github/docs-content-security-products
- If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
+ If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \
--repo github/docs-internal \
- --label secret-scanning-pipeline,ready-for-docs-review
+ --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
diff --git a/.github/workflows/test-changed-content.yml b/.github/workflows/test-changed-content.yml
index 9abf986c42fc..dab8e7971f1c 100644
--- a/.github/workflows/test-changed-content.yml
+++ b/.github/workflows/test-changed-content.yml
@@ -45,7 +45,7 @@ jobs:
- name: Get changed files
id: changed-files
- uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0
+ uses: tj-actions/changed-files@40853de9f8ce2d6cfdc73c1b96f14e22ba44aec4 # v45.0.0
with:
# No need to escape the file names because we make the output of
# tj-actions/changed-files be set as an environment variable. Not
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e15ab0dec1ca..384757c47e2b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -45,6 +45,7 @@ jobs:
- automated-pipelines
# - bookmarklets
- changelogs
+ # - code-scanning
# - codeql-cli
- color-schemes
- content-linter
@@ -71,10 +72,11 @@ jobs:
- release-notes
- rest
- search
+ - secret-scanning
- shielding
- - tracking
# - tests
# - tools
+ - tracking
- versions
- webhooks
- workflows
diff --git a/.github/workflows/validate-github-github-docs-urls.yml b/.github/workflows/validate-github-github-docs-urls.yml
index 90068f69c19c..e93d9f803660 100644
--- a/.github/workflows/validate-github-github-docs-urls.yml
+++ b/.github/workflows/validate-github-github-docs-urls.yml
@@ -7,7 +7,7 @@ name: Validate github/github docs URLs
on:
workflow_dispatch:
schedule:
- - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST
+ - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST
pull_request:
paths:
- 'content/**'
@@ -108,7 +108,7 @@ jobs:
- name: Get changed content/data files
if: ${{ github.event_name == 'pull_request' }}
id: changed-files
- uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0
+ uses: tj-actions/changed-files@40853de9f8ce2d6cfdc73c1b96f14e22ba44aec4 # v45.0.0
with:
# No need to escape the file names because we make the output of
# tj-actions/changed-files be set as an environment variable. Not
diff --git a/Dockerfile b/Dockerfile
index 505f3dd3a436..38cd737ac299 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@
# --------------------------------------------------------------------------------
# To update the sha, run `docker pull node:$VERSION-alpine`
# look for something like: `Digest: sha256:0123456789abcdef`
-FROM node:20-alpine@sha256:66c7d989b6dabba6b4305b88f40912679aebd9f387a5b16ffa76dfb9ae90b060 as base
+FROM node:20-alpine@sha256:66f7f89199daea88a6b5d5aadaa6d20f7a16a90fc35274deda8e901e267d4bd7 AS base
# This directory is owned by the node user
ARG APP_HOME=/home/node/app
@@ -19,7 +19,7 @@ WORKDIR $APP_HOME
# ---------------
# ALL DEPS
# ---------------
-FROM base as all_deps
+FROM base AS all_deps
COPY --chown=node:node package.json package-lock.json ./
@@ -34,7 +34,7 @@ RUN npm i @next/swc-linux-x64-musl --no-save || npm i @next/swc-linux-arm64-musl
# ---------------
# PROD DEPS
# ---------------
-FROM all_deps as prod_deps
+FROM all_deps AS prod_deps
RUN npm prune --production
@@ -42,7 +42,7 @@ RUN npm prune --production
# ---------------
# BUILDER
# ---------------
-FROM all_deps as builder
+FROM all_deps AS builder
COPY src ./src
# The star is because it's an optional directory
@@ -63,7 +63,7 @@ RUN npm run build
# PREVIEW IMAGE - no translations
# --------------------------------------------------------------------------------
-FROM base as preview
+FROM base AS preview
# Copy just prod dependencies
COPY --chown=node:node --from=prod_deps $APP_HOME/node_modules $APP_HOME/node_modules
@@ -72,12 +72,12 @@ COPY --chown=node:node --from=prod_deps $APP_HOME/node_modules $APP_HOME/node_mo
COPY --chown=node:node --from=builder $APP_HOME/.next $APP_HOME/.next
# We should always be running in production mode
-ENV NODE_ENV production
+ENV NODE_ENV=production
# Preferred port for server.js
-ENV PORT 4000
+ENV PORT=4000
-ENV ENABLED_LANGUAGES "en"
+ENV ENABLED_LANGUAGES="en"
# This makes it possible to set `--build-arg BUILD_SHA=abc123`
# and it then becomes available as an environment variable in the docker run.
@@ -102,7 +102,7 @@ CMD ["node_modules/.bin/tsx", "src/frame/server.ts"]
# --------------------------------------------------------------------------------
# PRODUCTION IMAGE - includes all translations
# --------------------------------------------------------------------------------
-FROM preview as production
+FROM preview AS production
# Override what was set for previews
# Make this match the default of `Object.keys(languages)` in src/languages/lib/languages.js
diff --git a/assets/images/contributing/search-results.png b/assets/images/contributing/search-results.png
new file mode 100644
index 000000000000..df4c4f0c2279
Binary files /dev/null and b/assets/images/contributing/search-results.png differ
diff --git a/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png b/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png
new file mode 100644
index 000000000000..9f4a5a209206
Binary files /dev/null and b/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png differ
diff --git a/assets/images/help/actions/actions-vnet-injected-larger-runners-architecture.png b/assets/images/help/actions/actions-vnet-injected-larger-runners-architecture.png
index c773a4a4a1ee..84515a6bd12b 100644
Binary files a/assets/images/help/actions/actions-vnet-injected-larger-runners-architecture.png and b/assets/images/help/actions/actions-vnet-injected-larger-runners-architecture.png differ
diff --git a/assets/images/help/business-accounts/transfer-organization.png b/assets/images/help/business-accounts/transfer-organization.png
new file mode 100644
index 000000000000..df377e27a641
Binary files /dev/null and b/assets/images/help/business-accounts/transfer-organization.png differ
diff --git a/assets/images/help/codespaces/codespaces-rebuild-full.png b/assets/images/help/codespaces/codespaces-rebuild-full.png
deleted file mode 100644
index a70d29acb2c5..000000000000
Binary files a/assets/images/help/codespaces/codespaces-rebuild-full.png and /dev/null differ
diff --git a/assets/images/help/copilot/chat-new-conversation-button.png b/assets/images/help/copilot/chat-new-conversation-button.png
index 25a6fc6cc242..9e080236da07 100644
Binary files a/assets/images/help/copilot/chat-new-conversation-button.png and b/assets/images/help/copilot/chat-new-conversation-button.png differ
diff --git a/assets/images/help/copilot/copilot-business-manage-seats.png b/assets/images/help/copilot/copilot-business-manage-seats.png
new file mode 100644
index 000000000000..7ef4379962dc
Binary files /dev/null and b/assets/images/help/copilot/copilot-business-manage-seats.png differ
diff --git a/assets/images/help/copilot/copilot-chat-all-repositories.png b/assets/images/help/copilot/copilot-chat-all-repositories.png
index 0f57e0281ea2..098cb5ea49dd 100644
Binary files a/assets/images/help/copilot/copilot-chat-all-repositories.png and b/assets/images/help/copilot/copilot-chat-all-repositories.png differ
diff --git a/assets/images/help/copilot/copilot-downgrade-to-business.png b/assets/images/help/copilot/copilot-downgrade-to-business.png
new file mode 100644
index 000000000000..e7044faccbf8
Binary files /dev/null and b/assets/images/help/copilot/copilot-downgrade-to-business.png differ
diff --git a/assets/images/help/copilot/index-this-repo.png b/assets/images/help/copilot/index-this-repo.png
index 99c18528b62b..0165081bdd61 100644
Binary files a/assets/images/help/copilot/index-this-repo.png and b/assets/images/help/copilot/index-this-repo.png differ
diff --git a/assets/images/help/copilot/indexed-repo.png b/assets/images/help/copilot/indexed-repo.png
new file mode 100644
index 000000000000..de9aff6cbe86
Binary files /dev/null and b/assets/images/help/copilot/indexed-repo.png differ
diff --git a/assets/images/help/enterprises/activity-dashboard.png b/assets/images/help/enterprises/activity-dashboard.png
new file mode 100644
index 000000000000..5e31e4a15b00
Binary files /dev/null and b/assets/images/help/enterprises/activity-dashboard.png differ
diff --git a/assets/images/help/repository/add-required-workflow-dialog.png b/assets/images/help/repository/add-required-workflow-dialog.png
new file mode 100644
index 000000000000..1d8ae5f46738
Binary files /dev/null and b/assets/images/help/repository/add-required-workflow-dialog.png differ
diff --git a/assets/images/help/repository/secret-scanning-use-regular-expression-generator.png b/assets/images/help/repository/secret-scanning-use-regular-expression-generator.png
index 3df98931336f..55eab816973e 100644
Binary files a/assets/images/help/repository/secret-scanning-use-regular-expression-generator.png and b/assets/images/help/repository/secret-scanning-use-regular-expression-generator.png differ
diff --git a/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png b/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png
new file mode 100644
index 000000000000..e3f5582ead27
Binary files /dev/null and b/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png differ
diff --git a/assets/images/help/settings/personal-access-tokens-ghes.png b/assets/images/help/settings/personal-access-tokens-ghes.png
new file mode 100644
index 000000000000..85b605a77a8a
Binary files /dev/null and b/assets/images/help/settings/personal-access-tokens-ghes.png differ
diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md
index a0e56bdfbd6f..bcdf32a42b34 100644
--- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md
+++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md
@@ -32,7 +32,7 @@ When you unsubscribe from notifications in your inbox, you have several other tr
### Benefits of unsubscribing from the subscriptions page
-When you unsubscribe from notifications on the subscriptions page, you can see more of the notifications you're subscribed to and sort them by "Most recently subscribed" or "Least recently subscribed".
+When you unsubscribe from notifications on the subscriptions page, you can see more of the notifications you're subscribed to and sort them by "Most recently subscribed" or "Least recently subscribed."
The subscriptions page shows you all of the notifications that you're currently subscribed to, including notifications that you have marked as **Done** in your inbox.
diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications.md
index 0ede58f1010d..852c85563c9d 100644
--- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications.md
+++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications.md
@@ -22,10 +22,10 @@ You can choose to receive ongoing updates about specific activity on {% data var
### Subscription options
You can choose to subscribe to notifications for:
-* A conversation in a specific issue, pull request, or gist.
-* All activity in a repository{% ifversion team-discussions %} or team discussion{% endif %}.
-* CI activity, such as the status of workflows in repositories set up with {% data variables.product.prodname_actions %}.
-* Repository {% data reusables.notifications-v2.custom-notification-types %} (if enabled).
+* A conversation in a specific issue, pull request, or gist
+* All activity in a repository{% ifversion team-discussions %} or team discussion{% endif %}
+* CI activity, such as the status of workflows in repositories set up with {% data variables.product.prodname_actions %}
+* Repository {% data reusables.notifications-v2.custom-notification-types %} (if enabled)
You can also choose to automatically watch all repositories that you have push access to, except forks. You can watch any other repository you have access to manually by clicking **Watch**.
diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
index ec1b7c326ac8..b3c592f9d428 100644
--- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
+++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
@@ -45,7 +45,7 @@ The notifications inbox includes triaging options designed specifically for your
* Preview the issue{% ifversion team-discussions %}, pull request, or team discussion{% else %} or pull request{% endif %} where the notification originates on {% data variables.product.prodname_dotcom %} from within the notifications inbox.
* See one of the latest reasons you're receiving a notification from your inbox with a `reasons` label.
* Create custom filters to focus on different notifications when you want.
-* Group notifications in your inbox by repository or date to get a quick overview with less context switching
+* Group notifications in your inbox by repository or date to get a quick overview with less context switching.
In addition, you can receive and triage notifications on your mobile device with {% data variables.product.prodname_mobile %}. For more information, see "[Managing your notification settings with GitHub Mobile](#managing-your-notification-settings-with-github-mobile)" or "[AUTOTITLE](/get-started/using-github/github-mobile)."
@@ -55,7 +55,7 @@ One benefit of using an email client is that all of your notifications can be ke
Sending notifications to your email client also allows you to customize your inbox according to your email client's settings, which can include custom or color-coded labels.
-Email notifications also allow flexibility with the types of notifications you receive and allow you to choose different email addresses for updates. For example, you can send certain notifications for a repository to a verified personal email address. For more information, about your email customization options, see "[Customizing your email notifications](#customizing-your-email-notifications)."
+Email notifications also allow flexibility with the types of notifications you receive and allow you to choose different email addresses for updates. For example, you can send certain notifications for a repository to a verified personal email address. For more information, about your email customization options, see "[Customizing your email notifications](#customizing-your-email-notifications)."
## About participating and watching notifications
@@ -105,11 +105,11 @@ If you're using Gmail, you can click a button beside the notification email to v
{% endif %}
-Choose a default email address where you want to send updates for conversations you're participating in or watching. You can also specify which activity on {% data variables.product.prodname_dotcom %} you want to receive updates for using your default email address. For example, choose whether you want updates to your default email from:
-* Comments on issues and pull requests.
-* Pull request reviews.
-* Pull request pushes.
-* Your own updates, such as when you open, comment on, or close an issue or pull request.
+Choose a default email address where you want to send updates for conversations you're participating in or watching. You can also specify which activity on {% data variables.product.prodname_dotcom %} you want to receive updates for using your default email address. For example, choose whether you want updates sent to your default email from:
+* Comments on issues and pull requests
+* Pull request reviews
+* Pull request pushes
+* Your own updates, such as when you open, comment on, or close an issue or pull request
Depending on the organization that owns the repository, you can also send notifications to different email addresses. Your organization may require the email address to be verified for a specific domain. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#choosing-where-your-organizations-email-notifications-are-sent)."
@@ -127,12 +127,26 @@ Email notifications from {% data variables.product.prodname_dotcom %} contain he
| Header | Information |
| --- | --- |
-| `From` address | This address will always be {% ifversion fpt or ghec %}'`notifications@github.com`'{% else %}'the no-reply email address configured by your site administrator'{% endif %}. |
+| `From` address | This address will always be {% ifversion fpt or ghec %}`notifications@github.com`{% else %}'the no-reply email address configured by your site administrator'{% endif %}. |
| `To` field | This field connects directly to the thread. If you reply to the email, you'll add a new comment to the conversation. |
| `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% ifversion fpt or ghec %}`@noreply.github.com`{% else %}based on the no-reply email address configured by your site administrator{% endif %}. The possible notification reasons are:
`assign`: You were assigned to an issue or pull request.
`author`: You created an issue or pull request.
`ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.
`comment`: You commented on an issue or pull request.
`manual`: There was an update to an issue or pull request you manually subscribed to.
`mention`: You were mentioned on an issue or pull request.
`push`: Someone committed to a pull request you're subscribed to.
`review_requested`: You or a team you're a member of was requested to review a pull request.
`security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.
`state_change`: An issue or pull request you're subscribed to was either closed or opened.
`subscribed`: There was an update in a repository you're watching.
`team_mention`: A team you belong to was mentioned on an issue or pull request.
`your_activity`: You opened, commented on, or closed an issue or pull request.
|
| `List-Id` field | This field identifies the name of the repository and its owner. The format of this address is always `OWNER/REPOSITORY `, e.g. `List-Id: grain-lang/grain `. |
| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
`low`
`moderate`
`high`
`critical`
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
+## Replying to email notifications
+
+You can reply to email notifications from {% data variables.product.product_name %} and your reply will be posted to the issue, pull request, or discussion.
+
+The `reply-to` address on each email notification identifies the thread and the account that the comment will be posted from. This email address remains valid until you reset your password.
+
+{% data variables.product.product_name %} will not always include the full email contents and will attempt to strip some personally identifiable information from comments created via an email reply:
+
+* Email addresses in a standard format, such as `octocat@github.com`, are transformed to `***@***.***`.
+* Signatures and quoted reply chains, when the email client has used a `>` to mark those sections, are stripped.
+* While the unsubscribe link from your email notification is sometimes quoted, the link will only work when signed in to your account.
+* Email attachments are not included in the resulting comment.
+* The maximum length of a comment created via an email reply is 65530 characters.
+
## Choosing your notification settings
{% data reusables.notifications.access_notifications %}
@@ -159,7 +173,7 @@ For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptio
## Configuring your watch settings for an individual repository
-You can choose whether to watch or unwatch an individual repository. You can also choose to only be notified of certain event types such as {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository) , or completely ignore an individual repository.
+You can choose whether to watch or unwatch an individual repository. You can also choose to only be notified of certain event types such as {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository), or completely ignore an individual repository.
{% data reusables.repositories.navigate-to-repo %}
1. In the upper-right corner, select the "Watch" drop-down menu, then click a watch option.
@@ -220,7 +234,7 @@ For more information about the notification delivery methods available to you, a
{% data reusables.secret-scanning.secret-scanning-configure-notifications %}
-For more information on how to configure notifications for {% data variables.secret-scanning.alerts %}, see "[Configuring notifications for secret scanning alerts](/code-security/secret-scanning/managing-alerts-from-secret-scanning#configuring-notifications-for-secret-scanning-alerts)."
+For more information on how to configure notifications for {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts)."
{% ifversion update-notification-settings-22 or ghes %}
@@ -232,9 +246,9 @@ For repositories that are set up with {% data variables.product.prodname_actions
1. On the "Notification settings" page, under "System", then under "Actions", select the **Don't notify** dropdown menu.
-1. To opt into web notifications, from the dropdown menu, select "On {% data variables.product.prodname_dotcom %}".
+1. To opt into web notifications, from the dropdown menu, select "On {% data variables.product.prodname_dotcom %}."
- To opt into email notifications, from the dropdown menu, select "Email".
+ To opt into email notifications, from the dropdown menu, select "Email."
1. Optionally, to only receive notifications for failed workflow runs, from the dropdown menu, select "Only notify for failed workflows", then click **Save**.{% endif %}
{% ifversion ghes %}
diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md
index c2e97e28e89f..245cd622ebc0 100644
--- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md
+++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md
@@ -27,10 +27,10 @@ For an example workflow of removing notifications that are easy to remove or tri
Choose which type of notifications are most urgent to review and pick a time to review them that's best for you. You might consider the question "Who am I blocking?"
For example, you may decide to check your notifications in this order in the morning during your daily planning time:
-* Pull requests where your review is requested. (filter by `reason:review-requested`)
-* Events where your username is @mentioned, also called direct mentions. (filter by `reason:mention`)
-* Events where a team you're a member of is @mentioned, also called team mentions. (filter by `reason:team-mention`)
-* CI workflow failures for a specific repository. (filter by `reason:ci-activity` and `repo:owner/repo-name` and ensure you've enabled CI activity notifications for workflow failures in your notification settings)
+* Pull requests where your review is requested (filter by `reason:review-requested`)
+* Events where your username is @mentioned, also called direct mentions (filter by `reason:mention`)
+* Events where a team you're a member of is @mentioned, also called team mentions (filter by `reason:team-mention`)
+* CI workflow failures for a specific repository (filter by `reason:ci-activity` and `repo:owner/repo-name` and ensure you've enabled CI activity notifications for workflow failures in your notification settings)
{% tip %}
@@ -63,8 +63,8 @@ After triaging the higher priority notifications, review the remaining notificat
Choose which type of notifications are quickest and easiest for you to triage and remove from your inbox, ideally triaging multiple notifications at once.
For example, you may decide to clear notifications in this order:
-* Participating notifications that you can unsubscribe to.
-* Repository updates that are not relevant to keep or follow-up on.
+* Participating notifications that you can unsubscribe to
+* Repository updates that are not relevant to keep or follow-up on
For more information on managing multiple notifications in your inbox at the same time, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#triaging-multiple-notifications-at-the-same-time)."
diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
index eafdead67116..dce9e2dbeede 100644
--- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
+++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
@@ -73,11 +73,12 @@ You can add up to 15 of your own custom filters.
## Custom filter limitations
Custom filters do not currently support:
-* Full text search in your inbox, including searching for pull request or issue titles.
+
+* Full text search in your inbox, including searching for pull request or issue titles
* Distinguishing between the `is:issue`, `is:pr`, and `is:pull-request` query filters. These queries will return both issues and pull requests.
-* Creating more than 15 custom filters.
-* Changing the default filters or their order.
-* Search [exclusion](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#exclude-certain-results) using `NOT` or `-QUALIFIER`.
+* Creating more than 15 custom filters
+* Changing the default filters or their order
+* Search [exclusion](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#exclude-certain-results) using `NOT` or `-QUALIFIER`
## Supported queries for custom filters
diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md
index 3bd449ea179c..c1cdae1de1f2 100644
--- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md
+++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md
@@ -19,14 +19,14 @@ Private profiles cannot receive sponsorships under [{% data variables.product.pr
When your profile is private, the following content is hidden from your profile page:
-* Achievements and highlights.
-* Activity overview and activity feed.
-* Contribution graph.
-* Follower and following counts.
-* Follow and Sponsor buttons.
-* Organization memberships.
-* Stars, projects, packages, and sponsoring tabs.
-* Your pronouns.
+* Achievements and highlights
+* Activity overview and activity feed
+* Contribution graph
+* Follower and following counts
+* Follow and Sponsor buttons
+* Organization memberships
+* Stars, projects, packages, and sponsoring tabs
+* Your pronouns
{% note %}
@@ -40,10 +40,10 @@ By making your profile private, you will not remove or hide past activity; this
When your profile is private, your {% data variables.product.prodname_dotcom %} activity will not appear in the following locations:
-* Activity feeds for other users.
-* Discussions leaderboards.
-* Site-wide search results.
-* The [Trending](https://github.com/trending) page.
+* Activity feeds for other users
+* Discussions leaderboards
+* Site-wide search results
+* The [Trending](https://github.com/trending) page
{% note %}
diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md
index 05afae10fdc2..eb9dbe1df9d6 100644
--- a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md
+++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md
@@ -1,5 +1,5 @@
---
-title: Showing your private contributions and achievements on your profile
+title: Showing your private contributions {% ifversion hide-individual-achievements %}and achievements {% endif %}on your profile
intro: 'Your {% data variables.product.product_name %} profile shows a graph of your repository contributions over the past year. You can choose to show anonymized activity from private and internal repositories in addition to the activity from public repositories.'
redirect_from:
- /articles/publicizing-or-hiding-your-private-contributions-on-your-profile
@@ -12,7 +12,8 @@ versions:
ghec: '*'
topics:
- Profiles
-shortTitle: Private contributions and achievements
+shortTitle: Private contributions {% ifversion hide-individual-achievements %}and achievements{% endif %}
+allowTitleToDifferFromFilename: true
---
If you publicize your private contributions, people without access to the private repositories you work in won't be able to see the details of your private contributions. Instead, they'll see the number of private contributions you made on any given day. Your public contributions will include detailed information. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile)."
@@ -36,14 +37,14 @@ If you choose to hide your private contributions, visitors will only see your pu
1. Click **Private contributions** to show or hide private contributions on your profile.
+{% ifversion hide-individual-achievements %}
+
## Changing the visibility of achievements
{% data reusables.user-settings.access_settings %}
1. Under "Profile settings", select or deselect **Show Achievements on my profile.**
1. Click **Update preferences**.
-{% ifversion hide-individual-achievements %}
-
## Hiding an individual achievement on your profile
You can hide an individual achievement on your profile. When hidden, badges are only visible to you.
diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md
index 22db53f8e7c8..0011608f4bf5 100644
--- a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md
+++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md
@@ -27,6 +27,8 @@ If you are part of an organization that uses SAML single sign-on (SSO), you won
Issues, pull requests, and discussions will appear on your contribution graph if they were opened in a standalone repository, not a fork.
+{% data variables.product.company_short %} limits the number of these items when displaying the contribution graph. If you've reached the limit, the contribution graph may not display all of your contributions.
+
### Commits
Commits will appear on your contributions graph if they meet **all** of the following conditions:
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address.md
index 94829c8086c5..4b9f780b2c22 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address.md
@@ -1,6 +1,6 @@
---
title: Changing your primary email address
-intro: You can change the email address associated with your personal account at any time.
+intro: To change your primary email address, you'll add a new email, then delete the old one.
redirect_from:
- /articles/changing-your-primary-email-address
- /github/setting-up-and-managing-your-github-user-account/changing-your-primary-email-address
@@ -15,11 +15,14 @@ topics:
- Notifications
shortTitle: Primary email address
---
-{% note %}
-**Note:** You cannot change your primary email address to an email that is already set to be your backup email address.
+You can change the email address associated with your personal account at any time. You cannot change your primary email address to an email that is already set to be your backup email address.
-{% endnote %}
+{% ifversion ghec %}
+
+>[!NOTE] This article **does not apply** to {% data variables.enterprise.prodname_managed_users %}. To change your email address as a {% data variables.enterprise.prodname_managed_user %}, contact the administrator for your company's identity provider (IdP). Your primary email address is the first one assigned to you in the IdP.
+
+{% endif %}
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.emails %}
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md
index e55dc4e971a9..e5b2cf292a51 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md
@@ -15,7 +15,8 @@ topics:
- Accounts
shortTitle: Verify your email address
---
-## About email verification
+
+## About email verification{% ifversion ghec %} for personal accounts{% endif %}
You can verify your email address after signing up for a new account, or when you add a new email address. If an email address is undeliverable or bouncing, it will be unverified.
@@ -42,6 +43,16 @@ If you do not verify your email address, you will not be able to:
{% endwarning %}
+{% ifversion ghec %}
+
+## About email verification{% ifversion ghec %} for {% data variables.enterprise.prodname_managed_users %}{% endif %}
+
+If you are a member of an {% data variables.enterprise.prodname_emu_enterprise %}, your email address is considered unverified if it is used as a verified email by another account on {% data variables.product.prodname_dotcom %}. To verify the email, you will need to unverify the email address for the other account, then verify it for your {% data variables.enterprise.prodname_managed_user %}. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address)."
+
+Having an unverified email address does not affect most actions you can take on {% data variables.product.prodname_dotcom %}. However, it may prevent you from accessing some third-party {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %}.
+
+{% endif %}
+
## Verifying your email address
{% data reusables.user-settings.access_settings %}
@@ -68,6 +79,16 @@ If you click on the link in the confirmation email within 24 hours and you are d
1. Sign in to your personal account on {% data variables.location.product_location %}.
1. Click on the verification link in the email we sent you.
+{% ifversion ghec %}
+
+### Email is already verified by another user
+
+If you see the error message `Error adding EMAIL: Email is already verified by another user`, you must either unverify the email for the other account before proceeding, or choose a different email address to verify.
+
+To unverify an email address, delete it in your email settings, then optionally re-add it without verifying to keep any commits linked to your account. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address)."
+
+{% endif %}
+
## Further reading
* "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address)"
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md
index 23b7df385838..53d8f0d94cdd 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md
@@ -78,6 +78,10 @@ If the new owner of your old username creates a repository with the same name as
After changing your username, links to your previous profile page, such as `https://{% data variables.product.product_url %}/previoususername`, will return a 404 error. We recommend updating any links to your account on {% data variables.location.product_location %} from elsewhere{% ifversion fpt or ghec %}, such as your LinkedIn or Twitter profile{% endif %}.
+## Accounts logged in on GitHub Mobile
+
+Accounts logged in on the {% data variables.product.prodname_mobile %} app may continue to display your original username until you log out. To ensure your updated username is displayed, we recommend you sign out and back in to your account on each mobile device.
+
## Your Git commits
If your Git commits are associated with another email address you've added to your {% data variables.product.prodname_dotcom %} account, they'll continue to be attributed to you and appear in your contributions graph after you've changed your username. For more information on setting your email address, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)" and "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)."
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings.md
index ed09910ddbde..0ea45fd698b5 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings.md
@@ -28,6 +28,7 @@ You can control whether links in text blocks on {% data variables.location.produ
* To enable underlines on links in text blocks, under "Link underlines", select **Show link underlines**.
* To disable underlines on links in text blocks, under "Link underlines", select **Hide link underlines**.
+ * To disable hovercards for previewing link content, deselect **Hovercards**.
{% endif %}
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md
index da839531cafe..37729bcdd19c 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md
@@ -33,8 +33,17 @@ shortTitle: User into an organization
* You will no longer have access to the list of users you were following from your user account.
* Any followers of your user account will not automatically follow the new organization.
{% ifversion projects-v2 %}- Any existing collaborators on your projects will still have access to those projects in the new organization.{% endif %}
+* {% data variables.product.prodname_actions %} is not automatically enabled on the account after converting it to an organization, and will have to be re-enabled. To re-enable {% data variables.product.prodname_actions %}, create a new workflow file in the `.github/workflows` directory of your repository.
{% endwarning %}
+## Prerequisites
+
+The personal account you want to convert cannot be a member of any organizations. If the personal account you want to convert is a member of an organization, you must leave the organization before you can convert the account.
+
+{% ifversion ghes %}
+You may not be able to convert a personal account into an organization, if an enterprise owner has set a policy at the enterprise level. See, "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/preventing-users-from-creating-organizations)."
+{% endif %}
+
## Keep your personal account and create a new organization manually
If you want your organization to have the same name that you are currently using for your personal account, or if you want to keep your personal account's information intact, then you must create a new organization and transfer your repositories to it instead of converting your personal account into an organization.
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md
index 15e032bdb937..5c44dd271807 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md
@@ -49,6 +49,11 @@ For more information, see the following articles.
* "[AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account)"
* "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)"
+{% ifversion ghes %}
+> [!NOTE]
+> * You should contact an enterprise owner before deleting your account on {% data variables.product.product_name %}.
+{% endif %}
+
## Back up your account data
Before you delete your personal account, make a copy of all repositories, private forks, wikis, issues, and pull requests owned by your account. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/backing-up-a-repository)."
diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md
index 54af947778ef..044bdc2e389e 100644
--- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md
+++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md
@@ -52,10 +52,14 @@ Alternatively, if you want to use the HTTPS protocol for both accounts, you can
{% data reusables.git.confirm-credential-manager %}
{% data reusables.git.clear-the-stored-credentials %}
{% data reusables.git.no-credential-manager %}
- * If the output is `osxkeychain`, you're using the macOS keychain. To clear the credentials, enter the following command.
-
- ```shell copy
- git credential-osxkeychain erase https://github.com
+ * If the output is `osxkeychain`, you're using the macOS keychain. To clear the credentials, you can use the credential helper on the command line:
+
+ ```shell
+ $ git credential-osxkeychain erase
+ host={% data variables.product.product_url %}
+ protocol=https
+ > [Press Return]
+ >
```
{% data reusables.git.clear-stored-gcm-credentials %}
diff --git a/content/actions/deployment/about-deployments/about-continuous-deployment.md b/content/actions/about-github-actions/about-continuous-deployment-with-github-actions.md
similarity index 79%
rename from content/actions/deployment/about-deployments/about-continuous-deployment.md
rename to content/actions/about-github-actions/about-continuous-deployment-with-github-actions.md
index 573bc8010687..8d31a045e66d 100644
--- a/content/actions/deployment/about-deployments/about-continuous-deployment.md
+++ b/content/actions/about-github-actions/about-continuous-deployment-with-github-actions.md
@@ -1,5 +1,6 @@
---
-title: About continuous deployment
+title: About continuous deployment with GitHub Actions
+shortTitle: Continuous deployment
intro: 'You can create custom continuous deployment (CD) workflows directly in your {% data variables.product.prodname_dotcom %} repository with {% data variables.product.prodname_actions %}.'
versions:
fpt: '*'
@@ -8,9 +9,11 @@ versions:
type: overview
redirect_from:
- /actions/deployment/about-continuous-deployment
+ - /actions/deployment/about-deployments/about-continuous-deployment
+ - /actions/deployment/about-deployments
+ - /actions/about-github-actions/about-continuous-deployment
topics:
- CD
-shortTitle: About continuous deployment
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -27,18 +30,19 @@ You can set up a {% data variables.product.prodname_actions %} workflow to deplo
You can configure your CD workflow to run when a {% data variables.product.product_name %} event occurs (for example, when new code is pushed to the default branch of your repository), on a set schedule, manually, or when an external event occurs using the repository dispatch webhook. For more information about when your workflow can run, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows)."
-{% data variables.product.prodname_actions %} provides features that give you more control over deployments. For example, you can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets. You can use concurrency to limit your CD pipeline to a maximum of one in-progress deployment and one pending deployment. For more information about these features, see "[AUTOTITLE](/actions/deployment/about-deployments/deploying-with-github-actions)" and "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+{% data variables.product.prodname_actions %} provides features that give you more control over deployments. For example, you can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets. You can use concurrency to limit your CD pipeline to a maximum of one in-progress deployment and one pending deployment. For more information about these features, see "[AUTOTITLE](/actions/deployment/about-deployments/deploying-with-github-actions)" and "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
## Using OpenID Connect to access cloud resources
{% data reusables.actions.about-oidc-short-overview %}
-## Starter workflows and third party actions
+## Workflow templates and third party actions
{% data reusables.actions.cd-templates-actions %}
## Further reading
-* [AUTOTITLE](/actions/deployment/about-deployments/deploying-with-github-actions)
-* [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment){% ifversion fpt or ghec %}
+* "[AUTOTITLE](/actions/use-cases-and-examples/deploying)"
+* "[AUTOTITLE](/actions/deployment/about-deployments/deploying-with-github-actions)"
+* "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)"{% ifversion fpt or ghec %}
* "[AUTOTITLE](/billing/managing-billing-for-github-actions)"{% endif %}
diff --git a/content/actions/automating-builds-and-tests/about-continuous-integration.md b/content/actions/about-github-actions/about-continuous-integration-with-github-actions.md
similarity index 75%
rename from content/actions/automating-builds-and-tests/about-continuous-integration.md
rename to content/actions/about-github-actions/about-continuous-integration-with-github-actions.md
index a8b173218222..1d544b8f49d2 100644
--- a/content/actions/automating-builds-and-tests/about-continuous-integration.md
+++ b/content/actions/about-github-actions/about-continuous-integration-with-github-actions.md
@@ -1,5 +1,5 @@
---
-title: About continuous integration
+title: About continuous integration with GitHub Actions
intro: 'You can create custom continuous integration (CI) workflows directly in your {% data variables.product.prodname_dotcom %} repository with {% data variables.product.prodname_actions %}.'
redirect_from:
- /articles/about-continuous-integration
@@ -7,6 +7,8 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/about-continuous-integration
- /actions/building-and-testing-code-with-continuous-integration/about-continuous-integration
- /actions/guides/about-continuous-integration
+ - /actions/automating-builds-and-tests/about-continuous-integration
+ - /actions/about-github-actions/about-continuous-integration
versions:
fpt: '*'
ghes: '*'
@@ -35,21 +37,19 @@ You can configure your CI workflow to run when a {% data variables.product.prodn
{% data variables.product.product_name %} runs your CI tests and provides the results of each test in the pull request, so you can see whether the change in your branch introduces an error. When all CI tests in a workflow pass, the changes you pushed are ready to be reviewed by a team member or merged. When a test fails, one of your changes may have caused the failure.
-When you set up CI in your repository, {% data variables.product.product_name %} analyzes the code in your repository and recommends CI workflows based on the language and framework in your repository. For example, if you use [Node.js](https://nodejs.org/en/), {% data variables.product.product_name %} will suggest a starter workflow that installs your Node.js packages and runs your tests. You can use the CI starter workflow suggested by {% data variables.product.product_name %}, customize the suggested starter workflow, or create your own custom workflow file to run your CI tests.
+When you set up CI in your repository, {% data variables.product.product_name %} analyzes the code in your repository and recommends CI workflows based on the language and framework in your repository. For example, if you use [Node.js](https://nodejs.org/en/), {% data variables.product.product_name %} will suggest a workflow template that installs your Node.js packages and runs your tests. You can use the CI workflow template suggested by {% data variables.product.product_name %}, customize the suggested workflow template, or create your own custom workflow file to run your CI tests.
In addition to helping you set up CI workflows for your project, you can use {% data variables.product.prodname_actions %} to create workflows across the full software development life cycle. For example, you can use actions to deploy, package, or release your project. For more information, see "[AUTOTITLE](/actions/learn-github-actions)."
For a definition of common terms, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)."
-## Starter workflows
+## Workflow templates
-{% data variables.product.product_name %} offers CI starter workflows for a variety of languages and frameworks.
+{% data variables.product.product_name %} offers CI workflow templates for a variety of languages and frameworks.
-Browse the complete list of CI starter workflows offered by {% data variables.product.company_short %} in the {% ifversion fpt or ghec %}[actions/starter-workflows](https://github.com/actions/starter-workflows/tree/main/ci) repository{% else %} `actions/starter-workflows` repository on {% data variables.location.product_location %}{% endif %}.
-
-{% ifversion fpt or ghec %}
+Browse the complete list of CI workflow templates offered by {% data variables.product.company_short %} in the {% ifversion fpt or ghec %}[actions/starter-workflows](https://github.com/actions/starter-workflows/tree/main/ci) repository{% else %} `actions/starter-workflows` repository on {% data variables.location.product_location %}{% endif %}.
## Further reading
-* "[AUTOTITLE](/billing/managing-billing-for-github-actions)"
-{% endif %}
+* "[AUTOTITLE](/actions/use-cases-and-examples/building-and-testing)"{% ifversion fpt or ghec %}
+* "[AUTOTITLE](/billing/managing-billing-for-github-actions)"{% endif %}
diff --git a/content/actions/about-github-actions/index.md b/content/actions/about-github-actions/index.md
new file mode 100644
index 000000000000..afac6b532280
--- /dev/null
+++ b/content/actions/about-github-actions/index.md
@@ -0,0 +1,14 @@
+---
+title: About GitHub Actions
+shortTitle: About GitHub Actions
+intro: '{% data variables.product.prodname_actions %} is a tool that you can use to build automations to assist with each stage of the software development lifecycle. This section describes {% data variables.product.prodname_actions %} concepts, common terminology, and some high level use cases.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /understanding-github-actions
+ - /about-continuous-integration-with-github-actions
+ - /about-continuous-deployment-with-github-actions
+---
+
diff --git a/content/actions/about-github-actions/understanding-github-actions.md b/content/actions/about-github-actions/understanding-github-actions.md
new file mode 100644
index 000000000000..e7090e46b18b
--- /dev/null
+++ b/content/actions/about-github-actions/understanding-github-actions.md
@@ -0,0 +1,108 @@
+---
+title: Understanding GitHub Actions
+shortTitle: Understand GitHub Actions
+intro: 'Learn the basics of {% data variables.product.prodname_actions %}, including core concepts and essential terminology.'
+redirect_from:
+ - /github/automating-your-workflow-with-github-actions/core-concepts-for-github-actions
+ - /actions/automating-your-workflow-with-github-actions/core-concepts-for-github-actions
+ - /actions/getting-started-with-github-actions/core-concepts-for-github-actions
+ - /actions/learn-github-actions/introduction-to-github-actions
+ - /actions/learn-github-actions/understanding-github-actions
+ - /actions/learn-github-actions/essential-features-of-github-actions
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: overview
+topics:
+ - Fundamentals
+layout: inline
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+## Overview
+
+{% data reusables.actions.about-actions %} You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.
+
+{% data variables.product.prodname_actions %} goes beyond just DevOps and lets you run workflows when other events happen in your repository. For example, you can run a workflow to automatically add the appropriate labels whenever someone creates a new issue in your repository.
+
+{% ifversion fpt or ghec %}
+
+{% data variables.product.prodname_dotcom %} provides Linux, Windows, and macOS virtual machines to run your workflows, or you can host your own self-hosted runners in your own data center or cloud infrastructure.
+
+{% elsif ghes %}
+
+You must host your own Linux, Windows, or macOS virtual machines to run workflows for {% data variables.location.product_location %}. {% data reusables.actions.self-hosted-runner-locations %}
+
+{% endif %}
+
+{% ifversion ghec or ghes %}
+
+For more information about introducing {% data variables.product.prodname_actions %} to your enterprise, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise)."
+
+{% endif %}
+
+## The components of {% data variables.product.prodname_actions %}
+
+You can configure a {% data variables.product.prodname_actions %} **workflow** to be triggered when an **event** occurs in your repository, such as a pull request being opened or an issue being created. Your workflow contains one or more **jobs** which can run in sequential order or in parallel. Each job will run inside its own virtual machine **runner**, or inside a container, and has one or more **steps** that either run a script that you define or run an **action**, which is a reusable extension that can simplify your workflow.
+
+
+
+### Workflows
+
+{% data reusables.actions.about-workflows-long %}
+
+You can reference a workflow within another workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)."
+
+For more information, see "[AUTOTITLE](/actions/using-workflows)."
+
+### Events
+
+An **event** is a specific activity in a repository that triggers a **workflow** run. For example, an activity can originate from {% data variables.product.prodname_dotcom %} when someone creates a pull request, opens an issue, or pushes a commit to a repository. You can also trigger a workflow to run on a [schedule](/actions/using-workflows/events-that-trigger-workflows#schedule), by [posting to a REST API](/rest/repos/repos#create-a-repository-dispatch-event), or manually.
+
+For a complete list of events that can be used to trigger workflows, see [Events that trigger workflows](/actions/using-workflows/events-that-trigger-workflows).
+
+### Jobs
+
+A **job** is a set of **steps** in a workflow that is executed on the same **runner**. Each step is either a shell script that will be executed, or an **action** that will be run. Steps are executed in order and are dependent on each other. Since each step is executed on the same runner, you can share data from one step to another. For example, you can have a step that builds your application followed by a step that tests the application that was built.
+
+You can configure a job's dependencies with other jobs; by default, jobs have no dependencies and run in parallel. When a job takes a dependency on another job, it waits for the dependent job to complete before running.
+
+For example, you might configure multiple build jobs for different architectures without any job dependencies and a packaging job that depends on those builds. The build jobs run in parallel, and once they complete successfully, the packaging job runs.
+
+For more information, see "[AUTOTITLE](/actions/using-jobs)."
+
+### Actions
+
+An **action** is a custom application for the {% data variables.product.prodname_actions %} platform that performs a complex but frequently repeated task. Use an action to help reduce the amount of repetitive code that you write in your **workflow** files. An action can pull your Git repository from {% data variables.product.prodname_dotcom %}, set up the correct toolchain for your build environment, or set up the authentication to your cloud provider.
+
+You can write your own actions, or you can find actions to use in your workflows in the {% data variables.product.prodname_marketplace %}.
+
+{% data reusables.actions.internal-actions-summary %}
+
+For more information on actions, see "[AUTOTITLE](/actions/creating-actions)."
+
+### Runners
+
+A **runner** is a server that runs your workflows when they're triggered. Each runner can run a single **job** at a time.
+{% ifversion ghes %} You must host your own runners for {% data variables.product.product_name %}.
+{% elsif fpt or ghec %}{% data variables.product.company_short %} provides Ubuntu Linux, Microsoft Windows, and macOS runners to run your **workflows**. Each workflow run executes in a fresh, newly-provisioned virtual machine.
+
+{% ifversion actions-hosted-runners %} {% data variables.product.prodname_dotcom %} also offers {% data variables.actions.hosted_runner %}s, which are available in larger configurations. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners)."
+{% endif %}
+If you need a different operating system or require a specific hardware configuration, you can host your own runners.
+{% endif %}
+
+For more information{% ifversion fpt or ghec %} about self-hosted runners{% endif %}, see "[AUTOTITLE](/actions/hosting-your-own-runners)."
+
+## Next steps
+
+{% data reusables.actions.onboarding-next-steps %}
+
+{% ifversion ghec or ghes %}
+
+## Further reading
+
+* "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)"
+{% endif %}
diff --git a/content/actions/administering-github-actions/index.md b/content/actions/administering-github-actions/index.md
new file mode 100644
index 000000000000..bfd9579642bc
--- /dev/null
+++ b/content/actions/administering-github-actions/index.md
@@ -0,0 +1,14 @@
+---
+title: Administering GitHub Actions
+shortTitle: Administer GitHub Actions
+intro: 'Manage {% data variables.product.prodname_actions %} settings for your organization or enterprise.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /usage-limits-billing-and-administration
+ - /viewing-github-actions-usage-metrics-for-your-organization
+ - /sharing-workflows-secrets-and-runners-with-your-organization
+---
+
diff --git a/content/actions/using-workflows/sharing-workflows-secrets-and-runners-with-your-organization.md b/content/actions/administering-github-actions/sharing-workflows-secrets-and-runners-with-your-organization.md
similarity index 88%
rename from content/actions/using-workflows/sharing-workflows-secrets-and-runners-with-your-organization.md
rename to content/actions/administering-github-actions/sharing-workflows-secrets-and-runners-with-your-organization.md
index 79363d1b8d81..bd5f33dff091 100644
--- a/content/actions/using-workflows/sharing-workflows-secrets-and-runners-with-your-organization.md
+++ b/content/actions/administering-github-actions/sharing-workflows-secrets-and-runners-with-your-organization.md
@@ -1,10 +1,11 @@
---
title: 'Sharing workflows, secrets, and runners with your organization'
shortTitle: Share workflows with your organization
-intro: 'Learn how you can use organization features to collaborate with your team, by sharing starter workflows, secrets, variables, and self-hosted runners.'
+intro: 'Learn how you can use organization features to collaborate with your team, by sharing workflow templates, secrets, variables, and self-hosted runners.'
redirect_from:
- /actions/learn-github-actions/sharing-workflows-with-your-organization
- /actions/learn-github-actions/sharing-workflows-secrets-and-runners-with-your-organization
+ - /actions/using-workflows/sharing-workflows-secrets-and-runners-with-your-organization
versions:
fpt: '*'
ghes: '*'
@@ -16,14 +17,14 @@ type: how_to
## Overview
-If you need to share workflows and other {% data variables.product.prodname_actions %} features with your team, then consider collaborating within a {% data variables.product.prodname_dotcom %} organization. An organization allows you to centrally store and manage secrets, artifacts, and self-hosted runners. You can also create starter workflows in the `.github` repository and share them with other users in your organization.
+If you need to share workflows and other {% data variables.product.prodname_actions %} features with your team, then consider collaborating within a {% data variables.product.prodname_dotcom %} organization. An organization allows you to centrally store and manage secrets, artifacts, and self-hosted runners. You can also create workflow templates in the `.github` repository and share them with other users in your organization.
## Sharing {% ifversion internal-actions %}actions and {% endif %}workflows
{% ifversion internal-actions %}
-You can share both individual actions and entire workflows with your organization, with or without publishing the actions or workflows publicly. You can reuse actions and workflows exactly by referencing them in your workflow file, and you can create starter workflows that provide templates for new workflows.
+You can share both individual actions and entire workflows with your organization, with or without publishing the actions or workflows publicly. You can reuse actions and workflows exactly by referencing them in your workflow file, and you can create workflow templates.
{% else %}
-Your organization can share workflows by reusing the workflows exactly or by creating starter workflows that provide templates for new workflows.
+Your organization can share workflows by reusing the workflows exactly or by creating workflow templates
{% endif %}
{% ifversion internal-actions %}
@@ -37,7 +38,7 @@ Your organization can share workflows by reusing the workflows exactly or by cre
{% data reusables.actions.reusable-workflows %}
-### Using starter workflows
+### Using workflow templates
{% data reusables.actions.workflow-organization-templates %} For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
diff --git a/content/actions/learn-github-actions/usage-limits-billing-and-administration.md b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md
similarity index 92%
rename from content/actions/learn-github-actions/usage-limits-billing-and-administration.md
rename to content/actions/administering-github-actions/usage-limits-billing-and-administration.md
index 6d04182652db..7c962dfb8ab1 100644
--- a/content/actions/learn-github-actions/usage-limits-billing-and-administration.md
+++ b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md
@@ -4,6 +4,7 @@ intro: 'There are usage limits for {% data variables.product.prodname_actions %}
redirect_from:
- /actions/getting-started-with-github-actions/usage-and-billing-information-for-github-actions
- /actions/reference/usage-limits-billing-and-administration
+ - /actions/learn-github-actions/usage-limits-billing-and-administration
versions:
fpt: '*'
ghes: '*'
@@ -92,9 +93,7 @@ In addition to the usage limits, you must ensure that you use {% data variables.
## {% data variables.product.prodname_actions %} usage metrics
-{% data reusables.actions.actions-usage-metrics-beta-note %}
-
-If you are on a {% data variables.product.prodname_ghe_cloud %} plan, organization owners and users with the "View organization Actions usage metrics" permission can view {% data variables.product.prodname_actions %} usage metrics for their organization. These metrics can help understand how and where your Actions minutes are being used. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)."
+Organization owners and users with the "View organization Actions usage metrics" permission can view {% data variables.product.prodname_actions %} usage metrics for their organization. These metrics can help you understand how and where your Actions minutes are being used. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)."
When you view usage metrics, it is important to remember that {% data reusables.actions.actions-usage-metrics-not-billing-metrics %}
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization.md b/content/actions/administering-github-actions/viewing-github-actions-usage-metrics-for-your-organization.md
similarity index 78%
rename from content/actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization.md
rename to content/actions/administering-github-actions/viewing-github-actions-usage-metrics-for-your-organization.md
index 790a0fe49570..547e755c36ba 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization.md
+++ b/content/actions/administering-github-actions/viewing-github-actions-usage-metrics-for-your-organization.md
@@ -2,15 +2,15 @@
title: Viewing GitHub Actions usage metrics for your organization
shortTitle: GitHub Actions usage metrics
intro: 'Organization owners and CI/CD administrators can view usage metrics for how and where their organization uses {% data variables.product.prodname_actions %}.'
-permissions: 'Organization owners and users with the "View organization Actions usage metrics" permissions.'
+permissions: Organization owners and users with the "View organization Actions usage metrics" permissions.
product: 'Your organization must be on a {% data variables.product.prodname_ghe_cloud %} plan.'
versions:
fpt: '*'
ghec: '*'
+redirect_from:
+ - /actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization
---
-{% data reusables.actions.actions-usage-metrics-beta-note %}
-
If you are on a {% data variables.product.prodname_ghe_cloud %} plan, {% data reusables.actions.about-actions-usage-metrics %}
For more information about how to use {% data variables.product.prodname_actions %} usage metrics, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
diff --git a/content/actions/deployment/about-deployments/index.md b/content/actions/deployment/about-deployments/index.md
deleted file mode 100644
index 0f98a41d103b..000000000000
--- a/content/actions/deployment/about-deployments/index.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: About deployments
-shortTitle: About deployments
-intro: 'Learn how deployments can run with {% data variables.product.prodname_actions %} workflows.'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /about-continuous-deployment
- - /deploying-with-github-actions
----
-
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/index.md b/content/actions/deployment/deploying-to-your-cloud-provider/index.md
deleted file mode 100644
index 1ef2c8c994f3..000000000000
--- a/content/actions/deployment/deploying-to-your-cloud-provider/index.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: Deploying to your cloud provider
-shortTitle: Deploy to your cloud provider
-intro: 'You can deploy to various cloud providers, such as AWS, Azure, and GKE.'
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '*'
-children:
- - /deploying-to-amazon-elastic-container-service
- - /deploying-to-azure
- - /deploying-to-google-kubernetes-engine
----
-
diff --git a/content/actions/deployment/deploying-xcode-applications/index.md b/content/actions/deployment/deploying-xcode-applications/index.md
deleted file mode 100644
index 9544e29d2f04..000000000000
--- a/content/actions/deployment/deploying-xcode-applications/index.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: Deploying Xcode applications
-shortTitle: Deploy Xcode applications
-intro: 'You can sign Xcode apps within your continuous integration (CI) workflow by installing an Apple code signing certificate on {% data variables.product.prodname_actions %} runners.'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /installing-an-apple-certificate-on-macos-runners-for-xcode-development
----
-
diff --git a/content/actions/deployment/index.md b/content/actions/deployment/index.md
deleted file mode 100644
index 8cb009ece289..000000000000
--- a/content/actions/deployment/index.md
+++ /dev/null
@@ -1,18 +0,0 @@
----
-title: Deployment
-shortTitle: Deployment
-intro: 'Automatically deploy projects with {% data variables.product.prodname_actions %}.'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /about-deployments
- - /deploying-to-your-cloud-provider
- - /security-hardening-your-deployments
- - /targeting-different-environments
- - /protecting-deployments
- - /managing-your-deployments
- - /deploying-xcode-applications
----
-
diff --git a/content/actions/deployment/managing-your-deployments/index.md b/content/actions/deployment/managing-your-deployments/index.md
deleted file mode 100644
index b1298fd47bdf..000000000000
--- a/content/actions/deployment/managing-your-deployments/index.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: Managing your deployments
-shortTitle: Manage your deployments
-intro: You can review the past activity of your deployments.
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /viewing-deployment-history
----
-
diff --git a/content/actions/deployment/protecting-deployments/index.md b/content/actions/deployment/protecting-deployments/index.md
deleted file mode 100644
index bcd92d0d3d4f..000000000000
--- a/content/actions/deployment/protecting-deployments/index.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: Protecting your deployments with custom deployment protection rules
-shortTitle: Protect deployments
-intro: You can create and configure custom deployment protection rules to approve or reject deployments across environments with more control and confidence.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.10'
-children:
- - /creating-custom-deployment-protection-rules
- - /configuring-custom-deployment-protection-rules
----
-
diff --git a/content/actions/deployment/targeting-different-environments/index.md b/content/actions/deployment/targeting-different-environments/index.md
deleted file mode 100644
index 83b796d35e4f..000000000000
--- a/content/actions/deployment/targeting-different-environments/index.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: Targeting different environments
-shortTitle: Target different environments
-intro: You can configure environments with protection rules and secrets. A workflow job that references an environment must follow any protection rules for the environment before running or accessing the environment's secrets.
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /using-environments-for-deployment
----
-
diff --git a/content/actions/examples/index.md b/content/actions/examples/index.md
deleted file mode 100644
index dad27ad65b7c..000000000000
--- a/content/actions/examples/index.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: Examples
-shortTitle: Examples
-intro: 'Example workflows that demonstrate the CI/CD features of {% data variables.product.prodname_actions %}.'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - using-scripts-to-test-your-code-on-a-runner
- - using-the-github-cli-on-a-runner
- - using-concurrency-expressions-and-a-test-matrix
----
-
diff --git a/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md b/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md
deleted file mode 100644
index 520ff5b915ed..000000000000
--- a/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md
+++ /dev/null
@@ -1,171 +0,0 @@
----
-title: 'Using concurrency, expressions, and a test matrix'
-shortTitle: 'Use concurrency, expressions, and a test matrix'
-intro: 'How to use advanced {% data variables.product.prodname_actions %} features for continuous integration (CI).'
-versions:
- fpt: '*'
- ghes: '>= 3.5'
- ghec: '*'
-type: how_to
-layout: inline
-topics:
- - Workflows
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Example overview
-
-{% data reusables.actions.example-workflow-intro-ci %} When this workflow is triggered, it tests your code using a matrix of test combinations with `npm test`.
-
-{% data reusables.actions.example-diagram-intro %}
-
-
-
-## Features used in this example
-
-{% data reusables.actions.example-table-intro %}
-
-| **Feature** | **Implementation** |
-| --- | --- |
-{% data reusables.actions.workflow-dispatch-table-entry %}
-{% data reusables.actions.pull-request-table-entry %}
-{% data reusables.actions.cron-table-entry %}
-{% data reusables.actions.permissions-table-entry %}
-{% data reusables.actions.concurrency-table-entry %}
-| Running the job on different runners, depending on the repository | [`runs-on`](/actions/using-jobs/choosing-the-runner-for-a-job)|
-{% data reusables.actions.if-conditions-table-entry %}
-| Using a matrix to create different test configurations | [`matrix`](/actions/using-jobs/using-a-matrix-for-your-jobs)|
-{% data reusables.actions.checkout-action-table-entry %}
-{% data reusables.actions.setup-node-table-entry %}
-| Caching dependencies | [`actions/cache`](/actions/advanced-guides/caching-dependencies-to-speed-up-workflows)|
-| Running tests on the runner | `npm test`|
-
-## Example workflow
-
-The following workflow was created by the {% data variables.product.prodname_dotcom %} Docs Engineering team. The workflow runs tests against the code in a pull request. To review the latest version of this file in the [`github/docs`](https://github.com/github/docs) repository, see [`test.yml`](https://github.com/github/docs/blob/main/.github/workflows/test.yml).
-
-```yaml annotate copy
-# {% data reusables.actions.explanation-name-key %}
-name: Node.js Tests
-
-# The `on` keyword lets you define the events that trigger when the workflow is run. You can define multiple events here. For more information, see "[AUTOTITLE](/actions/using-workflows/triggering-a-workflow#using-events-to-trigger-workflows)."
-on:
-
- # Add the `workflow_dispatch` event if you want to be able to manually run this workflow. For more information, see [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch).
- workflow_dispatch:
-
- # Add the `pull_request` event, so that the workflow runs automatically every time a pull request is created or updated. For more information, see [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request).
- pull_request:
-
- # Add the `push` event with the `branch` filter, so that the workflow runs automatically every time a commit is pushed to a branch called "main". For more information, see [`push`](/actions/using-workflows/events-that-trigger-workflows#push).
- push:
- branches:
- - main
-
-# This modifies the default permissions granted to `GITHUB_TOKEN`. This will vary depending on the needs of your workflow. For more information, see "[AUTOTITLE](/actions/using-jobs/assigning-permissions-to-jobs)."
-permissions:
- contents: read
- pull-requests: read
-
-# The `concurrency` key ensures that only a single workflow in the same concurrency group will run at the same time. For more information, see "[AUTOTITLE](/actions/using-jobs/using-concurrency)."
-# `concurrency.group` generates a concurrency group name from the workflow name and pull request information. The `||` operator is used to define fallback values.
-# `concurrency.cancel-in-progress` cancels any currently running job or workflow in the same concurrency group.
-concurrency:
- group: {% raw %}'${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'{% endraw %}
- cancel-in-progress: true
-
-# This groups together all the jobs that run in the workflow file.
-jobs:
-
- # This defines a job with the ID `test` that is stored within the `jobs` key.
- test:
-
- # This configures the job to run on a {% data variables.product.prodname_dotcom %}-hosted runner or a self-hosted runner, depending on the repository running the workflow.
- #
- # In this example, the job will run on a self-hosted runner if the repository is named `docs-internal` and is within the `github` organization. If the repository doesn't match this path, then it will run on an `ubuntu-latest` runner hosted by {% data variables.product.prodname_dotcom %}. For more information on these options, see "[AUTOTITLE](/actions/using-jobs/choosing-the-runner-for-a-job)."
- runs-on: {% raw %}${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }}{% endraw %}
-
- # This sets the maximum number of minutes to let the job run before it is automatically canceled. For more information, see [`timeout-minutes`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes).
- timeout-minutes: 60
-
- # This section defines the build matrix for your jobs.
- strategy:
-
- # Setting `fail-fast` to `false` prevents {% data variables.product.prodname_dotcom %} from cancelling all in-progress jobs if any matrix job fails.
- fail-fast: false
-
- # This creates a matrix named `test-group`, with an array of test groups. These values match the names of test groups that will be run by `npm test`.
- matrix:
- test-group:
- [
- content,
- graphql,
- meta,
- rendering,
- routing,
- unit,
- linting,
- translations,
- ]
-
- # This groups together all the steps that will run as part of the `test` job. Each job in a workflow has its own `steps` section.
- steps:
-
- # The `uses` keyword tells the job to retrieve the action named `actions/checkout`. This is an action that checks out your repository and downloads it to the runner, allowing you to run actions against your code (such as testing tools). You must use the checkout action any time your workflow will use your repository's code. Some extra options are provided to the action using the `with` key.
- - name: Check out repo
- uses: {% data reusables.actions.action-checkout %}
- with:
- lfs: {% raw %}${{ matrix.test-group == 'content' }}{% endraw %}
- persist-credentials: 'false'
-
- # This step runs a command to check out large file storage (LFS) objects from the repository.
- - name: Checkout LFS objects
- run: git lfs checkout
-
- # This step uses the `trilom/file-changes-action` action to gather the files changed in the pull request, so they can be analyzed in the next step. This example is pinned to a specific version of the action, using the `a6ca26c14274c33b15e6499323aac178af06ad4b` SHA.
- - name: Gather files changed
- uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b
- id: get_diff_files
- with:
- output: ' '
-
- # This step runs a shell command that uses an output from the previous step to create a file containing the list of files changed in the pull request.
- - name: Insight into changed files
- run: |
-
- echo {% raw %}"${{ steps.get_diff_files.outputs.files }}" > get_diff_files.txt{% endraw %}
-
- # This step uses the `actions/setup-node` action to install the specified version of the `node` software package on the runner, which gives you access to the `npm` command.
- - name: Setup node
- uses: {% data reusables.actions.action-setup-node %}
- with:
- node-version: 16.14.x
- cache: npm
-
- # This step runs the `npm ci` shell command to install the npm software packages for the project.
- - name: Install dependencies
- run: npm ci
-
- # This step uses the `actions/cache` action to cache the Next.js build, so that the workflow will attempt to retrieve a cache of the build, and not rebuild it from scratch every time. For more information, see "[AUTOTITLE](/actions/using-workflows/caching-dependencies-to-speed-up-workflows)."
- - name: Cache nextjs build
- uses: {% data reusables.actions.action-cache %}
- with:
- path: .next/cache
- key: {% raw %}${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }}{% endraw %}
-
- # This step runs the build script.
- - name: Run build script
- run: npm run build
-
- # This step runs the tests using `npm test`, and the test matrix provides a different value for {% raw %}`${{ matrix.test-group }}`{% endraw %} for each job in the matrix. It uses the `DIFF_FILE` environment variable to know which files have changed, and uses the `CHANGELOG_CACHE_FILE_PATH` environment variable for the changelog cache file.
- - name: Run tests
- env:
- DIFF_FILE: get_diff_files.txt
- CHANGELOG_CACHE_FILE_PATH: src/fixtures/fixtures/changelog-feed.json
- run: npm test -- {% raw %}tests/${{ matrix.test-group }}/{% endraw %}
-```
-
-## Next steps
-
-{% data reusables.actions.learning-actions %}
diff --git a/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md b/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md
deleted file mode 100644
index 02f0c778d381..000000000000
--- a/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md
+++ /dev/null
@@ -1,137 +0,0 @@
----
-title: Using scripts to test your code on a runner
-shortTitle: Use scripts to test your code on a runner
-intro: 'How to use essential {% data variables.product.prodname_actions %} features for continuous integration (CI).'
-versions:
- fpt: '*'
- ghes: '> 3.1'
- ghec: '*'
-type: how_to
-topics:
- - Workflows
-layout: inline
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Example overview
-
-{% data reusables.actions.example-workflow-intro-ci %} When this workflow is triggered, it automatically runs a script that checks whether the {% data variables.product.prodname_dotcom %} Docs site has any broken links.
-
-{% data reusables.actions.example-diagram-intro %}
-
-
-
-## Features used in this example
-
-{% data reusables.actions.example-table-intro %}
-
-| **Feature** | **Implementation** |
-| --- | --- |
-{% data reusables.actions.push-table-entry %}
-{% data reusables.actions.pull-request-table-entry %}
-{% data reusables.actions.workflow-dispatch-table-entry %}
-{% data reusables.actions.permissions-table-entry %}
-{% data reusables.actions.concurrency-table-entry %}
-| Running the job on different runners, depending on the repository | [`runs-on`](/actions/using-jobs/choosing-the-runner-for-a-job)|
-{% data reusables.actions.checkout-action-table-entry %}
-{% data reusables.actions.setup-node-table-entry %}
-| Using a third-party action | [`trilom/file-changes-action`](https://github.com/trilom/file-changes-action)|
-| Running a script on the runner | Using `./script/rendered-content-link-checker.mjs` |
-
-## Example workflow
-
-{% data reusables.actions.example-docs-engineering-intro %} [`check-broken-links-github-github.yml`](https://github.com/github/docs/blob/main/.github/workflows/check-broken-links-github-github.yml).
-
-The following workflow renders the content of every page in the documentation and checks all internal links to ensure they connect correctly.
-
-```yaml annotate copy
-# {% data reusables.actions.explanation-name-key %}
-name: 'Link Checker: All English'
-
-# The `on` key lets you define the events that trigger when the workflow is run. You can define multiple events here. For more information, see "[AUTOTITLE](/actions/using-workflows/triggering-a-workflow#using-events-to-trigger-workflows)."
-on:
-# Add the `workflow_dispatch` event if you want to be able to manually run this workflow from the UI. For more information, see [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch).
- workflow_dispatch:
- # Add the `push` event, so that the workflow runs automatically every time a commit is pushed to a branch called `main`. For more information, see [`push`](/actions/using-workflows/events-that-trigger-workflows#push).
- push:
- branches:
- - main
- # Add the `pull_request` event, so that the workflow runs automatically every time a pull request is created or updated. For more information, see [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request).
- pull_request:
-
-# This modifies the default permissions granted to `GITHUB_TOKEN`. This will vary depending on the needs of your workflow. For more information, see "[AUTOTITLE](/actions/using-jobs/assigning-permissions-to-jobs)."
-#
-# In this example, the `pull-requests: read` permission is needed for the `trilom/file-changes-action` action that is used later in this workflow.
-permissions:
- contents: read
- pull-requests: read
-# The `concurrency` key ensures that only a single workflow in the same concurrency group will run at the same time. For more information, see "[AUTOTITLE](/actions/using-jobs/using-concurrency)."
-# `concurrency.group` generates a concurrency group name from the workflow name and pull request information. The `||` operator is used to define fallback values.
-# `concurrency.cancel-in-progress` cancels any currently running job or workflow in the same concurrency group.
-concurrency:
- group: {% raw %}'${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'{% endraw %}
- cancel-in-progress: true
-
-# The `jobs` key groups together all the jobs that run in the workflow file.
-jobs:
- # This line defines a job with the ID `check-links` that is stored within the `jobs` key.
- check-links:
- # The `runs-on` key in this example configures the job to run on a {% data variables.product.prodname_dotcom %}-hosted runner or a self-hosted runner, depending on the repository running the workflow.
- #
- # In this example, the job will run on a self-hosted runner if the repository is named `docs-internal` and is within the `github` organization. If the repository doesn't match this path, then it will run on an `ubuntu-latest` runner hosted by {% data variables.product.prodname_dotcom %}. For more information on these options, see "[AUTOTITLE](/actions/using-jobs/choosing-the-runner-for-a-job)."
- runs-on: {% raw %}${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }}{% endraw %}
- # The `steps` key groups together all the steps that will run as part of the `check-links` job. Each job in a workflow has its own `steps` section.
- steps:
- # The `uses` key tells the job to retrieve the action named `actions/checkout`. This is an action that checks out your repository and downloads it to the runner, allowing you to run actions against your code (such as testing tools). You must use the checkout action any time your workflow will use the repository's code or you are using an action defined in the repository.
- - name: Checkout
- uses: {% data reusables.actions.action-checkout %}
-
- # This step uses the `actions/setup-node` action to install the specified version of the Node.js software package on the runner, which gives you access to the `npm` command.
- - name: Setup node
- uses: {% data reusables.actions.action-setup-node %}
- with:
- node-version: 16.13.x
- cache: npm
-
- # The `run` key tells the job to execute a command on the runner. In this example, `npm ci` is used to install the npm software packages for the project.
- - name: Install
- run: npm ci
-
- # This step uses the `trilom/file-changes-action` action to gather all the changed files. This example is pinned to a specific version of the action, using the `a6ca26c14274c33b15e6499323aac178af06ad4b` SHA.
- #
- # In this example, this step creates the file "{% raw %}${{ env.HOME }}/files.json{% endraw %}", among others.
- - name: Gather files changed
- uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b
- with:
- fileOutput: 'json'
-
- # To help with verification, this step lists the contents of `files.json`. This will be visible in the workflow run's log, and can be useful for debugging.
- - name: Show files changed
- run: cat $HOME/files.json
-
- # This step uses the `run` command to execute a script that is stored in the repository at `script/rendered-content-link-checker.mjs` and passes all the parameters it needs to run.
- - name: Link check (warnings, changed files)
- run: |
- ./script/rendered-content-link-checker.mjs \
- --language en \
- --max 100 \
- --check-anchors \
- --check-images \
- --verbose \
- --list $HOME/files.json
-
- # This step also uses `run` command to execute a script that is stored in the repository at `script/rendered-content-link-checker.mjs` and passes a different set of parameters.
- - name: Link check (critical, all files)
- run: |
- ./script/rendered-content-link-checker.mjs \
- --language en \
- --exit \
- --verbose \
- --check-images \
- --level critical
-```
-
-## Next steps
-
-{% data reusables.actions.learning-actions %}
diff --git a/content/actions/examples/using-the-github-cli-on-a-runner.md b/content/actions/examples/using-the-github-cli-on-a-runner.md
deleted file mode 100644
index 7be7a87bab1c..000000000000
--- a/content/actions/examples/using-the-github-cli-on-a-runner.md
+++ /dev/null
@@ -1,180 +0,0 @@
----
-title: Using the GitHub CLI on a runner
-shortTitle: Use the GitHub CLI on a runner
-intro: 'How to use advanced {% data variables.product.prodname_actions %} features for continuous integration (CI).'
-versions:
- fpt: '*'
- ghes: '> 3.1'
- ghec: '*'
-type: how_to
-topics:
- - Workflows
-layout: inline
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Example overview
-
-{% data reusables.actions.example-workflow-intro-ci %} When this workflow is triggered, it automatically runs a script that checks whether the {% data variables.product.prodname_dotcom %} Docs site has any broken links. If any broken links are found, the workflow uses the {% data variables.product.prodname_dotcom %} CLI to create a {% data variables.product.prodname_dotcom %} issue with the details.
-
-{% data reusables.actions.example-diagram-intro %}
-
-
-
-## Features used in this example
-
-{% data reusables.actions.example-table-intro %}
-
-| **Feature** | **Implementation** |
-| --- | --- |
-{% data reusables.actions.cron-table-entry %}
-{% data reusables.actions.permissions-table-entry %}
-{% data reusables.actions.if-conditions-table-entry %}
-{% data reusables.actions.secrets-table-entry %}
-{% data reusables.actions.checkout-action-table-entry %}
-{% data reusables.actions.setup-node-table-entry %}
-| Using a third-party action | [`peter-evans/create-issue-from-file`](https://github.com/peter-evans/create-issue-from-file)|
-| Running shell commands on the runner | [`run`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun) |
-| Running a script on the runner | Using `script/check-english-links.js` |
-| Generating an output file | Piping the output using the `>` operator |
-| Checking for existing issues using {% data variables.product.prodname_cli %} | [`gh issue list`](https://cli.github.com/manual/gh_issue_list) |
-| Commenting on an issue using {% data variables.product.prodname_cli %} | [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) |
-
-## Example workflow
-
-{% data reusables.actions.example-docs-engineering-intro %} [`check-all-english-links.yml`](https://github.com/github/docs/blob/6e01c0653836c10d7e092a17566a2c88b10504ce/.github/workflows/check-all-english-links.yml).
-
-The following workflow checks all English links one time per day and reports broken links by creating a new issue for the docs content team to review.
-
-```yaml annotate copy
-# {% data reusables.actions.explanation-name-key %}
-name: Check all English links
-
-# Defines the `workflow_dispatch` and `scheduled` as triggers for the workflow.
-#
-# The `workflow_dispatch` event lets you manually run this workflow from the UI. For more information, see [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch).
-#
-# The `schedule` event lets you use `cron` syntax to define a regular interval for automatically triggering the workflow. For more information, see [`schedule`](/actions/using-workflows/events-that-trigger-workflows#schedule).
-on:
- workflow_dispatch:
- schedule:
- - cron: '40 19 * * *' # once a day at 19:40 UTC / 11:40 PST
-
-# Modifies the default permissions granted to `GITHUB_TOKEN`. This will vary depending on the needs of your workflow. For more information, see "[AUTOTITLE](/actions/using-jobs/assigning-permissions-to-jobs)."
-permissions:
- contents: read
- issues: write
-
-# Groups together all the jobs that run in the workflow file.
-jobs:
- # Defines a job with the ID `check_all_english_links`, and the name `Check all links`, that is stored within the `jobs` key.
- check_all_english_links:
- name: Check all links
- # Only run the `check_all_english_links` job if the repository is named `docs-internal` and is within the `github` organization. Otherwise, the job is marked as _skipped_.
- if: github.repository == 'github/docs-internal'
- # Configures the job to run on an Ubuntu Linux runner. This means that the job will execute on a fresh virtual machine hosted by {% data variables.product.prodname_dotcom %}. For syntax examples using other runners, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on)."
- runs-on: ubuntu-latest
- # Creates custom environment variables, and redefines the built-in `GITHUB_TOKEN` variable to use a custom [secret](/actions/security-guides/using-secrets-in-github-actions). These variables will be referenced later in the workflow.
- env:
- GITHUB_TOKEN: {% raw %}${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }}{% endraw %}
- FIRST_RESPONDER_PROJECT: Docs content first responder
- REPORT_AUTHOR: docubot
- REPORT_LABEL: broken link report
- REPORT_REPOSITORY: github/docs-content
- # Groups together all the steps that will run as part of the `check_all_english_links` job. Each job in the workflow has its own `steps` section.
- steps:
- # The `uses` keyword tells the job to retrieve the action named `actions/checkout`. This is an action that checks out your repository and downloads it to the runner, allowing you to run actions against your code (such as testing tools). You must use the checkout action any time your workflow will run against the repository's code or you are using an action defined in the repository.
- - name: Check out repo's default branch
- uses: {% data reusables.actions.action-checkout %}
- # This step uses the `actions/setup-node` action to install the specified version of the `node` software package on the runner, which gives you access to the `npm` command.
- - name: Setup Node
- uses: {% data reusables.actions.action-setup-node %}
- with:
- node-version: 16.13.x
- cache: npm
- # The `run` keyword tells the job to execute a command on the runner. In this case, the `npm ci` and `npm run build` commands are run as separate steps to install and build the Node.js application in the repository.
- - name: Run the "npm ci" command
- run: npm ci
- - name: Run the "npm run build" command
- run: npm run build
- # This `run` command executes a script that is stored in the repository at `script/check-english-links.js`, and pipes the output to a file called `broken_links.md`.
- - name: Run script
- run: |
- script/check-english-links.js > broken_links.md
-
- # If the `check-english-links.js` script detects broken links and returns a non-zero (failure) exit status, then use a [workflow command](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter) to set an output that has the value of the first line of the `broken_links.md` file (this is used the next step).
- #
- # `check-english-links.js` returns 0 if no links are broken, and 1 if any links are broken. When an Actions step's exit code is 1, the action run's job status is failure and the run ends.
- #
- # The following steps create an issue for the broken link report only if any links are broken, so {% raw %}`if: ${{ failure() }}`{% endraw %} ensures the steps run despite the previous step's failure of the job.
- - if: {% raw %}${{ failure() }}{% endraw %}
- name: Get title for issue
- id: check
- run: echo "title=$(head -1 broken_links.md)" >> $GITHUB_OUTPUT
- # Uses the `peter-evans/create-issue-from-file` action to create a new {% data variables.product.prodname_dotcom %} issue. This example is pinned to a specific version of the action, using the `ceef9be92406ace67ab5421f66570acf213ec395` SHA.
- - if: {% raw %}${{ failure() }}{% endraw %}
- name: Create issue from file
- id: broken-link-report
- uses: peter-evans/create-issue-from-file@ceef9be92406ace67ab5421f66570acf213ec395
- with:
- token: {% raw %}${{ env.GITHUB_TOKEN }}{% endraw %}
-
- title: {% raw %}${{ steps.check.outputs.title }}{% endraw %}
- content-filepath: ./broken_links.md
- repository: {% raw %}${{ env.REPORT_REPOSITORY }}{% endraw %}
- labels: {% raw %}${{ env.REPORT_LABEL }}{% endraw %}
- # Uses [`gh issue list`](https://cli.github.com/manual/gh_issue_list) to locate the previously created issue from earlier runs. This is [aliased](https://cli.github.com/manual/gh_alias_set) to `gh list-reports` for simpler processing in later steps.
- - if: {% raw %}${{ failure() }}{% endraw %}
- name: Close and/or comment on old issues
- env:
- {% raw %}NEW_REPORT_URL: 'https://github.com/${{ env.REPORT_REPOSITORY }}/issues/${{ steps.broken-link-report.outputs.issue-number }}'{% endraw %}
- run: |
- gh alias set list-reports "issue list \
- --repo {% raw %}${{ env.REPORT_REPOSITORY }} \{% endraw %}
- --author {% raw %}${{ env.REPORT_AUTHOR }} \{% endraw %}
- --label {% raw %}'${{ env.REPORT_LABEL }}'"{% endraw %}
-
-
-
- previous_report_url=$(gh list-reports \
- --state all \
- --limit 2 \
- --json url \
- --jq '.[].url' \
- | grep -v {% raw %}${{ env.NEW_REPORT_URL }}{% endraw %} | head -1)
-
- # [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) is used to add a comment to the new issue that links to the previous one.
- gh issue comment {% raw %}${{ env.NEW_REPORT_URL }}{% endraw %} --body "⬅️ [Previous report]($previous_report_url)"
-
- # If an issue from a previous run is open and assigned to someone, then use [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) to add a comment with a link to the new issue without closing the old report. To get the issue URL, the `jq` expression processes the resulting JSON output.
- #
- # If an issue from a previous run is open and is not assigned to anyone, use [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) to add a comment with a link to the new issue. Then use [`gh issue close`](https://cli.github.com/manual/gh_issue_close) and [`gh issue edit`](https://cli.github.com/manual/gh_issue_edit) to close the issue and remove it from the project board.
-
- for issue_url in $(gh list-reports \
- --json assignees,url \
- --jq '.[] | select (.assignees != []) | .url'); do
- if [ "$issue_url" != {% raw %}"${{ env.NEW_REPORT_URL }}"{% endraw %} ]; then
- gh issue comment $issue_url --body "➡️ [Newer report]({% raw %}${{ env.NEW_REPORT_URL }}{% endraw %})"
- fi
- done
-
- for issue_url in $(gh list-reports \
- --search 'no:assignee' \
- --json url \
- --jq '.[].url'); do
- if [ "$issue_url" != {% raw %}"${{ env.NEW_REPORT_URL }}"{% endraw %} ]; then
- gh issue comment $issue_url --body "➡️ [Newer report]({% raw %}${{ env.NEW_REPORT_URL }})"{% endraw %}
-
- # Use [`gh issue close`](https://cli.github.com/manual/gh_issue_close) to close the old issue.
- gh issue close $issue_url
-
- # Use [`gh issue edit`](https://cli.github.com/manual/gh_issue_edit) to edit the old issue and remove it from a specific {% data variables.product.prodname_dotcom %} project board.
- gh issue edit $issue_url --remove-project "{% raw %}${{ env.FIRST_RESPONDER_PROJECT }}"{% endraw %}
- fi
- done
-```
-
-## Next steps
-
-{% data reusables.actions.learning-actions %}
diff --git a/content/actions/guides.md b/content/actions/guides.md
index 4f28868a7ff4..d5cfdfb0948c 100644
--- a/content/actions/guides.md
+++ b/content/actions/guides.md
@@ -1,5 +1,5 @@
---
-title: Guides for {% data variables.product.prodname_actions %}
+title: 'Guides for {% data variables.product.prodname_actions %}'
intro: 'These guides for {% data variables.product.prodname_actions %} include specific use cases and examples to help you configure workflows.'
allowTitleToDifferFromFilename: true
layout: product-guides
@@ -14,58 +14,57 @@ learningTracks:
- hosting_your_own_runners
- create_actions
includeGuides:
- - /actions/quickstart
- - /actions/learn-github-actions/understanding-github-actions
- - /actions/creating-actions/creating-a-docker-container-action
- - /actions/learn-github-actions/using-starter-workflows
- - /actions/automating-builds-and-tests/building-and-testing-python
- - /actions/automating-builds-and-tests/building-and-testing-nodejs
- - /actions/publishing-packages/about-packaging-with-github-actions
- - /actions/publishing-packages/publishing-docker-images
- - /actions/using-workflows/caching-dependencies-to-speed-up-workflows
- - /actions/automating-builds-and-tests/about-continuous-integration
- - /actions/automating-builds-and-tests/building-and-testing-powershell
- - /actions/automating-builds-and-tests/building-and-testing-ruby
- - /actions/automating-builds-and-tests/building-and-testing-java-with-maven
- - /actions/automating-builds-and-tests/building-and-testing-java-with-gradle
- - /actions/automating-builds-and-tests/building-and-testing-java-with-ant
- - /actions/automating-builds-and-tests/building-and-testing-swift
- - /actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
- - /actions/automating-builds-and-tests/building-and-testing-xamarin-applications
- - /actions/publishing-packages/publishing-nodejs-packages
- - /actions/publishing-packages/publishing-java-packages-with-maven
- - /actions/publishing-packages/publishing-java-packages-with-gradle
- - /actions/using-workflows/storing-workflow-data-as-artifacts
- - /actions/using-containerized-services/about-service-containers
- - /actions/using-containerized-services/creating-redis-service-containers
- - /actions/using-containerized-services/creating-postgresql-service-containers
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine
- - /actions/learn-github-actions/essential-features-of-github-actions
- - /actions/security-guides/security-hardening-for-github-actions
- - /actions/creating-actions/about-custom-actions
- - /actions/creating-actions/creating-a-javascript-action
- - /actions/creating-actions/creating-a-composite-action
+ - /actions/writing-workflows/quickstart
+ - /actions/about-github-actions/understanding-github-actions
+ - /actions/sharing-automations/creating-actions/creating-a-docker-container-action
+ - /actions/writing-workflows/using-workflow-templates
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-python
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs
+ - /actions/use-cases-and-examples/publishing-packages/about-packaging-with-github-actions
+ - /actions/use-cases-and-examples/publishing-packages/publishing-docker-images
+ - /actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows
+ - /actions/about-github-actions/about-continuous-integration-with-github-actions
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-ruby
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-ant
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-swift
+ - /actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-xamarin-applications
+ - /actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages
+ - /actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-maven
+ - /actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-gradle
+ - /actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow
+ - /actions/use-cases-and-examples/using-containerized-services/about-service-containers
+ - /actions/use-cases-and-examples/using-containerized-services/creating-redis-service-containers
+ - /actions/use-cases-and-examples/using-containerized-services/creating-postgresql-service-containers
+ - /actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service
+ - /actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine
+ - /actions/sharing-automations/creating-actions/about-custom-actions
+ - /actions/sharing-automations/creating-actions/creating-a-javascript-action
+ - /actions/sharing-automations/creating-actions/creating-a-composite-action
- /actions/migrating-to-github-actions/manually-migrating-to-github-actions/migrating-from-azure-pipelines-to-github-actions
- /actions/migrating-to-github-actions/manually-migrating-to-github-actions/migrating-from-circleci-to-github-actions
- /actions/migrating-to-github-actions/manually-migrating-to-github-actions/migrating-from-gitlab-cicd-to-github-actions
- /actions/migrating-to-github-actions/manually-migrating-to-github-actions/migrating-from-jenkins-to-github-actions
- /actions/migrating-to-github-actions/manually-migrating-to-github-actions/migrating-from-travis-ci-to-github-actions
- - /actions/managing-issues-and-pull-requests/using-github-actions-for-project-management
- - /actions/managing-issues-and-pull-requests/closing-inactive-issues
- - /actions/managing-issues-and-pull-requests/scheduling-issue-creation
- - /actions/managing-issues-and-pull-requests/adding-labels-to-issues
- - /actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added
- - /actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards
- - /actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column
+ - /actions/use-cases-and-examples/project-management/using-github-actions-for-project-management
+ - /actions/use-cases-and-examples/project-management/closing-inactive-issues
+ - /actions/use-cases-and-examples/project-management/scheduling-issue-creation
+ - /actions/use-cases-and-examples/project-management/adding-labels-to-issues
+ - /actions/use-cases-and-examples/project-management/commenting-on-an-issue-when-a-label-is-added
+ - /actions/use-cases-and-examples/project-management/moving-assigned-issues-on-project-boards
+ - /actions/use-cases-and-examples/project-management/removing-a-label-when-a-card-is-added-to-a-project-board-column
- /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
- /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-java-to-azure-app-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-net-to-azure-app-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-php-to-azure-app-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-python-to-azure-app-service
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app
- - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service
+ - /actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service
+ - /actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service
+ - /actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service
+ - /actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service
+ - /actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service
+ - /actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service
+ - /actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app
+ - /actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service
---
+
diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md
index 4c53167cfa5c..1d2c843d76be 100644
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md
@@ -24,6 +24,7 @@ GitHub only supports the latest Autoscaling Runner Sets version of ARC. Support
If your support request is outside of the scope of what our team can help you with, we may recommend next steps to resolve your issue outside of {% data variables.contact.github_support %}. Your support request is possibly out of {% data variables.contact.github_support %}'s scope if the request is primarily about:
* The legacy community-maintained version of ARC
+* Installing, configuring, or maintaining dependencies
* Template spec customization
* Container orchestration, such as Kubernetes setup, networking, building images in ARC (DinD), etc.
* Applying Kubernetes policies
diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md
index 6497ed0fc637..19cb479e8fe3 100644
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md
@@ -503,7 +503,7 @@ template:
- name: init-dind-externals
image: ghcr.io/actions/actions-runner:latest
command:
- ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"]
+ ["cp", "-r", "/home/runner/externals/.", "/home/runner/tmpDir/"]
volumeMounts:
- name: dind-externals
mountPath: /home/runner/tmpDir
@@ -651,7 +651,7 @@ template:
initContainers:
- name: init-dind-externals
image: ghcr.io/actions/actions-runner:latest
- command: ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"]
+ command: ["cp", "-r", "/home/runner/externals/.", "/home/runner/tmpDir/"]
volumeMounts:
- name: dind-externals
mountPath: /home/runner/tmpDir
@@ -753,7 +753,7 @@ template:
initContainers:
- name: init-dind-externals
image: ghcr.io/actions/actions-runner:latest
- command: ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"]
+ command: ["cp", "-r", "/home/runner/externals/.", "/home/runner/tmpDir/"]
volumeMounts:
- name: dind-externals
mountPath: /home/runner/tmpDir
diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/index.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/index.md
index 1bc6d38c9022..d4d6dded78b9 100644
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/index.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/index.md
@@ -9,8 +9,8 @@ versions:
topics:
- Actions Runner Controller
children:
- - /quickstart-for-actions-runner-controller
- /about-actions-runner-controller
+ - /quickstart-for-actions-runner-controller
- /authenticating-to-the-github-api
- /deploying-runner-scale-sets-with-actions-runner-controller
- /using-actions-runner-controller-runners-in-a-workflow
diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md
index dc2546a41eaf..77bee700cae8 100644
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md
@@ -117,7 +117,7 @@ The following operating systems are supported for the self-hosted runner applica
The following processor architectures are supported for the self-hosted runner application.
* `x64` - Linux, macOS, Windows.
-* `ARM64` - Linux{% ifversion actions-macos-arm %}, macOS{% endif %}{% ifversion actions-windows-arm %}, Windows (currently in beta){% endif %}.
+* `ARM64` - Linux, macOS{% ifversion actions-windows-arm %}, Windows (currently in beta){% endif %}.
* `ARM32` - Linux.
{% ifversion ghes %}
diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md
index b9bce5f66ebc..bcf37637d63d 100644
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md
@@ -77,7 +77,7 @@ If you get a "permission denied" error when you attempt to run a script, make su
chmod +x PATH/TO/FILE
```
-For information about using workflows to run scripts, see "[AUTOTITLE](/actions/learn-github-actions/essential-features-of-github-actions#adding-scripts-to-your-workflow)."
+For information about using workflows to run scripts, see "[AUTOTITLE](/actions/writing-workflows/choosing-what-your-workflow-does/adding-scripts-to-your-workflow)."
### No timeout setting
diff --git a/content/actions/index.md b/content/actions/index.md
index 784041c362a5..a4fde23af74a 100644
--- a/content/actions/index.md
+++ b/content/actions/index.md
@@ -1,31 +1,26 @@
---
-title: "{% data variables.product.prodname_actions %} documentation"
-shortTitle: "{% data variables.product.prodname_actions %}"
+title: '{% data variables.product.prodname_actions %} documentation'
+shortTitle: '{% data variables.product.prodname_actions %}'
intro: 'Automate, customize, and execute your software development workflows right in your repository with {% data variables.product.prodname_actions %}. You can discover, create, and share actions to perform any job you''d like, including CI/CD, and combine actions in a completely customized workflow.'
introLinks:
- overview: /actions/learn-github-actions/understanding-github-actions
- quickstart: /actions/quickstart
+ overview: /actions/about-github-actions/understanding-github-actions
+ quickstart: /actions/writing-workflows/quickstart
featuredLinks:
startHere:
- - /actions/learn-github-actions
- - /actions/examples
- - /actions/automating-builds-and-tests/about-continuous-integration
- - /actions/deployment/about-deployments/deploying-with-github-actions
- - /actions/publishing-packages/about-packaging-with-github-actions
- - /actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting
+ - /actions/writing-workflows
+ - /actions/use-cases-and-examples
+ - /actions/about-github-actions/about-continuous-integration-with-github-actions
+ - /actions/use-cases-and-examples/deploying/deploying-with-github-actions
+ - /actions/use-cases-and-examples/publishing-packages/about-packaging-with-github-actions
+ - /actions/monitoring-and-troubleshooting-workflows
guideCards:
- - /actions/learn-github-actions/using-starter-workflows
- - /actions/publishing-packages/publishing-nodejs-packages
- - /actions/automating-builds-and-tests/building-and-testing-powershell
+ - /actions/writing-workflows/using-workflow-templates
+ - /actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages
+ - /actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell
popular:
- - /actions/using-workflows/workflow-syntax-for-github-actions
- - /actions/learn-github-actions
- - /actions/examples
- - /actions/using-workflows/events-that-trigger-workflows
- - /actions/learn-github-actions/contexts
- - /actions/learn-github-actions/expressions
- - /actions/learn-github-actions/variables
- - /actions/security-guides/using-secrets-in-github-actions
+ - /actions/writing-workflows/workflow-syntax-for-github-actions
+ - /actions/writing-workflows
+ - /actions/use-cases-and-examples
changelog:
label: actions
redirect_from:
@@ -42,23 +37,17 @@ versions:
ghes: '*'
ghec: '*'
children:
- - /quickstart
- - /learn-github-actions
- - /examples
- - /using-workflows
- - /using-jobs
- - /managing-workflow-runs
- - /automating-builds-and-tests
- - /deployment
- - /using-containerized-services
- - /publishing-packages
- - /managing-issues-and-pull-requests
- - /migrating-to-github-actions
+ - /about-github-actions
+ - /writing-workflows
+ - /managing-workflow-runs-and-deployments
+ - /sharing-automations
- /monitoring-and-troubleshooting-workflows
- /using-github-hosted-runners
- /hosting-your-own-runners
- - /security-guides
- - /creating-actions
+ - /security-for-github-actions
+ - /use-cases-and-examples
+ - /migrating-to-github-actions
+ - /administering-github-actions
- /guides
---
diff --git a/content/actions/learn-github-actions/essential-features-of-github-actions.md b/content/actions/learn-github-actions/essential-features-of-github-actions.md
deleted file mode 100644
index df21f2a459bb..000000000000
--- a/content/actions/learn-github-actions/essential-features-of-github-actions.md
+++ /dev/null
@@ -1,131 +0,0 @@
----
-title: Essential features of GitHub Actions
-shortTitle: Essential features
-intro: '{% data variables.product.prodname_actions %} are designed to help you build robust and dynamic automations. This guide will show you how to craft {% data variables.product.prodname_actions %} workflows that include environment variables, customized scripts, and more.'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: overview
-topics:
- - Fundamentals
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Overview
-
-{% data variables.product.prodname_actions %} allow you to customize your workflows to meet the unique needs of your application and team. In this guide, we'll discuss some of the essential customization techniques such as using variables, running scripts, and sharing data and artifacts between jobs.
-
-## Using variables in your workflows
-
-{% data variables.product.prodname_actions %} include default environment variables for each workflow run. If you need to use custom environment variables, you can set these in your YAML workflow file. This example demonstrates how to create custom variables named `POSTGRES_HOST` and `POSTGRES_PORT`. These variables are then available to the `node client.js` script.
-
-```yaml
-jobs:
- example-job:
- runs-on: ubuntu-latest
- steps:
- - name: Connect to PostgreSQL
- run: node client.js
- env:
- POSTGRES_HOST: postgres
- POSTGRES_PORT: 5432
-```
-
-For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#default-environment-variables)."
-
-## Adding scripts to your workflow
-
-You can use a {% data variables.product.prodname_actions %} workflow to run scripts and shell commands, which are then executed on the assigned runner. This example demonstrates how to use the `run` keyword to execute the command `npm install -g bats` on the runner.
-
-```yaml
-jobs:
- example-job:
- runs-on: ubuntu-latest
- steps:
- - run: npm install -g bats
-```
-
-To use a workflow to run a script stored in your repository you must first check out the repository to the runner. Having done this, you can use the `run` keyword to run the script on the runner. The following example runs two scripts, each in a separate job step. The location of the scripts on the runner is specified by setting a default working directory for run commands. For more information, see "[AUTOTITLE](/actions/using-jobs/setting-default-values-for-jobs)."
-
-```yaml
-jobs:
- example-job:
- runs-on: ubuntu-latest
- defaults:
- run:
- working-directory: ./scripts
- steps:
- - name: Check out the repository to the runner
- uses: {% data reusables.actions.action-checkout %}
- - name: Run a script
- run: ./my-script.sh
- - name: Run another script
- run: ./my-other-script.sh
-```
-
-Any scripts that you want a workflow job to run must be executable. You can do this either within the workflow by passing the script as an argument to the interpreter that will run the script - for example, `run: bash script.sh` - or by making the file itself executable. You can give the file the execute permission by using the command `git update-index --chmod=+x PATH/TO/YOUR/script.sh` locally, then committing and pushing the file to the repository. Alternatively, for workflows that are run on Linux and Mac runners, you can add a command to give the file the execute permission in the workflow job, prior to running the script:
-
-```yaml
-jobs:
- example-job:
- runs-on: ubuntu-latest
- defaults:
- run:
- working-directory: ./scripts
- steps:
- - name: Check out the repository to the runner
- uses: {% data reusables.actions.action-checkout %}
- - name: Make the script files executable
- run: chmod +x my-script.sh my-other-script.sh
- - name: Run the scripts
- run: |
- ./my-script.sh
- ./my-other-script.sh
-```
-
-For more information about the `run` keyword, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
-
-## Sharing data between jobs
-
-If your job generates files that you want to share with another job in the same workflow, or if you want to save the files for later reference, you can store them in {% data variables.product.prodname_dotcom %} as _artifacts_. Artifacts are the files created when you build and test your code. For example, artifacts might include binary or package files, test results, screenshots, or log files. Artifacts are associated with the workflow run where they were created and can be used by another job. {% data reusables.actions.reusable-workflow-artifacts %}
-
-For example, you can create a file and then upload it as an artifact.
-
-```yaml
-jobs:
- example-job:
- name: Save output
- runs-on: ubuntu-latest
- steps:
- - shell: bash
- run: |
- expr 1 + 1 > output.log
- - name: Upload output file
- uses: {% data reusables.actions.action-upload-artifact %}
- with:
- name: output-log-file
- path: output.log
-```
-
-To download an artifact from a separate workflow run, you can use the `actions/download-artifact` action. For example, you can download the artifact named `output-log-file`.
-
-```yaml
-jobs:
- example-job:
- runs-on: ubuntu-latest
- steps:
- - name: Download a single artifact
- uses: {% data reusables.actions.action-download-artifact %}
- with:
- name: output-log-file
-```
-
-To download an artifact from the same workflow run, your download job should specify `needs: upload-job-name` so it doesn't start until the upload job finishes.
-
-For more information about artifacts, see "[AUTOTITLE](/actions/using-workflows/storing-workflow-data-as-artifacts)."
-
-## Next steps
-
-To continue learning about {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/using-workflows/about-workflows)."
diff --git a/content/actions/learn-github-actions/index.md b/content/actions/learn-github-actions/index.md
deleted file mode 100644
index 0f24e9185a0a..000000000000
--- a/content/actions/learn-github-actions/index.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Learn GitHub Actions
-shortTitle: Learn GitHub Actions
-intro: 'Whether you are new to {% data variables.product.prodname_actions %} or interested in learning all they have to offer, this guide will help you use {% data variables.product.prodname_actions %} to accelerate your application development workflows.'
-redirect_from:
- - /articles/about-github-actions
- - /actions/getting-started-with-github-actions
- - /actions/getting-started-with-github-actions/about-github-actions
- - /actions/getting-started-with-github-actions/overview
- - /actions/getting-started-with-github-actions/getting-started-with-github-actions
- - /articles/getting-started-with-github-actions
- - /github/automating-your-workflow-with-github-actions/about-github-actions
- - /actions/automating-your-workflow-with-github-actions/about-github-actions
- - /github/automating-your-workflow-with-github-actions/getting-started-with-github-actions
- - /actions/automating-your-workflow-with-github-actions/getting-started-with-github-actions
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /understanding-github-actions
- - /finding-and-customizing-actions
- - /essential-features-of-github-actions
- - /expressions
- - /contexts
- - /variables
- - /using-starter-workflows
- - /usage-limits-billing-and-administration
----
-
diff --git a/content/actions/learn-github-actions/understanding-github-actions.md b/content/actions/learn-github-actions/understanding-github-actions.md
deleted file mode 100644
index 32e44186ab49..000000000000
--- a/content/actions/learn-github-actions/understanding-github-actions.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-title: Understanding GitHub Actions
-shortTitle: Understand GitHub Actions
-intro: 'Learn the basics of {% data variables.product.prodname_actions %}, including core concepts and essential terminology.'
-redirect_from:
- - /github/automating-your-workflow-with-github-actions/core-concepts-for-github-actions
- - /actions/automating-your-workflow-with-github-actions/core-concepts-for-github-actions
- - /actions/getting-started-with-github-actions/core-concepts-for-github-actions
- - /actions/learn-github-actions/introduction-to-github-actions
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: overview
-topics:
- - Fundamentals
-layout: inline
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Overview
-
-{% data reusables.actions.about-actions %} You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.
-
-{% data variables.product.prodname_actions %} goes beyond just DevOps and lets you run workflows when other events happen in your repository. For example, you can run a workflow to automatically add the appropriate labels whenever someone creates a new issue in your repository.
-
-{% ifversion fpt or ghec %}
-
-{% data variables.product.prodname_dotcom %} provides Linux, Windows, and macOS virtual machines to run your workflows, or you can host your own self-hosted runners in your own data center or cloud infrastructure.
-
-{% elsif ghes %}
-
-You must host your own Linux, Windows, or macOS virtual machines to run workflows for {% data variables.location.product_location %}. {% data reusables.actions.self-hosted-runner-locations %}
-
-{% endif %}
-
-{% ifversion ghec or ghes %}
-
-For more information about introducing {% data variables.product.prodname_actions %} to your enterprise, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise)."
-
-{% endif %}
-
-## The components of {% data variables.product.prodname_actions %}
-
-You can configure a {% data variables.product.prodname_actions %} _workflow_ to be triggered when an _event_ occurs in your repository, such as a pull request being opened or an issue being created. Your workflow contains one or more _jobs_ which can run in sequential order or in parallel. Each job will run inside its own virtual machine _runner_, or inside a container, and has one or more _steps_ that either run a script that you define or run an _action_, which is a reusable extension that can simplify your workflow.
-
-
-
-### Workflows
-
-{% data reusables.actions.about-workflows-long %}
-
-You can reference a workflow within another workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)."
-
-For more information about workflows, see "[AUTOTITLE](/actions/using-workflows)."
-
-### Events
-
-An event is a specific activity in a repository that triggers a workflow run. For example, an activity can originate from {% data variables.product.prodname_dotcom %} when someone creates a pull request, opens an issue, or pushes a commit to a repository. You can also trigger a workflow to run on a [schedule](/actions/using-workflows/events-that-trigger-workflows#schedule), by [posting to a REST API](/rest/repos/repos#create-a-repository-dispatch-event), or manually.
-
-For a complete list of events that can be used to trigger workflows, see [Events that trigger workflows](/actions/using-workflows/events-that-trigger-workflows).
-
-### Jobs
-
-A job is a set of _steps_ in a workflow that is executed on the same runner. Each step is either a shell script that will be executed, or an _action_ that will be run. Steps are executed in order and are dependent on each other. Since each step is executed on the same runner, you can share data from one step to another. For example, you can have a step that builds your application followed by a step that tests the application that was built.
-
-You can configure a job's dependencies with other jobs; by default, jobs have no dependencies and run in parallel with each other. When a job takes a dependency on another job, it will wait for the dependent job to complete before it can run. For example, you may have multiple build jobs for different architectures that have no dependencies, and a packaging job that is dependent on those jobs. The build jobs will run in parallel, and when they have all completed successfully, the packaging job will run.
-
-For more information about jobs, see "[AUTOTITLE](/actions/using-jobs)."
-
-### Actions
-
-An _action_ is a custom application for the {% data variables.product.prodname_actions %} platform that performs a complex but frequently repeated task. Use an action to help reduce the amount of repetitive code that you write in your workflow files. An action can pull your git repository from {% data variables.product.prodname_dotcom %}, set up the correct toolchain for your build environment, or set up the authentication to your cloud provider.
-
-You can write your own actions, or you can find actions to use in your workflows in the {% data variables.product.prodname_marketplace %}.
-
-{% data reusables.actions.internal-actions-summary %}
-
-For more information, see "[AUTOTITLE](/actions/creating-actions)."
-
-### Runners
-
-{% data reusables.actions.about-runners %} Each runner can run a single job at a time. {% ifversion ghes %} You must host your own runners for {% data variables.product.product_name %}. {% elsif fpt or ghec %}{% data variables.product.company_short %} provides Ubuntu Linux, Microsoft Windows, and macOS runners to run your workflows; each workflow run executes in a fresh, newly-provisioned virtual machine. {% ifversion actions-hosted-runners %} {% data variables.product.prodname_dotcom %} also offers {% data variables.actions.hosted_runner %}s, which are available in larger configurations. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners)." {% endif %}If you need a different operating system or require a specific hardware configuration, you can host your own runners.{% endif %} For more information{% ifversion fpt or ghec %} about self-hosted runners{% endif %}, see "[AUTOTITLE](/actions/hosting-your-own-runners)."
-
-{% data reusables.actions.workflow-basic-example-and-explanation %}
-
-## Next steps
-
-{% data reusables.actions.onboarding-next-steps %}
-
-{% ifversion ghec or ghes %}
-
-## Further reading
-
-* "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)"
-{% endif %}
diff --git a/content/actions/learn-github-actions/using-starter-workflows.md b/content/actions/learn-github-actions/using-starter-workflows.md
deleted file mode 100644
index a70df4b8080f..000000000000
--- a/content/actions/learn-github-actions/using-starter-workflows.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: Using starter workflows
-shortTitle: Use starter workflows
-intro: '{% data variables.product.product_name %} provides starter workflows for a variety of languages and tooling.'
-redirect_from:
- - /articles/setting-up-continuous-integration-using-github-actions
- - /github/automating-your-workflow-with-github-actions/setting-up-continuous-integration-using-github-actions
- - /actions/automating-your-workflow-with-github-actions/setting-up-continuous-integration-using-github-actions
- - /actions/building-and-testing-code-with-continuous-integration/setting-up-continuous-integration-using-github-actions
- - /actions/guides/setting-up-continuous-integration-using-workflow-templates
- - /actions/learn-github-actions/using-workflow-templates
- - /actions/using-workflows/using-starter-workflows
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: tutorial
-topics:
- - Workflows
- - CI
- - CD
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## About starter workflows
-
-Starter workflows are templates that help you to create your own {% data variables.product.prodname_actions %} workflows for a repository. They offer an alternative to starting from a blank workflow file and are useful because some of the work will already have been done for you.
-
-{% data variables.product.product_name %} offers starter workflows for a variety of languages and tooling. When you set up workflows in your repository, {% data variables.product.product_name %} analyzes the code in your repository and recommends workflows based on the language and framework in your repository. For example, if you use Node.js, {% data variables.product.product_name %} will suggest a starter workflow file that installs your Node.js packages and runs your tests. You can search and filter to find relevant starter workflows.
-
-{% data reusables.actions.starter-workflow-categories %}
-
-You can also create your own starter workflow to share with your organization. These starter workflows will appear alongside the {% data variables.product.product_name %}-provided starter workflows. Anyone with write access to the organization's `github` repository can set up a starter workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
-
-## Choosing and using a starter workflow
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.actions-tab %}
-{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Find the starter workflow that you want to use, then click **Configure**. To help you find the starter workflow that you want, you can search for keywords or filter by category.
-1. If the starter workflow contains comments detailing additional setup steps, follow these steps.
-
- There are guides to accompany many of the starter workflows for building and testing projects. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests)."
-
-1. Some starter workflows use secrets. For example, {% raw %}`${{ secrets.npm_token }}`{% endraw %}. If the starter workflow uses a secret, store the value described in the secret name as a secret in your repository. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)."
-1. Optionally, make additional changes. For example, you might want to change the value of `on` to change when the workflow runs.
-1. Click **Start commit**.
-1. Write a commit message and decide whether to commit directly to the default branch or to open a pull request.
-
-## Further reading
-
-* "[AUTOTITLE](/actions/automating-builds-and-tests/about-continuous-integration)"
-* "[AUTOTITLE](/actions/managing-workflow-runs)"
-* "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting)"
-{% ifversion fpt or ghec %}
-* "[AUTOTITLE](/billing/managing-billing-for-github-actions)"
-{% endif %}
diff --git a/content/actions/managing-workflow-runs-and-deployments/index.md b/content/actions/managing-workflow-runs-and-deployments/index.md
new file mode 100644
index 000000000000..96d0567b7481
--- /dev/null
+++ b/content/actions/managing-workflow-runs-and-deployments/index.md
@@ -0,0 +1,21 @@
+---
+title: Managing workflow runs and deployments
+shortTitle: Manage workflows and deployments
+intro: '{% data variables.product.prodname_dotcom %} enables you to have control over your workflow runs and deployments.'
+redirect_from:
+ - /actions/configuring-and-managing-workflows/managing-a-workflow-run
+ - /articles/managing-a-workflow-run
+ - /github/automating-your-workflow-with-github-actions/managing-a-workflow-run
+ - /actions/automating-your-workflow-with-github-actions/managing-a-workflow-run
+ - /actions/configuring-and-managing-workflows/configuring-and-managing-workflow-files-and-runs
+ - /actions/managing-workflow-runs
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /managing-workflow-runs
+ - /managing-deployments
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/configuring-custom-deployment-protection-rules.md
similarity index 92%
rename from content/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-deployments/configuring-custom-deployment-protection-rules.md
index 048516f5afac..1e0ed34c1fc8 100644
--- a/content/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/configuring-custom-deployment-protection-rules.md
@@ -1,16 +1,18 @@
---
title: Configuring custom deployment protection rules
shortTitle: Configure custom protection rules
-intro: Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems.
+intro: 'Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems.'
product: '{% data reusables.actions.custom-deployment-protection-rules-availability %}'
versions:
fpt: '*'
ghec: '*'
- ghes: '>=3.10'
+ ghes: '*'
topics:
- Actions
- CD
- Deployment
+redirect_from:
+ - /actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules
---
{% data reusables.actions.custom-deployment-protection-rules-beta-note %}
@@ -19,7 +21,7 @@ topics:
Custom deployment protection rules are powered by {% data variables.product.prodname_github_apps %}. Once a deployment protection rule is configured and installed in a repository, it can be enabled for any environments in the repository.
-After you enable a custom deployment protection rule on an environment, every time a workflow step targets that environment, the deployment protection rule will run automatically. For more information about targeting an environment for deployments, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+After you enable a custom deployment protection rule on an environment, every time a workflow step targets that environment, the deployment protection rule will run automatically. For more information about targeting an environment for deployments, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
When a custom deployment protection rule is triggered it will wait for up to 30 days for a webhook event response before it times out and the workflow job fails.
diff --git a/content/actions/deployment/protecting-deployments/creating-custom-deployment-protection-rules.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/creating-custom-deployment-protection-rules.md
similarity index 97%
rename from content/actions/deployment/protecting-deployments/creating-custom-deployment-protection-rules.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-deployments/creating-custom-deployment-protection-rules.md
index b34b2b1a2775..21ae0fdce84b 100644
--- a/content/actions/deployment/protecting-deployments/creating-custom-deployment-protection-rules.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/creating-custom-deployment-protection-rules.md
@@ -1,16 +1,18 @@
---
title: Creating custom deployment protection rules
shortTitle: Create custom protection rules
-intro: Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems.
+intro: 'Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems.'
product: '{% data reusables.actions.custom-deployment-protection-rules-availability %}'
versions:
fpt: '*'
ghec: '*'
- ghes: '>=3.10'
+ ghes: '*'
topics:
- Actions
- CD
- Deployment
+redirect_from:
+ - /actions/deployment/protecting-deployments/creating-custom-deployment-protection-rules
---
{% data reusables.actions.custom-deployment-protection-rules-beta-note %}
diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/index.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/index.md
new file mode 100644
index 000000000000..086e954c7298
--- /dev/null
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/index.md
@@ -0,0 +1,19 @@
+---
+title: Managing deployments
+shortTitle: Manage deployments
+intro: 'View your deployment history and configure rules to protect your deployments.'
+redirect_from:
+ - /actions/deployment/managing-your-deployments
+ - /actions/deployment/protecting-deployments
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /viewing-deployment-history
+ - /managing-environments-for-deployment
+ - /reviewing-deployments
+ - /creating-custom-deployment-protection-rules
+ - /configuring-custom-deployment-protection-rules
+---
+
diff --git a/content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md
similarity index 92%
rename from content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md
index 6ed7b80887ee..6adc0d591b7e 100644
--- a/content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md
@@ -1,12 +1,17 @@
---
-title: Using environments for deployment
-shortTitle: Use environments for deployment
-intro: You can configure environments with protection rules and secrets. A workflow job that references an environment must follow any protection rules for the environment before running or accessing the environment's secrets.
+title: Managing environments for deployment
+shortTitle: Manage environments
+intro: You can create environments and secure those environments with deployment protection rules. A job that references an environment must follow any protection rules for the environment before running or accessing the environment's secrets.
product: '{% data reusables.gated-features.environments %}'
+permissions: Repository owners
redirect_from:
- /actions/reference/environments
- /actions/deployment/environments
- /actions/deployment/using-environments-for-deployment
+ - /actions/deployment/targeting-different-environments/using-environments-for-deployment
+ - /actions/deployment/targeting-different-environments
+ - /actions/deployment/targeting-different-environments/managing-environments-for-deployment
+ - /actions/administering-github-actions/managing-environments-for-deployment
topics:
- CD
- Deployment
@@ -204,7 +209,7 @@ Variables stored in an environment are only available to workflow jobs that refe
1. Select the custom protection rule you want to enable.
1. Click **Save protection rules**.
{%- endif %}
-1. Optionally, specify what branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} can deploy to this environment. For more information, see "[Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches{% ifversion deployment-protections-tag-patterns %}-and-tags{% endif %})."
+1. Optionally, specify what branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} can deploy to this environment. For more information, see "[Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#deployment-branches{% ifversion deployment-protections-tag-patterns %}-and-tags{% endif %})."
1. Select the desired option in the **Deployment branches** dropdown.
1. If you chose **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}**, to add a new rule, click **Add deployment branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} rule**
{% ifversion deployment-protections-tag-patterns %}1. In the "Ref type" dropdown menu, depending on what rule you want to apply, click **{% octicon "git-branch" aria-label="The branch icon" %} Branch** or **{% octicon "tag" aria-label="The tag icon" %} Tag**.{% endif %}
@@ -228,15 +233,7 @@ Variables stored in an environment are only available to workflow jobs that refe
You can also create and configure environments through the REST API. For more information, see "[AUTOTITLE](/rest/deployments/environments)," "[AUTOTITLE](/rest/actions/secrets)," "[AUTOTITLE](/rest/actions/variables)," and "[AUTOTITLE](/rest/deployments/branch-policies)."
-Running a workflow that references an environment that does not exist will create an environment with the referenced name. The newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.
-
-## Using an environment
-
-Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. The job can access the environment's secrets only after the job is sent to a runner.
-
-When a workflow references an environment, the environment will appear in the repository's deployments. For more information about viewing current and previous deployments, see "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
-
-{% data reusables.actions.environment-example %}
+Running a workflow that references an environment that does not exist will create an environment with the referenced name. If the environment is created from running implicit page builds (for example, from a branch or folder source), the source branch will be added as a protection rule to the environment. Otherwise, the newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.
## Deleting an environment
diff --git a/content/actions/managing-workflow-runs/reviewing-deployments.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md
similarity index 88%
rename from content/actions/managing-workflow-runs/reviewing-deployments.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md
index e3888480fcff..87295e370a6f 100644
--- a/content/actions/managing-workflow-runs/reviewing-deployments.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md
@@ -7,6 +7,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/managing-workflow-runs/reviewing-deployments
---
@@ -14,7 +16,7 @@ versions:
Jobs that reference an environment configured with required reviewers will wait for an approval before starting. While a job is awaiting approval, it has a status of "Waiting". If a job is not approved within 30 days, it will automatically fail.
-For more information about environments and required approvals, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)." For information about how to review deployments with the REST API, see "[AUTOTITLE](/rest/actions/workflow-runs)."
+For more information about environments and required approvals, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)." For information about how to review deployments with the REST API, see "[AUTOTITLE](/rest/actions/workflow-runs)."
## Approving or rejecting a job
@@ -27,7 +29,7 @@ For more information about environments and required approvals, see "[AUTOTITLE]
{% ifversion deployments-prevent-self-approval %}{% note %}
-**Note:** If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers)."
+**Note:** If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#required-reviewers)."
{% endnote %}{% endif %}
@@ -41,7 +43,7 @@ If you have configured deployment protection rules that control whether software
**Notes:**
-* You cannot bypass deployment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment)."
+* You cannot bypass deployment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#creating-an-environment)."
* You can only bypass deployment protection rules during workflow execution when a job referencing the environment is in a "Pending" state.
{% endnote %}
diff --git a/content/actions/deployment/managing-your-deployments/viewing-deployment-history.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md
similarity index 98%
rename from content/actions/deployment/managing-your-deployments/viewing-deployment-history.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md
index 95da372314fa..06bc83c6cbd4 100644
--- a/content/actions/deployment/managing-your-deployments/viewing-deployment-history.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md
@@ -11,6 +11,7 @@ topics:
redirect_from:
- /developers/overview/viewing-deployment-history
- /actions/deployment/viewing-deployment-history
+ - /actions/deployment/managing-your-deployments/viewing-deployment-history
---
{% ifversion actions-deployment-history-beta %}
diff --git a/content/actions/managing-workflow-runs/approving-workflow-runs-from-private-forks.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-private-forks.md
similarity index 89%
rename from content/actions/managing-workflow-runs/approving-workflow-runs-from-private-forks.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-private-forks.md
index 09d136909e96..83b30cf0fa27 100644
--- a/content/actions/managing-workflow-runs/approving-workflow-runs-from-private-forks.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-private-forks.md
@@ -5,6 +5,8 @@ permissions: Maintainers with write access to a repository can approve workflow
versions:
feature: actions-private-fork-workflow-approvals
shortTitle: Approve private fork runs
+redirect_from:
+ - /actions/managing-workflow-runs/approving-workflow-runs-from-private-forks
---
## About workflow runs from private forks
diff --git a/content/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks.md
similarity index 91%
rename from content/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks.md
index a706c1c0127f..a0c5eabcd27a 100644
--- a/content/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks.md
@@ -1,10 +1,12 @@
---
title: Approving workflow runs from public forks
-intro: 'When an outside contributor submits a pull request to a public repository, a maintainer with write access may need to approve any workflow runs.'
+intro: 'When an outside contributor submits a pull request to a public repository, a maintainer with write access may need to approve some workflow runs.'
versions:
fpt: '*'
ghec: '*'
shortTitle: Approve public fork runs
+redirect_from:
+ - /actions/managing-workflow-runs/approving-workflow-runs-from-public-forks
---
## About workflow runs from public forks
diff --git a/content/actions/managing-workflow-runs/canceling-a-workflow.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/canceling-a-workflow.md
similarity index 92%
rename from content/actions/managing-workflow-runs/canceling-a-workflow.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/canceling-a-workflow.md
index c6f5b9c75b4a..6a3a6d2bd0e3 100644
--- a/content/actions/managing-workflow-runs/canceling-a-workflow.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/canceling-a-workflow.md
@@ -6,6 +6,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/managing-workflow-runs/canceling-a-workflow
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -27,6 +29,6 @@ When canceling workflow run, you may be running other software that uses resourc
1. To cancel the workflow run, the server re-evaluates `if` conditions for all currently running jobs. If the condition evaluates to `true`, the job will not get canceled. For example, the condition `if: always()` would evaluate to true and the job continues to run. When there is no condition, that is the equivalent of the condition `if: success()`, which only runs if the previous step finished successfully.
1. For jobs that need to be canceled, the server sends a cancellation message to all the runner machines with jobs that need to be canceled.
-1. For jobs that continue to run, the server re-evaluates `if` conditions for the unfinished steps. If the condition evaluates to `true`, the step continues to run. You can use the `cancelled` expression to apply a status check of `cancelled( )`. For more information see "[AUTOTITLE](/actions/learn-github-actions/expressions#cancelled)."
+1. For jobs that continue to run, the server re-evaluates `if` conditions for the unfinished steps. If the condition evaluates to `true`, the step continues to run. You can use the `cancelled` expression to apply a status check of `cancelled()`. For more information see "[AUTOTITLE](/actions/learn-github-actions/expressions#cancelled)."
1. For steps that need to be canceled, the runner machine sends `SIGINT/Ctrl-C` to the step's entry process (`node` for javascript action, `docker` for container action, and `bash/cmd/pwd` when using `run` in a step). If the process doesn't exit within 7500 ms, the runner will send `SIGTERM/Ctrl-Break` to the process, then wait for 2500 ms for the process to exit. If the process is still running, the runner kills the process tree.
1. After the 5 minutes cancellation timeout period, the server will force terminate all jobs and steps that don't finish running or fail to complete the cancellation process.
diff --git a/content/actions/managing-workflow-runs/deleting-a-workflow-run.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/deleting-a-workflow-run.md
similarity index 92%
rename from content/actions/managing-workflow-runs/deleting-a-workflow-run.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/deleting-a-workflow-run.md
index 843c22315ec5..d718fb0f81b1 100644
--- a/content/actions/managing-workflow-runs/deleting-a-workflow-run.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/deleting-a-workflow-run.md
@@ -6,6 +6,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/managing-workflow-runs/deleting-a-workflow-run
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-workflows/disabling-and-enabling-a-workflow.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md
similarity index 98%
rename from content/actions/using-workflows/disabling-and-enabling-a-workflow.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md
index c9b5d51c0ee5..6219e13dd85e 100644
--- a/content/actions/using-workflows/disabling-and-enabling-a-workflow.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md
@@ -8,6 +8,7 @@ versions:
shortTitle: Disable & enable a workflow
redirect_from:
- /actions/managing-workflow-runs/disabling-and-enabling-a-workflow
+ - /actions/using-workflows/disabling-and-enabling-a-workflow
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/managing-workflow-runs/downloading-workflow-artifacts.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/downloading-workflow-artifacts.md
similarity index 97%
rename from content/actions/managing-workflow-runs/downloading-workflow-artifacts.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/downloading-workflow-artifacts.md
index 9adb2e4eecab..fc2fb9f8202c 100644
--- a/content/actions/managing-workflow-runs/downloading-workflow-artifacts.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/downloading-workflow-artifacts.md
@@ -7,6 +7,8 @@ versions:
ghes: '*'
ghec: '*'
shortTitle: Download workflow artifacts
+redirect_from:
+ - /actions/managing-workflow-runs/downloading-workflow-artifacts
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/index.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/index.md
new file mode 100644
index 000000000000..4804327b0cca
--- /dev/null
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/index.md
@@ -0,0 +1,21 @@
+---
+title: Managing workflow runs
+shortTitle: Manage workflow runs
+intro: 'You can manually interact with workflow runs to ensure they run effectively.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /manually-running-a-workflow
+ - /re-running-workflows-and-jobs
+ - /canceling-a-workflow
+ - /disabling-and-enabling-a-workflow
+ - /skipping-workflow-runs
+ - /deleting-a-workflow-run
+ - /downloading-workflow-artifacts
+ - /removing-workflow-artifacts
+ - /approving-workflow-runs-from-public-forks
+ - /approving-workflow-runs-from-private-forks
+---
+
diff --git a/content/actions/using-workflows/manually-running-a-workflow.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md
similarity index 98%
rename from content/actions/using-workflows/manually-running-a-workflow.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md
index 6eac4141188b..291ae42af5da 100644
--- a/content/actions/using-workflows/manually-running-a-workflow.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md
@@ -8,6 +8,7 @@ versions:
shortTitle: Manually run a workflow
redirect_from:
- /actions/managing-workflow-runs/manually-running-a-workflow
+ - /actions/using-workflows/manually-running-a-workflow
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md
similarity index 99%
rename from content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md
index 75324b16a3cd..20e2e7200205 100644
--- a/content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md
@@ -5,6 +5,7 @@ intro: 'You can re-run a workflow run{% ifversion re-run-jobs %}, all failed job
permissions: People with write permissions to a repository can re-run workflows in the repository.
redirect_from:
- /actions/managing-workflow-runs/re-running-a-workflow
+ - /actions/managing-workflow-runs/re-running-workflows-and-jobs
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-workflow-runs/removing-workflow-artifacts.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md
similarity index 96%
rename from content/actions/managing-workflow-runs/removing-workflow-artifacts.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md
index 9d34ecc2e619..7dd813db73d9 100644
--- a/content/actions/managing-workflow-runs/removing-workflow-artifacts.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md
@@ -6,6 +6,8 @@ versions:
ghes: '*'
ghec: '*'
shortTitle: Remove workflow artifacts
+redirect_from:
+ - /actions/managing-workflow-runs/removing-workflow-artifacts
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/managing-workflow-runs/skipping-workflow-runs.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md
similarity index 89%
rename from content/actions/managing-workflow-runs/skipping-workflow-runs.md
rename to content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md
index 913e992440f3..cb5913ec662b 100644
--- a/content/actions/managing-workflow-runs/skipping-workflow-runs.md
+++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md
@@ -6,6 +6,8 @@ versions:
ghes: '*'
ghec: '*'
shortTitle: Skip workflow runs
+redirect_from:
+ - /actions/managing-workflow-runs/skipping-workflow-runs
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -24,7 +26,7 @@ Workflows that would otherwise be triggered using `on: push` or `on: pull_reques
* `[skip actions]`
* `[actions skip]`
-Alternatively, you can add a `skip-checks` trailer to your commit message. The trailers section should be included at the end of your commit message and be proceeded by two empty lines. If you already have other trailers in your commit message, `skip-checks` should be last. You can use either of the following:
+Alternatively, you can add a `skip-checks` trailer to your commit message. The trailers section should be included at the end of your commit message and be preceded by two empty lines. If you already have other trailers in your commit message, `skip-checks` should be last. You can use either of the following:
* `skip-checks:true`
* `skip-checks: true`
diff --git a/content/actions/managing-workflow-runs/index.md b/content/actions/managing-workflow-runs/index.md
deleted file mode 100644
index 3230055a3bc0..000000000000
--- a/content/actions/managing-workflow-runs/index.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Managing workflow runs
-shortTitle: Manage workflow runs
-intro: 'You can re-run or cancel a workflow, {% ifversion fpt or ghes %}review deployments, {% endif %}view billable job execution minutes, and download artifacts.'
-redirect_from:
- - /actions/configuring-and-managing-workflows/managing-a-workflow-run
- - /articles/managing-a-workflow-run
- - /github/automating-your-workflow-with-github-actions/managing-a-workflow-run
- - /actions/automating-your-workflow-with-github-actions/managing-a-workflow-run
- - /actions/configuring-and-managing-workflows/configuring-and-managing-workflow-files-and-runs
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /re-running-workflows-and-jobs
- - /canceling-a-workflow
- - /approving-workflow-runs-from-public-forks
- - /approving-workflow-runs-from-private-forks
- - /reviewing-deployments
- - /skipping-workflow-runs
- - /deleting-a-workflow-run
- - /downloading-workflow-artifacts
- - /removing-workflow-artifacts
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/migrating-to-github-actions/index.md b/content/actions/migrating-to-github-actions/index.md
index c986641bb45c..8bb45276cb35 100644
--- a/content/actions/migrating-to-github-actions/index.md
+++ b/content/actions/migrating-to-github-actions/index.md
@@ -9,7 +9,7 @@ versions:
redirect_from:
- /articles/migrating-github-actions-from-hcl-syntax-to-yaml-syntax
children:
- - /automated-migrations
+ - /using-github-actions-importer-to-automate-migrations
- /manually-migrating-to-github-actions
---
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/automating-migration-with-github-actions-importer.md
similarity index 98%
rename from content/actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/automating-migration-with-github-actions-importer.md
index 63437cc0d9f6..eb542bf2844b 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/automating-migration-with-github-actions-importer.md
@@ -3,6 +3,7 @@ title: Automating migration with GitHub Actions Importer
intro: 'Use {% data variables.product.prodname_actions_importer %} to plan and automate your migration to {% data variables.product.prodname_actions %}.'
redirect_from:
- /actions/migrating-to-github-actions/automating-migration-with-github-actions-importer
+ - /actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer
versions:
fpt: '*'
ghec: '*'
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/extending-github-actions-importer-with-custom-transformers.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md
similarity index 98%
rename from content/actions/migrating-to-github-actions/automated-migrations/extending-github-actions-importer-with-custom-transformers.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md
index 5d529b3a1bbc..89855b319b2e 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/extending-github-actions-importer-with-custom-transformers.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: Extending GitHub Actions Importer
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/extending-github-actions-importer-with-custom-transformers
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/index.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/index.md
similarity index 92%
rename from content/actions/migrating-to-github-actions/automated-migrations/index.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/index.md
index 8c7298583be8..308059c51592 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/index.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/index.md
@@ -17,5 +17,7 @@ children:
- /migrating-from-gitlab-with-github-actions-importer
- /migrating-from-jenkins-with-github-actions-importer
- /migrating-from-travis-ci-with-github-actions-importer
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations
---
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-azure-devops-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md
similarity index 99%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-azure-devops-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md
index b9d9f6b7e1e5..8a1455c24259 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-azure-devops-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: Azure DevOps migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-azure-devops-with-github-actions-importer
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md
similarity index 99%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md
index 531c058e2dc3..6719c745f615 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: Bamboo migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md
similarity index 98%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md
index eb094c5dba63..30e9b5d77f3b 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: Bitbucket Pipelines migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer
---
[Legal notice](#legal-notice)
@@ -125,7 +127,7 @@ The audit command performs the following steps.
To perform an audit run the following command in your terminal, replacing `:workspace` with the name of the Bitbucket workspace to audit.
```bash
-gh actions-importer audit bitbucket --workspace :workspace--output-dir tmp/audit
+gh actions-importer audit bitbucket --workspace :workspace --output-dir tmp/audit
```
Optionally, a `--project-key` option can be provided to the audit command to limit the results to only pipelines associated with a project.
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-circleci-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-circleci-with-github-actions-importer.md
similarity index 99%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-circleci-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-circleci-with-github-actions-importer.md
index f50fc2ace2d9..196a362147f1 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-circleci-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-circleci-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: CircleCI migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-circleci-with-github-actions-importer
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-gitlab-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-gitlab-with-github-actions-importer.md
similarity index 99%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-gitlab-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-gitlab-with-github-actions-importer.md
index 52bf927f03db..8bac1cc2a3b6 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-gitlab-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-gitlab-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: GitLab migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-gitlab-with-github-actions-importer
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-jenkins-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md
similarity index 99%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-jenkins-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md
index cfe1e81dff67..5e6dc8f84a23 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-jenkins-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: Jenkins migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-jenkins-with-github-actions-importer
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-travis-ci-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-travis-ci-with-github-actions-importer.md
similarity index 99%
rename from content/actions/migrating-to-github-actions/automated-migrations/migrating-from-travis-ci-with-github-actions-importer.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-travis-ci-with-github-actions-importer.md
index 27454cd00d0b..cf6837fee0a5 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/migrating-from-travis-ci-with-github-actions-importer.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-travis-ci-with-github-actions-importer.md
@@ -11,6 +11,8 @@ topics:
- CI
- CD
shortTitle: Travis CI migration
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/migrating-from-travis-ci-with-github-actions-importer
---
[Legal notice](#legal-notice)
diff --git a/content/actions/migrating-to-github-actions/automated-migrations/supplemental-arguments-and-settings.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/supplemental-arguments-and-settings.md
similarity index 98%
rename from content/actions/migrating-to-github-actions/automated-migrations/supplemental-arguments-and-settings.md
rename to content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/supplemental-arguments-and-settings.md
index b01fd4fa5c9a..582be574c7d5 100644
--- a/content/actions/migrating-to-github-actions/automated-migrations/supplemental-arguments-and-settings.md
+++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/supplemental-arguments-and-settings.md
@@ -10,6 +10,8 @@ topics:
- Migration
- CI
- CD
+redirect_from:
+ - /actions/migrating-to-github-actions/automated-migrations/supplemental-arguments-and-settings
---
[Legal notice](#legal-notice)
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/index.md b/content/actions/monitoring-and-troubleshooting-workflows/index.md
index 032791f6dc5e..5406af09b895 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/index.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/index.md
@@ -1,24 +1,18 @@
---
title: Monitoring and troubleshooting workflows
shortTitle: Monitor & troubleshoot
-intro: 'You can view the status and results of each step in your workflow, debug a failed workflow, search and download logs, and view billable job execution minutes.'
+intro: 'You can view the status and results of each step in your workflow, debug a failed workflow, and search and download logs.'
redirect_from:
- /articles/viewing-your-repository-s-workflows
- /articles/viewing-your-repositorys-workflows
+ - /actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting
versions:
fpt: '*'
ghes: '*'
ghec: '*'
children:
- - /about-monitoring-and-troubleshooting
- - /using-the-visualization-graph
- - /adding-a-workflow-status-badge
- - /viewing-workflow-run-history
- - /viewing-job-execution-time
- - /using-workflow-run-logs
- - /enabling-debug-logging
- - /notifications-for-workflow-runs
- - /viewing-github-actions-usage-metrics-for-your-organization
- - /working-with-support-for-github-actions
----
+ - /monitoring-workflows
+ - /troubleshooting-workflows
+---
+
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/about-monitoring-workflows.md
similarity index 60%
rename from content/actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/about-monitoring-workflows.md
index 6d385253594b..9cec21768a5c 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/about-monitoring-workflows.md
@@ -1,13 +1,13 @@
---
-title: About monitoring and troubleshooting
-intro: 'You can use the tools in {% data variables.product.prodname_actions %} to monitor and debug your workflows.'
+title: About monitoring workflows
+intro: 'You can use the tools in {% data variables.product.prodname_actions %} to monitor your workflows.'
versions:
fpt: '*'
ghes: '*'
ghec: '*'
-shortTitle: About monitoring and troubleshooting
+shortTitle: About monitoring
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## Monitoring your workflows
@@ -45,21 +45,7 @@ To identify how long a job took to run, you can view its execution time. For mor
You can view the status of each job and step in a workflow. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)."
-## Troubleshooting your workflows
-
-### Using workflow run logs
-
-Each workflow run generates activity logs that you can view, search, and download. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs)."
-
-### Enabling debug logging
-
-If the workflow logs do not provide enough detail to diagnose why a workflow, job, or step is not working as expected, you can enable additional debug logging. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."
-
-### Canceling a workflow
-
-If you attempt to cancel a workflow and the cancellation doesn't succeed, make sure you aren't using the `always` expression. The `always` expression causes a workflow step to run even when the workflow is canceled, which results in a hanging cancellation. For more information, see "[AUTOTITLE](/actions/learn-github-actions/expressions#always)".
-
-## Monitoring and troubleshooting self-hosted runners
+## Monitoring self-hosted runners
If you use self-hosted runners, you can view their activity and diagnose common issues.
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/adding-a-workflow-status-badge.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md
similarity index 97%
rename from content/actions/monitoring-and-troubleshooting-workflows/adding-a-workflow-status-badge.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md
index 387da242a2da..2857b0565dbd 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/adding-a-workflow-status-badge.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md
@@ -4,6 +4,7 @@ shortTitle: Add a status badge
intro: You can display a status badge in your repository to indicate the status of your workflows.
redirect_from:
- /actions/managing-workflow-runs/adding-a-workflow-status-badge
+ - /actions/monitoring-and-troubleshooting-workflows/adding-a-workflow-status-badge
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/index.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/index.md
new file mode 100644
index 000000000000..15e9f846d035
--- /dev/null
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/index.md
@@ -0,0 +1,17 @@
+---
+title: Monitoring workflows
+shortTitle: Monitor
+intro: 'You can monitor {% data variables.product.prodname_actions %} workflows by using tools like the visualization graph and run logs.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /about-monitoring-workflows
+ - /notifications-for-workflow-runs
+ - /using-the-visualization-graph
+ - /viewing-workflow-run-history
+ - /viewing-job-execution-time
+ - /adding-a-workflow-status-badge
+ - /using-workflow-run-logs
+---
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/notifications-for-workflow-runs.md
similarity index 76%
rename from content/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/notifications-for-workflow-runs.md
index 085df4473799..3c09d2db10e1 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/notifications-for-workflow-runs.md
@@ -6,6 +6,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-the-visualization-graph.md
similarity index 91%
rename from content/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-the-visualization-graph.md
index 3ddc9bf8d26c..c4bc5f5486bd 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-the-visualization-graph.md
@@ -4,6 +4,7 @@ shortTitle: Visualization graph
intro: Every workflow run generates a real-time graph that illustrates the run progress. You can use this graph to monitor and debug workflows.
redirect_from:
- /actions/managing-workflow-runs/using-the-visualization-graph
+ - /actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md
similarity index 99%
rename from content/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md
index 222e29689462..9deda463f111 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md
@@ -4,6 +4,7 @@ shortTitle: Workflow run logs
intro: 'You can view, search, and download the logs for each job in a workflow run.'
redirect_from:
- /actions/managing-workflow-runs/using-workflow-run-logs
+ - /actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/viewing-job-execution-time.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md
similarity index 94%
rename from content/actions/monitoring-and-troubleshooting-workflows/viewing-job-execution-time.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md
index 4d9baf8af234..027c0100e1fd 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/viewing-job-execution-time.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md
@@ -4,6 +4,7 @@ shortTitle: View job execution time
intro: 'You can view the execution time of a job, including the billable minutes that a job accrued.'
redirect_from:
- /actions/managing-workflow-runs/viewing-job-execution-time
+ - /actions/monitoring-and-troubleshooting-workflows/viewing-job-execution-time
versions:
fpt: '*'
ghec: '*'
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-workflow-run-history.md
similarity index 96%
rename from content/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history.md
rename to content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-workflow-run-history.md
index f801c5a925df..8964e48e31a0 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-workflow-run-history.md
@@ -4,6 +4,7 @@ shortTitle: Workflow run history
intro: You can view logs for each run of a workflow. Logs include the status for each job and step in a workflow.
redirect_from:
- /actions/managing-workflow-runs/viewing-workflow-run-history
+ - /actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/about-troubleshooting-workflows.md b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/about-troubleshooting-workflows.md
new file mode 100644
index 000000000000..0a784bc9c750
--- /dev/null
+++ b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/about-troubleshooting-workflows.md
@@ -0,0 +1,31 @@
+---
+title: About troubleshooting workflows
+intro: 'You can use the tools in {% data variables.product.prodname_actions %} to debug your workflows.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+shortTitle: About troubleshooting
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+## Troubleshooting your workflows
+
+### Using workflow run logs
+
+Each workflow run generates activity logs that you can view, search, and download. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs)."
+
+### Enabling debug logging
+
+If the workflow logs do not provide enough detail to diagnose why a workflow, job, or step is not working as expected, you can enable additional debug logging. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."
+
+### Canceling a workflow
+
+If you attempt to cancel a workflow and the cancellation doesn't succeed, make sure you aren't using the `always` expression. The `always` expression causes a workflow step to run even when the workflow is canceled, which results in a hanging cancellation. For more information, see "[AUTOTITLE](/actions/learn-github-actions/expressions#always)".
+
+## Troubleshooting self-hosted runners
+
+If you use self-hosted runners, you can view their activity and diagnose common issues.
+
+For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners)."
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging.md b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/enabling-debug-logging.md
similarity index 97%
rename from content/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging.md
rename to content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/enabling-debug-logging.md
index f877c13f7a57..db0a4b0af71d 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/enabling-debug-logging.md
@@ -4,6 +4,7 @@ shortTitle: Enable debug logging
intro: 'If the workflow logs do not provide enough detail to diagnose why a workflow, job, or step is not working as expected, you can enable additional debug logging.'
redirect_from:
- /actions/managing-workflow-runs/enabling-debug-logging
+ - /actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/index.md b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/index.md
new file mode 100644
index 000000000000..749f5a8f7278
--- /dev/null
+++ b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/index.md
@@ -0,0 +1,13 @@
+---
+title: Troubleshooting workflows
+shortTitle: Troubleshoot
+intro: 'You can troubleshoot {% data variables.product.prodname_actions %} workflows by using tools like debug logging.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /about-troubleshooting-workflows
+ - /enabling-debug-logging
+ - /working-with-support-for-github-actions
+---
diff --git a/content/actions/monitoring-and-troubleshooting-workflows/working-with-support-for-github-actions.md b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md
similarity index 97%
rename from content/actions/monitoring-and-troubleshooting-workflows/working-with-support-for-github-actions.md
rename to content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md
index 989a3630c323..cf758961165d 100644
--- a/content/actions/monitoring-and-troubleshooting-workflows/working-with-support-for-github-actions.md
+++ b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md
@@ -9,7 +9,9 @@ type: reference
topics:
- Actions
- Support
-shortTitle: Working with {% data variables.contact.github_support %}
+shortTitle: 'Working with {% data variables.contact.github_support %}'
+redirect_from:
+ - /actions/monitoring-and-troubleshooting-workflows/working-with-support-for-github-actions
---
You can [contact {% data variables.contact.github_support %}](/support/contacting-github-support) for assistance with {% data variables.product.prodname_actions %}.
diff --git a/content/actions/security-for-github-actions/index.md b/content/actions/security-for-github-actions/index.md
new file mode 100644
index 000000000000..05ce0005e6b2
--- /dev/null
+++ b/content/actions/security-for-github-actions/index.md
@@ -0,0 +1,15 @@
+---
+title: Security for GitHub Actions
+shortTitle: Security
+intro: 'Use security best practices with {% data variables.product.prodname_actions %}, and use {% data variables.product.prodname_actions %} to improve the security of your software supply chain.'
+redirect_from:
+ - /actions/security-guides
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /security-guides
+ - /using-artifact-attestations
+ - /security-hardening-your-deployments
+---
\ No newline at end of file
diff --git a/content/actions/security-guides/automatic-token-authentication.md b/content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md
similarity index 97%
rename from content/actions/security-guides/automatic-token-authentication.md
rename to content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md
index 04f4ccbe1c0a..90c36f8b3532 100644
--- a/content/actions/security-guides/automatic-token-authentication.md
+++ b/content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md
@@ -6,6 +6,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token
- /actions/configuring-and-managing-workflows/authenticating-with-the-github_token
- /actions/reference/authentication-in-a-workflow
+ - /actions/security-guides/automatic-token-authentication
versions:
fpt: '*'
ghes: '*'
@@ -87,8 +88,11 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau
| {% endif %} |
| checks | read/write | none | read |
| contents | read/write | read | read |
-| deployments | read/write | none | read |{% ifversion fpt or ghec %}
-| id-token | none | none | read |{% endif %}
+| deployments | read/write | none | read |
+| discussions | read/write | none | read |
+| {% ifversion fpt or ghec %} |
+| id-token | none | none | none |
+| {% endif %} |
| issues | read/write | none | read |
| metadata | read | read | read |
| packages | read/write | {% ifversion actions-default-workflow-permissions-restrictive %}read{% else %}none{% endif %} | read |
diff --git a/content/actions/security-guides/index.md b/content/actions/security-for-github-actions/security-guides/index.md
similarity index 71%
rename from content/actions/security-guides/index.md
rename to content/actions/security-for-github-actions/security-guides/index.md
index c9c081ec2a76..4de1b09b3d40 100644
--- a/content/actions/security-guides/index.md
+++ b/content/actions/security-for-github-actions/security-guides/index.md
@@ -9,9 +9,7 @@ versions:
children:
- /security-hardening-for-github-actions
- /using-secrets-in-github-actions
- - /using-githubs-security-features-to-secure-your-use-of-github-actions
- /automatic-token-authentication
- - /using-artifact-attestations-to-establish-provenance-for-builds
- - /using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
+ - /using-githubs-security-features-to-secure-your-use-of-github-actions
---
diff --git a/content/actions/security-guides/security-hardening-for-github-actions.md b/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md
similarity index 96%
rename from content/actions/security-guides/security-hardening-for-github-actions.md
rename to content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md
index e186c0eb0932..9575ca06463c 100644
--- a/content/actions/security-guides/security-hardening-for-github-actions.md
+++ b/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md
@@ -5,6 +5,7 @@ intro: 'Good security practices for using {% data variables.product.prodname_act
redirect_from:
- /actions/getting-started-with-github-actions/security-hardening-for-github-actions
- /actions/learn-github-actions/security-hardening-for-github-actions
+ - /actions/security-guides/security-hardening-for-github-actions
versions:
fpt: '*'
ghes: '*'
@@ -43,7 +44,7 @@ To help prevent accidental disclosure, {% data variables.product.product_name %}
* Periodically review the registered secrets to confirm they are still required. Remove those that are no longer needed.
* Rotate secrets periodically to reduce the window of time during which a compromised secret is valid.
* **Consider requiring review for access to secrets**
- * You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)" and "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+ * You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)" and "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
{% warning %}
@@ -151,10 +152,10 @@ With this approach, the value of the {% raw %}`${{ github.event.issue.title }}`{
{% ifversion fpt or ghec %}
-### Using starter workflows for {% data variables.product.prodname_code_scanning %}
+### Using workflow templates for {% data variables.product.prodname_code_scanning %}
{% data reusables.advanced-security.starter-workflows-beta %}
-{% data variables.product.prodname_code_scanning_caps %} allows you to find security vulnerabilities before they reach production. {% data variables.product.product_name %} provides starter workflows for {% data variables.product.prodname_code_scanning %}. You can use these suggested workflows to construct your {% data variables.product.prodname_code_scanning %} workflows, instead of starting from scratch. {% data variables.product.company_short%}'s workflow, the {% data variables.code-scanning.codeql_workflow %}, is powered by {% data variables.product.prodname_codeql %}. There are also third-party starter workflows available.
+{% data variables.product.prodname_code_scanning_caps %} allows you to find security vulnerabilities before they reach production. {% data variables.product.product_name %} provides workflow templates for {% data variables.product.prodname_code_scanning %}. You can use these suggested workflows to construct your {% data variables.product.prodname_code_scanning %} workflows, instead of starting from scratch. {% data variables.product.company_short%}'s workflow, the {% data variables.code-scanning.codeql_workflow %}, is powered by {% data variables.product.prodname_codeql %}. There are also third-party workflow templates available.
For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-code-scanning-using-third-party-actions)."
@@ -228,7 +229,7 @@ For more information on how to configure this setting, see {% ifversion ghes or
## Using OpenSSF Scorecards to secure workflows
-[Scorecards](https://github.com/ossf/scorecard) is an automated security tool that flags risky supply chain practices. You can use the [Scorecards action](https://github.com/marketplace/actions/ossf-scorecard-action) and [starter workflow](https://github.com/actions/starter-workflows) to follow best security practices. Once configured, the Scorecards action runs automatically on repository changes, and alerts developers about risky supply chain practices using the built-in {% data variables.product.prodname_code_scanning %} experience. The Scorecards project runs a number of checks, including script injection attacks, token permissions, and pinned actions.
+[Scorecards](https://github.com/ossf/scorecard) is an automated security tool that flags risky supply chain practices. You can use the [Scorecards action](https://github.com/marketplace/actions/ossf-scorecard-action) and [workflow template](https://github.com/actions/starter-workflows) to follow best security practices. Once configured, the Scorecards action runs automatically on repository changes, and alerts developers about risky supply chain practices using the built-in {% data variables.product.prodname_code_scanning %} experience. The Scorecards project runs a number of checks, including script injection attacks, token permissions, and pinned actions.
## Potential impact of a compromised runner
diff --git a/content/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md b/content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md
similarity index 96%
rename from content/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md
rename to content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md
index 31ed44cb14da..ef600c9e54db 100644
--- a/content/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md
+++ b/content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md
@@ -6,6 +6,8 @@ versions:
ghes: '*'
ghec: '*'
shortTitle: GitHub security features
+redirect_from:
+ - /actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions
---
## About {% data variables.product.prodname_dotcom %}'s security features
@@ -61,6 +63,10 @@ For more information about dependency review, see "[AUTOTITLE](/code-security/su
{% data reusables.dependency-review.about-dependency-review-action %}
+
+
+{% data reusables.dependency-review.about-dependency-review-action2 %}
+
## Keeping the actions in your workflows secure and up to date
{% data reusables.actions.dependabot-version-updates-for-actions %}
diff --git a/content/actions/security-guides/using-secrets-in-github-actions.md b/content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md
similarity index 90%
rename from content/actions/security-guides/using-secrets-in-github-actions.md
rename to content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md
index 65b050ca6867..e88605519e51 100644
--- a/content/actions/security-guides/using-secrets-in-github-actions.md
+++ b/content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md
@@ -10,6 +10,7 @@ redirect_from:
- /actions/reference/encrypted-secrets
- /actions/managing-workflows/storing-secrets
- /actions/security-guides/encrypted-secrets
+ - /actions/security-guides/using-secrets-in-github-actions
versions:
fpt: '*'
ghes: '*'
@@ -195,7 +196,7 @@ gh secret set --org ORG_NAME SECRET_NAME --visibility all
To specify that the secret should be available to selected repositories within the organization, use the `--repos` or `-r` flag.
```shell
-gh secret set --org ORG_NAME SECRET_NAME --repos REPO-NAME-1, REPO-NAME-2"
+gh secret set --org ORG_NAME SECRET_NAME --repos REPO-NAME-1, REPO-NAME-2
```
To list all secrets for an organization, use the `gh secret list` subcommand with the `--org` or `-o` flag followed by the organization name.
@@ -447,4 +448,27 @@ You can use Base64 encoding to store small binary blobs as secrets. You can then
## Redacting secrets from workflow run logs
-While {% data variables.product.prodname_dotcom %} automatically redacts secrets printed to workflow logs, runners can only delete secrets they have access to. This means a secret will only be redacted if it was used within a job. As a security measure, you can delete workflow run logs to prevent sensitive values being leaked. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs#deleting-logs)."
+{% data variables.product.prodname_actions %} automatically redacts the contents of all {% data variables.product.prodname_dotcom %} secrets that are printed to workflow logs.
+
+{% data variables.product.prodname_actions %} also redacts information that is recognized as sensitive, but is not stored as a secret. Currently {% data variables.product.prodname_dotcom %} supports the following:
+
+* 32-byte and 64-byte Azure keys
+* Azure AD client app passwords
+* Azure Cache keys
+* Azure Container Registry keys
+* Azure Function host keys
+* Azure Search keys
+* Database connection strings
+* HTTP Bearer token headers
+* JWTs
+* NPM author tokens
+* NuGet API keys
+* v1 GitHub installation tokens
+* v2 GitHub installation tokens (`ghp`, `gho`, `ghu`, `ghs`, `ghr`)
+* v2 GitHub PATs
+
+> [!NOTE] If you would like other types of sensitive information to be automatically redacted, please reach out to us in our [community discussions](https://github.com/orgs/community/discussions?discussions_q=is%3Aopen+label%3AActions).
+
+As a habit of best practice, you should mask all sensitive information that is not a {% data variables.product.prodname_dotcom %} secret by using `::add-mask::VALUE`. This causes the value to be treated as a secret and redacted from logs. For more information about masking data, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#masking-a-value-in-a-log)."
+
+Redacting of secrets is performed by your workflow runners. This means a secret will only be redacted if it was used within a job and is accessible by the runner. If an unredacted secret is sent to a workflow run log, you should delete the log and rotate the secret. For information on deleting logs, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs#deleting-logs)."
diff --git a/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
similarity index 91%
rename from content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
index 0fbe6f50db87..07e11574f9ba 100644
--- a/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
@@ -9,6 +9,8 @@ versions:
type: tutorial
topics:
- Security
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -132,7 +134,7 @@ The token also includes custom claims provided by {% data variables.product.prod
| {% ifversion actions-OIDC-enterprise_id-claim %} |
| `enterprise_id`| The ID of the enterprise that contains the repository from where the workflow is running. |
| {% endif %} |
-| `environment`| The name of the environment used by the job. To include the `environment` claim you must reference an environment. |
+| `environment`| The name of the environment used by the job. If the `environment` claim is included (also via `include_claim_keys`), an environment is required and must be provided. |
| `event_name`| The name of the event that triggered the workflow run. |
| `head_ref`| The source branch of the pull request in a workflow run. |
| `job_workflow_ref`| For jobs using a reusable workflow, the ref path to the reusable workflow. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows)." |
@@ -178,9 +180,9 @@ The following examples demonstrate how to use "Subject" as a condition, and expl
The subject claim includes the environment name when the job references an environment.
-You can configure a subject that filters for a specific [environment](/actions/deployment/targeting-different-environments/using-environments-for-deployment) name. In this example, the workflow run must have originated from a job that has an environment named `Production`, in a repository named `octo-repo` that is owned by the `octo-org` organization:
+You can configure a subject that filters for a specific [environment](/actions/deployment/targeting-different-environments/managing-environments-for-deployment) name. In this example, the workflow run must have originated from a job that has an environment named `Production`, in a repository named `octo-repo` that is owned by the `octo-org` organization:
-* Syntax: `repo::environment:`
+* Syntax: `repo:ORG-NAME/REPO-NAME:environment:ENVIRONMENT-NAME`
* Example: `repo:octo-org/octo-repo:environment:Production`
#### Filtering for `pull_request` events
@@ -189,7 +191,7 @@ The subject claim includes the `pull_request` string when the workflow is trigge
You can configure a subject that filters for the [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request) event. In this example, the workflow run must have been triggered by a `pull_request` event in a repository named `octo-repo` that is owned by the `octo-org` organization:
-* Syntax: `repo::pull_request`
+* Syntax: `repo:ORG-NAME/REPO-NAME:pull_request`
* Example: `repo:octo-org/octo-repo:pull_request`
#### Filtering for a specific branch
@@ -198,7 +200,7 @@ The subject claim includes the branch name of the workflow, but only if the job
You can configure a subject that filters for a specific branch name. In this example, the workflow run must have originated from a branch named `demo-branch`, in a repository named `octo-repo` that is owned by the `octo-org` organization:
-* Syntax: `repo::ref:refs/heads/branchName`
+* Syntax: `repo:ORG-NAME/REPO-NAME:ref:refs/heads/BRANCH-NAME`
* Example: `repo:octo-org/octo-repo:ref:refs/heads/demo-branch`
#### Filtering for a specific tag
@@ -207,7 +209,7 @@ The subject claim includes the tag name of the workflow, but only if the job doe
You can create a subject that filters for specific tag. In this example, the workflow run must have originated with a tag named `demo-tag`, in a repository named `octo-repo` that is owned by the `octo-org` organization:
-* Syntax: `repo::ref:refs/tags/`
+* Syntax: `repo:ORG-NAME/REPO-NAME:ref:refs/tags/TAG-NAME`
* Example: `repo:octo-org/octo-repo:ref:refs/tags/demo-tag`
### Configuring the subject in your cloud provider
@@ -248,9 +250,9 @@ curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOK
You can security harden your OIDC configuration by customizing the claims that are included with the JWT. These customizations allow you to define more granular trust conditions on your cloud roles when allowing your workflows to access resources hosted in the cloud:
-* You can customize values for {% ifversion ghec %}`issuer` or {% endif %}`audience` claims. For more information, see {% ifversion ghec %}"[Customizing the `issuer` value for an enterprise](#customizing-the-issuer-value-for-an-enterprise)" and {% endif %}"[Customizing the `audience` value](#customizing-the-audience-value)."
+* You can customize values for {% ifversion ghec %}`issuer` or {% endif %}`audience` claims. See {% ifversion ghec %}"[Customizing the `issuer` value for an enterprise](#customizing-the-issuer-value-for-an-enterprise)" and {% endif %}"[Customizing the `audience` value](#customizing-the-audience-value)."
* You can customize the format of your OIDC configuration by setting conditions on the subject (`sub`) claim that require JWT tokens to originate from a specific repository, reusable workflow, or other source.
-* You can define granular OIDC policies by using additional OIDC token claims, such as `repository_id` and `repository_visibility`. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token)".
+* You can define granular OIDC policies by using additional OIDC token claims, such as `repository_id` and `repository_visibility`. See "[Understanding the OIDC token](#understanding-the-oidc-token)."
### Customizing the `audience` value
@@ -294,7 +296,7 @@ To help improve security, compliance, and standardization, you can customize the
{% note %}
-**Note**: When the organization template is applied, it will not affect any workflows in existing repositories that already use OIDC. For existing repositories, as well as any new repositories that are created after the template has been applied, the repository owner will need to use the REST API to opt in to receive this configuration. Alternatively, the repository owner could use the REST API to apply a different configuration specific to the repository. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)."
+**Note**: When the organization template is applied, it will not affect any workflows already using OIDC unless their repository has opted in to custom organization templates. For all repositories, existing and new, the repository owner will need to use the repository-level REST API to opt in to receive this configuration by setting `use_default` to `false`. Alternatively, the repository owner could use the REST API to apply a different configuration specific to the repository. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)."
{% endnote %}
@@ -302,7 +304,7 @@ Customizing the claims results in a new format for the entire `sub` claim, which
{% note %}
-**Note**: The `sub` claim uses the shortened form `repo` (for example, `repo:`) instead of `repository` to reference the repository.
+**Note**: The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository.
{% endnote %}
@@ -366,7 +368,7 @@ The following example template combines the requirement of a specific reusable w
{% data reusables.actions.use-request-body-api %}
-This example also demonstrates how to use `"context"` to define your conditions. This is the part that follows the repository in the [default `sub` format](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims). For example, when the job references an environment, the context contains: `environment:`.
+This example also demonstrates how to use `"context"` to define your conditions. This is the part that follows the repository in the [default `sub` format](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims). For example, when the job references an environment, the context contains: `environment:ENVIRONMENT-NAME`.
```json
{
@@ -380,7 +382,7 @@ This example also demonstrates how to use `"context"` to define your conditions.
In your cloud provider's OIDC configuration, configure the `sub` condition to require that claims must include specific values for `repo`, `context`, and `job_workflow_ref`.
-This customization template requires that the `sub` uses the following format: `repo::environment::job_workflow_ref:`.
+This customization template requires that the `sub` uses the following format: `repo:ORG-NAME/REPO-NAME:environment:ENVIRONMENT-NAME:job_workflow_ref:REUSABLE-WORKFLOW-PATH`.
For example: `"sub": "repo:octo-org/octo-repo:environment:prod:job_workflow_ref:octo-org/octo-automation/.github/workflows/oidc.yml@refs/heads/main"`
#### Example: Granting access to a specific repository
@@ -427,7 +429,7 @@ or:
In your cloud provider's OIDC configuration, configure the `sub` condition to require a `repository_owner_id` claim that matches the required value.
-#### Resetting your customizations
+#### Resetting organization template customizations
This example template resets the subject claims to the default format. This template effectively opts out of any organization-level customization policy.
@@ -444,11 +446,13 @@ This example template resets the subject claims to the default format. This temp
In your cloud provider's OIDC configuration, configure the `sub` condition to require that claims must include specific values for `repo` and `context`.
-#### Using the default subject claims
+#### Resetting repository template customizations
-Default subject claims can be created at the organization level. All repositories in an organization have the ability to opt in or opt out of using their organization's default `sub` claim.
+All repositories in an organization have the ability to opt in or opt out of (organization and repository-level) customized `sub` claim templates.
-To create a default `sub` claim at the organization level, an organization administrator must use the REST API endpoint at "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-an-organization)." Once an organization has created a default claim, the REST API can be used to programmatically apply the default claim to repositories within the organization. To configure repositories to use the default `sub` claim format, use the `PUT /repos/{owner}/{repo}/actions/oidc/customization/sub` REST API endpoint at with the following request body. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)."
+To opt out a repository and reset back to the default `sub` claim format, a repository administrator must use the REST API endpoint at "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)."
+
+To configure repositories to use the default `sub` claim format, use the `PUT /repos/{owner}/{repo}/actions/oidc/customization/sub` REST API endpoint at with the following request body.
```json
{
@@ -458,7 +462,7 @@ To create a default `sub` claim at the organization level, an organization admin
#### Example: Configuring a repository to use an organization template
-A repository administrator can configure their repository to use the template created by the administrator of their organisation.
+Once an organization has created a customized `sub` claim template, the REST API can be used to programmatically apply the template to repositories within the organization. A repository administrator can configure their repository to use the template created by the administrator of their organization.
To configure the repository to use the organization's template, a repository admin must use the `PUT /repos/{owner}/{repo}/actions/oidc/customization/sub` REST API endpoint at with the following request body. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)."
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
similarity index 89%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
index 61af9c575a6d..23d6756363de 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
@@ -9,6 +9,8 @@ versions:
type: tutorial
topics:
- Security
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -70,7 +72,7 @@ Edit the trust policy, adding the `sub` field to the validation conditions. For
}
```
-If you use a workflow with an environment, the `sub` field must reference the environment name: `repo:OWNER/REPOSITORY:environment:NAME`. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token)."
+If you use a workflow with an environment, the `sub` field must reference the environment name: `repo:ORG-NAME/REPO-NAME:environment:ENVIRONMENT-NAME`. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token)."
{% data reusables.actions.oidc-deployment-protection-rules %}
@@ -116,15 +118,15 @@ To update your workflows for OIDC, you will need to make two changes to your YAM
### Adding permissions settings
- {% data reusables.actions.oidc-permissions-token %}
+{% data reusables.actions.oidc-permissions-token %}
### Requesting the access token
The `aws-actions/configure-aws-credentials` action receives a JWT from the {% data variables.product.prodname_dotcom %} OIDC provider, and then requests an access token from AWS. For more information, see the AWS [documentation](https://github.com/aws-actions/configure-aws-credentials).
-* ``: Add the name of your S3 bucket here.
-* ``: Replace the example with your AWS role.
-* ``: Add the name of your AWS region here.
+* `BUCKET-NAME`: Add the name of your S3 bucket here.
+* `AWS-REGION`: Add the name of your AWS region here.
+* `ROLE-TO-ASSUME`: Replace this with your AWS role. For example, `arn:aws:iam::1234567890:role/example-role`
```yaml copy
# Sample workflow to access AWS resources when workflow is tied to branch
@@ -133,8 +135,8 @@ name: AWS example workflow
on:
push
env:
- BUCKET_NAME : ""
- AWS_REGION : ""
+ BUCKET_NAME : "BUCKET-NAME"
+ AWS_REGION : "AWS-REGION"
# permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
@@ -148,7 +150,7 @@ jobs:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
- role-to-assume: arn:aws:iam::1234567890:role/example-role
+ role-to-assume: ROLE-TO-ASSUME
role-session-name: samplerolesession
aws-region: {% raw %}${{ env.AWS_REGION }}{% endraw %}
# Upload a file to AWS s3
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
similarity index 96%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
index 99dd138a4075..d4ac949dc792 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
@@ -9,6 +9,8 @@ versions:
type: tutorial
topics:
- Security
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -64,7 +66,7 @@ To update your workflows for OIDC, you will need to make two changes to your YAM
### Adding permissions settings
- {% data reusables.actions.oidc-permissions-token %}
+{% data reusables.actions.oidc-permissions-token %}
### Requesting the access token
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md
similarity index 96%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md
index b69039845d95..cd2c49289528 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md
@@ -9,6 +9,8 @@ versions:
type: tutorial
topics:
- Security
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -37,7 +39,7 @@ If your cloud provider doesn't yet offer an official action, you can update your
### Adding permissions settings
- {% data reusables.actions.oidc-permissions-token %}
+{% data reusables.actions.oidc-permissions-token %}
### Using official actions
@@ -49,7 +51,7 @@ For example, Alibaba Cloud created [`aliyun/configure-aliyun-credentials-action`
If your cloud provider doesn't have an official action, or if you prefer to create custom scripts, you can manually request the JSON Web Token (JWT) from {% data variables.product.prodname_dotcom %}'s OIDC provider.
-If you're not using an official action, then {% data variables.product.prodname_dotcom %} recommends that you use the Actions core toolkit. Alternatively, you can use the following environment variables to retrieve the token: `ACTIONS_RUNTIME_TOKEN`, `ACTIONS_ID_TOKEN_REQUEST_URL`.
+If you're not using an official action, then {% data variables.product.prodname_dotcom %} recommends that you use the Actions core toolkit. Alternatively, you can use the following environment variables to retrieve the token: `ACTIONS_ID_TOKEN_REQUEST_TOKEN`, `ACTIONS_ID_TOKEN_REQUEST_URL`.
To update your workflows using this approach, you will need to make three changes to your YAML:
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md
similarity index 87%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md
index ae4451e4769e..1e51b56164b6 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md
@@ -9,6 +9,8 @@ versions:
type: tutorial
topics:
- Security
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -49,7 +51,7 @@ To update your workflows for OIDC, you will need to make two changes to your YAM
### Adding permissions settings
- {% data reusables.actions.oidc-permissions-token %}
+{% data reusables.actions.oidc-permissions-token %}
### Requesting the access token
@@ -57,9 +59,8 @@ The `google-github-actions/auth` action receives a JWT from the {% data variable
This example has a job called `Get_OIDC_ID_token` that uses actions to request a list of services from GCP.
-* ``: Replace this with the path to your identity provider in GCP. For example, `projects//locations/global/workloadIdentityPools/`
-* ``: Replace this with the name of your service account in GCP.
-* ``: Replace this with the ID of your GCP project.
+* `WORKLOAD-IDENTITY-PROVIDER`: Replace this with the path to your identity provider in GCP. For example, `projects/example-project-id/locations/global/workloadIdentityPools/name-of-pool/providers/name-of-provider`
+* `SERVICE-ACCOUNT`: Replace this with the name of your service account in GCP.
This action exchanges a {% data variables.product.prodname_dotcom %} OIDC token for a Google Cloud access token, using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation).
@@ -84,8 +85,8 @@ jobs:
uses: 'google-github-actions/auth@v0.3.1'
with:
create_credentials_file: 'true'
- workload_identity_provider: ''
- service_account: ''
+ workload_identity_provider: 'WORKLOAD-IDENTITY-PROVIDER'
+ service_account: 'SERVICE-ACCOUNT'
- id: 'gcloud'
name: 'gcloud'
run: |-
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md
similarity index 89%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md
index faf32f2fb160..8fd65d5e51d6 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md
@@ -9,6 +9,8 @@ versions:
type: tutorial
topics:
- Security
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -122,10 +124,10 @@ The `hashicorp/vault-action` action receives a JWT from the {% data variables.pr
This example demonstrates how to create a job that requests a secret from HashiCorp Vault.
-* ``: Replace this with the URL of your HashiCorp Vault.
-* ``: Replace this with the Namespace you've set in HashiCorp Vault. For example: `admin`.
-* ``: Replace this with the role you've set in the HashiCorp Vault trust relationship.
-* ``: Replace this with the path to the secret you're retrieving from HashiCorp Vault. For example: `secret/data/production/ci npmToken`.
+* `VAULT-URL`: Replace this with the URL of your HashiCorp Vault.
+* `VAULT-NAMESPACE`: Replace this with the Namespace you've set in HashiCorp Vault. For example: `admin`.
+* `ROLE-NAME`: Replace this with the role you've set in the HashiCorp Vault trust relationship.
+* `SECRET-PATH`: Replace this with the path to the secret you're retrieving from HashiCorp Vault. For example: `secret/data/production/ci npmToken`.
```yaml copy
jobs:
@@ -139,10 +141,10 @@ jobs:
uses: hashicorp/vault-action@v2.4.0
with:
method: jwt
- url:
- namespace:
- role:
- secrets:
+ url: VAULT-URL
+ namespace: VAULT-NAMESPACE # HCP Vault and Vault Enterprise only
+ role: ROLE-NAME
+ secrets: SECRET-PATH
- name: Use secret from Vault
run: |
@@ -154,7 +156,7 @@ jobs:
**Note**:
* If your Vault server is not accessible from the public network, consider using a self-hosted runner with other available Vault [auth methods](https://www.vaultproject.io/docs/auth). For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)."
-* `` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces).
+* `VAULT-NAMESPACE` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces).
{% endnote %}
@@ -178,9 +180,9 @@ jobs:
with:
exportToken: true
method: jwt
- url:
- role:
- secrets:
+ url: VAULT-URL
+ role: ROLE-NAME
+ secrets: SECRET-PATH
- name: Use secret from Vault
run: |
@@ -191,7 +193,7 @@ jobs:
if: always()
run: |
curl -X POST -sv -H "X-Vault-Token: {% raw %}${{ env.VAULT_TOKEN }}{% endraw %}" \
- /v1/auth/token/revoke-self
+ VAULT-URL/v1/auth/token/revoke-self
```
## Further reading
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
similarity index 97%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
index 105c0bd3b166..8504d41b99b3 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- Security
- Actions
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-jfrog
---
## Overview
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md
similarity index 96%
rename from content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md
index 45e75dc1e1a7..f49dd6f8ce3d 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- Security
- Actions
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
---
## Overview
@@ -68,6 +70,7 @@ jobs:
- name: build release distributions
run: |
# NOTE: put your own distribution build steps here.
+ python -m pip install build
python -m build
- name: upload windows dists
diff --git a/content/actions/deployment/security-hardening-your-deployments/index.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/index.md
similarity index 89%
rename from content/actions/deployment/security-hardening-your-deployments/index.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/index.md
index dd131d0b3217..6424dc340273 100644
--- a/content/actions/deployment/security-hardening-your-deployments/index.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/index.md
@@ -2,6 +2,8 @@
title: Security hardening your deployments
shortTitle: Security harden deployments
intro: Use OpenID Connect within your workflows to authenticate with your cloud provider.
+redirect_from:
+ - /actions/deployment/security-hardening-your-deployments
versions:
fpt: '*'
ghec: '*'
@@ -12,8 +14,9 @@ children:
- /configuring-openid-connect-in-azure
- /configuring-openid-connect-in-google-cloud-platform
- /configuring-openid-connect-in-hashicorp-vault
- - /configuring-openid-connect-in-cloud-providers
- - /configuring-openid-connect-in-pypi
- /configuring-openid-connect-in-jfrog
+ - /configuring-openid-connect-in-pypi
+ - /configuring-openid-connect-in-cloud-providers
- /using-openid-connect-with-reusable-workflows
---
+
diff --git a/content/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md
similarity index 98%
rename from content/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md
rename to content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md
index a39e582e887f..3ba6e40d69c6 100644
--- a/content/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md
@@ -4,6 +4,7 @@ shortTitle: OpenID Connect with reusable workflows
intro: You can use reusable workflows with OIDC to standardize and security harden your deployment steps.
redirect_from:
- /actions/deployment/security-hardening-your-deployments/using-oidc-with-your-reusable-workflows
+ - /actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows
versions:
fpt: '*'
ghec: '*'
diff --git a/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md b/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md
new file mode 100644
index 000000000000..8730ebe1fca2
--- /dev/null
+++ b/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md
@@ -0,0 +1,127 @@
+---
+title: Enforcing artifact attestations with a Kubernetes admission controller
+intro: Use an admission controller to enforce artifact attestations in your Kubernetes cluster.
+versions:
+ fpt: '*'
+ ghec: '*'
+shortTitle: Artifact attestations Kubernetes admission controller
+redirect_from:
+ - /actions/security-guides/enforcing-artifact-attestations-with-a-kubernetes-admission-controller
+---
+
+## About Kubernetes admission controller
+
+[Artifact attestations](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) enable you to create unfalsifiable provenance and integrity guarantees for the software you build. In turn, people who consume your software can verify where and how your software was built.
+
+Kubernetes admission controllers are plugins that govern the behavior of the Kubernetes API server. They are commonly used to enforce security policies and best practices in a Kubernetes cluster.
+
+Using the open source [Sigstore Policy Controller](https://docs.sigstore.dev/policy-controller/overview/) project you can add an admission controller to your Kubernetes cluster that can enforce artifact attestations. This way, you can ensure that only artifacts with valid attestations can be deployed.
+
+To [install the controller](#getting-started-with-kubernetes-admission-controller), we offer [two Helm charts](https://github.com/github/artifact-attestations-helm-charts): one for deploying the Sigstore Policy Controller, and another for loading the GitHub trust root and a default policy.
+
+### About trust roots and policies
+
+The Sigstore Policy Controller is primarily configured with trust roots and policies, represented by the Custom Resources `TrustRoot` and `ClusterImagePolicy`. A `TrustRoot` represents a trusted distribution channel for the public key material used to verify attestations. A `ClusterImagePolicy` represents a policy for enforcing attestations on images.
+
+A `TrustRoot` may also contain a [TUF](https://theupdateframework.io/) repository root, making it possible for your cluster to continuously and securely receive updates to its trusted public key material. If left unspecified, a `ClusterImagePolicy` will by default use the open source Sigstore Public Good Instance's key material. When verifying attestations generated for private repositories, the `ClusterImagePolicy` must reference the GitHub `TrustRoot`.
+
+## Getting started with Kubernetes admission controller
+
+To set up an admission controller for enforcing GitHub artifact attestations, you need to:
+
+1. [Deploy the Sigstore Policy Controller](#deploy-the-sigstore-policy-controller).
+1. [Add the GitHub `TrustRoot` and a `ClusterImagePolicy` to your cluster](#add-the-github-trustroot-and-a-clusterimagepolicy).
+1. [Enable the policy in your namespace](#enable-the-policy-in-your-namespace).
+
+### Deploy the Sigstore Policy Controller
+
+We have packaged the Sigstore Policy Controller as a [GitHub distributed Helm chart](https://github.com/github/artifact-attestations-helm-charts). Before you begin, ensure you have the following prerequisites:
+
+* A Kubernetes cluster with version 1.27 or later
+* [Helm](https://helm.sh/docs/intro/install/) 3.0 or later
+* [kubectl](https://kubernetes.io/docs/tasks/tools/)
+
+First, install the Helm chart that deploys the Sigstore Policy Controller:
+
+```bash copy
+helm upgrade policy-controller --install --atomic \
+ --create-namespace --namespace artifact-attestations \
+ oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller \
+ --version v0.10.0-github5
+```
+
+This installs the Policy Controller into the `artifact-attestations` namespace. At this point, no policies have been configured, and it will not enforce any attestations.
+
+### Add the GitHub `TrustRoot` and a `ClusterImagePolicy`
+
+Once the policy controller has been deployed, you need to add the GitHub `TrustRoot` and a `ClusterImagePolicy` to your cluster. Use the Helm chart we provide to do this. Make sure to replace `MY-ORGANIZATION` with your GitHub organization's name (e.g., `github` or `octocat-inc`).
+
+```bash copy
+helm upgrade trust-policies --install --atomic \
+ --namespace artifact-attestations \
+ oci://ghcr.io/github/artifact-attestations-helm-charts/trust-policies \
+ --version v0.5.0 \
+ --set policy.enabled=true \
+ --set policy.organization=MY-ORGANIZATION
+```
+
+You've now installed the GitHub trust root, and an artifact attestation policy into your cluster. This policy will reject artifacts that have not originated from within your GitHub organization.
+
+### Enable the policy in your namespace
+
+> [!WARNING]
+> This policy will not be enforced until you specify which namespaces it should apply to.
+
+Each namespace in your cluster can independently enforce policies. To enable enforcement in a namespace, you can add the following label to the namespace:
+
+```yaml
+metadata:
+ labels:
+ policy.sigstore.dev/include: "true"
+```
+
+After the label is added, the GitHub artifact attestation policy will be enforced in the namespace.
+
+Alternatively, you may run:
+
+```bash copy
+kubectl label namespace MY-NAMESPACE policy.sigstore.dev/include=true
+```
+
+### Matching images
+
+By default, the policy installed with the `trust-policies` Helm chart will verify attestations for all images before admitting them into the cluster. If you only intend to enforce attestations for a subset of images, you can use the Helm values `policy.images` and `policy.exemptImages` to specify a list of images to match against. These values can be set to a list of glob patterns that match the image names. The globbing syntax uses Go [filepath](https://pkg.go.dev/path/filepath#Match) semantics, with the addition of `**` to match any character sequence, including slashes.
+
+For example, to enforce attestations for images that match the pattern `ghcr.io/MY-ORGANIZATION/*` and admit `busybox` without a valid attestation, you can run:
+
+```bash copy
+helm upgrade trust-policies --install --atomic \
+ --namespace artifact-attestations \
+ oci://ghcr.io/github/artifact-attestations-helm-charts/trust-policies \
+ --version v0.5.0 \
+ --set policy.enabled=true \
+ --set policy.organization=MY-ORGANIZATION \
+ --set-json 'policy.exemptImages=["index.docker.io/library/busybox**"]' \
+ --set-json 'policy.images=["ghcr.io/MY-ORGANIZATION/**"]'
+ ```
+
+Note that to match `busybox`, we need to provide the fully-qualified image name with double-star glob: `index.docker.io/library/busybox**`.
+
+Also note that any image you intend to admit _must_ have a matching glob pattern in the `policy.images` list. If an image does not match any pattern, it will be rejected.
+
+### Advanced usage
+
+To see the full set of options you may configure with the Helm chart, you can run either of the following commands.
+For policy controller options:
+
+```bash copy
+helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.10.0-github5
+```
+
+For trust policy options:
+
+```bash copy
+helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/trust-policies --version v0.5.0
+```
+
+For more information on the Sigstore Policy Controller, see the [Sigstore Policy Controller documentation](https://docs.sigstore.dev/policy-controller/overview/).
diff --git a/content/actions/security-for-github-actions/using-artifact-attestations/index.md b/content/actions/security-for-github-actions/using-artifact-attestations/index.md
new file mode 100644
index 000000000000..ab7abbfe17a4
--- /dev/null
+++ b/content/actions/security-for-github-actions/using-artifact-attestations/index.md
@@ -0,0 +1,15 @@
+---
+title: Using artifact attestations
+shortTitle: Artifact attestations
+intro: Use artifact attestations to establish build provenance for the software you produce and to verify the software you consume.
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /using-artifact-attestations-to-establish-provenance-for-builds
+ - /using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
+ - /enforcing-artifact-attestations-with-a-kubernetes-admission-controller
+ - /verifying-attestations-offline
+---
+
diff --git a/content/actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md
similarity index 92%
rename from content/actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md
rename to content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md
index 92d9e848a032..d6bba21c19da 100644
--- a/content/actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md
+++ b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md
@@ -1,9 +1,7 @@
---
-title: >-
- Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
+title: Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
shortTitle: Attest with reusable workflows
-intro: >-
- Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.
+intro: Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.
type: quick_start
topics:
- Actions
@@ -12,10 +10,10 @@ topics:
versions:
fpt: '*'
ghec: '*'
+redirect_from:
+ - /actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
---
-{% data reusables.actions.artifact-attestations-public-beta-note %}
-
## Introduction
Artifact attestations are a great way to create unfalsifiable provenance and integrity guarantees for the software you build.
diff --git a/content/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds.md b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md
similarity index 95%
rename from content/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds.md
rename to content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md
index 8f79d422c3bc..2c998f276042 100644
--- a/content/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds.md
+++ b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md
@@ -1,14 +1,14 @@
---
title: Using artifact attestations to establish provenance for builds
-intro: 'Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.'
+intro: Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.
versions:
fpt: '*'
ghec: '*'
shortTitle: Artifact attestations
+redirect_from:
+ - /actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
---
-{% data reusables.actions.artifact-attestations-public-beta-note %}
-
## About artifact attestations
{% data reusables.actions.about-artifact-attestations %}
@@ -190,4 +190,6 @@ docker login ghcr.io
gh attestation verify oci://ghcr.io/ORGANIZATION_NAME/IMAGE_NAME:test -R ORGANIZATION_NAME/REPOSITORY_NAME
```
+>[!NOTE]These commands assume you are in an online environment. If you are in an offline or air-gapped environment, see "[AUTOTITLE](/actions/security-guides/verifying-attestations-offline)."
+
For more information, see the [`attestation`](https://cli.github.com/manual/gh_attestation) section of the {% data variables.product.prodname_cli %} manual.
diff --git a/content/actions/security-for-github-actions/using-artifact-attestations/verifying-attestations-offline.md b/content/actions/security-for-github-actions/using-artifact-attestations/verifying-attestations-offline.md
new file mode 100644
index 000000000000..907c3bed5007
--- /dev/null
+++ b/content/actions/security-for-github-actions/using-artifact-attestations/verifying-attestations-offline.md
@@ -0,0 +1,80 @@
+---
+title: Verifying attestations offline
+shortTitle: Verifying attestations offline
+intro: Artifact attestations can be verified without an internet connection.
+type: quick_start
+topics:
+ - Actions
+ - Security
+ - Workflows
+versions:
+ fpt: '*'
+ ghec: '*'
+redirect_from:
+ - /actions/security-guides/verifying-attestations-offline
+---
+
+## Introduction
+
+Artifact attestations are a great way to create unfalsifiable provenance and integrity guarantees for the software you build.
+
+By default, attestations are stored in GitHub's attestation API, which `gh attestation verify` will query when you go to verify your attestation. That command will also contact GitHub's servers to check for updated key material to use to verify the attestation.
+
+This command can work without internet connectivity, but you need to supply the attestation bundle and the key material in the trusted root manually.
+
+Before starting this guide, you should be building with generating artifact attestations. See "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
+
+## Step 1: Download attestation bundle
+
+First, get the attestation bundle from the attestation API.
+
+You can do so with the following command from a machine that is online:
+
+```bash copy
+gh attestation download PATH/TO/YOUR/BUILD/ARTIFACT-BINARY -R ORGANIZATION_NAME/REPOSITORY_NAME
+```
+
+Here is example output from that command:
+
+```bash
+Wrote attestations to file sha256:ae57936def59bc4c75edd3a837d89bcefc6d3a5e31d55a6fa7a71624f92c3c3b.jsonl.
+Any previous content has been overwritten
+
+The trusted metadata is now available at sha256:ae57936def59bc4c75edd3a837d89bcefc6d3a5e31d55a6fa7a71624f92c3c3b.jsonl
+```
+
+## Step 2: Download trusted roots
+
+Next, get the key material from the trusted roots.
+
+Artifact attestations uses the Sigstore public good instance for public repositories, and GitHub's Sigstore instance for private repositories. You can use one command to get both trusted roots:
+
+```bash copy
+gh attestation trusted-root > trusted_root.jsonl
+```
+
+### Updating trusted root information in an offline environment
+
+It's best practice to generate a new `trusted_root.jsonl` file any time you are importing new signed material into your offline environment.
+
+The key material in `trusted_root.jsonl` does not have a built-in expiration date, so anything signed before you generate the trusted root file will continue to successfully verify. Anything signed after the file is generated will verify until that Sigstore instance rotates its key material, which typically happens a few times per year. You will not know if key material has been revoked since you last generated the trusted root file.
+
+## Step 3: Perform offline verification
+
+Now, you are ready to verify the artifact offline.
+
+You should import into your offline environment:
+* {% data variables.product.prodname_cli %}
+* Your artifact
+* The bundle file
+* The trusted root file
+
+You can then perform offline verification with the following command:
+
+```bash copy
+gh attestation verify PATH/TO/YOUR/BUILD/ARTIFACT-BINARY -R ORGANIZATION_NAME/REPOSITORY_NAME --bundle sha256:ae57936def59bc4c75edd3a837d89bcefc6d3a5e31d55a6fa7a71624f92c3c3b.jsonl --custom-trusted-root trusted_root.jsonl
+```
+
+## Conclusion
+
+You are now verifying artifact attestations in an offline environment. We recommend importing a new trusted root whenever you are introducing new signed artifacts to your offline environment.
diff --git a/content/actions/using-workflows/avoiding-duplication.md b/content/actions/sharing-automations/avoiding-duplication.md
similarity index 97%
rename from content/actions/using-workflows/avoiding-duplication.md
rename to content/actions/sharing-automations/avoiding-duplication.md
index 2080a7dfedf6..b07b6addecc9 100644
--- a/content/actions/using-workflows/avoiding-duplication.md
+++ b/content/actions/sharing-automations/avoiding-duplication.md
@@ -1,5 +1,6 @@
---
title: Avoiding duplication
+shortTitle: Avoid duplication
intro: You can use reusable workflows or composite actions to avoid duplicating the content of workflows.
versions:
fpt: '*'
@@ -8,6 +9,8 @@ versions:
type: how_to
topics:
- Workflows
+redirect_from:
+ - /actions/using-workflows/avoiding-duplication
---
## About reusable workflows and composite actions
@@ -41,4 +44,3 @@ For details of how to create and use reusable workflows and composite actions, s
| Each step is logged in real-time | Logged as one step even if it contains multiple steps |
| Can connect a maximum of four levels of workflows | Can be nested to have up to 10 composite actions in one workflow |
| Can use secrets | Cannot use secrets |
-| Can use `if:` conditionals | Cannot use `if:` conditionals |
diff --git a/content/actions/creating-actions/about-custom-actions.md b/content/actions/sharing-automations/creating-actions/about-custom-actions.md
similarity index 99%
rename from content/actions/creating-actions/about-custom-actions.md
rename to content/actions/sharing-automations/creating-actions/about-custom-actions.md
index a41053d1adfd..9724823376cb 100644
--- a/content/actions/creating-actions/about-custom-actions.md
+++ b/content/actions/sharing-automations/creating-actions/about-custom-actions.md
@@ -7,6 +7,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/about-actions
- /actions/building-actions/about-actions
- /actions/creating-actions/about-actions
+ - /actions/creating-actions/about-custom-actions
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/creating-actions/creating-a-composite-action.md b/content/actions/sharing-automations/creating-actions/creating-a-composite-action.md
similarity index 96%
rename from content/actions/creating-actions/creating-a-composite-action.md
rename to content/actions/sharing-automations/creating-actions/creating-a-composite-action.md
index ba6ca880a311..78c51dd3ca98 100644
--- a/content/actions/creating-actions/creating-a-composite-action.md
+++ b/content/actions/sharing-automations/creating-actions/creating-a-composite-action.md
@@ -4,6 +4,7 @@ shortTitle: Create a composite action
intro: 'In this guide, you''ll learn how to build a composite action.'
redirect_from:
- /actions/creating-actions/creating-a-composite-run-steps-action
+ - /actions/creating-actions/creating-a-composite-action
versions:
fpt: '*'
ghes: '*'
@@ -154,7 +155,7 @@ Before you begin, you'll create a repository on {% data variables.location.produ
The following workflow code uses the completed hello world action that you made in "[AUTOTITLE](/actions/creating-actions/creating-a-composite-action#creating-an-action-metadata-file)".
-Copy the workflow code into a `.github/workflows/main.yml` file in another repository, but replace `actions/hello-world-composite-action@v1` with the repository and tag you created. You can also replace the `who-to-greet` input with your name.
+Copy the workflow code into a `.github/workflows/main.yml` file in another repository, replacing `OWNER` and `TAG` with the repository owner and the tag you created, respectively. You can also replace the `who-to-greet` input with your name.
```yaml copy
on: [push]
@@ -166,7 +167,7 @@ jobs:
steps:
- uses: {% data reusables.actions.action-checkout %}
- id: foo
- uses: actions/hello-world-composite-action@v1
+ uses: OWNER/hello-world-composite-action@TAG
with:
who-to-greet: 'Mona the Octocat'
- run: echo random-number "$RANDOM_NUMBER"
diff --git a/content/actions/creating-actions/creating-a-docker-container-action.md b/content/actions/sharing-automations/creating-actions/creating-a-docker-container-action.md
similarity index 99%
rename from content/actions/creating-actions/creating-a-docker-container-action.md
rename to content/actions/sharing-automations/creating-actions/creating-a-docker-container-action.md
index 5a0022e3ece3..6e4c1b731ec5 100644
--- a/content/actions/creating-actions/creating-a-docker-container-action.md
+++ b/content/actions/sharing-automations/creating-actions/creating-a-docker-container-action.md
@@ -7,6 +7,7 @@ redirect_from:
- /github/automating-your-workflow-with-github-actions/creating-a-docker-container-action
- /actions/automating-your-workflow-with-github-actions/creating-a-docker-container-action
- /actions/building-actions/creating-a-docker-container-action
+ - /actions/creating-actions/creating-a-docker-container-action
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/creating-actions/creating-a-javascript-action.md b/content/actions/sharing-automations/creating-actions/creating-a-javascript-action.md
similarity index 99%
rename from content/actions/creating-actions/creating-a-javascript-action.md
rename to content/actions/sharing-automations/creating-actions/creating-a-javascript-action.md
index c878832262f4..f870f538ba8f 100644
--- a/content/actions/creating-actions/creating-a-javascript-action.md
+++ b/content/actions/sharing-automations/creating-actions/creating-a-javascript-action.md
@@ -7,6 +7,7 @@ redirect_from:
- /github/automating-your-workflow-with-github-actions/creating-a-javascript-action
- /actions/automating-your-workflow-with-github-actions/creating-a-javascript-action
- /actions/building-actions/creating-a-javascript-action
+ - /actions/creating-actions/creating-a-javascript-action
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/creating-actions/developing-a-third-party-cli-action.md b/content/actions/sharing-automations/creating-actions/developing-a-third-party-cli-action.md
similarity index 97%
rename from content/actions/creating-actions/developing-a-third-party-cli-action.md
rename to content/actions/sharing-automations/creating-actions/developing-a-third-party-cli-action.md
index e6d5edb02762..f0a3aa649680 100644
--- a/content/actions/creating-actions/developing-a-third-party-cli-action.md
+++ b/content/actions/sharing-automations/creating-actions/developing-a-third-party-cli-action.md
@@ -2,7 +2,8 @@
title: Developing a third party CLI action
shortTitle: CLI setup action
intro: 'Learn how to develop an action to set up a CLI on {% data variables.product.prodname_actions %} runners.'
-redirect_from: []
+redirect_from:
+ - /actions/creating-actions/developing-a-third-party-cli-action
versions:
fpt: '*'
ghec: '*'
diff --git a/content/actions/creating-actions/dockerfile-support-for-github-actions.md b/content/actions/sharing-automations/creating-actions/dockerfile-support-for-github-actions.md
similarity index 94%
rename from content/actions/creating-actions/dockerfile-support-for-github-actions.md
rename to content/actions/sharing-automations/creating-actions/dockerfile-support-for-github-actions.md
index 9f56639a62ce..796517bae008 100644
--- a/content/actions/creating-actions/dockerfile-support-for-github-actions.md
+++ b/content/actions/sharing-automations/creating-actions/dockerfile-support-for-github-actions.md
@@ -4,13 +4,14 @@ shortTitle: Dockerfile support
intro: 'When creating a `Dockerfile` for a Docker container action, you should be aware of how some Docker instructions interact with GitHub Actions and an action''s metadata file.'
redirect_from:
- /actions/building-actions/dockerfile-support-for-github-actions
+ - /actions/creating-actions/dockerfile-support-for-github-actions
versions:
fpt: '*'
ghes: '*'
ghec: '*'
type: reference
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## About Dockerfile instructions
@@ -109,4 +110,4 @@ If you use `CMD` in your `Dockerfile`, follow these guidelines:
## Supported Linux capabilities
-{% data variables.product.prodname_actions %} supports the default Linux capabilities that Docker supports. Capabilities can't be added or removed. For more information about the default Linux capabilities that Docker supports, see "[Runtime privilege and Linux capabilities](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)" in the Docker documentation. To learn more about Linux capabilities, see "[Overview of Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)" in the Linux man-pages.
+{% data variables.product.prodname_actions %} supports the default Linux capabilities that Docker supports. Capabilities can't be added or removed. For more information about the default Linux capabilities that Docker supports, see "[Linux kernel capabilities](https://docs.docker.com/engine/security/#linux-kernel-capabilities)" in the Docker documentation. To learn more about Linux capabilities, see "[Overview of Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)" in the Linux man-pages.
diff --git a/content/actions/creating-actions/index.md b/content/actions/sharing-automations/creating-actions/index.md
similarity index 61%
rename from content/actions/creating-actions/index.md
rename to content/actions/sharing-automations/creating-actions/index.md
index de102ad0fb55..05297f12d34b 100644
--- a/content/actions/creating-actions/index.md
+++ b/content/actions/sharing-automations/creating-actions/index.md
@@ -1,12 +1,7 @@
---
title: Creating actions
+shortTitle: Create actions
intro: 'You can create your own actions, use and customize actions shared by the {% data variables.product.prodname_dotcom %} community, or write and share the actions you build.'
-redirect_from:
- - /articles/building-actions
- - /github/automating-your-workflow-with-github-actions/building-actions
- - /actions/automating-your-workflow-with-github-actions/building-actions
- - /actions/building-actions
- - /articles/creating-a-github-action
versions:
fpt: '*'
ghes: '*'
@@ -19,11 +14,9 @@ children:
- /metadata-syntax-for-github-actions
- /dockerfile-support-for-github-actions
- /setting-exit-codes-for-actions
- - /publishing-actions-in-github-marketplace
- - /sharing-actions-and-workflows-from-your-private-repository
- - /sharing-actions-and-workflows-with-your-enterprise
- - /sharing-actions-and-workflows-with-your-organization
- /releasing-and-maintaining-actions
+ - /publishing-actions-in-github-marketplace
- /developing-a-third-party-cli-action
----
+---
+
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/creating-actions/metadata-syntax-for-github-actions.md b/content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md
similarity index 99%
rename from content/actions/creating-actions/metadata-syntax-for-github-actions.md
rename to content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md
index 44df2cf5dd04..ae4ef0e07e97 100644
--- a/content/actions/creating-actions/metadata-syntax-for-github-actions.md
+++ b/content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md
@@ -7,6 +7,7 @@ redirect_from:
- /github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions
- /actions/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions
- /actions/building-actions/metadata-syntax-for-github-actions
+ - /actions/creating-actions/metadata-syntax-for-github-actions
versions:
fpt: '*'
ghes: '*'
@@ -481,7 +482,7 @@ branding:
### `branding.color`
-The background color of the badge. Can be one of: `white`, `yellow`, `blue`, `green`, `orange`, `red`, `purple`, or `gray-dark`.
+The background color of the badge. Can be one of: `white`, `black`, `yellow`, `blue`, `green`, `orange`, `red`, `purple`, or `gray-dark`.
### `branding.icon`
@@ -725,6 +726,7 @@ Brand icons, and all the following icons, are omitted.
sun
sunrise
sunset
+
table
tablet
tag
target
diff --git a/content/actions/creating-actions/publishing-actions-in-github-marketplace.md b/content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md
similarity index 99%
rename from content/actions/creating-actions/publishing-actions-in-github-marketplace.md
rename to content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md
index 6590ab8d8b2a..201f777fabd1 100644
--- a/content/actions/creating-actions/publishing-actions-in-github-marketplace.md
+++ b/content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md
@@ -5,6 +5,7 @@ redirect_from:
- /github/automating-your-workflow-with-github-actions/publishing-actions-in-github-marketplace
- /actions/automating-your-workflow-with-github-actions/publishing-actions-in-github-marketplace
- /actions/building-actions/publishing-actions-in-github-marketplace
+ - /actions/creating-actions/publishing-actions-in-github-marketplace
versions:
fpt: '*'
ghec: '*'
diff --git a/content/actions/creating-actions/releasing-and-maintaining-actions.md b/content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md
similarity index 99%
rename from content/actions/creating-actions/releasing-and-maintaining-actions.md
rename to content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md
index 83d295c817f6..5f82e8ff7378 100644
--- a/content/actions/creating-actions/releasing-and-maintaining-actions.md
+++ b/content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md
@@ -11,6 +11,8 @@ versions:
fpt: '*'
ghec: '*'
ghes: '*'
+redirect_from:
+ - /actions/creating-actions/releasing-and-maintaining-actions
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/creating-actions/setting-exit-codes-for-actions.md b/content/actions/sharing-automations/creating-actions/setting-exit-codes-for-actions.md
similarity index 96%
rename from content/actions/creating-actions/setting-exit-codes-for-actions.md
rename to content/actions/sharing-automations/creating-actions/setting-exit-codes-for-actions.md
index 1009fa82a28f..3ba9ea0b766e 100644
--- a/content/actions/creating-actions/setting-exit-codes-for-actions.md
+++ b/content/actions/sharing-automations/creating-actions/setting-exit-codes-for-actions.md
@@ -4,6 +4,7 @@ shortTitle: Set exit codes
intro: 'You can use exit codes to set the status of an action. {% data variables.product.prodname_dotcom %} displays statuses to indicate passing or failing actions.'
redirect_from:
- /actions/building-actions/setting-exit-codes-for-actions
+ - /actions/creating-actions/setting-exit-codes-for-actions
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/using-workflows/creating-starter-workflows-for-your-organization.md b/content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md
similarity index 70%
rename from content/actions/using-workflows/creating-starter-workflows-for-your-organization.md
rename to content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md
index 13d0ed3c81f6..daf71b8009d5 100644
--- a/content/actions/using-workflows/creating-starter-workflows-for-your-organization.md
+++ b/content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md
@@ -1,11 +1,12 @@
---
-title: Creating starter workflows for your organization
-shortTitle: Create starter workflows
-intro: Learn how you can create starter workflows to help people in your team add new workflows more easily.
+title: Creating workflow templates for your organization
+shortTitle: Create workflow templates
+intro: Learn how you can create workflow templates to help people in your team add new workflows more easily.
redirect_from:
- /actions/configuring-and-managing-workflows/sharing-workflow-templates-within-your-organization
- /actions/learn-github-actions/creating-workflow-templates
- /actions/learn-github-actions/creating-starter-workflows-for-your-organization
+ - /actions/using-workflows/creating-starter-workflows-for-your-organization
versions:
fpt: '*'
ghes: '*'
@@ -22,26 +23,26 @@ topics:
{% data reusables.actions.workflow-organization-templates %}
-{% data reusables.actions.starter-workflow-categories %}
+{% data reusables.actions.workflow-templates-categories %}
> [!NOTE]
-> Because starter workflows require a public `.github` repository, they are not available for {% data variables.product.prodname_emus %}.
+> Because workflow templates require a public `.github` repository, they are not available for {% data variables.product.prodname_emus %}.
-## Creating a starter workflow
+## Creating a workflow template
-Starter workflows can be created by users with write access to the organization's _public_ `.github` repository. These can then be used by organization members who have permission to create workflows.
+Workflow templates can be created by users with write access to the organization's _public_ `.github` repository. These can then be used by organization members who have permission to create workflows.
{% ifversion fpt %}
-Starter workflows created by users can only be used to create workflows in public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} can also use starter workflows to create workflows in private repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-workflows/creating-starter-workflows-for-your-organization).
+Workflow templates created by users can only be used to create workflows in public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} can also use workflow templates to create workflows in private repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-workflows/creating-starter-workflows-for-your-organization).
{% endif %}
{% note %}
-**Note:** To avoid duplication among starter workflows you can call reusable workflows from within a workflow. This can help make your workflows easier to maintain. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)."
+**Note:** To avoid duplication among workflow templates you can call reusable workflows from within a workflow. This can help make your workflows easier to maintain. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)."
{% endnote %}
-This procedure demonstrates how to create a starter workflow and metadata file. The metadata file describes how the starter workflows will be presented to users when they are creating a new workflow.
+This procedure demonstrates how to create a workflow template and metadata file. The metadata file describes how the workflow templates will be presented to users when they are creating a new workflow.
1. If it doesn't already exist, create a new _public_ repository named `.github` in your organization.
1. Create a directory named `workflow-templates`.
@@ -87,7 +88,7 @@ This procedure demonstrates how to create a starter workflow and metadata file.
```json copy
{
"name": "Octo Organization Workflow",
- "description": "Octo Organization CI starter workflow.",
+ "description": "Octo Organization CI workflow template.",
"iconName": "example-icon",
"categories": [
"Go"
@@ -112,7 +113,7 @@ This procedure demonstrates how to create a starter workflow and metadata file.
* `filePatterns` - **Optional.** Allows the workflow to be used if the user's repository has a file in its root directory that matches a defined regular expression.
-To add another starter workflow, add your files to the same `workflow-templates` directory.
+To add another workflow template, add your files to the same `workflow-templates` directory.
## Next steps
diff --git a/content/actions/sharing-automations/index.md b/content/actions/sharing-automations/index.md
new file mode 100644
index 000000000000..5d2ada0404b3
--- /dev/null
+++ b/content/actions/sharing-automations/index.md
@@ -0,0 +1,26 @@
+---
+title: Sharing automations
+shortTitle: Share automations
+intro: 'Create modular automations that you can share and reuse across {% data variables.product.prodname_actions %} workflows.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+redirect_from:
+ - /actions/creating-actions
+ - /github/automating-your-workflow-with-github-actions/building-actions
+ - /actions/automating-your-workflow-with-github-actions/building-actions
+ - /actions/building-actions
+ - /articles/creating-a-github-action
+children:
+ - /avoiding-duplication
+ - /creating-actions
+ - /reusing-workflows
+ - /creating-workflow-templates-for-your-organization
+ - /sharing-actions-and-workflows-from-your-private-repository
+ - /sharing-actions-and-workflows-with-your-organization
+ - /sharing-actions-and-workflows-with-your-enterprise
+ - /required-workflows
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-workflows/required-workflows.md b/content/actions/sharing-automations/required-workflows.md
similarity index 91%
rename from content/actions/using-workflows/required-workflows.md
rename to content/actions/sharing-automations/required-workflows.md
index 875e68d60827..c26152f424cb 100644
--- a/content/actions/using-workflows/required-workflows.md
+++ b/content/actions/sharing-automations/required-workflows.md
@@ -4,10 +4,12 @@ shortTitle: Required workflows
intro: You can specify which workflows will run as required status checks in all repositories or selected repositories in your organization.
versions:
feature: required-workflows-deprecation
-permissions: Because {% data variables.product.company_short %} no longer supports this feature, this article is only relevant if you are already using required workflows for {% data variables.product.prodname_actions %}.
+permissions: 'Because {% data variables.product.company_short %} no longer supports this feature, this article is only relevant if you are already using required workflows for {% data variables.product.prodname_actions %}.'
type: how_to
topics:
- Workflows
+redirect_from:
+ - /actions/using-workflows/required-workflows
---
{% data reusables.actions.workflows.required-workflow-beta %}
diff --git a/content/actions/using-workflows/reusing-workflows.md b/content/actions/sharing-automations/reusing-workflows.md
similarity index 95%
rename from content/actions/using-workflows/reusing-workflows.md
rename to content/actions/sharing-automations/reusing-workflows.md
index dae74b617fe4..923d63346732 100644
--- a/content/actions/using-workflows/reusing-workflows.md
+++ b/content/actions/sharing-automations/reusing-workflows.md
@@ -4,6 +4,7 @@ shortTitle: Reuse workflows
intro: Learn how to avoid duplication when creating a workflow by reusing existing workflows.
redirect_from:
- /actions/learn-github-actions/reusing-workflows
+ - /actions/using-workflows/reusing-workflows
versions:
fpt: '*'
ghec: '*'
@@ -43,9 +44,9 @@ You can view the reused workflows referenced in your {% data variables.product.p
Reusable workflows and composite actions both help you to avoid duplication. Whereas reusable workflows allow you to reuse an entire workflow, with multiple jobs and steps, composite actions combine multiple steps that you can then run within a job step, just like any other action. For more information, see "[AUTOTITLE](/actions/using-workflows/avoiding-duplication)."
-### Reusable workflows and starter workflows
+### Reusable workflows and workflow templates
-Starter workflows allow everyone in your organization who has permission to create workflows to do so more quickly and easily. When people create a new workflow, they can choose a starter workflow and some or all of the work of writing the workflow will be done for them. Within a starter workflow, you can also reference reusable workflows to make it easy for people to benefit from reusing centrally managed workflow code. If you use a commit SHA when referencing the reusable workflow, you can ensure that everyone who reuses that workflow will always be using the same YAML code. However, if you reference a reusable workflow by a tag or branch, be sure that you can trust that version of the workflow. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#reusing-third-party-workflows)."
+Workflow templates allow everyone in your organization who has permission to create workflows to do so more quickly and easily. When people create a new workflow, they can choose a workflow template and some or all of the work of writing the workflow will be done for them. Within a workflow template, you can also reference reusable workflows to make it easy for people to benefit from reusing centrally managed workflow code. If you use a commit SHA when referencing the reusable workflow, you can ensure that everyone who reuses that workflow will always be using the same YAML code. However, if you reference a reusable workflow by a tag or branch, be sure that you can trust that version of the workflow. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#reusing-third-party-workflows)."
For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
@@ -67,8 +68,10 @@ The following table shows the accessibility of reusable workflows to a caller wo
| Caller repository | Accessible workflows repositories |
|----|----|
-| `private` | `private`{% ifversion ghes or ghec %}, `internal`,{% endif %} and `public` |{% ifversion ghes or ghec %}
-| `internal` | `internal`, and `public` |{% endif %}
+| `private` | `private`{% ifversion ghes or ghec %}, `internal`,{% endif %} and `public` |
+| {% ifversion ghes or ghec %} |
+| `internal` | `internal`, and `public` |
+| {% endif %} |
| `public` | `public` |
The **Actions permissions** on the callers repository's Actions settings page must be configured to allow the use of actions and reusable workflows - see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-select-actions-and-reusable-workflows-to-run)."
@@ -170,7 +173,7 @@ You can define inputs and secrets, which can be passed from the caller workflow
{% note %}
- **Note**: Environment secrets are {% ifversion fpt or ghec %}encrypted {% endif %}strings that are stored in an environment that you've defined for a repository. Environment secrets are only available to workflow jobs that reference the appropriate environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)."
+ **Note**: Environment secrets are {% ifversion fpt or ghec %}encrypted {% endif %}strings that are stored in an environment that you've defined for a repository. Environment secrets are only available to workflow jobs that reference the appropriate environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#environment-secrets)."
{% endnote %}
diff --git a/content/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository.md b/content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md
similarity index 95%
rename from content/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository.md
rename to content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md
index a234114607a1..a615d902befc 100644
--- a/content/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository.md
+++ b/content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md
@@ -8,6 +8,8 @@ topics:
- Actions
- Action development
shortTitle: Share from your private repository
+redirect_from:
+ - /actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository
---
## About {% data variables.product.prodname_actions %} access to private repositories
diff --git a/content/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise.md b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md
similarity index 96%
rename from content/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise.md
rename to content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md
index 09740fb85d14..e947c13c9c1e 100644
--- a/content/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise.md
+++ b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md
@@ -8,6 +8,8 @@ topics:
- Actions
- Action development
shortTitle: Share with your enterprise
+redirect_from:
+ - /actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise
---
## About {% data variables.product.prodname_actions %} access to internal {% ifversion private-actions %}and private {% endif %}repositories
diff --git a/content/actions/creating-actions/sharing-actions-and-workflows-with-your-organization.md b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md
similarity index 95%
rename from content/actions/creating-actions/sharing-actions-and-workflows-with-your-organization.md
rename to content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md
index 3e298fdfc006..cc0afa7196e4 100644
--- a/content/actions/creating-actions/sharing-actions-and-workflows-with-your-organization.md
+++ b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md
@@ -8,6 +8,8 @@ topics:
- Actions
- Action development
shortTitle: Share with your organization
+redirect_from:
+ - /actions/creating-actions/sharing-actions-and-workflows-with-your-organization
---
## About {% data variables.product.prodname_actions %} access to private {% ifversion internal-actions %} or internal {% endif %}repositories
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-go.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-go.md
similarity index 93%
rename from content/actions/automating-builds-and-tests/building-and-testing-go.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-go.md
index e7999e1d3993..7a179c5ddba2 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-go.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-go.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- CI
shortTitle: Build & test Go
+redirect_from:
+ - /actions/automating-builds-and-tests/building-and-testing-go
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -25,23 +27,23 @@ You should already be familiar with YAML syntax and how it's used with {% data v
We recommend that you have a basic understanding of the Go language. For more information, see [Getting started with Go](https://golang.org/doc/tutorial/getting-started).
-## Using a Go starter workflow
+## Using a Go workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a Go starter workflow that should work for most Go projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a Go workflow template that should work for most Go projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "go".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "go".
1. Filter the selection of workflows by clicking **Continuous integration**.
1. On the "Go - by {% data variables.product.prodname_actions %}" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Go - by {% data variables.product.prodname_actions %}" starter workflow, copy the following workflow code to a new file called `go.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Go - by {% data variables.product.prodname_actions %}" workflow template, copy the following workflow code to a new file called `go.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Go
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-java-with-ant.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-ant.md
similarity index 83%
rename from content/actions/automating-builds-and-tests/building-and-testing-java-with-ant.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-ant.md
index fb26b39f189f..619f91ec0deb 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-java-with-ant.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-ant.md
@@ -4,6 +4,7 @@ intro: You can create a continuous integration (CI) workflow in GitHub Actions t
redirect_from:
- /actions/language-and-framework-guides/building-and-testing-java-with-ant
- /actions/guides/building-and-testing-java-with-ant
+ - /actions/automating-builds-and-tests/building-and-testing-java-with-ant
versions:
fpt: '*'
ghes: '*'
@@ -34,21 +35,21 @@ We recommend that you have a basic understanding of Java and the Ant framework.
{% data reusables.actions.enterprise-setup-prereq %}
-## Using an Ant starter workflow
+## Using an Ant workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Ant that should work for most Java with Ant projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Ant that should work for most Java with Ant projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "Java with Ant".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "Java with Ant".
1. On the "Java with Ant" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Java with Ant" starter workflow, copy the following workflow code to a new file called `ant.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Java with Ant" workflow template, copy the following workflow code to a new file called `ant.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Java CI
@@ -89,7 +90,7 @@ We recommend that you have a basic understanding of Java and the Ant framework.
You can use the same commands that you use locally to build and test your code.
-The starter workflow will run the default target specified in your _build.xml_ file. Your default target will commonly be set to build classes, run tests and package classes into their distributable format, for example, a JAR file.
+The workflow template will run the default target specified in your _build.xml_ file. Your default target will commonly be set to build classes, run tests and package classes into their distributable format, for example, a JAR file.
If you use different commands to build your project, or you want to run a different target, you can specify those. For example, you may want to run the `jar` target that's configured in your `_build-ci.xml_` file.
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle.md
similarity index 83%
rename from content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle.md
index f41195fc7636..82e67b9c8ae3 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle.md
@@ -4,6 +4,7 @@ intro: You can create a continuous integration (CI) workflow in GitHub Actions t
redirect_from:
- /actions/language-and-framework-guides/building-and-testing-java-with-gradle
- /actions/guides/building-and-testing-java-with-gradle
+ - /actions/automating-builds-and-tests/building-and-testing-java-with-gradle
versions:
fpt: '*'
ghes: '*'
@@ -34,21 +35,21 @@ We recommend that you have a basic understanding of Java and the Gradle framewor
{% data reusables.actions.enterprise-setup-prereq %}
-## Using a Gradle starter workflow
+## Using a Gradle workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Gradle that should work for most Java with Gradle projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Gradle that should work for most Java with Gradle projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "Java with Gradle".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "Java with Gradle".
1. On the "Java with Gradle" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Java with Gradle" starter workflow, copy the following workflow code to a new file called `gradle.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Java with Gradle" workflow template, copy the following workflow code to a new file called `gradle.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Java CI with Gradle
@@ -74,7 +75,7 @@ We recommend that you have a basic understanding of Java and the Gradle framewor
distribution: 'temurin'
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
- name: Build with Gradle
run: ./gradlew build
@@ -100,7 +101,7 @@ We recommend that you have a basic understanding of Java and the Gradle framewor
You can use the same commands that you use locally to build and test your code.
-The starter workflow will run the `build` task by default. In the default Gradle configuration, this command will download dependencies, build classes, run tests, and package classes into their distributable format, for example, a JAR file.
+The workflow template will run the `build` task by default. In the default Gradle configuration, this command will download dependencies, build classes, run tests, and package classes into their distributable format, for example, a JAR file.
If you use different commands to build your project, or you want to use a different task, you can specify those. For example, you may want to run the `package` task that's configured in your _ci.gradle_ file.
@@ -113,7 +114,7 @@ steps:
distribution: 'temurin'
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
- name: Build with Gradle
run: ./gradlew -b ci.gradle package
@@ -144,7 +145,7 @@ steps:
distribution: 'temurin'
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
- name: Build with Gradle
run: ./gradlew build
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-java-with-maven.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven.md
similarity index 87%
rename from content/actions/automating-builds-and-tests/building-and-testing-java-with-maven.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven.md
index 5f3484962ac4..5981622124dd 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-java-with-maven.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven.md
@@ -4,6 +4,7 @@ intro: You can create a continuous integration (CI) workflow in GitHub Actions t
redirect_from:
- /actions/language-and-framework-guides/building-and-testing-java-with-maven
- /actions/guides/building-and-testing-java-with-maven
+ - /actions/automating-builds-and-tests/building-and-testing-java-with-maven
versions:
fpt: '*'
ghes: '*'
@@ -34,21 +35,21 @@ We recommend that you have a basic understanding of Java and the Maven framework
{% data reusables.actions.enterprise-setup-prereq %}
-## Using a Maven starter workflow
+## Using a Maven workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Maven that should work for most Java with Maven projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Maven that should work for most Java with Maven projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "Java with Maven".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "Java with Maven".
1. On the "Java with Maven" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Java with Maven" starter workflow, copy the following workflow code to a new file called `maven.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Java with Maven" workflow template, copy the following workflow code to a new file called `maven.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Java CI with Maven
@@ -94,7 +95,7 @@ We recommend that you have a basic understanding of Java and the Maven framework
You can use the same commands that you use locally to build and test your code.
-The starter workflow will run the `package` target by default. In the default Maven configuration, this command will download dependencies, build classes, run tests, and package classes into their distributable format, for example, a JAR file.
+The workflow template will run the `package` target by default. In the default Maven configuration, this command will download dependencies, build classes, run tests, and package classes into their distributable format, for example, a JAR file.
If you use different commands to build your project, or you want to use a different target, you can specify those. For example, you may want to run the `verify` target that's configured in a _pom-ci.xml_ file.
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-net.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md
similarity index 93%
rename from content/actions/automating-builds-and-tests/building-and-testing-net.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md
index 0f46936fe14e..edc95340a042 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-net.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md
@@ -3,6 +3,7 @@ title: Building and testing .NET
intro: You can create a continuous integration (CI) workflow to build and test your .NET project.
redirect_from:
- /actions/guides/building-and-testing-net
+ - /actions/automating-builds-and-tests/building-and-testing-net
versions:
fpt: '*'
ghes: '*'
@@ -24,21 +25,21 @@ You should already be familiar with YAML syntax and how it's used with {% data v
We recommend that you have a basic understanding of the .NET Core SDK. For more information, see [Getting started with .NET](https://dotnet.microsoft.com/learn).
-## Using a .NET starter workflow
+## Using a .NET workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for .NET that should work for most .NET projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for .NET that should work for most .NET projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "dotnet".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "dotnet".
1. On the ".NET" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the ".NET" starter workflow, copy the following workflow code to a new file called `dotnet.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the ".NET" workflow template, copy the following workflow code to a new file called `dotnet.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: .NET
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-nodejs.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs.md
similarity index 92%
rename from content/actions/automating-builds-and-tests/building-and-testing-nodejs.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs.md
index a6bfcdffd11b..44a394c64f7d 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-nodejs.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs.md
@@ -5,6 +5,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/using-nodejs-with-github-actions
- /actions/language-and-framework-guides/using-nodejs-with-github-actions
- /actions/guides/building-and-testing-nodejs
+ - /actions/automating-builds-and-tests/building-and-testing-nodejs
versions:
fpt: '*'
ghes: '*'
@@ -32,22 +33,22 @@ We recommend that you have a basic understanding of Node.js, YAML, workflow conf
{% data reusables.actions.enterprise-setup-prereq %}
-## Using a Node.js starter workflow
+## Using a Node.js workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Node.js that should work for most Node.js projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Node.js that should work for most Node.js projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "Node.js".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "Node.js".
1. Filter the selection of workflows by clicking **Continuous integration**.
1. On the "Node.js" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Node.js" starter workflow, copy the following workflow code to a new file called `node.js.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Node.js" workflow template, copy the following workflow code to a new file called `node.js.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Node.js CI
@@ -94,7 +95,7 @@ The easiest way to specify a Node.js version is by using the `setup-node` action
The `setup-node` action takes a Node.js version as an input and configures that version on the runner. The `setup-node` action finds a specific version of Node.js from the tools cache on each runner and adds the necessary binaries to `PATH`, which persists for the rest of the job. Using the `setup-node` action is the recommended way of using Node.js with {% data variables.product.prodname_actions %} because it ensures consistent behavior across different runners and different versions of Node.js. If you are using a self-hosted runner, you must install Node.js and add it to `PATH`.
-The starter workflow includes a matrix strategy that builds and tests your code with the Node.js versions listed in `node-version`. The 'x' in the version number is a wildcard character that matches the latest minor and patch release available for a version. Each version of Node.js specified in the `node-version` array creates a job that runs the same steps.
+The workflow template includes a matrix strategy that builds and tests your code with the Node.js versions listed in `node-version`. The 'x' in the version number is a wildcard character that matches the latest minor and patch release available for a version. Each version of Node.js specified in the `node-version` array creates a job that runs the same steps.
Each job can access the value defined in the matrix `node-version` array using the `matrix` context. The `setup-node` action uses the context as the `node-version` input. The `setup-node` action configures each job with a different Node.js version before building and testing code. For more information about matrix strategies and contexts, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix)" and "[AUTOTITLE](/actions/learn-github-actions/contexts)."
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-powershell.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md
similarity index 99%
rename from content/actions/automating-builds-and-tests/building-and-testing-powershell.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md
index d4e84967c95a..f64ca95bb3b9 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-powershell.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md
@@ -3,6 +3,7 @@ title: Building and testing PowerShell
intro: You can create a continuous integration (CI) workflow to build and test your PowerShell project.
redirect_from:
- /actions/guides/building-and-testing-powershell
+ - /actions/automating-builds-and-tests/building-and-testing-powershell
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-python.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-python.md
similarity index 86%
rename from content/actions/automating-builds-and-tests/building-and-testing-python.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-python.md
index 5b9ad1f9b5c1..f93ff7c84845 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-python.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-python.md
@@ -5,6 +5,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/using-python-with-github-actions
- /actions/language-and-framework-guides/using-python-with-github-actions
- /actions/guides/building-and-testing-python
+ - /actions/automating-builds-and-tests/building-and-testing-python
versions:
fpt: '*'
ghes: '*'
@@ -35,21 +36,21 @@ We recommend that you have a basic understanding of Python, and pip. For more in
{% data reusables.actions.enterprise-setup-prereq %}
-## Using a Python starter workflow
+## Using a Python workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Python that should work if your repository already contains at least one `.py` file. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Python that should work if your repository already contains at least one `.py` file. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "Python application".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "Python application".
1. On the "Python application" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Python application" starter workflow, copy the following workflow code to a new file called `python-app.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Python application" workflow template, copy the following workflow code to a new file called `python-app.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Python application
@@ -315,7 +316,7 @@ steps:
- name: Lint with Ruff
run: |
pip install ruff
- ruff --output-format=github .
+ ruff check --output-format=github .
continue-on-error: true
```
@@ -392,11 +393,11 @@ jobs:
if: {% raw %}${{ always() }}{% endraw %}
```
-## Publishing to package registries
+## Publishing to PyPI
-You can configure your workflow to publish your Python package to a package registry once your CI tests pass. This section demonstrates how you can use {% data variables.product.prodname_actions %} to upload your package to PyPI each time you [publish a release](/repositories/releasing-projects-on-github/managing-releases-in-a-repository).
+You can configure your workflow to publish your Python package to PyPI once your CI tests pass. This section demonstrates how you can use {% data variables.product.prodname_actions %} to upload your package to PyPI each time you publish a release. For more information, see "[AUTOTITLE](/repositories/releasing-projects-on-github/managing-releases-in-a-repository)."
-For this example, you will need to create two [PyPI API tokens](https://pypi.org/help/#apitoken). You can use secrets to store the access tokens or credentials needed to publish your package. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)."
+The example workflow below uses [Trusted Publishing](https://docs.pypi.org/trusted-publishers/) to authenticate with PyPI, eliminating the need for a manually configured API token.
```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
@@ -409,25 +410,62 @@ on:
release:
types: [published]
+permissions:
+ contents: read
+
jobs:
- deploy:
+ release-build:
runs-on: ubuntu-latest
+
steps:
- uses: {% data reusables.actions.action-checkout %}
- - name: Set up Python
- uses: {% data reusables.actions.action-setup-python %}
+
+ - uses: {% data reusables.actions.action-setup-python %}
with:
- python-version: '3.x'
- - name: Install dependencies
+ python-version: "3.x"
+
+ - name: Build release distributions
run: |
- python -m pip install --upgrade pip
- pip install build
- - name: Build package
- run: python -m build
- - name: Publish package
- uses: pypa/gh-action-pypi-publish@release/v1
+ # NOTE: put your own distribution build steps here.
+ python -m pip install build
+ python -m build
+
+ - name: Upload distributions
+ uses: {% data reusables.actions.action-upload-artifact %}
with:
- password: {% raw %}${{ secrets.PYPI_API_TOKEN }}{% endraw %}
+ name: release-dists
+ path: dist/
+
+ pypi-publish:
+ runs-on: ubuntu-latest
+
+ needs:
+ - release-build
+
+ permissions:
+ # IMPORTANT: this permission is mandatory for trusted publishing
+ id-token: write
+
+ # Dedicated environments with protections for publishing are strongly recommended.
+ environment:
+ name: pypi
+ # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status:
+ # url: https://pypi.org/p/YOURPROJECT
+
+ steps:
+ - name: Retrieve release distributions
+ uses: {% data reusables.actions.action-download-artifact %}
+ with:
+ name: release-dists
+ path: dist/
+
+ - name: Publish release distributions to PyPI
+ uses: pypa/gh-action-pypi-publish@release/v1
```
-For more information about the starter workflow, see [`python-publish`](https://github.com/actions/starter-workflows/blob/main/ci/python-publish.yml).
+{% ifversion not ghes %}
+
+For more information about this workflow, including the PyPI settings
+needed, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi).
+
+{% endif %}
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-ruby.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-ruby.md
similarity index 95%
rename from content/actions/automating-builds-and-tests/building-and-testing-ruby.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-ruby.md
index 49d0e7265dae..bdbadf2bfe24 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-ruby.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-ruby.md
@@ -3,6 +3,7 @@ title: Building and testing Ruby
intro: You can create a continuous integration (CI) workflow to build and test your Ruby project.
redirect_from:
- /actions/guides/building-and-testing-ruby
+ - /actions/automating-builds-and-tests/building-and-testing-ruby
versions:
fpt: '*'
ghes: '*'
@@ -27,22 +28,22 @@ We recommend that you have a basic understanding of Ruby, YAML, workflow configu
* [Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)
* [Ruby in 20 minutes](https://www.ruby-lang.org/en/documentation/quickstart/)
-## Using a Ruby starter workflow
+## Using a Ruby workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Ruby that should work for most Ruby projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Ruby that should work for most Ruby projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "ruby".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "ruby".
1. Filter the selection of workflows by clicking **Continuous integration**.
1. On the "Ruby" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Ruby" starter workflow, copy the following workflow code to a new file called `ruby.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Ruby" workflow template, copy the following workflow code to a new file called `ruby.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Ruby
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-swift.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-swift.md
similarity index 88%
rename from content/actions/automating-builds-and-tests/building-and-testing-swift.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-swift.md
index 430856a7b830..eb3363e60b0f 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-swift.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-swift.md
@@ -3,6 +3,7 @@ title: Building and testing Swift
intro: You can create a continuous integration (CI) workflow to build and test your Swift project.
redirect_from:
- /actions/guides/building-and-testing-swift
+ - /actions/automating-builds-and-tests/building-and-testing-swift
versions:
fpt: '*'
ghes: '*'
@@ -28,22 +29,22 @@ You should already be familiar with YAML syntax and how it's used with {% data v
We recommend that you have a basic understanding of Swift packages. For more information, see "[Swift Packages](https://developer.apple.com/documentation/xcode/swift-packages)" in the Apple developer documentation.
-## Using a Swift starter workflow
+## Using a Swift workflow template
-{% data reusables.actions.starter-workflow-get-started %}
+{% data reusables.actions.workflow-templates-get-started %}
-{% data variables.product.prodname_dotcom %} provides a starter workflow for Swift that should work for most Swift projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
+{% data variables.product.prodname_dotcom %} provides a workflow template for Swift that should work for most Swift projects. The subsequent sections of this guide give examples of how you can customize this workflow template.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
{% data reusables.actions.new-starter-workflow %}
-1. The "Choose a workflow" page shows a selection of recommended starter workflows. Search for "swift".
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Search for "swift".
1. Filter the selection of workflows by clicking **Continuous integration**.
1. On the "Swift" workflow, click **Configure**.
{%- ifversion ghes %}
- If you don't find the "Swift" starter workflow, copy the following workflow code to a new file called `swift.yml` in the `.github/workflows` directory of your repository.
+ If you don't find the "Swift" workflow template, copy the following workflow code to a new file called `swift.yml` in the `.github/workflows` directory of your repository.
```yaml copy
name: Swift
diff --git a/content/actions/automating-builds-and-tests/building-and-testing-xamarin-applications.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-xamarin-applications.md
similarity index 98%
rename from content/actions/automating-builds-and-tests/building-and-testing-xamarin-applications.md
rename to content/actions/use-cases-and-examples/building-and-testing/building-and-testing-xamarin-applications.md
index 7929d20dff3f..4b93211e6646 100644
--- a/content/actions/automating-builds-and-tests/building-and-testing-xamarin-applications.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-xamarin-applications.md
@@ -3,6 +3,7 @@ title: Building and testing Xamarin applications
intro: You can create a continuous integration (CI) workflow in GitHub Actions to build and test your Xamarin application.
redirect_from:
- /actions/guides/building-and-testing-xamarin-applications
+ - /actions/automating-builds-and-tests/building-and-testing-xamarin-applications
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/automating-builds-and-tests/index.md b/content/actions/use-cases-and-examples/building-and-testing/index.md
similarity index 89%
rename from content/actions/automating-builds-and-tests/index.md
rename to content/actions/use-cases-and-examples/building-and-testing/index.md
index 69b611085a8d..6a15b6c45a4b 100644
--- a/content/actions/automating-builds-and-tests/index.md
+++ b/content/actions/use-cases-and-examples/building-and-testing/index.md
@@ -1,5 +1,5 @@
---
-title: Automating builds and tests
+title: Building and testing
shortTitle: Build and test
intro: 'You can automatically build and test your projects with {% data variables.product.prodname_actions %}.'
versions:
@@ -15,8 +15,9 @@ redirect_from:
- /actions/language-and-framework-guides/github-actions-for-python
- /actions/guides/building-and-testing-nodejs-or-python
- /actions/automating-builds-and-tests/building-and-testing-nodejs-or-python
+ - /actions/automating-builds-and-tests
+ - /actions/examples/using-scripts-to-test-your-code-on-a-runner
children:
- - /about-continuous-integration
- /building-and-testing-go
- /building-and-testing-java-with-ant
- /building-and-testing-java-with-gradle
diff --git a/content/actions/use-cases-and-examples/creating-an-example-workflow.md b/content/actions/use-cases-and-examples/creating-an-example-workflow.md
new file mode 100644
index 000000000000..c7ca97960bd8
--- /dev/null
+++ b/content/actions/use-cases-and-examples/creating-an-example-workflow.md
@@ -0,0 +1,22 @@
+---
+title: Creating an example workflow
+intro: Learn how to create a basic workflow that is triggered by a push event.
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: tutorial
+topics:
+ - Actions
+ - Workflows
+shortTitle: Create an example workflow
+layout: inline
+---
+
+## Introduction
+
+This guide shows you how to create a basic workflow that is triggered when code is pushed to your repository.
+
+{% data reusables.actions.workflow-templates-for-more-information %}
+
+{% data reusables.actions.workflow-basic-example-and-explanation %}
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md
similarity index 93%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md
index f2623e98f2ce..726eb8dfe52d 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md
@@ -11,6 +11,8 @@ topics:
- Containers
- Docker
- Azure App Service
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -144,6 +146,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-container-webapp.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-container-webapp.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-container-webapp.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-container-webapp.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-java-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md
similarity index 91%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-java-to-azure-app-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md
index 1ed3142eb7a5..d6dcbe5421ea 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-java-to-azure-app-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md
@@ -10,6 +10,8 @@ topics:
- CD
- Java
- Azure App Service
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-java-to-azure-app-service
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -122,6 +124,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-webapps-java-jar.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-java-jar.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-webapps-java-jar.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-java-jar.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-net-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md
similarity index 92%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-net-to-azure-app-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md
index b67297dc675a..abb6cd9b16eb 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-net-to-azure-app-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- CD
- Azure App Service
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-net-to-azure-app-service
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -132,6 +134,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-webapps-dotnet-core.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-dotnet-core.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-webapps-dotnet-core.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-dotnet-core.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md
similarity index 93%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md
index 7aad01df35d4..b1a58369d85a 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md
@@ -5,6 +5,7 @@ redirect_from:
- /actions/guides/deploying-to-azure-app-service
- /actions/deployment/deploying-to-azure-app-service
- /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure-app-service
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service
versions:
fpt: '*'
ghes: '*'
@@ -127,7 +128,7 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-webapps-node.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-node.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-webapps-node.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-node.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
* The "[Create a Node.js web app in Azure](https://docs.microsoft.com/azure/app-service/quickstart-nodejs)" quickstart in the Azure web app documentation demonstrates using {% data variables.product.prodname_vscode %} with the [Azure App Service extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureappservice).
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-php-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md
similarity index 93%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-php-to-azure-app-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md
index a626950f0284..546e603e85b8 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-php-to-azure-app-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- CD
- Azure App Service
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-php-to-azure-app-service
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -143,6 +145,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-webapps-php.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-php.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-webapps-php.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-php.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-python-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md
similarity index 92%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-python-to-azure-app-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md
index 46e97a38a8c4..f5093958c5de 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-python-to-azure-app-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md
@@ -10,6 +10,8 @@ topics:
- CD
- Python
- Azure App Service
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-python-to-azure-app-service
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -139,6 +141,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-webapps-python.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-python.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-webapps-python.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-python.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md b/content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md
similarity index 96%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md
index d4320bf99e9c..a412d1067cdf 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md
@@ -4,6 +4,7 @@ intro: You can deploy to Amazon Elastic Container Service (ECS) as part of your
redirect_from:
- /actions/guides/deploying-to-amazon-elastic-container-service
- /actions/deployment/deploying-to-amazon-elastic-container-service
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
versions:
fpt: '*'
ghes: '*'
@@ -170,7 +171,7 @@ jobs:
## Additional resources
-For the original starter workflow, see [`aws.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/aws.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+For the original workflow template, see [`aws.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/aws.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
For more information on the services used in these examples, see the following documentation:
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service.md b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md
similarity index 93%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service.md
rename to content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md
index f87fb8b48929..fa27712abda8 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- CD
- Azure Kubernetes Service
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -116,6 +118,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-kubernetes-service.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-kubernetes-service.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-kubernetes-service.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-kubernetes-service.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The actions used to in this workflow are the official Azure [`Azure/login`](https://github.com/Azure/login),[`Azure/aks-set-context`](https://github.com/Azure/aks-set-context), [`Azure/CLI`](https://github.com/Azure/CLI), [`Azure/k8s-bake`](https://github.com/Azure/k8s-bake), and [`Azure/k8s-deploy`](https://github.com/Azure/k8s-deploy)actions.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app.md b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md
similarity index 92%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app.md
rename to content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md
index afc87eefe524..ffc813a02775 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md
@@ -9,6 +9,8 @@ type: tutorial
topics:
- CD
- Azure Static Web Apps
+redirect_from:
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app
---
{% data reusables.actions.enterprise-github-hosted-runners %}
@@ -105,6 +107,6 @@ jobs:
The following resources may also be useful:
-* For the original starter workflow, see [`azure-staticwebapp.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-staticwebapp.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
+* For the original workflow template, see [`azure-staticwebapp.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/azure-staticwebapp.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
* The action used to deploy the web app is the official Azure [`Azure/static-web-apps-deploy`](https://github.com/Azure/static-web-apps-deploy) action.
* For more examples of GitHub Action workflows that deploy to Azure, see the [actions-workflow-samples](https://github.com/Azure/actions-workflow-samples) repository.
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md b/content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md
similarity index 96%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md
rename to content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md
index 61e48f0f941e..3ebec348679d 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md
@@ -4,6 +4,7 @@ intro: You can deploy to Google Kubernetes Engine as part of your continuous dep
redirect_from:
- /actions/guides/deploying-to-google-kubernetes-engine
- /actions/deployment/deploying-to-google-kubernetes-engine
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine
versions:
fpt: '*'
ghes: '*'
@@ -211,6 +212,6 @@ jobs:
For more information on the tools used in these examples, see the following documentation:
-* For the full starter workflow, see the ["Build and Deploy to GKE" workflow](https://github.com/actions/starter-workflows/blob/main/deployments/google.yml).
+* For the full workflow template, see the ["Build and Deploy to GKE" workflow](https://github.com/actions/starter-workflows/blob/main/deployments/google.yml).
* The Kubernetes YAML customization engine: [Kustomize](https://kustomize.io/).
* "[Deploying a containerized web application](https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app)" in the Google Kubernetes Engine documentation.
diff --git a/content/actions/deployment/about-deployments/deploying-with-github-actions.md b/content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md
similarity index 99%
rename from content/actions/deployment/about-deployments/deploying-with-github-actions.md
rename to content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md
index 89223fa14c6f..2446d1a3fdbe 100644
--- a/content/actions/deployment/about-deployments/deploying-with-github-actions.md
+++ b/content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md
@@ -8,6 +8,7 @@ versions:
type: overview
redirect_from:
- /actions/deployment/deploying-with-github-actions
+ - /actions/deployment/about-deployments/deploying-with-github-actions
topics:
- CD
- Deployment
diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/index.md b/content/actions/use-cases-and-examples/deploying/index.md
similarity index 54%
rename from content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/index.md
rename to content/actions/use-cases-and-examples/deploying/index.md
index ea2d9ce45679..f54f1dd93859 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/index.md
+++ b/content/actions/use-cases-and-examples/deploying/index.md
@@ -1,12 +1,13 @@
---
-title: Deploying to Azure
-shortTitle: Deploy to Azure
-intro: 'Learn how to deploy to Azure App Service, Azure Kubernetes, and Azure Static Web App as part of your continuous deployment (CD) workflows.'
+title: Deploying
+shortTitle: Deployment
+intro: 'Automatically deploy projects with {% data variables.product.prodname_actions %}.'
versions:
fpt: '*'
ghes: '*'
ghec: '*'
children:
+ - /deploying-with-github-actions
- /deploying-nodejs-to-azure-app-service
- /deploying-python-to-azure-app-service
- /deploying-java-to-azure-app-service
@@ -15,5 +16,8 @@ children:
- /deploying-docker-to-azure-app-service
- /deploying-to-azure-static-web-app
- /deploying-to-azure-kubernetes-service
+ - /deploying-to-amazon-elastic-container-service
+ - /deploying-to-google-kubernetes-engine
+ - /installing-an-apple-certificate-on-macos-runners-for-xcode-development
---
diff --git a/content/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md b/content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md
similarity index 97%
rename from content/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md
rename to content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md
index 1b8c33384c57..d8ecef0d8a82 100644
--- a/content/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md
+++ b/content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md
@@ -5,6 +5,8 @@ intro: 'You can sign Xcode apps within your continuous integration (CI) workflow
redirect_from:
- /actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development
- /actions/deployment/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+ - /actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+ - /actions/deployment/deploying-xcode-applications
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/use-cases-and-examples/index.md b/content/actions/use-cases-and-examples/index.md
new file mode 100644
index 000000000000..e8892369bef3
--- /dev/null
+++ b/content/actions/use-cases-and-examples/index.md
@@ -0,0 +1,22 @@
+---
+title: Use cases and examples
+shortTitle: Use cases and examples
+intro: 'Example workflows that demonstrate the features of {% data variables.product.prodname_actions %}.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+redirect_from:
+ - /actions/examples
+ - /actions/deployment
+ - /actions/deployment/deploying-to-your-cloud-provider
+ - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure
+children:
+ - creating-an-example-workflow
+ - building-and-testing
+ - deploying
+ - publishing-packages
+ - project-management
+ - using-containerized-services
+---
+
diff --git a/content/actions/managing-issues-and-pull-requests/adding-labels-to-issues.md b/content/actions/use-cases-and-examples/project-management/adding-labels-to-issues.md
similarity index 98%
rename from content/actions/managing-issues-and-pull-requests/adding-labels-to-issues.md
rename to content/actions/use-cases-and-examples/project-management/adding-labels-to-issues.md
index f7bc9ff61c7e..3b2c1a88325b 100644
--- a/content/actions/managing-issues-and-pull-requests/adding-labels-to-issues.md
+++ b/content/actions/use-cases-and-examples/project-management/adding-labels-to-issues.md
@@ -4,6 +4,7 @@ shortTitle: Add labels to issues
intro: 'You can use {% data variables.product.prodname_actions %} to automatically label issues.'
redirect_from:
- /actions/guides/adding-labels-to-issues
+ - /actions/managing-issues-and-pull-requests/adding-labels-to-issues
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-issues-and-pull-requests/closing-inactive-issues.md b/content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md
similarity index 98%
rename from content/actions/managing-issues-and-pull-requests/closing-inactive-issues.md
rename to content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md
index 4faffa1662a9..124e10829859 100644
--- a/content/actions/managing-issues-and-pull-requests/closing-inactive-issues.md
+++ b/content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md
@@ -4,6 +4,7 @@ shortTitle: Close inactive issues
intro: 'You can use {% data variables.product.prodname_actions %} to comment on or close issues that have been inactive for a certain period of time.'
redirect_from:
- /actions/guides/closing-inactive-issues
+ - /actions/managing-issues-and-pull-requests/closing-inactive-issues
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added.md b/content/actions/use-cases-and-examples/project-management/commenting-on-an-issue-when-a-label-is-added.md
similarity index 97%
rename from content/actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added.md
rename to content/actions/use-cases-and-examples/project-management/commenting-on-an-issue-when-a-label-is-added.md
index 86890031d060..280eaf77b789 100644
--- a/content/actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added.md
+++ b/content/actions/use-cases-and-examples/project-management/commenting-on-an-issue-when-a-label-is-added.md
@@ -3,6 +3,7 @@ title: Commenting on an issue when a label is added
intro: 'You can use {% data variables.product.prodname_actions %} to automatically comment on issues when a specific label is applied.'
redirect_from:
- /actions/guides/commenting-on-an-issue-when-a-label-is-added
+ - /actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-issues-and-pull-requests/index.md b/content/actions/use-cases-and-examples/project-management/index.md
similarity index 80%
rename from content/actions/managing-issues-and-pull-requests/index.md
rename to content/actions/use-cases-and-examples/project-management/index.md
index cbce8762ffba..c244a5365649 100644
--- a/content/actions/managing-issues-and-pull-requests/index.md
+++ b/content/actions/use-cases-and-examples/project-management/index.md
@@ -1,6 +1,6 @@
---
-title: Managing issues and pull requests
-shortTitle: Manage issues and pull requests
+title: Managing projects
+shortTitle: Project management
intro: 'You can automatically manage your issues and pull requests using {% data variables.product.prodname_actions %} workflows.'
versions:
fpt: '*'
@@ -14,5 +14,7 @@ children:
- /moving-assigned-issues-on-project-boards
- /removing-a-label-when-a-card-is-added-to-a-project-board-column
- /scheduling-issue-creation
+redirect_from:
+ - /actions/managing-issues-and-pull-requests
---
diff --git a/content/actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards.md b/content/actions/use-cases-and-examples/project-management/moving-assigned-issues-on-project-boards.md
similarity index 98%
rename from content/actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards.md
rename to content/actions/use-cases-and-examples/project-management/moving-assigned-issues-on-project-boards.md
index fe8e82ea6960..4a3ce75864c3 100644
--- a/content/actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards.md
+++ b/content/actions/use-cases-and-examples/project-management/moving-assigned-issues-on-project-boards.md
@@ -3,6 +3,7 @@ title: 'Moving assigned issues on {% data variables.projects.projects_v1_boards
intro: 'You can use {% data variables.product.prodname_actions %} to automatically move an issue to a specific column on a {% data variables.projects.projects_v1_board %} when the issue is assigned.'
redirect_from:
- /actions/guides/moving-assigned-issues-on-project-boards
+ - /actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column.md b/content/actions/use-cases-and-examples/project-management/removing-a-label-when-a-card-is-added-to-a-project-board-column.md
similarity index 98%
rename from content/actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column.md
rename to content/actions/use-cases-and-examples/project-management/removing-a-label-when-a-card-is-added-to-a-project-board-column.md
index 5fd28ddafc7f..73bea5d5c804 100644
--- a/content/actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column.md
+++ b/content/actions/use-cases-and-examples/project-management/removing-a-label-when-a-card-is-added-to-a-project-board-column.md
@@ -3,6 +3,7 @@ title: 'Removing a label when a card is added to a {% data variables.projects.pr
intro: 'You can use {% data variables.product.prodname_actions %} to automatically remove a label when an issue or pull request is added to a specific column on a {% data variables.projects.projects_v1_board %}.'
redirect_from:
- /actions/guides/removing-a-label-when-a-card-is-added-to-a-project-board-column
+ - /actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-issues-and-pull-requests/scheduling-issue-creation.md b/content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md
similarity index 98%
rename from content/actions/managing-issues-and-pull-requests/scheduling-issue-creation.md
rename to content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md
index 63a285c7bad3..2d17f8d1f894 100644
--- a/content/actions/managing-issues-and-pull-requests/scheduling-issue-creation.md
+++ b/content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md
@@ -4,6 +4,7 @@ shortTitle: Schedule issue creation
intro: 'You can use {% data variables.product.prodname_actions %} to create an issue on a regular basis for things like daily meetings or quarterly reviews.'
redirect_from:
- /actions/guides/scheduling-issue-creation
+ - /actions/managing-issues-and-pull-requests/scheduling-issue-creation
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/managing-issues-and-pull-requests/using-github-actions-for-project-management.md b/content/actions/use-cases-and-examples/project-management/using-github-actions-for-project-management.md
similarity index 81%
rename from content/actions/managing-issues-and-pull-requests/using-github-actions-for-project-management.md
rename to content/actions/use-cases-and-examples/project-management/using-github-actions-for-project-management.md
index f902ed8629c6..c3eb9660c7a5 100644
--- a/content/actions/managing-issues-and-pull-requests/using-github-actions-for-project-management.md
+++ b/content/actions/use-cases-and-examples/project-management/using-github-actions-for-project-management.md
@@ -3,6 +3,7 @@ title: Using GitHub Actions for project management
intro: 'You can use {% data variables.product.prodname_actions %} to automate many of your project management tasks.'
redirect_from:
- /actions/guides/using-github-actions-for-project-management
+ - /actions/managing-issues-and-pull-requests/using-github-actions-for-project-management
versions:
fpt: '*'
ghes: '*'
@@ -13,8 +14,7 @@ topics:
shortTitle: Actions for project management
---
-
-You can use {% data variables.product.prodname_actions %} to automate your project management tasks by creating workflows. Each workflow contains a series of tasks that are performed automatically every time the workflow runs. For example, you can create a workflow that runs every time an issue is created to add a label, leave a comment, and move the issue onto a {% data variables.projects.projects_v1_board %}.
+You can use {% data variables.product.prodname_actions %} to automate your project management tasks by creating workflows. Each workflow contains a series of tasks that are performed automatically every time the workflow runs. For example, you can create a workflow that runs every time an issue is created to add a label{% ifversion projects-v1 %}, move the issue onto a {% data variables.projects.projects_v1_board %},{% endif %} and leave a comment.
## When do workflows run?
@@ -24,20 +24,19 @@ Many workflow triggers are useful for automating project management.
* An issue is opened, assigned, or labeled.
* A comment is added to an issue.
-* A project card is created or moved.
* A scheduled time.
For a full list of events that can trigger workflows, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows)."
## What can workflows do?
-Workflows can do many things, such as commenting on an issue, adding or removing labels, moving cards on {% data variables.projects.projects_v1_boards %}, and opening issues.
+Workflows can do many things, such as commenting on an issue, adding or removing labels, {% ifversion projects-v1 %}moving cards on {% data variables.projects.projects_v1_boards %}, {% endif %}and opening issues.
You can learn about using {% data variables.product.prodname_actions %} for project management by following these tutorials, which include example workflows that you can adapt to meet your needs.
-* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/adding-labels-to-issues)"
+* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/adding-labels-to-issues)"{%- ifversion projects-v1 %}
* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column)"
-* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards)"
+* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards)"{% endif %}
* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added)"
* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/closing-inactive-issues)"
* "[AUTOTITLE](/actions/managing-issues-and-pull-requests/scheduling-issue-creation)"
diff --git a/content/actions/publishing-packages/about-packaging-with-github-actions.md b/content/actions/use-cases-and-examples/publishing-packages/about-packaging-with-github-actions.md
similarity index 92%
rename from content/actions/publishing-packages/about-packaging-with-github-actions.md
rename to content/actions/use-cases-and-examples/publishing-packages/about-packaging-with-github-actions.md
index 266d0b02bca6..4767c8759b5c 100644
--- a/content/actions/publishing-packages/about-packaging-with-github-actions.md
+++ b/content/actions/use-cases-and-examples/publishing-packages/about-packaging-with-github-actions.md
@@ -5,6 +5,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/about-packaging-with-github-actions
- /actions/publishing-packages-with-github-actions/about-packaging-with-github-actions
- /actions/guides/about-packaging-with-github-actions
+ - /actions/publishing-packages/about-packaging-with-github-actions
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/publishing-packages/index.md b/content/actions/use-cases-and-examples/publishing-packages/index.md
similarity index 93%
rename from content/actions/publishing-packages/index.md
rename to content/actions/use-cases-and-examples/publishing-packages/index.md
index 67f701d6c019..f01698b80d83 100644
--- a/content/actions/publishing-packages/index.md
+++ b/content/actions/use-cases-and-examples/publishing-packages/index.md
@@ -8,6 +8,7 @@ versions:
ghec: '*'
redirect_from:
- /actions/publishing-packages-with-github-actions
+ - /actions/publishing-packages
children:
- /about-packaging-with-github-actions
- /publishing-docker-images
diff --git a/content/actions/publishing-packages/publishing-docker-images.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md
similarity index 90%
rename from content/actions/publishing-packages/publishing-docker-images.md
rename to content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md
index 9843ad090b14..07e8374a7ec5 100644
--- a/content/actions/publishing-packages/publishing-docker-images.md
+++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md
@@ -5,6 +5,7 @@ intro: 'You can publish Docker images to a registry, such as Docker Hub or {% da
redirect_from:
- /actions/language-and-framework-guides/publishing-docker-images
- /actions/guides/publishing-docker-images
+ - /actions/publishing-packages/publishing-docker-images
versions:
fpt: '*'
ghes: '*'
@@ -52,7 +53,7 @@ In this guide, we will use the Docker `build-push-action` action to build the Do
## Publishing images to Docker Hub
-{% data reusables.actions.release-trigger-workflow %}
+Each time you create a new release on {% data variables.product.product_name %}, you can trigger a workflow to publish your image. The workflow in the example below runs when the `release` event triggers with the `published` activity type.
In the example workflow below, we use the Docker `login-action` and `build-push-action` actions to build the Docker image and, if the build succeeds, push the built image to Docker Hub.
@@ -113,10 +114,15 @@ jobs:
push: true
tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %}
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
-
- {% ifversion artifact-attestations %}
- {% data reusables.actions.artifact-attestations-step-for-container-images %}
- {% endif %}
+
+{% ifversion artifact-attestations %}
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %}
+ subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
+ push-to-registry: true
+{% endif -%}
```
The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image.
@@ -129,7 +135,7 @@ The above workflow checks out the {% data variables.product.prodname_dotcom %} r
{% data reusables.package_registry.container-registry-ghes-beta %}
{% endif %}
-{% data reusables.actions.release-trigger-workflow %}
+Each time you create a new release on {% data variables.product.product_name %}, you can trigger a workflow to publish your image. The workflow in the example below runs when a change is pushed to the `release` branch.
In the example workflow below, we use the Docker `login-action`{% ifversion fpt or ghec %}, `metadata-action`,{% endif %} and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}.
@@ -222,9 +228,14 @@ jobs:
tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %}
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
- {% ifversion artifact-attestations %}
- {% data reusables.actions.artifact-attestations-step-for-container-images %}
- {% endif %}
+{% ifversion artifact-attestations %}
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %}
+ subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
+ push-to-registry: true
+{% endif -%}
```
The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action.
diff --git a/content/actions/publishing-packages/publishing-java-packages-with-gradle.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-gradle.md
similarity index 96%
rename from content/actions/publishing-packages/publishing-java-packages-with-gradle.md
rename to content/actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-gradle.md
index 5cb5fdece60c..c1905ecaf58d 100644
--- a/content/actions/publishing-packages/publishing-java-packages-with-gradle.md
+++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-gradle.md
@@ -5,6 +5,7 @@ intro: You can use Gradle to publish Java packages to a registry as part of your
redirect_from:
- /actions/language-and-framework-guides/publishing-java-packages-with-gradle
- /actions/guides/publishing-java-packages-with-gradle
+ - /actions/publishing-packages/publishing-java-packages-with-gradle
versions:
fpt: '*'
ghes: '*'
@@ -31,7 +32,7 @@ For more information about creating a CI workflow for your Java project with Gra
You may also find it helpful to have a basic understanding of the following:
-* "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-npm-registry)"
+* "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry)"
* "[AUTOTITLE](/actions/learn-github-actions/variables)"
* "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)"
* "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)"
@@ -98,7 +99,7 @@ jobs:
distribution: 'temurin'
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
- name: Publish package
run: ./gradlew publish
@@ -173,7 +174,7 @@ jobs:
java-version: '11'
distribution: 'temurin'
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
- name: Publish package
run: ./gradlew publish
@@ -256,7 +257,7 @@ jobs:
java-version: '11'
distribution: 'temurin'
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
- name: Publish package
run: ./gradlew publish
diff --git a/content/actions/publishing-packages/publishing-java-packages-with-maven.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-maven.md
similarity index 99%
rename from content/actions/publishing-packages/publishing-java-packages-with-maven.md
rename to content/actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-maven.md
index 668c0f75d2a3..689de03c2ed1 100644
--- a/content/actions/publishing-packages/publishing-java-packages-with-maven.md
+++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-java-packages-with-maven.md
@@ -5,6 +5,7 @@ intro: You can use Maven to publish Java packages to a registry as part of your
redirect_from:
- /actions/language-and-framework-guides/publishing-java-packages-with-maven
- /actions/guides/publishing-java-packages-with-maven
+ - /actions/publishing-packages/publishing-java-packages-with-maven
versions:
fpt: '*'
ghes: '*'
@@ -31,7 +32,7 @@ For more information about creating a CI workflow for your Java project with Mav
You may also find it helpful to have a basic understanding of the following:
-* "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-npm-registry)"
+* "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry)"
* "[AUTOTITLE](/actions/learn-github-actions/variables)"
* "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)"
* "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)"
diff --git a/content/actions/publishing-packages/publishing-nodejs-packages.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages.md
similarity index 98%
rename from content/actions/publishing-packages/publishing-nodejs-packages.md
rename to content/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages.md
index 9b260b241791..432305bcba12 100644
--- a/content/actions/publishing-packages/publishing-nodejs-packages.md
+++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages.md
@@ -6,6 +6,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/publishing-nodejs-packages
- /actions/language-and-framework-guides/publishing-nodejs-packages
- /actions/guides/publishing-nodejs-packages
+ - /actions/publishing-packages/publishing-nodejs-packages
versions:
fpt: '*'
ghes: '*'
@@ -69,6 +70,9 @@ on:
jobs:
build:
runs-on: ubuntu-latest
+ {% ifversion artifact-attestations %}permissions:
+ contents: read
+ id-token: write{% endif %}
steps:
- uses: {% data reusables.actions.action-checkout %}
# Setup .npmrc file to publish to npm
diff --git a/content/actions/using-containerized-services/about-service-containers.md b/content/actions/use-cases-and-examples/using-containerized-services/about-service-containers.md
similarity index 96%
rename from content/actions/using-containerized-services/about-service-containers.md
rename to content/actions/use-cases-and-examples/using-containerized-services/about-service-containers.md
index 42990fb0a46c..3cfba7b219a1 100644
--- a/content/actions/using-containerized-services/about-service-containers.md
+++ b/content/actions/use-cases-and-examples/using-containerized-services/about-service-containers.md
@@ -5,6 +5,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/about-service-containers
- /actions/configuring-and-managing-workflows/about-service-containers
- /actions/guides/about-service-containers
+ - /actions/using-containerized-services/about-service-containers
versions:
fpt: '*'
ghes: '*'
@@ -14,7 +15,7 @@ topics:
- Containers
- Docker
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## About service containers
@@ -31,7 +32,7 @@ You can configure jobs in a workflow to run directly on a runner machine or in a
### Running jobs in a container
-When you run jobs in a container, {% data variables.product.prodname_dotcom %} connects service containers to the job using Docker's user-defined bridge networks. For more information, see "[Use bridge networks](https://docs.docker.com/network/bridge/)" in the Docker documentation.
+When you run jobs in a container, {% data variables.product.prodname_dotcom %} connects service containers to the job using Docker's user-defined bridge networks. For more information, see "[Bridge network driver](https://docs.docker.com/engine/network/drivers/bridge/)" in the Docker documentation.
Running the job and services in a container simplifies network access. You can access a service container using the label you configure in the workflow. The hostname of the service container is automatically mapped to the label name. For example, if you create a service container with the label `redis`, the hostname of the service container is `redis`.
diff --git a/content/actions/using-containerized-services/creating-postgresql-service-containers.md b/content/actions/use-cases-and-examples/using-containerized-services/creating-postgresql-service-containers.md
similarity index 99%
rename from content/actions/using-containerized-services/creating-postgresql-service-containers.md
rename to content/actions/use-cases-and-examples/using-containerized-services/creating-postgresql-service-containers.md
index f164a78fa3b9..d498ebbb739b 100644
--- a/content/actions/using-containerized-services/creating-postgresql-service-containers.md
+++ b/content/actions/use-cases-and-examples/using-containerized-services/creating-postgresql-service-containers.md
@@ -6,6 +6,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/creating-postgresql-service-containers
- /actions/configuring-and-managing-workflows/creating-postgresql-service-containers
- /actions/guides/creating-postgresql-service-containers
+ - /actions/using-containerized-services/creating-postgresql-service-containers
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/using-containerized-services/creating-redis-service-containers.md b/content/actions/use-cases-and-examples/using-containerized-services/creating-redis-service-containers.md
similarity index 99%
rename from content/actions/using-containerized-services/creating-redis-service-containers.md
rename to content/actions/use-cases-and-examples/using-containerized-services/creating-redis-service-containers.md
index 06da8690344a..851548d9d636 100644
--- a/content/actions/using-containerized-services/creating-redis-service-containers.md
+++ b/content/actions/use-cases-and-examples/using-containerized-services/creating-redis-service-containers.md
@@ -6,6 +6,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/creating-redis-service-containers
- /actions/configuring-and-managing-workflows/creating-redis-service-containers
- /actions/guides/creating-redis-service-containers
+ - /actions/using-containerized-services/creating-redis-service-containers
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/using-containerized-services/index.md b/content/actions/use-cases-and-examples/using-containerized-services/index.md
similarity index 93%
rename from content/actions/using-containerized-services/index.md
rename to content/actions/use-cases-and-examples/using-containerized-services/index.md
index 725956567dae..aea86fe6f003 100644
--- a/content/actions/using-containerized-services/index.md
+++ b/content/actions/use-cases-and-examples/using-containerized-services/index.md
@@ -10,6 +10,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/using-databases-and-services
- /actions/configuring-and-managing-workflows/using-databases-and-service-containers
- /actions/guides/using-databases-and-service-containers
+ - /actions/using-containerized-services
children:
- /about-service-containers
- /creating-postgresql-service-containers
diff --git a/content/actions/using-github-hosted-runners/index.md b/content/actions/using-github-hosted-runners/index.md
index d9f5ca706231..e3e98756b306 100644
--- a/content/actions/using-github-hosted-runners/index.md
+++ b/content/actions/using-github-hosted-runners/index.md
@@ -7,8 +7,8 @@ versions:
ghec: '*'
ghes: '*'
children:
- - /about-github-hosted-runners
- - /about-larger-runners
+ - /using-github-hosted-runners
+ - /using-larger-runners
- /connecting-to-a-private-network
---
diff --git a/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md b/content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md
similarity index 96%
rename from content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md
rename to content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md
index fb83b3920408..472e16a5bc73 100644
--- a/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md
+++ b/content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md
@@ -10,6 +10,7 @@ redirect_from:
- /actions/reference/virtual-environments-for-github-hosted-runners
- /actions/reference/software-installed-on-github-hosted-runners
- /actions/reference/specifications-for-github-hosted-runners
+ - /actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners
versions:
fpt: '*'
ghes: '*'
@@ -180,7 +181,9 @@ You can install additional software on {% data variables.product.prodname_dotcom
{% data variables.product.prodname_dotcom %} hosts Linux and Windows runners on virtual machines in Microsoft Azure with the {% data variables.product.prodname_actions %} runner application installed. The {% data variables.product.prodname_dotcom %}-hosted runner application is a fork of the Azure Pipelines Agent. Inbound ICMP packets are blocked for all Azure virtual machines, so ping or traceroute commands might not work. {% data variables.product.prodname_dotcom %} hosts macOS runners in Azure data centers.
-For Linux and Windows runners, GitHub uses `Dadsv5-series` virtual machines. For more information, see [Dasv5 and Dadsv5-series](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dadsv5-series) in the Microsoft Azure documentation.
+For Linux and Windows runners, {% data variables.product.company_short %} uses `Dadsv5-series` virtual machines. For more information, see [Dasv5 and Dadsv5-series](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dadsv5-series) in the Microsoft Azure documentation.
+
+GPU runners use `NCasT4_v3-series` virtual machines. For more information, see [NCasT4_v3-series](https://learn.microsoft.com/en-us/azure/virtual-machines/nct4-v3-series) in the Microsoft Azure documentation.
## Workflow continuity
diff --git a/content/actions/using-github-hosted-runners/about-github-hosted-runners/customizing-github-hosted-runners.md b/content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md
similarity index 96%
rename from content/actions/using-github-hosted-runners/about-github-hosted-runners/customizing-github-hosted-runners.md
rename to content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md
index 2afe48aa7b48..573034c826ec 100644
--- a/content/actions/using-github-hosted-runners/about-github-hosted-runners/customizing-github-hosted-runners.md
+++ b/content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md
@@ -10,6 +10,7 @@ topics:
shortTitle: Customize runners
redirect_from:
- /actions/using-github-hosted-runners/customizing-github-hosted-runners
+ - /actions/using-github-hosted-runners/about-github-hosted-runners/customizing-github-hosted-runners
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-github-hosted-runners/about-github-hosted-runners/index.md b/content/actions/using-github-hosted-runners/using-github-hosted-runners/index.md
similarity index 86%
rename from content/actions/using-github-hosted-runners/about-github-hosted-runners/index.md
rename to content/actions/using-github-hosted-runners/using-github-hosted-runners/index.md
index b1f7cd5035ec..a942973b450d 100644
--- a/content/actions/using-github-hosted-runners/about-github-hosted-runners/index.md
+++ b/content/actions/using-github-hosted-runners/using-github-hosted-runners/index.md
@@ -10,6 +10,8 @@ children:
- /about-github-hosted-runners
- /monitoring-your-current-jobs
- /customizing-github-hosted-runners
+redirect_from:
+ - /actions/using-github-hosted-runners/about-github-hosted-runners
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-github-hosted-runners/about-github-hosted-runners/monitoring-your-current-jobs.md b/content/actions/using-github-hosted-runners/using-github-hosted-runners/monitoring-your-current-jobs.md
similarity index 94%
rename from content/actions/using-github-hosted-runners/about-github-hosted-runners/monitoring-your-current-jobs.md
rename to content/actions/using-github-hosted-runners/using-github-hosted-runners/monitoring-your-current-jobs.md
index 5efd6f5f92d9..fe52aeb9831a 100644
--- a/content/actions/using-github-hosted-runners/about-github-hosted-runners/monitoring-your-current-jobs.md
+++ b/content/actions/using-github-hosted-runners/using-github-hosted-runners/monitoring-your-current-jobs.md
@@ -6,6 +6,7 @@ versions:
feature: github-runner-dashboard
redirect_from:
- /actions/using-github-hosted-runners/monitoring-your-current-jobs
+ - /actions/using-github-hosted-runners/about-github-hosted-runners/monitoring-your-current-jobs
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners.md
similarity index 88%
rename from content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md
rename to content/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners.md
index d8196ee9157c..896e4a1831b3 100644
--- a/content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md
+++ b/content/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners.md
@@ -6,7 +6,7 @@ permissions: '{% data reusables.actions.larger-runner-permissions %}'
versions:
feature: actions-hosted-runners
redirect_from:
- - /actions/using-github-hosted-runners/using-larger-runners
+ - /actions/using-github-hosted-runners/about-larger-runners/about-larger-runners
---
## Overview of {% data variables.actions.hosted_runners %}
@@ -64,11 +64,8 @@ These features can enhance your CI/CD pipelines in the following ways.
### Understanding billing
-{% note %}
-
-**Note**: {% data variables.actions.hosted_runner_caps %}s are not eligible for the use of included minutes on private repositories. For both private and public repositories, when {% data variables.actions.hosted_runners %} are in use, they will always be billed at the per-minute rate.
-
-{% endnote %}
+> [!NOTE]
+> {% data variables.actions.hosted_runner_caps %}s are not eligible for the use of included minutes on private repositories. For both private and public repositories, when {% data variables.actions.hosted_runners %} are in use, they will always be billed at the per-minute rate.
Compared to standard {% data variables.product.prodname_dotcom %}-hosted runners, {% data variables.actions.hosted_runners %} are billed differently. {% data reusables.actions.about-larger-runners-billing %} For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
@@ -78,18 +75,15 @@ You can choose from several specifications for {% data variables.actions.hosted_
### Specifications for general {% data variables.actions.hosted_runners %}
-{% note %}
-
-**Note:** arm64 runners are currently in beta and subject to change.
-
-{% endnote %}
+> [!NOTE]
+> arm64 runners are currently in beta and subject to change.
| CPU | Memory (RAM) | Storage (SSD) | Architecture | Operating system (OS) |
| --- | ------------- | ------------- | ------------ | --------------------- |
| 6 | 14 GB | 14 GB | arm64 | macOS |
| 12 | 30 GB | 14 GB | x64 | macOS |
| 2 | 8 GB | 75 GB | x64, arm64 | Ubuntu |
-| 4 | 16 GB | 150 GB | x64, arm64 | Ubuntu, Windows |
+| 4 | 16 GB | 150 GB | x64, arm64 | Ubuntu, Windows |
| 8 | 32 GB | 300 GB | x64, arm64 | Ubuntu, Windows |
| 16 | 64 GB | 600 GB | x64, arm64 | Ubuntu, Windows |
| 32 | 128 GB | 1200 GB | x64, arm64 | Ubuntu, Windows |
@@ -100,33 +94,21 @@ You can choose from several specifications for {% data variables.actions.hosted_
### Specifications for GPU {% data variables.actions.hosted_runners %}
-{% note %}
-
-**Note:** GPU runners are currently in beta and subject to change.
-
-{% endnote %}
-
| CPU | GPU | GPU card | Memory (RAM) | GPU memory (VRAM) | Storage (SSD) | Operating system (OS) |
| --- | --- | -------- | ------------ | ----------------- | ------------- | --------------------- |
| 4 | 1 | Tesla T4 | 28 GB | 16 GB | 176 GB | Ubuntu, Windows |
## About runner groups
-{% note %}
-
-**Note:** Only {% data variables.actions.hosted_runners %} with Linux or Windows operating systems can be assigned to runner groups.
-
-{% endnote %}
+> [!NOTE]
+> Only {% data variables.actions.hosted_runners %} with Linux or Windows operating systems can be assigned to runner groups.
Runner groups enable administrators to control access to runners at the organization and enterprise levels. With runner groups, you can collect sets of runners and create a security boundary around them. You can then decide which organizations or repositories are permitted to run jobs on those sets of machines. During the {% data variables.actions.hosted_runner %} deployment process, the runner can be added to an existing group, otherwise it will join a default group. You can create a group by following the steps in "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
## Architectural overview of {% data variables.actions.hosted_runners %}
-{% note %}
-
-**Note:** This architecture diagram only applies to {% data variables.actions.hosted_runners %} with Linux or Windows operating systems.
-
-{% endnote %}
+> [!NOTE]
+> This architecture diagram only applies to {% data variables.actions.hosted_runners %} with Linux or Windows operating systems.
{% data variables.actions.hosted_runner_caps %}s are managed at the organization level, where they are arranged into groups that can contain multiple instances of the runner. They can also be created at the enterprise level and shared with organizations in the hierarchy. Once you've created a group, you can then add a runner to the group and update your workflows to target either the group name or the label assigned to the {% data variables.actions.hosted_runner %}. You can also control which repositories are permitted to send jobs to the group for processing. For more information about groups, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
@@ -142,25 +124,22 @@ In the following diagram, a class of hosted runner named `ubuntu-20.04-16core` h
## Autoscaling {% data variables.actions.hosted_runners %}
-{% note %}
-
-**Note:** Autoscaling is only available for {% data variables.actions.hosted_runners %} with Linux or Windows operating systems.
-
-{% endnote %}
+> [!NOTE]
+> Autoscaling is only available for {% data variables.actions.hosted_runners %} with Linux or Windows operating systems.
{% data variables.actions.hosted_runner_caps %}s can automatically scale to suit your needs. You can provision machines to run a specified maximum number of jobs when jobs are submitted for processing. Each machine only handles one job at a time, so these settings effectively determine the number of jobs that can be run concurrently.
You can configure the maximum job concurrency, which allows you to control your costs by setting the maximum parallel number of jobs that can be run using this set. A higher value here can help avoid workflows being blocked due to parallelism. For more information on how to set limits, see "[AUTOTITLE](/actions/using-github-hosted-runners/managing-larger-runners#configuring-autoscaling-for-larger-runners)". For more information on the maximum auto-scaling limits for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/actions/learn-github-actions/usage-limits-billing-and-administration#usage-limits)."
-## Networking for {% data variables.actions.hosted_runners %}
+## Assigning static IP addresses to {% data variables.actions.hosted_runners %}
-{% note %}
+You can assign static IP addresses only to {% data variables.actions.hosted_runners %} that use Linux or Windows operating systems.
-**Notes:**
-* Assigning static IP addresses to runners is only available for {% data variables.actions.hosted_runners %} with Linux or Windows operating systems.
-* {% data reusables.actions.static-ip-limitation-vnet %} For more information about private networking for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise)."
+Static IP addresses assigned are all usable and are not in CIDR notation.
-{% endnote %}
+{% data reusables.actions.static-ip-limitation-vnet %} For more information about private networking for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise)."
+
+## Networking for {% data variables.actions.hosted_runners %}
By default, {% data variables.actions.hosted_runners %} receive a dynamic IP address that changes for each job run. Optionally, {% data variables.product.prodname_ghe_cloud %} customers can configure their {% data variables.actions.hosted_runners %} to receive static IP addresses from {% data variables.product.prodname_dotcom %}'s IP address pool. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses)."
@@ -168,8 +147,5 @@ When enabled, instances of the {% data variables.actions.hosted_runner %} will r
{% data reusables.actions.larger-runner-static-ip-contact-support %}
-{% note %}
-
-**Note**: If runners are unused for more than 30 days, their IP address ranges are automatically removed and cannot be recovered.
-
-{% endnote %}
+> [!NOTE]
+> If runners are unused for more than 30 days, their IP address ranges are automatically removed and cannot be recovered.
diff --git a/content/actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md
similarity index 98%
rename from content/actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners.md
rename to content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md
index 0c49f44022d3..3b2b07f09767 100644
--- a/content/actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners.md
+++ b/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md
@@ -8,6 +8,7 @@ versions:
type: tutorial
redirect_from:
- /actions/using-github-hosted-runners/controlling-access-to-larger-runners
+ - /actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners
---
{% note %}
diff --git a/content/actions/using-github-hosted-runners/about-larger-runners/index.md b/content/actions/using-github-hosted-runners/using-larger-runners/index.md
similarity index 84%
rename from content/actions/using-github-hosted-runners/about-larger-runners/index.md
rename to content/actions/using-github-hosted-runners/using-larger-runners/index.md
index 42b11a0b71f8..2bcce9031c97 100644
--- a/content/actions/using-github-hosted-runners/about-larger-runners/index.md
+++ b/content/actions/using-github-hosted-runners/using-larger-runners/index.md
@@ -9,6 +9,8 @@ children:
- /managing-larger-runners
- /controlling-access-to-larger-runners
- /running-jobs-on-larger-runners
+redirect_from:
+ - /actions/using-github-hosted-runners/about-larger-runners
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md
similarity index 89%
rename from content/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners.md
rename to content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md
index e8641d48fa07..be21a1466b99 100644
--- a/content/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners.md
+++ b/content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md
@@ -7,16 +7,12 @@ versions:
feature: actions-hosted-runners
redirect_from:
- /actions/using-github-hosted-runners/managing-larger-runners
+ - /actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners
---
-{% note %}
-
-**Notes:**
-
-* {% data reusables.actions.windows-linux-larger-runners-note %}
-* GPU-powered runners and ARM-powered runners are currently in beta and are subject to change.
-
-{% endnote %}
+> [!NOTE]
+> * {% data reusables.actions.windows-linux-larger-runners-note %}
+> * ARM-powered runners are currently in beta and are subject to change.
{% ifversion ghec %}
@@ -62,15 +58,9 @@ Once a repository has access to {% data variables.actions.hosted_runner %}s, the
1. Select a runner group from either list on the page. Organization-level runner groups are listed at the top of the page, and enterprise-level runner groups are listed under "Shared by the Enterprise."
1. On the runner group page, under "Repository access," select **All repositories** or **Selected repositories**. If you choose to grant access to specific repositories, click {% octicon "gear" aria-label="The Settings gear" %}, then select the repositories you would like to grant access to from the list.
-{% warning %}
-
-**Warning**:
-
-{% data reusables.actions.hosted-runner-security %}
-
-For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
-
-{% endwarning %}
+> [!WARNING]
+> {% data reusables.actions.hosted-runner-security %}
+> For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
## Changing the name of a {% data variables.actions.hosted_runner %}
@@ -136,13 +126,10 @@ You can control the maximum number of jobs allowed to run concurrently for speci
## Creating static IP addresses for {% data variables.actions.hosted_runner %}s
-{% note %}
-
-**Note:** To use static IP addresses, your organization must use {% data variables.product.prodname_ghe_cloud %}. {% data reusables.enterprise.link-to-ghec-trial %}
-
-{% endnote %}
+> [!NOTE]
+> To use static IP addresses, your organization must use {% data variables.product.prodname_ghe_cloud %}. {% data reusables.enterprise.link-to-ghec-trial %}
-You can enable static IP addresses for {% data variables.actions.hosted_runner %}s. When you do this, the {% data variables.actions.hosted_runner %}s are assigned static IP address ranges. By default, you can configure up to 10 different {% data variables.actions.hosted_runner %}s with IP ranges for your account. {% data reusables.actions.larger-runner-static-ip-contact-support %}
+You can enable static IP addresses for {% data variables.actions.hosted_runner %}s. When you do this, the {% data variables.actions.hosted_runner %}s are assigned static IP address ranges. All IP addresses in the range assigned are usable and not in CIDR notation. By default, you can configure up to 10 different {% data variables.actions.hosted_runner %}s with IP ranges for your account. {% data reusables.actions.larger-runner-static-ip-contact-support %}
The number of available IP addresses in the assigned ranges does not restrict number of concurrent jobs specified for autoscaling. Within a runner pool, there is a load balancer which allows for high reuse of the IP addresses in the assigned ranges. This ensures your workflows can run concurrently at scale while each machine is assigned a static IP address.
@@ -159,7 +146,7 @@ The number of available IP addresses in the assigned ranges does not restrict nu
{% data reusables.organizations.org_settings %}
{% data reusables.organizations.settings-sidebar-actions-runners %}
{% data reusables.actions.select-a-larger-runner %}
-{% data reusables.actions..networking-for-larger-runners %}
+{% data reusables.actions.networking-for-larger-runners %}
{% ifversion ghec %}
@@ -170,5 +157,5 @@ The number of available IP addresses in the assigned ranges does not restrict nu
{% data reusables.enterprise-accounts.actions-tab %}
{% data reusables.enterprise-accounts.actions-runners-tab %}
{% data reusables.actions.select-a-larger-runner %}
-{% data reusables.actions..networking-for-larger-runners %}
+{% data reusables.actions.networking-for-larger-runners %}
{% endif %}
diff --git a/content/actions/using-github-hosted-runners/about-larger-runners/running-jobs-on-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md
similarity index 98%
rename from content/actions/using-github-hosted-runners/about-larger-runners/running-jobs-on-larger-runners.md
rename to content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md
index fa9b232b7d57..1f4680447b8b 100644
--- a/content/actions/using-github-hosted-runners/about-larger-runners/running-jobs-on-larger-runners.md
+++ b/content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md
@@ -8,6 +8,7 @@ versions:
feature: actions-hosted-runners
redirect_from:
- /actions/using-github-hosted-runners/running-jobs-on-larger-runners
+ - /actions/using-github-hosted-runners/about-larger-runners/running-jobs-on-larger-runners
---
## Running jobs on your runner
diff --git a/content/actions/using-jobs/defining-outputs-for-jobs.md b/content/actions/using-jobs/defining-outputs-for-jobs.md
deleted file mode 100644
index b0cb5b6838bb..000000000000
--- a/content/actions/using-jobs/defining-outputs-for-jobs.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: Defining outputs for jobs
-shortTitle: Define outputs for jobs
-intro: Create a map of outputs for your jobs.
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Overview
-
-{% data reusables.actions.jobs.section-defining-outputs-for-jobs %}
diff --git a/content/actions/using-jobs/index.md b/content/actions/using-jobs/index.md
deleted file mode 100644
index c67b458c0529..000000000000
--- a/content/actions/using-jobs/index.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-title: Using jobs
-shortTitle: Using jobs
-intro: 'Creating and managing {% data variables.product.prodname_actions %} jobs.'
-redirect_from:
- - /actions/jobs
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /using-jobs-in-a-workflow
- - /choosing-the-runner-for-a-job
- - /using-conditions-to-control-job-execution
- - /using-a-matrix-for-your-jobs
- - /using-concurrency
- - /using-environments-for-jobs
- - /running-jobs-in-a-container
- - /setting-default-values-for-jobs
- - /assigning-permissions-to-jobs
- - /defining-outputs-for-jobs
----
-
diff --git a/content/actions/using-jobs/using-environments-for-jobs.md b/content/actions/using-jobs/using-environments-for-jobs.md
deleted file mode 100644
index bd0b7f8ee192..000000000000
--- a/content/actions/using-jobs/using-environments-for-jobs.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: Using environments for jobs
-shortTitle: Environments
-intro: Specify an environment for a job.
-versions:
- fpt: '*'
- ghes: '> 3.0'
- ghec: '*'
----
-
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-## Overview
-
-{% data reusables.actions.jobs.section-using-environments-for-jobs %}
diff --git a/content/actions/using-workflows/index.md b/content/actions/using-workflows/index.md
deleted file mode 100644
index 9f586d44ef1b..000000000000
--- a/content/actions/using-workflows/index.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Using workflows
-shortTitle: Using workflows
-intro: 'Creating and managing {% data variables.product.prodname_actions %} workflows.'
-redirect_from:
- - /actions/configuring-and-managing-workflows/configuring-a-workflow
- - /articles/creating-a-workflow-with-github-actions
- - /articles/configuring-a-workflow
- - /github/automating-your-workflow-with-github-actions/configuring-a-workflow
- - /actions/automating-your-workflow-with-github-actions/configuring-a-workflow
- - /actions/creating-workflows/workflow-configuration-options
- - /articles/configuring-workflows
- - /github/automating-your-workflow-with-github-actions/configuring-workflows
- - /actions/automating-your-workflow-with-github-actions/configuring-workflows
- - /actions/configuring-and-managing-workflows
- - /actions/workflows
- - /actions/advanced-guides
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-children:
- - /about-workflows
- - /triggering-a-workflow
- - /manually-running-a-workflow
- - /disabling-and-enabling-a-workflow
- - /events-that-trigger-workflows
- - /workflow-syntax-for-github-actions
- - /workflow-commands-for-github-actions
- - /avoiding-duplication
- - /reusing-workflows
- - /required-workflows
- - /caching-dependencies-to-speed-up-workflows
- - /storing-workflow-data-as-artifacts
- - /creating-starter-workflows-for-your-organization
- - /sharing-workflows-secrets-and-runners-with-your-organization
- - /using-github-cli-in-workflows
----
diff --git a/content/actions/using-workflows/about-workflows.md b/content/actions/writing-workflows/about-workflows.md
similarity index 93%
rename from content/actions/using-workflows/about-workflows.md
rename to content/actions/writing-workflows/about-workflows.md
index c57040abe427..361ca4eecb01 100644
--- a/content/actions/using-workflows/about-workflows.md
+++ b/content/actions/writing-workflows/about-workflows.md
@@ -10,6 +10,7 @@ type: overview
redirect_from:
- /actions/learn-github-actions/managing-complex-workflows
- /actions/using-workflows/advanced-workflow-features
+ - /actions/using-workflows/about-workflows
topics:
- Workflows
layout: inline
@@ -39,17 +40,15 @@ For more information, see "[AUTOTITLE](/actions/using-workflows/triggering-a-wor
## Workflow syntax
-Workflow are defined using YAML. For the full reference of the YAML syntax for authoring workflows, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#about-yaml-syntax-for-workflows)."
-
-{% data reusables.actions.workflow-basic-example-and-explanation %}
+Workflows are defined using YAML. For the full reference of the YAML syntax for authoring workflows, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#about-yaml-syntax-for-workflows)."
For more on managing workflow runs, such as re-running, cancelling, or deleting a workflow run, see "[AUTOTITLE](/actions/managing-workflow-runs)."
-## Using starter workflows
+## Using workflow templates
{% data reusables.actions.workflow-template-overview %}
-For more information on using and creating starter workflows, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)" and "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
+{% data reusables.actions.workflow-templates-repo-link %}
## Advanced workflow features
@@ -206,4 +205,4 @@ To learn more about {% data variables.product.prodname_dotcom %}-hosted runner l
### Using environments
-You can configure environments with protection rules and secrets to control the execution of jobs in a workflow. Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+You can configure environments with protection rules and secrets to control the execution of jobs in a workflow. Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
diff --git a/content/actions/learn-github-actions/contexts.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md
similarity index 99%
rename from content/actions/learn-github-actions/contexts.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md
index fddf3655e50d..ff2544a3bb48 100644
--- a/content/actions/learn-github-actions/contexts.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md
@@ -1,5 +1,5 @@
---
-title: Contexts
+title: Accessing contextual information about workflow runs
shortTitle: Contexts
intro: You can access context information in workflows and actions.
redirect_from:
@@ -8,6 +8,8 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions
- /actions/reference/contexts-and-expression-syntax-for-github-actions
- /actions/reference/context-and-expression-syntax-for-github-actions
+ - /actions/learn-github-actions/contexts
+ - /actions/writing-workflows/choosing-what-your-workflow-does/contexts
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/adding-scripts-to-your-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/adding-scripts-to-your-workflow.md
new file mode 100644
index 000000000000..d67498211b38
--- /dev/null
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/adding-scripts-to-your-workflow.md
@@ -0,0 +1,59 @@
+---
+title: Adding scripts to your workflow
+shortTitle: Add scripts
+intro: 'You can use {% data variables.product.prodname_actions %} workflows to run scripts.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+---
+
+You can use a {% data variables.product.prodname_actions %} workflow to run scripts and shell commands, which are then executed on the assigned runner. This example demonstrates how to use the `run` keyword to execute the command `npm install -g bats` on the runner.
+
+```yaml
+jobs:
+ example-job:
+ runs-on: ubuntu-latest
+ steps:
+ - run: npm install -g bats
+```
+
+To use a workflow to run a script stored in your repository you must first check out the repository to the runner. Having done this, you can use the `run` keyword to run the script on the runner. The following example runs two scripts, each in a separate job step. The location of the scripts on the runner is specified by setting a default working directory for run commands. For more information, see "[AUTOTITLE](/actions/using-jobs/setting-default-values-for-jobs)."
+
+```yaml
+jobs:
+ example-job:
+ runs-on: ubuntu-latest
+ defaults:
+ run:
+ working-directory: ./scripts
+ steps:
+ - name: Check out the repository to the runner
+ uses: {% data reusables.actions.action-checkout %}
+ - name: Run a script
+ run: ./my-script.sh
+ - name: Run another script
+ run: ./my-other-script.sh
+```
+
+Any scripts that you want a workflow job to run must be executable. You can do this either within the workflow by passing the script as an argument to the interpreter that will run the script - for example, `run: bash script.sh` - or by making the file itself executable. You can give the file the execute permission by using the command `git update-index --chmod=+x PATH/TO/YOUR/script.sh` locally, then committing and pushing the file to the repository. Alternatively, for workflows that are run on Linux and Mac runners, you can add a command to give the file the execute permission in the workflow job, prior to running the script:
+
+```yaml
+jobs:
+ example-job:
+ runs-on: ubuntu-latest
+ defaults:
+ run:
+ working-directory: ./scripts
+ steps:
+ - name: Check out the repository to the runner
+ uses: {% data reusables.actions.action-checkout %}
+ - name: Make the script files executable
+ run: chmod +x my-script.sh my-other-script.sh
+ - name: Run the scripts
+ run: |
+ ./my-script.sh
+ ./my-other-script.sh
+```
+
+For more information about the `run` keyword, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
diff --git a/content/actions/using-workflows/caching-dependencies-to-speed-up-workflows.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md
similarity index 99%
rename from content/actions/using-workflows/caching-dependencies-to-speed-up-workflows.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md
index 064eeb632513..ea455ca382d8 100644
--- a/content/actions/using-workflows/caching-dependencies-to-speed-up-workflows.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md
@@ -8,6 +8,7 @@ redirect_from:
- /actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows
- /actions/guides/caching-dependencies-to-speed-up-workflows
- /actions/advanced-guides/caching-dependencies-to-speed-up-workflows
+ - /actions/using-workflows/caching-dependencies-to-speed-up-workflows
versions:
feature: actions-caching
type: tutorial
diff --git a/content/actions/using-jobs/using-concurrency.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/control-the-concurrency-of-workflows-and-jobs.md
similarity index 88%
rename from content/actions/using-jobs/using-concurrency.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/control-the-concurrency-of-workflows-and-jobs.md
index 25cef3d7d865..2ea67b43254c 100644
--- a/content/actions/using-jobs/using-concurrency.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/control-the-concurrency-of-workflows-and-jobs.md
@@ -1,11 +1,14 @@
---
-title: Using concurrency
+title: Control the concurrency of workflows and jobs
shortTitle: Concurrency
intro: Run a single job at a time.
versions:
fpt: '*'
ghes: '> 3.1'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/using-concurrency
+ - /actions/writing-workflows/choosing-what-your-workflow-does/using-concurrency
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-jobs/assigning-permissions-to-jobs.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token.md
similarity index 71%
rename from content/actions/using-jobs/assigning-permissions-to-jobs.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token.md
index ab194381344d..daf742be7c7f 100644
--- a/content/actions/using-jobs/assigning-permissions-to-jobs.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token.md
@@ -1,20 +1,26 @@
---
-title: Assigning permissions to jobs
-shortTitle: Assign permissions to jobs
+title: Controlling permissions for `GITHUB_TOKEN`
+shortTitle: Permissions for `GITHUB_TOKEN`
intro: Modify the default permissions granted to `GITHUB_TOKEN`.
versions:
fpt: '*'
ghes: '> 3.1'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/assigning-permissions-to-jobs
+ - >-
+ /actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs
+ - >-
+ /actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github-token
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## Overview
{% data reusables.actions.jobs.section-assigning-permissions-to-jobs %}
-## Defining access for the `GITHUB_TOKEN` scopes
+## Defining access for the `GITHUB_TOKEN` permissions
{% data reusables.actions.github-token-available-permissions %}
diff --git a/content/actions/learn-github-actions/expressions.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md
similarity index 98%
rename from content/actions/learn-github-actions/expressions.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md
index f97f1c2185f6..ad66d9d33346 100644
--- a/content/actions/learn-github-actions/expressions.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md
@@ -1,11 +1,14 @@
---
-title: Expressions
+title: Evaluate expressions in workflows and actions
shortTitle: Expressions
intro: You can evaluate expressions in workflows and actions.
versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/learn-github-actions/expressions
+ - /actions/writing-workflows/choosing-what-your-workflow-does/expressions
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/index.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/index.md
new file mode 100644
index 000000000000..5ae234abe5cb
--- /dev/null
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/index.md
@@ -0,0 +1,28 @@
+---
+title: Choosing what your workflow does
+shortTitle: Choose what workflows do
+intro: 'Workflows automate tasks in your software development lifecycle. Many tasks that you manually complete can be converted to a {% data variables.product.prodname_actions %} workflow.'
+redirect_from:
+ - /actions/using-jobs
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /using-jobs-in-a-workflow
+ - /using-pre-written-building-blocks-in-your-workflow
+ - /using-github-cli-in-workflows
+ - /workflow-commands-for-github-actions
+ - /adding-scripts-to-your-workflow
+ - /controlling-permissions-for-github_token
+ - /evaluate-expressions-in-workflows-and-actions
+ - /store-information-in-variables
+ - /accessing-contextual-information-about-workflow-runs
+ - /passing-information-between-jobs
+ - /setting-a-default-shell-and-working-directory
+ - /using-environments-for-deployment
+ - /control-the-concurrency-of-workflows-and-jobs
+ - /running-variations-of-jobs-in-a-workflow
+ - /caching-dependencies-to-speed-up-workflows
+ - /storing-and-sharing-data-from-a-workflow
+---
diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/passing-information-between-jobs.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/passing-information-between-jobs.md
new file mode 100644
index 000000000000..eb77388f6a78
--- /dev/null
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/passing-information-between-jobs.md
@@ -0,0 +1,18 @@
+---
+title: Passing information between jobs
+shortTitle: Pass information
+intro: You can define outputs to pass information from one job to another.
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+redirect_from:
+ - /actions/using-jobs/defining-outputs-for-jobs
+ - /actions/writing-workflows/choosing-what-your-workflow-does/defining-outputs-for-jobs
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+## Overview
+
+{% data reusables.actions.jobs.section-defining-outputs-for-jobs %}
diff --git a/content/actions/using-jobs/using-a-matrix-for-your-jobs.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md
similarity index 83%
rename from content/actions/using-jobs/using-a-matrix-for-your-jobs.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md
index 5312977ab13a..1a2ea51893d9 100644
--- a/content/actions/using-jobs/using-a-matrix-for-your-jobs.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md
@@ -1,6 +1,6 @@
---
-title: Using a matrix for your jobs
-shortTitle: Matrices
+title: Running variations of jobs in a workflow
+shortTitle: Run job variations
intro: Create a matrix to define variations for each job.
versions:
fpt: '*'
@@ -8,8 +8,11 @@ versions:
ghec: '*'
redirect_from:
- /actions/using-jobs/using-a-build-matrix-for-your-jobs
+ - /actions/using-jobs/using-a-matrix-for-your-jobs
+ - /actions/examples/using-concurrency-expressions-and-a-test-matrix
+ - /actions/writing-workflows/choosing-what-your-workflow-does/using-a-matrix-for-your-jobs
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## About matrix strategies
diff --git a/content/actions/using-jobs/setting-default-values-for-jobs.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/setting-a-default-shell-and-working-directory.md
similarity index 79%
rename from content/actions/using-jobs/setting-default-values-for-jobs.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/setting-a-default-shell-and-working-directory.md
index 462c7bace6a8..88e76390e230 100644
--- a/content/actions/using-jobs/setting-default-values-for-jobs.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/setting-a-default-shell-and-working-directory.md
@@ -1,13 +1,16 @@
---
-title: Setting default values for jobs
+title: Setting a default shell and working directory
shortTitle: Set default values for jobs
intro: 'Define the default settings that will apply to all jobs in the workflow, or all steps in a job.'
versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/setting-default-values-for-jobs
+ - /actions/writing-workflows/choosing-what-your-workflow-does/setting-default-values-for-jobs
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## Overview
diff --git a/content/actions/learn-github-actions/variables.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md
similarity index 99%
rename from content/actions/learn-github-actions/variables.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md
index da64f12e180d..e1188a088c7a 100644
--- a/content/actions/learn-github-actions/variables.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md
@@ -1,5 +1,6 @@
---
-title: Variables
+title: Store information in variables
+shortTitle: Variables
intro: '{% data variables.product.prodname_dotcom %} sets default variables for each {% data variables.product.prodname_actions %} workflow run. You can also set custom variables for use in a single workflow or multiple workflows.'
redirect_from:
- /github/automating-your-workflow-with-github-actions/using-environment-variables
@@ -7,6 +8,8 @@ redirect_from:
- /actions/configuring-and-managing-workflows/using-environment-variables
- /actions/reference/environment-variables
- /actions/learn-github-actions/environment-variables
+ - /actions/learn-github-actions/variables
+ - /actions/writing-workflows/choosing-what-your-workflow-does/variables
versions:
fpt: '*'
ghes: '*'
@@ -308,6 +311,7 @@ We strongly recommend that actions use variables to access the filesystem rather
| `GITHUB_WORKSPACE` | The default working directory on the runner for steps, and the default location of your repository when using the [`checkout`](https://github.com/actions/checkout) action. For example, `/home/runner/work/my-repo-name/my-repo-name`. |
| `RUNNER_ARCH` | {% data reusables.actions.runner-arch-description %} |
| `RUNNER_DEBUG` | {% data reusables.actions.runner-debug-description %} |
+| `RUNNER_ENVIRONMENT` | {% data reusables.actions.runner-environment-description %} |
| `RUNNER_NAME` | {% data reusables.actions.runner-name-description %} For example, `Hosted Agent` |
| `RUNNER_OS` | {% data reusables.actions.runner-os-description %} For example, `Windows` |
| `RUNNER_TEMP` | {% data reusables.actions.runner-temp-directory-description %} For example, `D:\a\_temp` |
diff --git a/content/actions/using-workflows/storing-workflow-data-as-artifacts.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md
similarity index 98%
rename from content/actions/using-workflows/storing-workflow-data-as-artifacts.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md
index 5577e919a182..9d8fa3ec235b 100644
--- a/content/actions/using-workflows/storing-workflow-data-as-artifacts.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md
@@ -1,5 +1,5 @@
---
-title: Storing workflow data as artifacts
+title: Storing and sharing data from a workflow
shortTitle: Store artifacts
intro: Artifacts allow you to share data between jobs in a workflow and store data once that workflow has completed.
redirect_from:
@@ -9,6 +9,8 @@ redirect_from:
- /actions/configuring-and-managing-workflows/persisting-workflow-data-using-artifacts
- /actions/guides/storing-workflow-data-as-artifacts
- /actions/advanced-guides/storing-workflow-data-as-artifacts
+ - /actions/using-workflows/storing-workflow-data-as-artifacts
+ - /actions/writing-workflows/choosing-what-your-workflow-does/storing-workflow-data-as-artifacts
versions:
fpt: '*'
ghes: '*'
@@ -124,8 +126,6 @@ jobs:
## Generating artifact attestations for builds
-{% data reusables.actions.artifact-attestations-public-beta-note %}
-
{% data reusables.actions.about-artifact-attestations %}
You can access attestations after a build run, underneath the list of the artifacts the build produced.
diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/using-environments-for-deployment.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-environments-for-deployment.md
new file mode 100644
index 000000000000..db8b1fa1f35c
--- /dev/null
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-environments-for-deployment.md
@@ -0,0 +1,26 @@
+---
+title: Using environments for deployment
+shortTitle: Environments
+intro: Specify a deployment environment in your workflow.
+versions:
+ fpt: '*'
+ ghes: '> 3.0'
+ ghec: '*'
+redirect_from:
+ - /actions/using-jobs/using-environments-for-jobs
+ - /actions/using-jobs/using-environments-for-deployment
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+## About environments
+
+{% data reusables.actions.about-environments %}
+
+Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. The job can access the environment's secrets only after the job is sent to a runner.
+
+When a workflow references an environment, the environment will appear in the repository's deployments. For more information about viewing current and previous deployments, see "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
+
+## Using an environment in a workflow
+
+{% data reusables.actions.environment-example %}
diff --git a/content/actions/using-workflows/using-github-cli-in-workflows.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-github-cli-in-workflows.md
similarity index 96%
rename from content/actions/using-workflows/using-github-cli-in-workflows.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/using-github-cli-in-workflows.md
index f243e060814c..8210d92663cd 100644
--- a/content/actions/using-workflows/using-github-cli-in-workflows.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-github-cli-in-workflows.md
@@ -5,6 +5,8 @@ intro: 'You can script with {% data variables.product.prodname_cli %} in {% data
redirect_from:
- /actions/guides/using-github-cli-in-workflows
- /actions/advanced-guides/using-github-cli-in-workflows
+ - /actions/using-workflows/using-github-cli-in-workflows
+ - /actions/examples/using-the-github-cli-on-a-runner
versions:
fpt: '*'
ghes: '*'
diff --git a/content/actions/using-jobs/using-jobs-in-a-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md
similarity index 90%
rename from content/actions/using-jobs/using-jobs-in-a-workflow.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md
index 90c896ebee47..993a032faf76 100644
--- a/content/actions/using-jobs/using-jobs-in-a-workflow.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md
@@ -6,8 +6,10 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/using-jobs-in-a-workflow
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## Overview
diff --git a/content/actions/learn-github-actions/finding-and-customizing-actions.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md
similarity index 91%
rename from content/actions/learn-github-actions/finding-and-customizing-actions.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md
index 8517a9bef29f..fb94cd9663bf 100644
--- a/content/actions/learn-github-actions/finding-and-customizing-actions.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md
@@ -1,5 +1,5 @@
---
-title: Finding and customizing actions
+title: Using pre-written building blocks in your workflow
shortTitle: Find and customize actions
intro: 'Actions are the building blocks that power your workflow. A workflow can contain actions created by the community, or you can create your own actions directly within your application''s repository. This guide will show you how to discover, use, and customize actions.'
redirect_from:
@@ -7,6 +7,8 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/using-actions-from-github-marketplace-in-your-workflow
- /actions/getting-started-with-github-actions/using-actions-from-github-marketplace
- /actions/getting-started-with-github-actions/using-community-workflows-and-actions
+ - /actions/learn-github-actions/finding-and-customizing-actions
+ - /actions/writing-workflows/choosing-what-your-workflow-does/finding-and-customizing-actions
versions:
fpt: '*'
ghes: '*'
@@ -20,6 +22,15 @@ topics:
## Overview
+You can use pre-written building blocks, called actions, in your workflow. An action is a pre-defined, reusable set of jobs or code that perform specific tasks within a workflow.
+
+Actions can be:
+
+* **Reusable**: actions can be used across different workflows and repositories, allowing you to avoid rewriting the same code.
+* **Pre-written**: many actions are available in the {% data variables.product.prodname_marketplace %}, covering a wide range of tasks like checking out code, setting up environments, running tests, and deploying applications.
+* **Configurable**: you can configure actions with inputs, outputs, and environment variables to tailor them to your specific needs.
+* **Community-driven**: you can create your own actions and share them with others or use actions developed by the community.
+
The actions you use in your workflow can be defined in:
* The same repository as your workflow file{% ifversion internal-actions %}
diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md
similarity index 99%
rename from content/actions/using-workflows/workflow-commands-for-github-actions.md
rename to content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md
index 44a2509c86a5..6e86da7b1a29 100644
--- a/content/actions/using-workflows/workflow-commands-for-github-actions.md
+++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md
@@ -11,6 +11,7 @@ redirect_from:
- /actions/reference/logging-commands-for-github-actions
- /actions/reference/workflow-commands-for-github-actions
- /actions/learn-github-actions/workflow-commands-for-github-actions
+ - /actions/using-workflows/workflow-commands-for-github-actions
versions:
fpt: '*'
ghes: '*'
@@ -100,9 +101,7 @@ The following table shows which toolkit functions are available within a workflo
| `core.getInput` | Accessible using environment variable `INPUT_{NAME}` |
| `core.getState` | Accessible using environment variable `STATE_{NAME}` |
| `core.isDebug` | Accessible using environment variable `RUNNER_DEBUG` |
-{%- ifversion actions-job-summaries %}
| `core.summary` | Accessible using environment file `GITHUB_STEP_SUMMARY` |
-{%- endif %}
| `core.saveState` | Accessible using environment file `GITHUB_STATE` |
| `core.setCommandEcho` | `echo` |
| `core.setFailed` | Used as a shortcut for `::error` and `exit 1` |
@@ -815,8 +814,6 @@ This example demonstrates how to set the `SELECTED_COLOR` output parameter and l
{% endpowershell %}
-{% ifversion actions-job-summaries %}
-
## Adding a job summary
{% bash %}
@@ -957,8 +954,6 @@ After a step has completed, job summaries are uploaded and subsequent steps cann
Job summaries are isolated between steps and each step is restricted to a maximum size of 1MiB. Isolation is enforced between steps so that potentially malformed Markdown from a single step cannot break Markdown rendering for subsequent steps. If more than 1MiB of content is added for a step, then the upload for the step will fail and an error annotation will be created. Upload failures for job summaries do not affect the overall status of a step or a job. A maximum of 20 job summaries from steps are displayed per job.
-{% endif %}
-
## Adding a system path
Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action.
diff --git a/content/actions/using-workflows/events-that-trigger-workflows.md b/content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md
similarity index 99%
rename from content/actions/using-workflows/events-that-trigger-workflows.md
rename to content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md
index 2833c76dbaa2..2f133c781a8f 100644
--- a/content/actions/using-workflows/events-that-trigger-workflows.md
+++ b/content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md
@@ -7,6 +7,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/events-that-trigger-workflows
- /actions/reference/events-that-trigger-workflows
- /actions/learn-github-actions/events-that-trigger-workflows
+ - /actions/using-workflows/events-that-trigger-workflows
versions:
fpt: '*'
ghes: '*'
@@ -764,7 +765,7 @@ on:
jobs:
approved:
- if: github.event.review.state == 'APPROVED'
+ if: github.event.review.state == 'approved'
runs-on: ubuntu-latest
steps:
- run: echo "This PR was approved"
@@ -934,7 +935,7 @@ jobs:
{% note %}
-**Note**: Events will not be created if more than 5000 branches are pushed at once. Events will not be created for tags when more than three tags are pushed at once.
+**Note**: {% ifversion fpt or ghec or ghes > 3.13 %}Events will not be created if more than 5,000 branches are pushed at once. {% endif %}Events will not be created for tags when more than three tags are pushed at once.
{% endnote %}
diff --git a/content/actions/writing-workflows/choosing-when-your-workflow-runs/index.md b/content/actions/writing-workflows/choosing-when-your-workflow-runs/index.md
new file mode 100644
index 000000000000..7958c95b0856
--- /dev/null
+++ b/content/actions/writing-workflows/choosing-when-your-workflow-runs/index.md
@@ -0,0 +1,14 @@
+---
+title: Choosing when your workflow runs
+shortTitle: Choose when workflows run
+intro: You can configure workflows to run on a schedule or to run when certain events happen.
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /triggering-a-workflow
+ - /using-conditions-to-control-job-execution
+ - /events-that-trigger-workflows
+---
+
diff --git a/content/actions/using-workflows/triggering-a-workflow.md b/content/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow.md
similarity index 87%
rename from content/actions/using-workflows/triggering-a-workflow.md
rename to content/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow.md
index f9c8fe5f945f..71f27c7e9188 100644
--- a/content/actions/using-workflows/triggering-a-workflow.md
+++ b/content/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow.md
@@ -11,8 +11,10 @@ topics:
- Workflows
- CI
- CD
+redirect_from:
+ - /actions/using-workflows/triggering-a-workflow
---
-
+
{% data reusables.actions.enterprise-github-hosted-runners %}
## About workflow triggers
@@ -103,15 +105,55 @@ You can use activity types and filters to further control when your workflow wil
### Using filters to target specific branches for pull request events
-{% data reusables.actions.workflows.section-triggering-a-workflow-branches %}
+{% data reusables.actions.workflows.triggering-workflow-branches1 %}
+
+#### Example: Including branches
+
+{% data reusables.actions.workflows.triggering-workflow-branches2 %}
+
+#### Example: Excluding branches
+
+{% data reusables.actions.workflows.triggering-workflow-branches3 %}
+
+#### Example: Including and excluding branches
+
+{% data reusables.actions.workflows.triggering-workflow-branches4 %}
### Using filters to target specific branches or tags for push events
-{% data reusables.actions.workflows.section-run-on-specific-branches-or-tags %}
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags1 %}
+
+#### Example: Including branches and tags
+
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags2 %}
+
+#### Example: Excluding branches and tags
+
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags3 %}
+
+#### Example: Including and excluding branches and tags
+
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags4 %}
### Using filters to target specific paths for pull request or push events
-{% data reusables.actions.workflows.section-triggering-a-workflow-paths %}
+{% data reusables.actions.workflows.triggering-a-workflow-paths1 %}
+
+#### Example: Including paths
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths2 %}
+
+#### Example: Excluding paths
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths3 %}
+
+#### Example: Including and excluding paths
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths4 %}
+
+#### Git diff comparisons
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths5 %}
### Using filters to target specific branches for workflow run events
@@ -237,7 +279,7 @@ For more information about what information is available in the event context, s
### Using environments to manually trigger workflow jobs
-If you want to manually trigger a specific job in a workflow, you can use an environment that requires approval from a specific team or user. First, configure an environment with required reviewers. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)." Then, reference the environment name in a job in your workflow using the `environment:` key. Any job referencing the environment will not run until at least one reviewer approves the job.
+If you want to manually trigger a specific job in a workflow, you can use an environment that requires approval from a specific team or user. First, configure an environment with required reviewers. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)." Then, reference the environment name in a job in your workflow using the `environment:` key. Any job referencing the environment will not run until at least one reviewer approves the job.
For example, the following workflow will run whenever there is a push to main. The `build` job will always run. The `publish` job will only run after the `build` job successfully completes (due to `needs: [build]`) and after all of the rules (including required reviewers) for the environment called `production` pass (due to `environment: production`).
diff --git a/content/actions/using-jobs/using-conditions-to-control-job-execution.md b/content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md
similarity index 91%
rename from content/actions/using-jobs/using-conditions-to-control-job-execution.md
rename to content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md
index c76acbfe53d9..601967794eaa 100644
--- a/content/actions/using-jobs/using-conditions-to-control-job-execution.md
+++ b/content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md
@@ -6,6 +6,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/using-conditions-to-control-job-execution
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/using-jobs/choosing-the-runner-for-a-job.md b/content/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job.md
similarity index 90%
rename from content/actions/using-jobs/choosing-the-runner-for-a-job.md
rename to content/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job.md
index 0c3b63b66a09..ff21f8983b07 100644
--- a/content/actions/using-jobs/choosing-the-runner-for-a-job.md
+++ b/content/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job.md
@@ -6,6 +6,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/choosing-the-runner-for-a-job
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/writing-workflows/choosing-where-your-workflow-runs/index.md b/content/actions/writing-workflows/choosing-where-your-workflow-runs/index.md
new file mode 100644
index 000000000000..1a3a3dd85702
--- /dev/null
+++ b/content/actions/writing-workflows/choosing-where-your-workflow-runs/index.md
@@ -0,0 +1,13 @@
+---
+title: Choosing where your workflow runs
+shortTitle: Choose where workflows run
+intro: You can specify the compute environment your jobs and workflows run in.
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /choosing-the-runner-for-a-job
+ - /running-jobs-in-a-container
+---
+
diff --git a/content/actions/using-jobs/running-jobs-in-a-container.md b/content/actions/writing-workflows/choosing-where-your-workflow-runs/running-jobs-in-a-container.md
similarity index 93%
rename from content/actions/using-jobs/running-jobs-in-a-container.md
rename to content/actions/writing-workflows/choosing-where-your-workflow-runs/running-jobs-in-a-container.md
index 100469bcc416..ee375f636f76 100644
--- a/content/actions/using-jobs/running-jobs-in-a-container.md
+++ b/content/actions/writing-workflows/choosing-where-your-workflow-runs/running-jobs-in-a-container.md
@@ -6,6 +6,8 @@ versions:
fpt: '*'
ghes: '*'
ghec: '*'
+redirect_from:
+ - /actions/using-jobs/running-jobs-in-a-container
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/actions/writing-workflows/index.md b/content/actions/writing-workflows/index.md
new file mode 100644
index 000000000000..c389572f2d0c
--- /dev/null
+++ b/content/actions/writing-workflows/index.md
@@ -0,0 +1,21 @@
+---
+title: Writing workflows
+shortTitle: Write workflows
+intro: '{% data variables.product.prodname_actions %} workflows can automate tasks throughout the software development lifecycle.'
+redirect_from:
+ - /actions/learn-github-actions
+ - /actions/using-workflows
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /quickstart
+ - /about-workflows
+ - /using-workflow-templates
+ - /choosing-when-your-workflow-runs
+ - /choosing-where-your-workflow-runs
+ - /choosing-what-your-workflow-does
+ - /workflow-syntax-for-github-actions
+---
+
diff --git a/content/actions/quickstart.md b/content/actions/writing-workflows/quickstart.md
similarity index 97%
rename from content/actions/quickstart.md
rename to content/actions/writing-workflows/quickstart.md
index b196cb476e43..77376db15ed7 100644
--- a/content/actions/quickstart.md
+++ b/content/actions/writing-workflows/quickstart.md
@@ -4,6 +4,7 @@ intro: 'Try out the features of {% data variables.product.prodname_actions %} in
allowTitleToDifferFromFilename: true
redirect_from:
- /actions/getting-started-with-github-actions/starting-with-preconfigured-workflow-templates
+ - /actions/quickstart
versions:
fpt: '*'
ghes: '*'
@@ -22,8 +23,16 @@ shortTitle: Quickstart
This quickstart guide shows you how to use the user interface of {% data variables.location.product_location %} to add a workflow that demonstrates some of the essential features of {% data variables.product.prodname_actions %}.
+{% data reusables.actions.workflow-templates-for-more-information %}
+
For an overview of {% data variables.product.prodname_actions %} workflows, see "[AUTOTITLE](/actions/using-workflows/about-workflows)." If you want to learn about the various components that make up {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)."
+## Using workflow templates
+
+{% data reusables.actions.workflow-template-overview %}
+
+{% data reusables.actions.workflow-templates-repo-link %}
+
## Prerequisites
This guide assumes that:
@@ -101,10 +110,6 @@ If you chose to start a pull request, you can continue and create the pull reque
The example workflow you just added is triggered each time code is pushed to the branch, and shows you how {% data variables.product.prodname_actions %} can work with the contents of your repository. For an in-depth tutorial, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)."
-## More starter workflows
-
-{% data reusables.actions.workflow-template-overview %}
-
## Next steps
{% data reusables.actions.onboarding-next-steps %}
diff --git a/content/actions/writing-workflows/using-workflow-templates.md b/content/actions/writing-workflows/using-workflow-templates.md
new file mode 100644
index 000000000000..d4557ce96f66
--- /dev/null
+++ b/content/actions/writing-workflows/using-workflow-templates.md
@@ -0,0 +1,62 @@
+---
+title: Using workflow templates
+shortTitle: Use workflow templates
+intro: '{% data variables.product.product_name %} provides workflow templates for a variety of languages and tooling.'
+redirect_from:
+ - /articles/setting-up-continuous-integration-using-github-actions
+ - /github/automating-your-workflow-with-github-actions/setting-up-continuous-integration-using-github-actions
+ - /actions/automating-your-workflow-with-github-actions/setting-up-continuous-integration-using-github-actions
+ - /actions/building-and-testing-code-with-continuous-integration/setting-up-continuous-integration-using-github-actions
+ - /actions/guides/setting-up-continuous-integration-using-workflow-templates
+ - /actions/learn-github-actions/using-workflow-templates
+ - /actions/using-workflows/using-starter-workflows
+ - /actions/learn-github-actions/using-starter-workflows
+ - /actions/writing-workflows/using-starter-workflows
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: tutorial
+topics:
+ - Workflows
+ - CI
+ - CD
+---
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+## About workflow templates
+
+Workflow templates are templates that help you to create your own {% data variables.product.prodname_actions %} workflows for a repository. They offer an alternative to starting from a blank workflow file and are useful because some of the work will already have been done for you.
+
+{% data variables.product.product_name %} offers workflow templates for a variety of languages and tooling. When you set up workflows in your repository, {% data variables.product.product_name %} analyzes the code in your repository and recommends workflows based on the language and framework in your repository. For example, if you use Node.js, {% data variables.product.product_name %} will suggest a workflow template file that installs your Node.js packages and runs your tests. You can search and filter to find relevant workflow templates.
+
+{% data reusables.actions.workflow-templates-categories %}
+
+{% data reusables.actions.workflow-templates-repo-link %}
+
+You can also create your own workflow template to share with your organization. These workflow templates will appear alongside the {% data variables.product.product_name %}-provided workflow templates. Anyone with write access to the organization's `github` repository can set up a workflow template. For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
+
+## Choosing and using a workflow template
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "Choose a workflow" page shows a selection of recommended workflow templates. Find the workflow template that you want to use, then click **Configure**. To help you find the workflow template that you want, you can search for keywords or filter by category.
+1. If the workflow template contains comments detailing additional setup steps, follow these steps.
+
+ There are guides to accompany many of the workflow templates for building and testing projects. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests)."
+
+1. Some workflow templates use secrets. For example, {% raw %}`${{ secrets.npm_token }}`{% endraw %}. If the workflow template uses a secret, store the value described in the secret name as a secret in your repository. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)."
+1. Optionally, make additional changes. For example, you might want to change the value of `on` to change when the workflow runs.
+1. Click **Start commit**.
+1. Write a commit message and decide whether to commit directly to the default branch or to open a pull request.
+
+## Further reading
+
+* "[AUTOTITLE](/actions/automating-builds-and-tests/about-continuous-integration)"
+* "[AUTOTITLE](/actions/managing-workflow-runs)"
+* "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting)"
+{% ifversion fpt or ghec %}
+* "[AUTOTITLE](/billing/managing-billing-for-github-actions)"
+{% endif %}
diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/writing-workflows/workflow-syntax-for-github-actions.md
similarity index 97%
rename from content/actions/using-workflows/workflow-syntax-for-github-actions.md
rename to content/actions/writing-workflows/workflow-syntax-for-github-actions.md
index 001ef55026d6..a0d3cc470211 100644
--- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md
+++ b/content/actions/writing-workflows/workflow-syntax-for-github-actions.md
@@ -8,6 +8,7 @@ redirect_from:
- /actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions
- /actions/reference/workflow-syntax-for-github-actions
- /actions/learn-github-actions/workflow-syntax-for-github-actions
+ - /actions/using-workflows/workflow-syntax-for-github-actions
versions:
fpt: '*'
ghes: '*'
@@ -52,15 +53,55 @@ run-name: Deploy to ${{ inputs.deploy_target }} by @${{ github.actor }}
## `on..`
-{% data reusables.actions.workflows.section-triggering-a-workflow-branches %}
+{% data reusables.actions.workflows.triggering-workflow-branches1 %}
+
+### Example: Including branches
+
+{% data reusables.actions.workflows.triggering-workflow-branches2 %}
+
+### Example: Excluding branches
+
+{% data reusables.actions.workflows.triggering-workflow-branches3 %}
+
+### Example: Including and excluding branches
+
+{% data reusables.actions.workflows.triggering-workflow-branches4 %}
## `on.push.`
-{% data reusables.actions.workflows.section-run-on-specific-branches-or-tags %}
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags1 %}
+
+### Example: Including branches and tags
+
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags2 %}
+
+### Example: Excluding branches and tags
+
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags3 %}
+
+### Example: Including and excluding branches and tags
+
+{% data reusables.actions.workflows.run-on-specific-branches-or-tags4 %}
## `on..`
-{% data reusables.actions.workflows.section-triggering-a-workflow-paths %}
+{% data reusables.actions.workflows.triggering-a-workflow-paths1 %}
+
+### Example: Including paths
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths2 %}
+
+### Example: Excluding paths
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths3 %}
+
+### Example: Including and excluding paths
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths4 %}
+
+### Git diff comparisons
+
+{% data reusables.actions.workflows.triggering-a-workflow-paths5 %}
## `on.schedule`
@@ -643,7 +684,7 @@ Using the `working-directory` keyword, you can specify the working directory of
Alternatively, you can specify a default working directory for all `run` steps in a job, or for all `run` steps in the entire workflow. For more information, see "[`defaults.run.working-directory`](/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrunworking-directory)" and "[`jobs..defaults.run.working-directory`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iddefaultsrunworking-directory)."
-You can also use a `run` step to run a script. For more information, see "[AUTOTITLE](/actions/learn-github-actions/essential-features-of-github-actions#adding-scripts-to-your-workflow)."
+You can also use a `run` step to run a script. For more information, see "[AUTOTITLE](/actions/writing-workflows/choosing-what-your-workflow-does/adding-scripts-to-your-workflow)."
## `jobs..steps[*].shell`
diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli.md b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli.md
index 8dcaba56ae1a..bcf99750d49a 100644
--- a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli.md
+++ b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli.md
@@ -1,6 +1,6 @@
---
title: Administering your instance using the GitHub CLI
-intro: 'You can administer your GitHub Enterprise Server instance using the GitHub CLI extension for GHES Manage API.'
+intro: 'You can administer your {% data variables.product.prodname_ghe_server %} instance using the {% data variables.product.prodname_cli %} extension for GHES Manage API.'
versions:
feature: ghes-manage-api-cli-extension
type: how_to
diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
index 09eb71404a46..4fcf4ca44ad0 100644
--- a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
+++ b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
@@ -661,7 +661,7 @@ $ ghe-cluster-maintenance -u
### ghe-cluster-repl-bootstrap
-This utility configures high availability replication to a secondary set of cluster nodes. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster)."
+This utility configures high availability replication to a secondary set of cluster nodes. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster)."
```shell
ghe-cluster-repl-bootstrap
@@ -669,7 +669,7 @@ ghe-cluster-repl-bootstrap
### ghe-cluster-repl-teardown
-This utility disables replication to replica nodes for a cluster in a high availability configuration. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster#disabling-high-availability-replication-for-a-cluster)."
+This utility disables replication to replica nodes for a cluster in a high availability configuration. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster#disabling-high-availability-replication-for-a-cluster)."
```shell
ghe-cluster-repl-teardown
@@ -729,7 +729,7 @@ ssh -p 122 admin@HOSTNAME -- 'ghe-cluster-support-bundle -t TICKET_ID'
{% endif %}
-With the `ghe-cluster-failover` utility, you can fail over to your replica cluster. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster)."
+With the `ghe-cluster-failover` utility, you can fail over to your replica cluster. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster)."
```shell
ghe-cluster-failover
@@ -797,9 +797,9 @@ ghe-dpages evacuate pages-server-UUID
### ghe-remove-node
-This utility removes a node from a cluster. If you're replacing a node, after you've set up a replacement node, you can use this command to take the old node offline. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node)."
+This utility removes a node from a cluster. If you're replacing a node, after you've set up a replacement node, you can use this command to take the old node offline. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node)."
-You must run this command from the primary MySQL node in your cluster, which is typically the node designated as `mysql-master` in your cluster configuration file (`cluster.conf`). You can use this command to remove any node, with the exception of the `mysql-master` or `redis-master` node. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initializing-the-cluster#about-the-cluster-configuration-file)."
+You must run this command from the primary MySQL node in your cluster, which is typically the node designated as `mysql-master` in your cluster configuration file (`cluster.conf`). You can use this command to remove any node, with the exception of the `mysql-master` or `redis-master` node. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/initializing-the-cluster#about-the-cluster-configuration-file)."
```shell
ghe-remove-node HOSTNAME
@@ -1176,6 +1176,17 @@ This utility completely disables replication on an existing replica node, removi
ghe-repl-teardown
```
+{% ifversion ghes > 3.13 %}
+
+### ghe-repl-stop-all
+
+This utility disables replication of all datastores on all replica nodes. Run this utility from the primary node before upgrading replicas. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package)."
+
+### ghe-repl-start-all
+
+This utility begins replication of all datastores on all replica nodes. Run this utility from the primary node after upgrading replicas. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package)."
+{% endif %}
+
## Import and export
### ghe-migrator
@@ -1373,7 +1384,7 @@ During an upgrade to a feature release, this utility displays the status of back
{% ifversion ghes < 3.12 %}
{% note %}
-**Note:** To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+**Note:** To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
{% endnote %}
{% endif %}
@@ -1424,7 +1435,7 @@ ssh -p 122 admin@HOSTNAME -- 'ghe-update-check'
### ghe-upgrade
-This utility installs or verifies an upgrade package. You can also use this utility to roll back a patch release if an upgrade fails or is interrupted. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+This utility installs or verifies an upgrade package. You can also use this utility to roll back a patch release if an upgrade fails or is interrupted. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
To verify an upgrade package:
@@ -1444,7 +1455,7 @@ ghe-upgrade UPGRADE-PACKAGE-FILENAME
This utility manages scheduled installation of upgrade packages. You can show, create new, or remove scheduled installations. You must create schedules using cron expressions. For more information, see the [Cron Wikipedia entry](https://en.wikipedia.org/wiki/Cron#Overview).
-The `ghe-upgrade-scheduler` utility is best suited for scheduling hotpatch upgrades, which do not require maintenance mode or a reboot in most cases. This utility is not practical for full package upgrades, which require an administrator to manually set maintenance mode, reboot the instance, and unset maintenance mode. For more information about the different types of upgrades, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-an-upgrade-package)"
+The `ghe-upgrade-scheduler` utility is best suited for scheduling hotpatch upgrades, which do not require maintenance mode or a reboot in most cases. This utility is not practical for full package upgrades, which require an administrator to manually set maintenance mode, reboot the instance, and unset maintenance mode. For more information about the different types of upgrades, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package)"
To schedule a new installation for a package:
diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-search-indices-for-your-instance.md b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-search-indices-for-your-instance.md
index b4eebeb869c9..6d06965db872 100644
--- a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-search-indices-for-your-instance.md
+++ b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-search-indices-for-your-instance.md
@@ -41,6 +41,23 @@ In normal use, enterprise owners do not need to create new indices or schedule r
1. If you want the index to be searchable, select the **Make this index searchable** checkbox.
1. If you want the index to be writable, select the **Make this index writable** checkbox.
1. Click **Create index**.
+1. If your instance uses a high availability or cluster configuration, you will need to run a script to ensure the number of search indices is correctly configured across the instance.
+
+ Access the administrative shell for your primary appliance via SSH, then run one of the following commands.
+
+ For high availability configurations:
+
+ ```shell copy
+ /usr/local/share/enterprise/ghe-es-auto-expand -v 0-all
+ ```
+
+ For cluster configurations:
+
+ ```shell copy
+ /usr/local/share/enterprise/ghe-es-auto-expand -v 0-1
+ ```
+
+ See "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/accessing-the-administrative-shell-ssh)."
## Managing search indices
@@ -69,7 +86,7 @@ Your instance uses repair jobs to reconcile the data, and schedules a repair job
* A new search index is created.
* Missing data needs to be backfilled.
* Old search data needs to be updated.
-
+
In the "Repair" section of the search index, a progress bar shows the current status of a repair job across background workers. You can ignore the value shown in the progress bar after a repair job has completed. The progress bar shows the difference between the repair offset and the highest record ID in the database, and will decrease as more repositories are added to {% data variables.location.product_location %} even though those repositories are actually indexed.
To minimize the effects on I/O performance and reduce the chances of operations timing out, run the repair job during off-peak hours. As the job reconciles the search index with database and Git repository data, one CPU will be used. Monitor your system's load averages and CPU usage with a utility like `top`. If you don't notice any significant increase in resource consumption, it should also be safe to run an index repair job during peak hours.
diff --git a/content/admin/all-releases.md b/content/admin/all-releases.md
index 3cfc4b08c666..c4d75f2ed6ed 100644
--- a/content/admin/all-releases.md
+++ b/content/admin/all-releases.md
@@ -52,6 +52,7 @@ If you run analysis in an external CI system, we recommend using the same versio
| {% data variables.product.product_name %} version | Recommended {% data variables.product.prodname_codeql_cli %} version |
| ------------------------------------------------- | ---------------------- |
+| 3.14 | 2.17.6 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.17.6/)) |
| 3.13 | 2.16.5 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.16.5/)) |
| 3.12 | 2.15.5 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.15.5/)) |
| 3.11 | 2.14.6 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.14.6/)) |
@@ -67,6 +68,7 @@ For instances with {% data variables.product.prodname_actions %} enabled, self-h
| {% data variables.product.product_name %} version | Minimum Runner version |
| ------------------------------------------------- | ---------------------- |
+| 3.14 | 2.317.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.317.0)) |
| 3.13 | 2.314.1 ([release notes](https://github.com/actions/runner/releases/tag/v2.314.1)) |
| 3.12 | 2.311.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.311.0)) |
| 3.11 | 2.309.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.309.0)) |
diff --git a/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md b/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md
index 96393d5546f6..7027d74abeef 100644
--- a/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md
+++ b/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md
@@ -140,30 +140,12 @@ When upgrading {% data variables.product.prodname_enterprise_backup_utilities %}
## Scheduling a backup
-{% ifversion backup-utilities-encryption-bug %}
-{% warning %}
-
-**Warning**: {% data reusables.enterprise_backup_utilities.enterprise-backup-utils-encryption-keys %}
-
-{% endwarning %}
-{% endif %}
-
You can schedule regular backups on the backup host using the `cron(8)` command or a similar command scheduling service. The configured backup frequency will dictate the worst case recovery point objective (RPO) in your recovery plan. For example, if you have scheduled the backup to run every day at midnight, you could lose up to 24 hours of data in a disaster scenario. We recommend starting with an hourly backup schedule, guaranteeing a worst case maximum of one hour of data loss if the primary site data is destroyed.
If backup attempts overlap, the `ghe-backup` command will abort with an error message, indicating the existence of a simultaneous backup. If this occurs, we recommended decreasing the frequency of your scheduled backups. For more information, see the "Scheduling backups" section of the [{% data variables.product.prodname_enterprise_backup_utilities %} README](https://github.com/github/backup-utils#scheduling-backups) in the {% data variables.product.prodname_enterprise_backup_utilities %} project documentation.
## Restoring a backup
-{% ifversion backup-utilities-encryption-bug %}
-
-{% warning %}
-
-**Warning**: {% data reusables.enterprise_backup_utilities.enterprise-backup-utils-encryption-keys %}
-
-{% endwarning %}
-
-{% endif %}
-
In the event of prolonged outage or catastrophic event at the primary site, you can restore {% data variables.location.product_location %} by provisioning another instance and performing a restore from the backup host. You must add the backup host's SSH key to the target {% data variables.product.prodname_enterprise %} instance as an authorized SSH key before restoring an instance.
When performing backup restores to {% data variables.location.product_location %}, you can only restore data from at most two feature releases behind. For example, if you take a backup from {% data variables.product.product_name %} 3.0.x, you can restore the backup to an instance running {% data variables.product.product_name %} 3.2.x. You cannot restore data from a backup of {% data variables.product.product_name %} 2.22.x to an instance running 3.2.x, because that would be three jumps between versions (2.22 to 3.0 to 3.1 to 3.2). You would first need to restore to an instance running 3.1.x, and then upgrade to 3.2.x.
diff --git a/content/admin/backing-up-and-restoring-your-instance/index.md b/content/admin/backing-up-and-restoring-your-instance/index.md
index f344c8322fb1..57ca1f160cec 100644
--- a/content/admin/backing-up-and-restoring-your-instance/index.md
+++ b/content/admin/backing-up-and-restoring-your-instance/index.md
@@ -8,6 +8,7 @@ topics:
- Enterprise
children:
- /configuring-backups-on-your-instance
- - /known-issues-with-backups-for-your-instance
+redirect_from:
+ - /admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance
---
diff --git a/content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md b/content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md
deleted file mode 100644
index 215930dd6eb6..000000000000
--- a/content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: Known issues with backups for your instance
-intro: 'See an overview of workarounds for issues that impact the backup or restoration process for {% data variables.product.prodname_ghe_server %}.'
-versions:
- feature: backup-utilities-encryption-bug
-type: overview
-topics:
- - Enterprise
- - Troubleshooting
- - Backups
-shortTitle: Known issues with backups
-redirect_from:
- - /admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance
----
-
-## About known issues with {% data variables.product.prodname_ghe_server %} backups
-
-{% data variables.product.company_short %} provides workarounds for the following issues that could impact backup or restoration of data for a {% data variables.product.prodname_ghe_server %} instance. For more information, see "Known issues" in the [{% data variables.product.prodname_ghe_server %} release notes](/admin/release-notes).
-
-{% ifversion backup-utilities-encryption-bug %}
-
-## Users cannot sign in after restoration of a backup
-
-{% note %}
-
-**Note:** This known issue has been fixed in {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.9.1{% endif %}.
-
-{% endnote %}
-
-If you used {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %} to back up an instance running any release in the {% data variables.product.product_name %} 3.7{% ifversion ghes = 3.9 %} or 3.8{% endif %} series, after you restore the backup to a new instance, users cannot sign in. Though users cannot sign in, the backup itself is unaffected and all data is intact.
-
-After you restore an existing backup affected by this issue, you can resolve the issue by modifying the configuration on the new instance.
-
-### Restoring from an existing backup
-
-If you've restored an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9%}3.7.0, 3.8.0, or 3.9.0{% endif %} to a new instance and users cannot sign in, you must output configuration data from the source {% data variables.product.product_name %} instance and adjust the configuration on the target instance.
-
-To ensure users can sign into the new target instance, ensure that your environment meets the following requirements.
-
-* The source {% data variables.product.product_name %} instance must be running and accessible via SSH.
-* You must have an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}.
-* You must have provisioned a new target {% data variables.product.product_name %} instance and restored the backup. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-instance)."
-
-1. SSH into the source {% data variables.product.product_name %} instance that you backed up. If your instance comprises multiple nodes, for example if high availability or geo-replication are configured, SSH into the primary node. If you use a cluster, you can SSH into any node. Replace HOSTNAME with the actual hostname of your instance. For more information about SSH access, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
-
- ```shell copy
- ssh -p 122 admin@HOSTNAME
- ```
-
-{%- ifversion ghes = 3.9 %}
-1. To display a list of decryption keys, run the following command.
-
- ```shell copy
- ghe-config secrets.github.encrypted-column-keying-material
- ```
-
-1. Copy the output to a safe and temporary location.
-1. To display a list of encryption keys, run the following command.
-
- ```shell copy
- ghe-config secrets.github.encrypted-column-current-encryption-key
- ```
-
-1. Copy the output to a safe and temporary location.
-{%- endif %}
-1. SSH into the destination {% data variables.product.product_name %} instance where you restored the backup. Replace HOSTNAME with the actual hostname of your instance.
-
- ```shell copy
- ssh -p 122 admin@HOSTNAME
- ```
-
-1. Enable maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#enabling-maintenance-mode-immediately-or-scheduling-a-maintenance-window-for-a-later-time)."
-1. To verify that the destination instance is ready for configuration, run the following {% ifversion ghes = 3.9 %}commands{% endif %}. There should be no output displayed.
-
- ```shell copy
- ghe-config secrets.github.encrypted-column-keying-material
- {%- ifversion ghes = 3.9 %}
- ghe-config secrets.github.encrypted-column-current-encryption-key
- {%- endif %}
- ```
-
-{%- ifversion ghes = 3.9 %}
-1. To update the decryption keys on the destination instance, run the following command. Replace DECRYPTION-KEY-LIST with the output from step 1.
-
- ```shell copy
- ghe-config secrets.github.encrypted-column-keying-material "DECRYPTION-KEY-LIST"
- ```
-
-1. To update the encryption key on the destination instance, run the following command. Replace ENCRYPTION-KEY with the output from step 4.
-
- ```shell copy
- ghe-config secrets.github.encrypted-column-current-encryption-key "ENCRYPTION-KEY"
- ```
-
-{%- endif %}
-1. To apply the configuration, run the following command.
-
- ```shell copy
- ghe-config-apply
- ```
-
-1. Wait for the configuration run to complete.
-1. To ensure that the target instance's configuration contains the keys, run the following {% ifversion ghes = 3.9 %}commands{% endif %} and verify that the output matches step 1{% ifversion ghes = 3.9 %} and step 4{% endif %}.
-
- ```shell copy
- ghe-config secrets.github.encrypted-column-keying-material
- {%- ifversion ghes = 3.9 %}
- ghe-config secrets.github.encrypted-column-current-encryption-key
- {%- endif %}
- ```
-
-1. Have a user sign into the destination instance. If any issues arise, contact {% data variables.contact.enterprise_support %}. For more information, see "[AUTOTITLE](/support/contacting-github-support)."
-
-{% endif %}
diff --git a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md b/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
deleted file mode 100644
index 8e86a43c6e11..000000000000
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: About supply chain security for your enterprise
-intro: You can enable features that help your developers understand and update the dependencies their code relies on.
-shortTitle: About supply chain security
-permissions: ''
-versions:
- ghes: '*'
-type: how_to
-topics:
- - Enterprise
- - Security
- - Dependency graph
----
-
-You can allow users to identify their projects' dependencies by enabling the dependency graph for {% data variables.location.product_location %}. For more information, see "[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)."
-
-{% data reusables.dependency-review.dependency-review-enabled-ghes %}
-
-You can also allow users on {% data variables.location.product_location %} to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-
-After you enable {% data variables.product.prodname_dependabot_alerts %}, you can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.location.product_location %} and manually sync the data. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)."
diff --git a/content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md b/content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md
similarity index 97%
rename from content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md
rename to content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md
index 734da24bb387..59d8454cd64b 100644
--- a/content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md
+++ b/content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md
@@ -5,6 +5,7 @@ permissions: 'Site administrators can enable {% data variables.product.prodname_
redirect_from:
- /enterprise/admin/packages/configuring-packages-support-for-your-enterprise
- /admin/packages/configuring-packages-support-for-your-enterprise
+ - /admin/packages/configuring-package-ecosystem-support-for-your-enterprise
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/packages/enabling-github-packages-with-aws.md b/content/admin/configuring-packages/enabling-github-packages-with-aws.md
similarity index 98%
rename from content/admin/packages/enabling-github-packages-with-aws.md
rename to content/admin/configuring-packages/enabling-github-packages-with-aws.md
index ce5348166166..7178fba96755 100644
--- a/content/admin/packages/enabling-github-packages-with-aws.md
+++ b/content/admin/configuring-packages/enabling-github-packages-with-aws.md
@@ -10,6 +10,8 @@ topics:
- Packages
- Packages
shortTitle: Enable Packages with AWS
+redirect_from:
+ - /admin/packages/enabling-github-packages-with-aws
---
{% warning %}
diff --git a/content/admin/packages/enabling-github-packages-with-azure-blob-storage.md b/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md
similarity index 97%
rename from content/admin/packages/enabling-github-packages-with-azure-blob-storage.md
rename to content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md
index afc962393ac2..c1a2e066cf8b 100644
--- a/content/admin/packages/enabling-github-packages-with-azure-blob-storage.md
+++ b/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md
@@ -9,6 +9,8 @@ topics:
- Packages
- Storage
shortTitle: Enable Packages with Azure
+redirect_from:
+ - /admin/packages/enabling-github-packages-with-azure-blob-storage
---
{% warning %}
diff --git a/content/admin/packages/enabling-github-packages-with-minio.md b/content/admin/configuring-packages/enabling-github-packages-with-minio.md
similarity index 97%
rename from content/admin/packages/enabling-github-packages-with-minio.md
rename to content/admin/configuring-packages/enabling-github-packages-with-minio.md
index dcb89b8f555d..770e6687e9b2 100644
--- a/content/admin/packages/enabling-github-packages-with-minio.md
+++ b/content/admin/configuring-packages/enabling-github-packages-with-minio.md
@@ -9,6 +9,8 @@ topics:
- Packages
- Storage
shortTitle: Enable Packages with MinIO
+redirect_from:
+ - /admin/packages/enabling-github-packages-with-minio
---
{% warning %}
diff --git a/content/admin/packages/getting-started-with-github-packages-for-your-enterprise.md b/content/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise.md
similarity index 98%
rename from content/admin/packages/getting-started-with-github-packages-for-your-enterprise.md
rename to content/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise.md
index 18a24f4a6254..7980ff191396 100644
--- a/content/admin/packages/getting-started-with-github-packages-for-your-enterprise.md
+++ b/content/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise.md
@@ -6,6 +6,7 @@ permissions: 'Site administrators can enable and configure {% data variables.pro
redirect_from:
- /enterprise/admin/packages/enabling-github-packages-for-your-enterprise
- /admin/packages/enabling-github-packages-for-your-enterprise
+ - /admin/packages/getting-started-with-github-packages-for-your-enterprise
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/packages/index.md b/content/admin/configuring-packages/index.md
similarity index 97%
rename from content/admin/packages/index.md
rename to content/admin/configuring-packages/index.md
index 268a431fa877..9743176297d9 100644
--- a/content/admin/packages/index.md
+++ b/content/admin/configuring-packages/index.md
@@ -4,6 +4,7 @@ allowTitleToDifferFromFilename: true
intro: 'You can enable {% data variables.product.prodname_registry %} for your enterprise and manage {% data variables.product.prodname_registry %} settings and allowed packaged types.'
redirect_from:
- /enterprise/admin/packages
+ - /admin/packages
versions:
ghes: '*'
topics:
diff --git a/content/admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md b/content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md
similarity index 97%
rename from content/admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md
rename to content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md
index b1652ad98d35..15dc5206ba70 100644
--- a/content/admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md
+++ b/content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md
@@ -10,6 +10,8 @@ topics:
- Containers
- Docker
- Migration
+redirect_from:
+ - /admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry
---
{% data reusables.package_registry.container-registry-ghes-beta %}
diff --git a/content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md b/content/admin/configuring-packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md
similarity index 97%
rename from content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md
rename to content/admin/configuring-packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md
index 9f311f1b048d..ff67e284c2e6 100644
--- a/content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md
+++ b/content/admin/configuring-packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md
@@ -9,6 +9,8 @@ topics:
- Enterprise
- Storage
shortTitle: Quickstart for MinIO
+redirect_from:
+ - /admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages
---
{% data reusables.package_registry.packages-ghes-release-stage %}
diff --git a/content/admin/configuration/configuring-github-connect/about-github-connect.md b/content/admin/configuring-settings/configuring-github-connect/about-github-connect.md
similarity index 55%
rename from content/admin/configuration/configuring-github-connect/about-github-connect.md
rename to content/admin/configuring-settings/configuring-github-connect/about-github-connect.md
index 7ab5e4782dae..a674eca72851 100644
--- a/content/admin/configuration/configuring-github-connect/about-github-connect.md
+++ b/content/admin/configuring-settings/configuring-github-connect/about-github-connect.md
@@ -7,6 +7,8 @@ type: overview
topics:
- Enterprise
- GitHub Connect
+redirect_from:
+ - /admin/configuration/configuring-github-connect/about-github-connect
---
## About {% data variables.product.prodname_github_connect %}
@@ -26,13 +28,15 @@ After enabling {% data variables.product.prodname_github_connect %}, you will be
After you configure the connection between {% data variables.location.product_location %} and {% data variables.product.prodname_ghe_cloud %}, you can enable individual features of {% data variables.product.prodname_github_connect %} for your enterprise.
| Feature | Description | More information |
-| ----------- | ----------- | ----------- |{% ifversion ghes %}
-Automatic user license sync | Manage license usage across your {% data variables.product.prodname_enterprise %} deployments by automatically syncing user licenses from {% data variables.location.product_location %} to {% data variables.product.prodname_ghe_cloud %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise)"{% endif %}{% ifversion ghes %}
-{% data variables.product.prodname_dependabot %} | Allow users to find and fix vulnerabilities in code dependencies. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)"{% endif %}
-{% data variables.product.prodname_dotcom_the_website %} actions | Allow users to use actions from {% data variables.product.prodname_dotcom_the_website %} in public workflow files. | "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)"{% ifversion server-statistics %}
-{% data variables.product.prodname_server_statistics %} | Analyze your own aggregate data from GitHub Enterprise Server, and help us improve GitHub products. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise)"{% endif %}
-Unified search | Allow users to include repositories on {% data variables.product.prodname_dotcom_the_website %} in their search results when searching from {% data variables.location.product_location %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise)"
-Unified contributions | Allow users to include anonymized contribution counts for their work on {% data variables.location.product_location %} in their contribution graphs on {% data variables.product.prodname_dotcom_the_website %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise)"
+| ----------- | ----------- | ----------- |
+| Automatic user license sync | Manage license usage across your {% data variables.product.prodname_enterprise %} deployments by automatically syncing user licenses from {% data variables.location.product_location %} to {% data variables.product.prodname_ghe_cloud %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise)" |
+| {% data variables.product.prodname_dependabot %} | Allow users to find and fix vulnerabilities in code dependencies. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)" |
+| {% data variables.product.prodname_dotcom_the_website %} actions | Allow users to use actions from {% data variables.product.prodname_dotcom_the_website %} in public workflow files. | "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)" |
+| {% ifversion server-statistics %} |
+| {% data variables.product.prodname_server_statistics %} | Analyze your own aggregate data from GitHub Enterprise Server, and help us improve GitHub products. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise)" |
+| {% endif %} |
+| Unified search | Allow users to include repositories on {% data variables.product.prodname_dotcom_the_website %} in their search results when searching from {% data variables.location.product_location %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise)" |
+| Unified contributions | Allow users to include anonymized contribution counts for their work on {% data variables.location.product_location %} in their contribution graphs on {% data variables.product.prodname_dotcom_the_website %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise)" |
## Data transmission for {% data variables.product.prodname_github_connect %}
@@ -68,14 +72,22 @@ When you enable {% data variables.product.prodname_github_connect %} or specific
Additional data is transmitted if you enable individual features of {% data variables.product.prodname_github_connect %}.
| Feature | Data | Which way does the data flow? | Where is the data used? |
-| ------- | ---- | --------- | ------ |{% ifversion ghes %}
-Automatic user license sync | Each {% data variables.product.product_name %} user's user ID and email addresses{% ifversion ghas-in-license-sync %}, and whether the user consumes a license for {% data variables.product.prodname_GH_advanced_security %}{% endif %} | From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |{% endif %}{% ifversion ghes %}
-{% data variables.product.prodname_dependabot_alerts %} | Vulnerability alerts | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %} | {% data variables.product.product_name %} |{% endif %}{% ifversion dependabot-updates-github-connect %}
-{% data variables.product.prodname_dependabot_updates %} | Dependencies and the metadata for each dependency's repository
If a dependency is stored in a private repository on {% data variables.product.prodname_dotcom_the_website %}, data will only be transmitted if {% data variables.product.prodname_dependabot %} is configured and authorized to access that repository. | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %} | {% data variables.product.product_name %} {% endif %}
-{% data variables.product.prodname_dotcom_the_website %} actions | Name of action, action (YAML file from {% data variables.product.prodname_marketplace %}) | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %}
From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.product_name %}{% ifversion server-statistics %}
-{% data variables.product.prodname_server_statistics %} | Aggregate metrics about your usage of {% data variables.product.prodname_ghe_server %}. For the complete list of metrics, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)." | From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %}{% endif %}
-Unified search | Search terms, search results | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %}
From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.product_name %} |
-Unified contributions | Contribution counts | From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.prodname_dotcom_the_website %} |
+| ------- | ---- | --------- | ------ |
+| {% ifversion ghes %} |
+| Automatic user license sync | Each {% data variables.product.product_name %} user's user ID and email addresses{% ifversion ghas-in-license-sync %}, and whether the user consumes a license for {% data variables.product.prodname_GH_advanced_security %}{% endif %} | From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |
+| {% endif %} |
+| {% ifversion ghes %} |
+| {% data variables.product.prodname_dependabot_alerts %} | Vulnerability alerts | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %} | {% data variables.product.product_name %} |
+| {% endif %} |
+| {% ifversion dependabot-updates-github-connect %} |
+| {% data variables.product.prodname_dependabot_updates %} | Dependencies and the metadata for each dependency's repository
If a dependency is stored in a private repository on {% data variables.product.prodname_dotcom_the_website %}, data will only be transmitted if {% data variables.product.prodname_dependabot %} is configured and authorized to access that repository. | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %} | {% data variables.product.product_name %} |
+| {% endif %} |
+| {% data variables.product.prodname_dotcom_the_website %} actions | Name of action, action (YAML file from {% data variables.product.prodname_marketplace %}) | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %}
From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.product_name %} |
+| {% ifversion server-statistics %} |
+| {% data variables.product.prodname_server_statistics %} | Aggregate metrics about your usage of {% data variables.product.prodname_ghe_server %}. For the complete list of metrics, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)." | From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |
+| {% endif %} |
+| Unified search | Search terms, search results | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %}
From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.product_name %} |
+| Unified contributions | Contribution counts | From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.prodname_dotcom_the_website %} |
## Further reading
diff --git a/content/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md
similarity index 97%
rename from content/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md
index 57598d7543d0..678d403d7cb9 100644
--- a/content/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md
@@ -7,6 +7,7 @@ redirect_from:
- /admin/configuration/enabling-automatic-user-license-sync-between-github-enterprise-server-and-github-enterprise-cloud
- /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-automatic-user-license-sync-between-github-enterprise-server-and-github-enterprise-cloud
- /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-automatic-user-license-sync-between-github-enterprise-server-and-github-enterprise-cloud
+ - /admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise
permissions: Enterprise owners can enable automatic user license synchronization.
versions:
ghes: '*'
diff --git a/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
similarity index 80%
rename from content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
index fea2733b1a5c..69df4714912c 100644
--- a/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
@@ -1,6 +1,6 @@
---
title: Enabling Dependabot for your enterprise
-intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by {% ifversion dependabot-alerts-ghes-enablement %} setting up {% else %}enabling{% endif %} {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
+intro: 'You can allow users to find and fix vulnerabilities in code dependencies by {% ifversion dependabot-alerts-ghes-enablement %} setting up {% else %}enabling{% endif %} {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
shortTitle: Dependabot
redirect_from:
- /enterprise/admin/installation/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server
@@ -11,6 +11,7 @@ redirect_from:
- /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
- /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account
- /admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise
+ - /admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise
permissions: 'Enterprise owners can{% ifversion dependabot-alerts-ghes-enablement %} set up{% else %} enable{% endif %} {% data variables.product.prodname_dependabot %}.'
versions:
ghes: '*'
@@ -24,15 +25,15 @@ topics:
## About {% data variables.product.prodname_dependabot %} for {% data variables.product.product_name %}
-{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You {% ifversion dependabot-alerts-ghes-enablement %} must first set up {% data variables.product.prodname_dependabot %} for your enterprise, and then you {% endif %} can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
+{% data variables.product.prodname_dependabot %} helps users find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You {% ifversion dependabot-alerts-ghes-enablement %} must first set up {% data variables.product.prodname_dependabot %} for your enterprise, and then you {% endif %} can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
-{% data variables.product.prodname_dependabot %} is just one of many features available to harden supply chain security for {% data variables.location.product_location %}. For more information about the other features, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise)."
+{% data variables.product.prodname_dependabot %} is just one of many features available to harden supply chain security for {% data variables.product.prodname_dotcom %}. For more information about the other features, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise)."
### About {% data variables.product.prodname_dependabot_alerts %}
{% endif %}
-With {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dotcom %} identifies insecure dependencies in repositories and creates alerts on {% data variables.location.product_location %}, using data from the {% data variables.product.prodname_advisory_database %} and the dependency graph service.
+With {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dotcom %} identifies insecure dependencies in repositories and creates alerts on {% data variables.product.prodname_ghe_server %}, using data from the {% data variables.product.prodname_advisory_database %} and the dependency graph service.
{% data reusables.repositories.tracks-vulnerabilities %}
@@ -42,19 +43,17 @@ You can also choose to manually sync vulnerability data at any time. For more in
{% note %}
-**Note:** When you enable {% data variables.product.prodname_dependabot_alerts %}, no code or information about code from {% data variables.location.product_location %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}.
+**Note:** When you enable {% data variables.product.prodname_dependabot_alerts %}, no code or information about code from {% data variables.product.prodname_ghe_server %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}.
{% endnote %}
-When {% data variables.location.product_location %} receives information about a vulnerability, it identifies repositories in {% data variables.location.product_location %} that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}.
+When {% data variables.product.prodname_ghe_server %} receives information about a vulnerability, it identifies repositories that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}.
-For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.location.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.location.product_location %} and generates alerts for any repository that is vulnerable. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
-
-{% ifversion ghes %}
+For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added, {% data variables.product.product_name %} scans all existing repositories and generates alerts for any repository that is vulnerable. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
### About {% data variables.product.prodname_dependabot_updates %}
-After you enable {% data variables.product.prodname_dependabot_alerts %}, you can choose to enable {% data variables.product.prodname_dependabot_updates %}. When {% data variables.product.prodname_dependabot_updates %} are enabled for {% data variables.location.product_location %}, users can configure repositories so that their dependencies are updated and kept secure automatically.
+After you enable {% data variables.product.prodname_dependabot_alerts %}, you can choose to enable {% data variables.product.prodname_dependabot_updates %}. When {% data variables.product.prodname_dependabot_updates %} are enabled for {% data variables.product.prodname_ghe_server %}, users can configure repositories so that their dependencies are updated and kept secure automatically.
{% note %}
@@ -72,7 +71,6 @@ With {% data variables.product.prodname_dependabot_updates %}, {% data variables
* **{% data variables.product.prodname_dependabot_version_updates %}**: Users add a {% data variables.product.prodname_dependabot %} configuration file to the repository to enable {% data variables.product.prodname_dependabot %} to create pull requests when a new version of a tracked dependency is released. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
* **{% data variables.product.prodname_dependabot_security_updates %}**: Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
-{% endif %}
## Enabling {% data variables.product.prodname_dependabot_alerts %}
@@ -102,7 +100,7 @@ You can now enable {% data variables.product.prodname_dependabot_alerts %} for a
Before you can enable {% data variables.product.prodname_dependabot_updates %}:
* You must enable {% data variables.product.prodname_dependabot_alerts %} for your enterprise. For more information, see "Enabling {% data variables.product.prodname_dependabot_alerts %}" above.
* You must enable TLS. {% data variables.product.prodname_dependabot_updates %} run on self-hosted runners, which need to have TLS enabled. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise#prerequisites)."
-* You must configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %} with self-hosted runners. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)."
+* You must configure {% data variables.product.prodname_ghe_server %} to use {% data variables.product.prodname_actions %} with self-hosted runners. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)."
{% data variables.product.prodname_dependabot_updates %} are not supported on {% data variables.product.product_name %} if your enterprise uses clustering.
diff --git a/content/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md
similarity index 96%
rename from content/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md
index e5c40e0ccb91..74bef4f5b039 100644
--- a/content/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md
@@ -5,6 +5,7 @@ versions:
feature: server-statistics
redirect_from:
- /early-access/github/analyze-how-your-team-works-with-server-statistics/about-server-statistics/enabling-server-statistics
+ - /admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise
topics:
- Enterprise
shortTitle: Server Statistics
diff --git a/content/admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md
similarity index 97%
rename from content/admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md
index a5fabe3816b8..1b29c83d6b9b 100644
--- a/content/admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md
@@ -11,6 +11,7 @@ redirect_from:
- /admin/configuration/enabling-unified-contributions-between-github-enterprise-server-and-githubcom
- /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-unified-contributions-between-github-enterprise-server-and-githubcom
- /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-unified-contributions-between-your-enterprise-account-and-githubcom
+ - /admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise
permissions: 'Enterprise owners can enable unified contributions between {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.'
versions:
ghes: '*'
diff --git a/content/admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-unified-search-for-your-enterprise.md
similarity index 98%
rename from content/admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-github-connect/enabling-unified-search-for-your-enterprise.md
index 9cadc449e1dc..172b55e4f0d6 100644
--- a/content/admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-github-connect/enabling-unified-search-for-your-enterprise.md
@@ -11,6 +11,7 @@ redirect_from:
- /admin/configuration/enabling-unified-search-between-github-enterprise-server-and-githubcom
- /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-unified-search-between-github-enterprise-server-and-githubcom
- /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-unified-search-between-your-enterprise-account-and-githubcom
+ - /admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise
permissions: 'Enterprise owners can enable unified search between {% data variables.product.product_name %} and {% data variables.product.prodname_dotcom_the_website %}.'
versions:
ghes: '*'
diff --git a/content/admin/configuration/configuring-github-connect/index.md b/content/admin/configuring-settings/configuring-github-connect/index.md
similarity index 96%
rename from content/admin/configuration/configuring-github-connect/index.md
rename to content/admin/configuring-settings/configuring-github-connect/index.md
index 081f0eea842f..3fc543b3d078 100644
--- a/content/admin/configuration/configuring-github-connect/index.md
+++ b/content/admin/configuring-settings/configuring-github-connect/index.md
@@ -10,6 +10,7 @@ redirect_from:
- /enterprise/admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud
- /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud
- /admin/configuration/managing-connections-between-your-enterprise-accounts
+ - /admin/configuration/configuring-github-connect
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-github-connect/managing-github-connect.md b/content/admin/configuring-settings/configuring-github-connect/managing-github-connect.md
similarity index 98%
rename from content/admin/configuration/configuring-github-connect/managing-github-connect.md
rename to content/admin/configuring-settings/configuring-github-connect/managing-github-connect.md
index 0ef44fa49752..6aece42aebd8 100644
--- a/content/admin/configuration/configuring-github-connect/managing-github-connect.md
+++ b/content/admin/configuring-settings/configuring-github-connect/managing-github-connect.md
@@ -11,6 +11,7 @@ redirect_from:
- /admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
- /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/connecting-github-enterprise-server-to-github-enterprise-cloud
- /admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud
+ - /admin/configuration/configuring-github-connect/managing-github-connect
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance.md b/content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md
similarity index 94%
rename from content/admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance.md
rename to content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md
index 05b21b01f4c8..61ad17646723 100644
--- a/content/admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance.md
+++ b/content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md
@@ -1,7 +1,7 @@
---
title: Changing the hostname for your instance
shortTitle: Change hostname
-intro: "If you want to change the hostname for an existing {% data variables.product.prodname_ghe_server %} instance, you must restore the settings and data to a new instance."
+intro: 'If you want to change the hostname for an existing {% data variables.product.prodname_ghe_server %} instance, you must restore the settings and data to a new instance.'
versions:
ghes: '*'
type: how_to
@@ -9,6 +9,8 @@ topics:
- Enterprise
- Fundamentals
- Infrastructure
+redirect_from:
+ - /admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance
---
## About changes to the hostname for {% data variables.product.product_name %}
diff --git a/content/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server.md b/content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
similarity index 98%
rename from content/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
rename to content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
index 39f759975d1a..074f12af7c80 100644
--- a/content/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
+++ b/content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/installation/configuring-an-outbound-web-proxy-server
- /enterprise/admin/configuration/configuring-an-outbound-web-proxy-server
- /admin/configuration/configuring-an-outbound-web-proxy-server
+ - /admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server
permissions: 'Site administrators can configure an outbound web proxy server for a {% data variables.product.product_name %} instance.'
versions:
ghes: '*'
diff --git a/content/admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules.md b/content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md
similarity index 98%
rename from content/admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules.md
rename to content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md
index 5baddf505628..c93e97066122 100644
--- a/content/admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules.md
+++ b/content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/installation/configuring-built-in-firewall-rules
- /enterprise/admin/configuration/configuring-built-in-firewall-rules
- /admin/configuration/configuring-built-in-firewall-rules
+ - /admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/configuring-dns-nameservers.md b/content/admin/configuring-settings/configuring-network-settings/configuring-dns-nameservers.md
similarity index 95%
rename from content/admin/configuration/configuring-network-settings/configuring-dns-nameservers.md
rename to content/admin/configuring-settings/configuring-network-settings/configuring-dns-nameservers.md
index 0de5bbcb7ab6..0495fd4e495c 100644
--- a/content/admin/configuration/configuring-network-settings/configuring-dns-nameservers.md
+++ b/content/admin/configuring-settings/configuring-network-settings/configuring-dns-nameservers.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/installation/configuring-dns-nameservers
- /enterprise/admin/configuration/configuring-dns-nameservers
- /admin/configuration/configuring-dns-nameservers
+ - /admin/configuration/configuring-network-settings/configuring-dns-nameservers
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance.md b/content/admin/configuring-settings/configuring-network-settings/configuring-the-hostname-for-your-instance.md
similarity index 93%
rename from content/admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance.md
rename to content/admin/configuring-settings/configuring-network-settings/configuring-the-hostname-for-your-instance.md
index 0840c40e634d..6caf37b3a281 100644
--- a/content/admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance.md
+++ b/content/admin/configuring-settings/configuring-network-settings/configuring-the-hostname-for-your-instance.md
@@ -1,13 +1,14 @@
---
title: Configuring the hostname for your instance
shortTitle: Configure hostname
-intro: "You can provide reliable access to {% data variables.location.product_location %} by assigning a hostname that's accessible over your network."
+intro: 'You can provide reliable access to {% data variables.location.product_location %} by assigning a hostname that''s accessible over your network.'
redirect_from:
- /enterprise/admin/guides/installation/configuring-hostnames
- /enterprise/admin/installation/configuring-a-hostname
- /enterprise/admin/configuration/configuring-a-hostname
- /admin/configuration/configuring-a-hostname
- /admin/configuration/configuring-network-settings/configuring-a-hostname
+ - /admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md b/content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md
similarity index 91%
rename from content/admin/configuration/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md
rename to content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md
index 29f34c89cffd..b50d5c15c1ba 100644
--- a/content/admin/configuration/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md
+++ b/content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/installation/configuring-the-ip-address-using-the-virtual-machine-console
- /enterprise/admin/configuration/configuring-the-ip-address-using-the-virtual-machine-console
- /admin/configuration/configuring-the-ip-address-using-the-virtual-machine-console
+ - /admin/configuration/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/configuring-time-synchronization.md b/content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md
similarity index 95%
rename from content/admin/configuration/configuring-network-settings/configuring-time-synchronization.md
rename to content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md
index d65694dc2ebf..14f629ac0bfa 100644
--- a/content/admin/configuration/configuring-network-settings/configuring-time-synchronization.md
+++ b/content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md
@@ -10,6 +10,7 @@ redirect_from:
- /enterprise/admin/configuration/configuring-time-synchronization
- /admin/configuration/configuring-time-synchronization
- /admin/configuration/configuring-your-enterprise/configuring-time-synchronization
+ - /admin/configuration/configuring-network-settings/configuring-time-synchronization
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/index.md b/content/admin/configuring-settings/configuring-network-settings/index.md
similarity index 96%
rename from content/admin/configuration/configuring-network-settings/index.md
rename to content/admin/configuring-settings/configuring-network-settings/index.md
index 25a13c16ad03..a8aef9ad4ca9 100644
--- a/content/admin/configuration/configuring-network-settings/index.md
+++ b/content/admin/configuring-settings/configuring-network-settings/index.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/guides/installation/configuring-your-github-enterprise-network-settings
- /enterprise/admin/installation/configuring-your-github-enterprise-server-network-settings
- /enterprise/admin/configuration/configuring-network-settings
+ - /admin/configuration/configuring-network-settings
intro: 'Configure {% data variables.product.prodname_ghe_server %} with the DNS nameservers and hostname required in your network. You can also configure a proxy server or firewall rules. You must allow access to certain ports for administrative and user purposes.'
versions:
ghes: '*'
diff --git a/content/admin/configuration/configuring-network-settings/network-ports.md b/content/admin/configuring-settings/configuring-network-settings/network-ports.md
similarity index 98%
rename from content/admin/configuration/configuring-network-settings/network-ports.md
rename to content/admin/configuring-settings/configuring-network-settings/network-ports.md
index c68843416570..2e19605ad09a 100644
--- a/content/admin/configuration/configuring-network-settings/network-ports.md
+++ b/content/admin/configuring-settings/configuring-network-settings/network-ports.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/installation/network-ports
- /enterprise/admin/configuration/network-ports
- /admin/configuration/network-ports
+ - /admin/configuration/configuring-network-settings/network-ports
intro: 'Open network ports selectively based on the network services you need to expose for administrators, end users, and email support.'
versions:
ghes: '*'
diff --git a/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md b/content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
similarity index 98%
rename from content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
rename to content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
index a931b5d3a22c..8e2c4f5e2b70 100644
--- a/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
+++ b/content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/installation/using-github-enterprise-server-with-a-load-balancer
- /enterprise/admin/configuration/using-github-enterprise-server-with-a-load-balancer
- /admin/configuration/using-github-enterprise-server-with-a-load-balancer
+ - /admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-network-settings/validating-your-domain-settings.md b/content/admin/configuring-settings/configuring-network-settings/validating-your-domain-settings.md
similarity index 92%
rename from content/admin/configuration/configuring-network-settings/validating-your-domain-settings.md
rename to content/admin/configuring-settings/configuring-network-settings/validating-your-domain-settings.md
index d63b1665b4ee..aebd86ca0135 100644
--- a/content/admin/configuration/configuring-network-settings/validating-your-domain-settings.md
+++ b/content/admin/configuring-settings/configuring-network-settings/validating-your-domain-settings.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/installation/validating-your-domain-settings
- /enterprise/admin/configuration/validating-your-domain-settings
- /admin/configuration/validating-your-domain-settings
+ - /admin/configuration/configuring-network-settings/validating-your-domain-settings
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise.md b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise.md
similarity index 86%
rename from content/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise.md
rename to content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise.md
index f37631fb1f85..36659210a0ce 100644
--- a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise.md
@@ -1,7 +1,7 @@
---
title: About Azure private networking for GitHub-hosted runners in your enterprise
shortTitle: About Azure private networking
-intro: 'You can create create a private network configuration for your enterprise to use {% data variables.product.company_short %}-hosted runners in your Azure Virtual Network(s) (VNET).'
+intro: 'You can create a private network configuration for your enterprise to use {% data variables.product.company_short %}-hosted runners in your Azure Virtual Network(s) (VNET).'
versions:
ghec: '*'
type: overview
@@ -18,6 +18,7 @@ permissions: 'Enterprise owners can create private network configurations at the
redirect_from:
- /actions/using-github-hosted-runners/connecting-to-a-private-network/about-using-github-hosted-runners-in-your-azure-virtual-network
- /admin/configuration/configuring-private-networking-for-hosted-compute-products/about-using-github-hosted-runners-in-your-azure-virtual-network
+ - /admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise
---
## About Azure private networking for {% data variables.product.company_short %}-hosted runners
diff --git a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise.md b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise.md
similarity index 81%
rename from content/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise.md
rename to content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise.md
index dc805f595235..658e1a8a07ee 100644
--- a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise.md
@@ -2,7 +2,7 @@
title: About networking for hosted compute products in your enterprise
shortTitle: About hosted compute networking
intro: 'You can manage private networking for {% data variables.product.company_short %}-hosted products using network configurations.'
-permissions: 'Enterprise owners can configure private networking for hosted compute products at the enterprise level.'
+permissions: Enterprise owners can configure private networking for hosted compute products at the enterprise level.
versions:
ghec: '*'
type: overview
@@ -16,6 +16,7 @@ topics:
- Enterprise
redirect_from:
- /admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products
+ - /admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products-in-your-enterprise
---
## About network configurations
diff --git a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md
similarity index 95%
rename from content/admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md
rename to content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md
index c790f65f0cde..229b81e0ea5c 100644
--- a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md
@@ -5,7 +5,7 @@ intro: 'Learn how to use {% data variables.product.company_short %}-hosted runne
versions:
ghec: '*'
type: how_to
-permissions: 'Enterprise owners can configure private networking for GitHub-hosted runners at the enterprise level.'
+permissions: Enterprise owners can configure private networking for GitHub-hosted runners at the enterprise level.
topics:
- Actions
- Action development
@@ -22,6 +22,7 @@ redirect_from:
- /admin/configuration/configuring-private-networking-for-hosted-compute-products/creating-a-network-configuration-with-an-azure-private-network
- /actions/using-github-hosted-runners/connecting-to-a-private-network/configuring-your-github-settings-for-use-with-azure-virtual-network
- /admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners
+ - /admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise
---
## About Azure private networking for {% data variables.product.company_short %}-hosted runners
diff --git a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/index.md b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/index.md
similarity index 86%
rename from content/admin/configuration/configuring-private-networking-for-hosted-compute-products/index.md
rename to content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/index.md
index d3308b17e014..b3a5abe3f334 100644
--- a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/index.md
+++ b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/index.md
@@ -13,4 +13,7 @@ children:
- /about-azure-private-networking-for-github-hosted-runners-in-your-enterprise
- /configuring-private-networking-for-github-hosted-runners-in-your-enterprise
- /troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise
+redirect_from:
+ - /admin/configuration/configuring-private-networking-for-hosted-compute-products
---
+
diff --git a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise.md b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise.md
similarity index 70%
rename from content/admin/configuration/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise.md
rename to content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise.md
index cc00e9e9a0c4..52b577d86fc7 100644
--- a/content/admin/configuration/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise.md
@@ -5,7 +5,7 @@ intro: 'Learn how to fix common issues while creating Azure private network conf
versions:
ghec: '*'
type: how_to
-permissions: 'Enterprise owners can configure private networking for GitHub-hosted runners at the enterprise level.'
+permissions: Enterprise owners can configure private networking for GitHub-hosted runners at the enterprise level.
topics:
- Actions
- Action development
@@ -16,6 +16,8 @@ topics:
- CD
- Enterprise
- Troubleshooting
+redirect_from:
+ - /admin/configuration/configuring-private-networking-for-hosted-compute-products/troubleshooting-azure-private-network-configurations-for-github-hosted-runners-in-your-enterprise
---
## Troubleshooting configuring private networking for {% data variables.product.company_short %}-hosted runners in your enterprise
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-applications.md
similarity index 96%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-applications.md
index 3e6836664214..5da6e89c2295 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-applications.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/configuration/configuring-applications
- /admin/configuration/configuring-applications
- /admin/configuration/configuring-your-enterprise/configuring-applications
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md
similarity index 98%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md
index b14ea6808120..04baf66b5699 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md
@@ -9,7 +9,8 @@ redirect_from:
- /enterprise/admin/user-management/configuring-email-for-notifications
- /admin/configuration/configuring-email-for-notifications
- /admin/configuration/configuring-your-enterprise/configuring-email-for-notifications
-permissions: 'Site administrators can configure email for notifications.'
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications
+permissions: Site administrators can configure email for notifications.
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md
similarity index 96%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md
index 8c1f12810945..e78079e7746b 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md
@@ -10,6 +10,7 @@ redirect_from:
- /enterprise/admin/guides/installation/configuring-github-pages-for-your-enterprise
- /admin/configuration/configuring-github-pages-for-your-enterprise
- /admin/configuration/configuring-your-enterprise/configuring-github-pages-for-your-enterprise
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
similarity index 87%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
index 2e2aed50366d..d2eda54ec52d 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
@@ -8,6 +8,8 @@ versions:
type: how_to
topics:
- Enterprise
+redirect_from:
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps
---
## About interactive maps
@@ -21,7 +23,7 @@ To enable interactive maps, you must provide authentication credentials for Azur
{% warning %}
-**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
+**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
{% endwarning %}
@@ -34,7 +36,7 @@ To enable interactive maps, you must provide authentication credentials for Azur
{% ifversion ghes < 3.12 %}
-The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
{% endif %}
@@ -48,7 +50,7 @@ The following prerequisites apply if your instance runs {% data variables.produc
{% ifversion ghes < 3.12 %}
-If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.
+If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.
{% data reusables.enterprise.azure-maps-auth-warning %}
@@ -60,7 +62,7 @@ If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.
{% ifversion ghes < 3.12 %}
-To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
{% endif %}
@@ -109,10 +111,10 @@ After you create an application on your Entra ID tenant and generate a secret fo
1. {% ifversion ghes > 3.11 %}Below the headings, type or paste{% else %}Enter{% endif %} your authentication details for Azure Maps.
{%- ifversion ghes < 3.11 %}
- * If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
+ * If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
{% data reusables.enterprise.azure-maps-auth-warning %}
- * If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
+ * If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
{%- endif %}
* Optionally, to change the style of rendered maps, under "Basemap ID", type the ID for the style you'd like to use.
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md
similarity index 98%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md
index f12170f94144..9adbd0f80cb9 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/configuration/configuring-rate-limits
- /admin/configuration/configuring-rate-limits
- /admin/configuration/configuring-your-enterprise/configuring-rate-limits
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md
similarity index 97%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md
index 305ffcb10c3a..3637844bc4b1 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md
@@ -14,6 +14,7 @@ topics:
permissions: 'Site administrators can configure web commit signing for {% data variables.location.product_location %}.'
redirect_from:
- /admin/configuration/configuring-your-enterprise/configuring-web-commit-signing
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing
---
## About web commit signing
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/index.md
similarity index 75%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/index.md
index 8c2cc4b15188..2534d5fef3be 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/index.md
@@ -1,7 +1,7 @@
---
title: Configuring user applications for your enterprise
shortTitle: Configure user applications
-intro: 'You can configure applications for users in your enterprise.'
+intro: You can configure applications for users in your enterprise.
versions:
ghec: '*'
ghes: '*'
@@ -16,6 +16,7 @@ children:
- /configuring-interactive-maps
- /managing-github-mobile-for-your-enterprise
- /verifying-or-approving-a-domain-for-your-enterprise
-
+redirect_from:
+ - /admin/configuration/configuring-user-applications-for-your-enterprise
---
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise.md
similarity index 94%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise.md
index 8dccc7afcbea..44e538e20935 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise.md
@@ -12,6 +12,7 @@ redirect_from:
- /admin/configuration/configuring-your-enterprise/managing-github-for-mobile-for-your-enterprise
- /admin/configuration/managing-github-for-mobile-for-your-enterprise
- /admin/configuration/configuring-your-enterprise/managing-github-mobile-for-your-enterprise
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise
shortTitle: Manage GitHub Mobile
---
diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise.md
similarity index 83%
rename from content/admin/configuration/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise.md
rename to content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise.md
index bd33b252d792..2ee81a23354b 100644
--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise.md
+++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise.md
@@ -23,6 +23,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise-account
- /admin/policies/verifying-or-approving-a-domain-for-your-enterprise
- /admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise
+ - /admin/configuration/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise
---
## About verification of domains
@@ -31,13 +32,13 @@ You can confirm that the websites and email addresses listed on the profiles of
After you verify ownership of your enterprise account's domains, a "Verified" badge will display on the profile of each organization that has the domain listed on its profile. {% data reusables.organizations.verified-domains-details %}
-For domains configured at the enterprise level, enterprise owners can verify the identity of organization members by viewing each member's email address within the verified domain. Enterprise owners can also view a list of enterprise members who don't have an email address from a verified domain associated with their user account on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-members-without-an-email-address-from-a-verified-domain)."
+For domains configured at the enterprise level, enterprise owners can verify the identity of organization members by viewing each member's email address within the verified domain. Enterprise owners can also view a list of enterprise members who don't have an email address from a verified domain associated with their user account on {% data variables.product.prodname_dotcom %}. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-members-without-an-email-address-from-a-verified-domain)."
-After you verify domains for your enterprise account, you can restrict email notifications to verified domains for all the organizations owned by your enterprise account. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise)."
+After you verify domains for your enterprise account, you can restrict email notifications to verified domains for all the organizations owned by your enterprise account. See "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise)."
Even if you don't restrict email notifications for the enterprise account, if an organization owner has restricted email notifications for the organization, organization members will be able to receive notifications at any domains verified or approved for the enterprise account, in addition to any domains verified or approved for the organization. For more information about restricting notifications for an organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)."
-Organization owners can also verify additional domains for their organizations. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
+Organization owners can also verify additional domains for their organizations. See "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
## About approval of domains
@@ -45,13 +46,11 @@ Organization owners can also verify additional domains for their organizations.
{% data reusables.enterprise-accounts.approved-domains-about %}
-After you approve domains for your enterprise account, you can restrict email notifications for activity within your enterprise account to users with verified email addresses within verified or approved domains. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise)."
+After you approve domains for your enterprise account, you can restrict email notifications for activity within your enterprise account to users with verified email addresses within verified or approved domains. See "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise)."
-{% ifversion ghec %}To receive email notifications, the owner of the user account must verify the email address on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."{% endif %}
+{% ifversion ghec %}To receive email notifications, the owner of the user account must verify the email address on {% data variables.product.product_name %}. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."{% endif %}
-Organization owners cannot see the email address or which user account is associated with an email address from an approved domain.
-
-Organization owners can also approve additional domains for their organizations. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
+Organization owners can also approve additional domains for their organizations. See "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
## Verifying a domain for your enterprise account
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md
similarity index 96%
rename from content/admin/configuration/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md
index 0043bc99ac66..fc5826260095 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md
@@ -5,6 +5,7 @@ intro: 'You can increase the security of {% data variables.location.product_loca
permissions: 'Site administrators can configure the host keys for a {% data variables.product.product_name %} instance.'
redirect_from:
- /admin/configuration/configuring-your-enterprise/configuring-host-keys-for-your-instance
+ - /admin/configuration/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance
versions:
ghes: '>= 3.6'
type: how_to
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md
similarity index 97%
rename from content/admin/configuration/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md
index 2ab506195fea..9c5a438b98b6 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md
@@ -5,6 +5,7 @@ intro: 'You can increase the security of {% data variables.location.product_loca
permissions: 'Site administrators can configure SSH connections to a {% data variables.product.product_name %} instance.'
redirect_from:
- /admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance
+ - /admin/configuration/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance
versions:
ghes: '>= 3.6'
type: how_to
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md
similarity index 95%
rename from content/admin/configuration/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md
index 995a13dc4066..713e4819ecdf 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md
@@ -4,6 +4,7 @@ shortTitle: Configure referrer policy
intro: 'You can increase the privacy of {% data variables.location.product_location %} by configuring the policy for cross-origin requests.'
redirect_from:
- /admin/configuration/configuring-your-enterprise/configuring-the-referrer-policy-for-your-enterprise
+ - /admin/configuration/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-tls.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md
similarity index 98%
rename from content/admin/configuration/hardening-security-for-your-enterprise/configuring-tls.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md
index 9d938adbe969..f91bd86f89cf 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/configuring-tls.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/configuration/configuring-tls
- /admin/configuration/configuring-tls
- /admin/configuration/configuring-network-settings/configuring-tls
+ - /admin/configuration/hardening-security-for-your-enterprise/configuring-tls
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-private-mode.md
similarity index 80%
rename from content/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-private-mode.md
index 58fcc54f57d5..1b0fb31bcdd2 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-private-mode.md
@@ -9,6 +9,7 @@ redirect_from:
- /enterprise/admin/configuration/enabling-private-mode
- /admin/configuration/enabling-private-mode
- /admin/configuration/configuring-your-enterprise/enabling-private-mode
+ - /admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode
versions:
ghes: '*'
type: how_to
@@ -22,7 +23,7 @@ topics:
- Privacy
- Security
---
-You must enable private mode if {% data variables.location.product_location %} is publicly accessible over the Internet. In private mode, users cannot anonymously clone repositories over `git://`. If built-in authentication is also enabled, an administrator must invite new users to create an account on the instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication)."
+You must enable private mode if {% data variables.location.product_location %} is publicly accessible over the Internet. In private mode, users cannot anonymously clone repositories. If built-in authentication is also enabled, an administrator must invite new users to create an account on the instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication)."
{% data reusables.enterprise_installation.image-urls-viewable-warning %}
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
similarity index 93%
rename from content/admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
index 28cd17d49d8b..c82130ba1ffe 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/configuration/enabling-subdomain-isolation
- /admin/configuration/enabling-subdomain-isolation
- /admin/configuration/configuring-network-settings/enabling-subdomain-isolation
+ - /admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation
versions:
ghes: '*'
type: how_to
@@ -35,14 +36,16 @@ When subdomain isolation is enabled, {% data variables.product.prodname_ghe_serv
| `http(s)://HOSTNAME/avatars/` | `http(s)://avatars.HOSTNAME/` |
| `http(s)://HOSTNAME/codeload/` | `http(s)://codeload.HOSTNAME/` |
| `http(s)://HOSTNAME/gist/` | `http(s)://gist.HOSTNAME/` |
-| `http(s)://HOSTNAME/media/` | `http(s)://media.HOSTNAME/` |{%- ifversion viewscreen-and-notebooks %}
-| `http(s)://HOSTNAME/notebooks/` | `http(s)://notebooks.HOSTNAME/` |{%- endif %}
+| `http(s)://HOSTNAME/media/` | `http(s)://media.HOSTNAME/` |
+| `http(s)://HOSTNAME/notebooks/` | `http(s)://notebooks.HOSTNAME/` |
| `http(s)://HOSTNAME/pages/` | `http(s)://pages.HOSTNAME/` |
| `http(s)://HOSTNAME/raw/` | `http(s)://raw.HOSTNAME/` |
| `http(s)://HOSTNAME/reply/` | `http(s)://reply.HOSTNAME/` |
-| `http(s)://HOSTNAME/uploads/` | `http(s)://uploads.HOSTNAME/` |{%- ifversion viewscreen-and-notebooks %}
-| `http(s)://HOSTNAME/viewscreen/` | `http(s)://viewscreen.HOSTNAME/` |{%- endif %}{%- ifversion ghes %}
-| Not supported | `https://containers.HOSTNAME/` |{%- endif %}
+| `http(s)://HOSTNAME/uploads/` | `http(s)://uploads.HOSTNAME/` |
+| `http(s)://HOSTNAME/viewscreen/` | `http(s)://viewscreen.HOSTNAME/` |
+| {%- ifversion ghes %} |
+| Not supported | `https://containers.HOSTNAME/` |
+| {%- endif %} |
## Prerequisites
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/index.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/index.md
similarity index 74%
rename from content/admin/configuration/hardening-security-for-your-enterprise/index.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/index.md
index 0717e56ec953..118552790225 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/index.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/index.md
@@ -1,7 +1,7 @@
---
title: Hardening security for your enterprise
shortTitle: Harden security
-intro: 'You can configure features and settings to harden security for your enterprise.'
+intro: You can configure features and settings to harden security for your enterprise.
versions:
ghec: '*'
ghes: '*'
@@ -16,6 +16,7 @@ children:
- /configuring-ssh-connections-to-your-instance
- /configuring-the-referrer-policy-for-your-enterprise
- /restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list
-
+redirect_from:
+ - /admin/configuration/hardening-security-for-your-enterprise
---
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
similarity index 97%
rename from content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
index f967a0242e95..a08607b8dc75 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
@@ -16,6 +16,7 @@ redirect_from:
- /admin/configuration/restricting-network-traffic-to-your-enterprise
- /admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise
- /admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list
+ - /admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list
---
## About network traffic restrictions
@@ -28,6 +29,8 @@ If your enterprise uses {% data variables.product.prodname_emus %} with Microsof
{% endif %}
+{% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %}
+
{% ifversion ghec %}
## About {% data variables.product.company_short %}'s IP allow list
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md
similarity index 98%
rename from content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md
rename to content/admin/configuring-settings/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md
index 40949df2fdc4..7061892c5e1c 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md
+++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md
@@ -9,6 +9,7 @@ redirect_from:
- /admin/configuration/troubleshooting-ssl-errors
- /admin/configuration/configuring-your-enterprise/troubleshooting-ssl-errors
- /admin/configuration/configuring-your-enterprise/troubleshooting-tls-errors
+ - /admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/configuration/index.md b/content/admin/configuring-settings/index.md
similarity index 97%
rename from content/admin/configuration/index.md
rename to content/admin/configuring-settings/index.md
index a4296061bade..e7c74900b669 100644
--- a/content/admin/configuration/index.md
+++ b/content/admin/configuring-settings/index.md
@@ -6,6 +6,7 @@ intro: You can configure your enterprise to suit your organization's needs.
redirect_from:
- /enterprise/admin/configuration
- /admin/configuration/configuring-your-enterprise
+ - /admin/configuration
versions:
ghec: '*'
ghes: '*'
diff --git a/content/admin/copilot-business-only/about-enterprise-accounts-for-copilot-business.md b/content/admin/copilot-business-only/about-enterprise-accounts-for-copilot-business.md
new file mode 100644
index 000000000000..cf8edd56f287
--- /dev/null
+++ b/content/admin/copilot-business-only/about-enterprise-accounts-for-copilot-business.md
@@ -0,0 +1,68 @@
+---
+title: About enterprise accounts for Copilot Business
+intro: 'Learn about the options for creating an enterprise account to manage {% data variables.product.prodname_copilot_business_short %} licenses, without adopting {% data variables.product.prodname_enterprise %}.'
+versions:
+ ghec: '*'
+topics:
+ - Accounts
+ - Enterprise
+ - Fundamentals
+shortTitle: About the account
+redirect_from:
+ - /early-access/copilot/managing-copilot-business-licenses-with-an-enterprise-account
+---
+
+You can use an enterprise account to manage licenses for {% data variables.product.prodname_copilot_for_business %}, without adopting {% data variables.product.prodname_enterprise %}.
+
+>[!NOTE] Access to this feature is currently managed by {% data variables.contact.contact_enterprise_sales %}.
+
+## What is an enterprise account for {% data variables.product.prodname_copilot_business_short %}?
+
+To use {% data variables.product.prodname_copilot %}, a user must authenticate to an account on {% data variables.product.prodname_dotcom %} that has a license for {% data variables.product.prodname_copilot_short %}. Organizations and enterprises on {% data variables.product.prodname_dotcom %} can manage members' access to {% data variables.product.prodname_copilot_short %} through a {% data variables.product.prodname_copilot_business_short %} subscription.
+
+If you don't already manage users through an organization or enterprise, you can create an enterprise account specifically for allocating {% data variables.product.prodname_copilot_business_short %} licenses.
+
+* You'll only pay for the {% data variables.product.prodname_copilot_short %} licenses you assign. For pricing, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#pricing-for-github-copilot-business)."
+* You won't pay for {% data variables.product.prodname_enterprise %} seats.
+* You won't be able to create organizations or repositories in the enterprise, or use features that require repositories or organizations, such as {% data variables.product.prodname_actions %}.
+
+When you create the account, you can choose whether your enterprise members will authenticate using their personal {% data variables.product.company_short %} accounts, or using new accounts that you will create and manage from an external identity management system. For a comparison, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud)."
+
+## How will I manage access for users?
+
+How you will add users to your enterprise and manage license assignment depends on whether you choose an enterprise with personal accounts or with {% data variables.product.prodname_emus %}.
+
+### Personal accounts
+
+If you request an enterprise with personal accounts:
+
+* You'll **add users** to the enterprise by sending an invitation to their personal {% data variables.product.prodname_dotcom %} account.
+* You'll **create teams** in the enterprise to manage which users receive {% data variables.product.prodname_copilot_business_short %} licenses. You can manage membership of the teams on {% data variables.product.prodname_dotcom %} or with the REST API.
+* When users receive a license, they can authenticate to {% data variables.product.prodname_dotcom %} from their development environment and **gain access** to {% data variables.product.prodname_copilot_short %}.
+* Optionally, you can configure **SAML single sign-on** (SSO), so that users must authenticate to an external identity system in addition to their personal account.
+
+### {% data variables.product.prodname_emus %}
+
+If you request an {% data variables.enterprise.prodname_emu_enterprise %}:
+
+* You'll **add users** to the enterprise by provisioning {% data variables.enterprise.prodname_managed_users %} from an identity provider (IdP), using SCIM.
+* You'll **create teams** in the enterprise to manage which users receive {% data variables.product.prodname_copilot_business_short %} licenses. You can manage membership of the teams from your IdP, on {% data variables.product.prodname_dotcom %}, or with the REST API.
+* When users receive a license, they can use single sign-on to authenticate to their {% data variables.product.prodname_dotcom %} account from their development environment and **gain access** to {% data variables.product.prodname_copilot_short %}.
+
+## Limitations
+
+* You will not be able to use REST API endpoints that require an organization. In particular, these include:
+ * "[List enterprise consumed licenses](/rest/enterprise-admin/license#list-enterprise-consumed-licenses)"
+ * "[AUTOTITLE](/rest/orgs/members)"
+ * "[AUTOTITLE](/rest/copilot/copilot-user-management)"
+* Documentation on {% data variables.product.prodname_docs %} may not apply to your enterprise.
+* With an enterprise for personal accounts, you cannot use team synchronization to manage membership of enterprise teams.
+
+## Getting started
+
+To get started, you will work with {% data variables.contact.contact_enterprise_sales %} to create an enterprise account, then add users to your enterprise and assign {% data variables.product.prodname_copilot_business_short %} licenses.
+
+See the setup guide for your chosen type of enterprise.
+
+* "[AUTOTITLE](/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-personal-accounts)
+* "[AUTOTITLE](/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-managed-users)
diff --git a/content/admin/copilot-business-only/index.md b/content/admin/copilot-business-only/index.md
new file mode 100644
index 000000000000..477a6cdfffff
--- /dev/null
+++ b/content/admin/copilot-business-only/index.md
@@ -0,0 +1,11 @@
+---
+title: Using a dedicated enterprise account for Copilot Business
+intro: Get started with an enterprise account for managing {% data variables.product.prodname_copilot_business_short %} licenses.
+versions:
+ ghec: '*'
+children:
+ - /about-enterprise-accounts-for-copilot-business
+ - /setting-up-a-dedicated-enterprise-for-copilot-business-personal-accounts
+ - /setting-up-a-dedicated-enterprise-for-copilot-business-managed-users
+shortTitle: Copilot Business only
+---
diff --git a/content/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-managed-users.md b/content/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-managed-users.md
new file mode 100644
index 000000000000..8f6401edffbc
--- /dev/null
+++ b/content/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-managed-users.md
@@ -0,0 +1,97 @@
+---
+title: Setting up a dedicated enterprise for Copilot Business ({% data variables.product.prodname_emus %})
+intro: 'Set up your account, provision users, and assign licenses.'
+versions:
+ ghec: '*'
+topics:
+ - Accounts
+ - Enterprise
+ - Fundamentals
+shortTitle: Set up with managed users
+allowTitleToDifferFromFilename: true
+redirect_from:
+ - /early-access/copilot/using-copilot-business-without-github-enterprise-managed-users
+
+---
+
+You can use an enterprise account to manage licenses for {% data variables.product.prodname_copilot_for_business %}, without adopting {% data variables.product.prodname_enterprise %}.
+
+This article describes the setup for an **enterprise with managed users**. If you haven't chosen an enterprise type, see "[AUTOTITLE](/admin/copilot-business-only/about-enterprise-accounts-for-copilot-business)."
+
+## Prerequisites
+
+* To provision users, you must connect the enterprise account to an identity management system. {% data variables.product.company_short %} partners with some developers of identity management systems to provide a "paved-path" integration with {% data variables.product.prodname_emus %}. See "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems)."
+{% data reusables.copilot-business-for-non-ghe.prerequisites %}
+
+## Requesting an enterprise account
+
+{% data reusables.copilot-business-for-non-ghe.request-access %}
+
+After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is your enterprise's shortcode suffixed with `_admin`, for example `fabrikam_admin`. Make sure to open the password reset link using an **incognito or private browsing window**. The link can only be opened once and if done incorrectly you will need to contact {% data variables.contact.github_support %} to send you a new link.
+
+>[!NOTE] {% data reusables.enterprise-accounts.emu-password-reset-session %}
+
+## Adding users to the enterprise
+
+To provision user accounts through your IdP, you'll need to **configure your IdP** by completing the following steps.
+
+### Step 1: Configure authentication
+
+To manage single sign-on (SSO) for users, you must connect your IdP to your enterprise account. You can use:
+* **SAML** with Entra ID, Okta, or PingFederate. For instructions, see "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+* **OIDC** with Entra ID. For instructions, see "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users)."
+
+### Step 2: Configure SCIM provisioning
+
+To provision accounts from your IdP, you must configure SCIM provisioning. For instructions, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."
+
+If you want to manage membership of teams from your IdP, you must assign the relevant identity groups to the {% data variables.product.prodname_emu_idp_application %} application on your IdP.
+
+### Step 3: Assign an enterprise owner
+
+After you configure authentication and provisioning with your IdP, grant one or more users the enterprise owner role. Enterprise owners can enable {% data variables.product.prodname_copilot_short %} for the enterprise and manage which users receive licenses. For instructions, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#assigning-users-and-groups)."
+
+You can also grant the billing manager role. A billing manager can view the assigned licenses for an enterprise, but cannot assign licenses or manage enterprise teams.
+
+## Linking an Azure subscription
+
+{% data reusables.copilot-business-for-non-ghe.link-azure-subscription %}
+
+## Enabling {% data variables.product.prodname_copilot_short %} for the enterprise
+
+{% data reusables.copilot-business-for-non-ghe.enable-copilot %}
+
+## Assigning licenses to users
+
+When {% data variables.product.prodname_copilot_short %} has been enabled for the enterprise, an **enterprise owner** can create teams in the enterprise and assign licenses to a team.
+
+* You will grant or remove licenses for users by managing membership of the teams, either from your IdP, directly in {% data variables.product.prodname_dotcom %}, or with the REST API.
+* You cannot assign licenses to individual users or to an entire enterprise.
+* To manage membership from your IdP, ensure the relevant identity groups have been assigned to the {% data variables.product.prodname_emu_idp_application %} application in your IdP and pushed to {% data variables.product.prodname_dotcom %} via SCIM.
+
+The same user can be a member of multiple teams. You will only be charged once per user.
+
+### Creating a team
+
+> [!NOTE] You can create teams and manage membership using the REST API. For endpoint documentation, please contact your account manager.
+
+{% data reusables.enterprise-accounts.people-tab %}
+1. Under "People", click **Enterprise teams**.
+1. Click **New enterprise team**.
+1. Enter a name for the team.
+1. Optionally, to sync the team with an identity group and manage membership from your IdP, under "Identity Provider Group", select a group from the dropdown menu. If you leave this dropdown menu empty, you will manage membership of the team directly.
+1. Click **Create team**.
+1. Add users to the team:
+
+ * If you linked the team to an IdP group, add users to the related group in your IdP.
+ * If you are managing team membership directly, on the team page, click **Add a member**, then search for and select the user. For information about how {% data variables.product.company_short %} generates usernames for users provisioned from an IdP, see "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication#about-usernames-for-managed-user-accounts)."
+
+### Assigning licenses to a team
+
+{% data reusables.copilot-business-for-non-ghe.assign-licenses %}
+
+> [!NOTE] If you manage team membership from Entra ID, addition or removal of a user from a team on {% data variables.product.prodname_dotcom %} may take up to 40 minutes. After Entra ID communicates with {% data variables.product.prodname_dotcom %}, the change will take effect after {% data variables.product.prodname_dotcom %} prompts the user to authenticate.
+
+## Managing your enterprise
+
+{% data reusables.copilot-business-for-non-ghe.manage-your-enterprise %}
diff --git a/content/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-personal-accounts.md b/content/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-personal-accounts.md
new file mode 100644
index 000000000000..4c93271456b0
--- /dev/null
+++ b/content/admin/copilot-business-only/setting-up-a-dedicated-enterprise-for-copilot-business-personal-accounts.md
@@ -0,0 +1,81 @@
+---
+title: Setting up a dedicated enterprise for Copilot Business (personal accounts)
+intro: 'Set up your account, provision users, and assign licenses.'
+versions:
+ ghec: '*'
+topics:
+ - Accounts
+ - Enterprise
+ - Fundamentals
+shortTitle: Set up with personal accounts
+redirect_from:
+ - /early-access/copilot/using-copilot-business-without-github-enterprise-personal-accounts
+---
+
+You can use an enterprise account to manage licenses for {% data variables.product.prodname_copilot_for_business %}, without adopting {% data variables.product.prodname_enterprise %}.
+
+This article describes the setup for an **enterprise with personal accounts**. If you haven't chosen an enterprise type, see "[AUTOTITLE](/admin/copilot-business-only/about-enterprise-accounts-for-copilot-business)."
+
+## Prerequisites
+
+{% data reusables.copilot-business-for-non-ghe.prerequisites %}
+
+## Requesting an enterprise account
+
+{% data reusables.copilot-business-for-non-ghe.request-access %}
+
+## Adding users to the enterprise
+
+After you invite someone to join the enterprise account, they must accept the emailed invitation before they can access the enterprise account. Pending invitations will expire after 7 days.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.people-tab %}
+1. Under "People", click **Members**.
+1. Click **Invite member**.
+1. Search for the user you want to invite, then click **Invite**.
+
+### Inviting an enterprise owner
+
+You can also invite a user as an enterprise owner. Enterprise owners can grant access to {% data variables.product.prodname_copilot %} and set policies for the enterprise. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#inviting-an-enterprise-administrator-to-your-enterprise-account)."
+
+You can also invite a user as a billing manager. A billing manager can view the assigned licenses for an enterprise, but cannot assign licenses or manage enterprise teams.
+
+### Configuring SAML authentication
+
+You can configure SAML single sign-on to require users to authenticate to an external identity management system in addition to their personal account. See "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
+
+## Linking an Azure subscription
+
+{% data reusables.copilot-business-for-non-ghe.link-azure-subscription %}
+
+## Enabling {% data variables.product.prodname_copilot_short %} for the enterprise
+
+{% data reusables.copilot-business-for-non-ghe.enable-copilot %}
+
+## Assigning licenses to users
+
+When {% data variables.product.prodname_copilot_short %} has been enabled for the enterprise, an **enterprise owner** can create teams in the enterprise and assign licenses to a team.
+
+* You will grant or remove licenses for users by managing membership of the teams, either in {% data variables.product.prodname_dotcom %} or with the REST API.
+* You cannot assign licenses to individual users or to an entire enterprise.
+
+The same user can be a member of multiple teams. You will only be charged once per user.
+
+### Creating a team
+
+> [!NOTE] You can create teams and manage membership using the REST API. For endpoint documentation, please contact your account manager.
+
+{% data reusables.enterprise-accounts.people-tab %}
+1. Under "People", click **Enterprise teams**.
+1. Click **New enterprise team**.
+1. Enter a name for the team.
+1. Click **Create team**.
+1. To add users, click **Add a member**, then search for and select the user.
+
+### Assigning licenses to a team
+
+{% data reusables.copilot-business-for-non-ghe.assign-licenses %}
+
+## Managing your enterprise
+
+{% data reusables.copilot-business-for-non-ghe.manage-your-enterprise %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
similarity index 94%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
index 6e3b9daec3e3..61fc739957ad 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
@@ -8,6 +8,8 @@ type: overview
topics:
- Enterprise
- Policies
+redirect_from:
+ - /admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies
---
To help you enforce business rules and regulatory compliance, policies provide a single point of management for all the organizations owned by an enterprise account.
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
similarity index 95%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
index 2f49a624de48..5031d0d9cd7f 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
@@ -25,6 +25,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise-account/enforcing-a-policy-on-dependency-insights-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/enforcing-a-policy-on-dependency-insights-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-a-policy-on-dependency-insights-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise
shortTitle: Code security & analysis
---
{% ifversion security-feature-enablement-policies %}
@@ -40,7 +41,7 @@ Additionally, you can enforce policies for the use of {% data variables.product.
{% data reusables.advanced-security.ghas-helps-developers %} For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
-{% ifversion ghes %}If you purchase a license for {% data variables.product.prodname_GH_advanced_security %}, any{% else %}Any{% endif %} organization on {% data variables.location.product_location %} can use {% data variables.product.prodname_advanced_security %} features. You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} use {% data variables.product.prodname_advanced_security %}.
+{% ifversion ghes %}If you purchase a license for {% data variables.product.prodname_GH_advanced_security %}, any{% else %}Any{% endif %} organization on {% data variables.product.prodname_ghe_server %} can use {% data variables.product.prodname_advanced_security %} features. You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} use {% data variables.product.prodname_advanced_security %}.
{% endif %}
diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
new file mode 100644
index 000000000000..9f905ed7720a
--- /dev/null
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
@@ -0,0 +1,177 @@
+---
+title: Enforcing policies for GitHub Actions in your enterprise
+intro: "You can enforce policies to manage how {% data variables.product.prodname_actions %} can be used within your enterprise."
+permissions: "Enterprise owners"
+redirect_from:
+ - /enterprise/admin/github-actions/enforcing-github-actions-policies-for-your-enterprise
+ - /admin/github-actions/enforcing-github-actions-policies-for-your-enterprise
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enforcing-github-actions-policies-for-your-enterprise
+ - /github/setting-up-and-managing-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account
+ - /github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account
+ - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-github-actions-policies-for-your-enterprise
+ - /github/setting-up-and-managing-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
+ - /github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
+ - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise
+versions:
+ ghec: '*'
+ ghes: '*'
+type: how_to
+topics:
+ - Actions
+ - Enterprise
+ - Policies
+shortTitle: GitHub Actions policies
+---
+
+## What are policies for {% data variables.product.prodname_actions %}?
+
+Enterprise policies control the options that are available to enterprise members when they use {% data variables.product.prodname_actions %}.
+
+If you don't enforce enterprise policies, organization owners{% ifversion custom-org-roles %} and users with the "Manage organization Actions policies" permission{% endif %} have full control over {% data variables.product.prodname_actions %} for their organizations.
+
+## Enforcing policies
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.actions-tab %}
+1. After you configure each policy, click **Save**.
+
+For more information about each section of the "Policies" page, continue reading.
+
+## Policies
+
+In the "Policies" section, you can control which organizations within your enterprise can use {% data variables.product.prodname_actions %}, with the following options:
+
+* Enable {% data variables.product.prodname_actions %} for all organizations
+* Enable {% data variables.product.prodname_actions %} for specific organizations
+* Disable {% data variables.product.prodname_actions %} for all organizations
+
+You can also limit the use of public actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}, with the following options:
+
+* **Allow all actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}**: Any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} can be used, regardless of who authored it or where it is defined.
+* **Allow enterprise actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}**: Only actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} defined in a repository within the enterprise can be used. {% ifversion ghec or fpt %}Blocks all access to actions authored by {% data variables.product.prodname_dotcom %}, such as the [`actions/checkout`](https://github.com/actions/checkout) action.{% endif %}
+* {% data reusables.actions.policy-label-for-select-actions-workflows %}: Any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} defined in a repository within the enterprise can be used, plus any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} that matches criteria you specify.
+
+
+
+### {% data reusables.actions.policy-label-for-select-actions-workflows %}
+
+If you choose this option, actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} within your enterprise are allowed, and you'll have the following options for allowing other actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %}:
+
+* **Allow actions created by {% data variables.product.prodname_dotcom %}:** Allows all actions created by {% data variables.product.prodname_dotcom %}, located in the [`actions`](https://github.com/actions) and [`github`](https://github.com/github) organizations.
+* **Allow Marketplace actions by verified creators:** Allows all {% data variables.product.prodname_marketplace %} actions created by verified creators, labeled with {% octicon "verified" aria-label="The verified badge" %}.{% ifversion ghes %}
+
+ Only available if you have {% data variables.product.prodname_github_connect %} enabled and configured with {% data variables.product.prodname_actions %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)."{% endif %}
+* **Allow specified actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %}:** Allows actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} that you specify. You can specify individual actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} or entire organizations and repositories.
+
+When specifying actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %}, use the following syntax:
+
+* To restrict access to specific tags or commit SHAs of an action{% ifversion actions-workflow-policy %} or reusable workflow{% endif %}, use the same syntax used in the workflow to select the action{% ifversion actions-workflow-policy %} or reusable workflow{% endif %}.
+ * For an action, the syntax is `OWNER/REPOSITORY@TAG-OR-SHA`. For example, use `actions/javascript-action@v1.0.1` to select a tag or `actions/javascript-action@a824008085750b8e136effc585c3cd6082bd575f` to select a SHA.
+ {%- ifversion actions-workflow-policy %}
+ * For a reusable workflow, the syntax is `OWNER/REPOSITORY/PATH/FILENAME@TAG-OR-SHA`. For example, `octo-org/another-repo/.github/workflows/workflow.yml@v1`.
+ {%- endif %}
+* To specify a pattern, use the wildcard character, `*`.
+ * To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} in organizations that start with `space-org`, use `space-org*/*`.
+ * To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} in repositories that start with octocat, use `*/octocat**@*`.
+
+{% ifversion actions-disable-repo-runners %}
+
+## Runners
+
+By default, anyone with admin access to a repository can add a self-hosted runner for the repository, and self-hosted runners come with risks:
+
+* There is no guarantee that self-hosted runners will be hosted on ephemeral, clean virtual machines. As a result, they may be compromised by untrusted code in a workflow.
+* Anyone who can fork the repository and open a pull request can compromise the self-hosted runner environment, potentially gaining access to secrets and the `GITHUB_TOKEN`, which may have write access to the repository.
+
+In the "Runners" section, you can mediate these risks by disabling the use of repository-level self-hosted runners.
+
+{% ifversion ghec %}
+* **Disable for all organizations**: Prevents the creation of runners at the repository level.
+* **Disable in all Enterprise Managed User (EMU) repositories**: Prevents the creation of runners for repositories owned by {% data variables.enterprise.prodname_managed_users %}.
+{% endif %}
+
+{% data reusables.actions.disable-selfhosted-runners-note %}
+
+{% endif %}
+
+## {% ifversion ghes %}Artifact, log, and cache settings{% else %}Artifact and log retention{% endif %}
+
+{% ifversion ghes %}
+
+These policies control storage of artifacts, logs, and caches.
+
+### Artifact and log retention
+
+{% endif %}
+
+By default, artifacts and log files generated by workflows are retained for 90 days. {% ifversion ghes %}You can change this retention period to anywhere between 1 and 400 days.{% else %}You can change the retention period.
+
+* For public repositories, you can configure a period between 1 and 90 days.
+* For private and internal repositories, you can configure a period between 1 and 400 days.
+{% endif %}
+
+Changes only apply to new artifacts and log files.
+
+{% ifversion actions-cache-policy-apis %}
+
+### Maximum and default cache size limits
+
+By default:
+
+* The total cache storage that {% data variables.product.prodname_actions %} uses on the external storage for {% data variables.location.product_location %} is limited to a maximum of 10 GB per repository.
+* The maximum allowed size that can be set for a repository is 25 GB.
+
+{% data reusables.actions.cache-eviction-process %}
+
+You can customize both the default total cache size for each repository and the maximum total cache size allowed for a repository. For example, you might want the default total cache size for each repository to be 5 GB, but also allow administrators to configure a total cache size up to 15 GB for individual repositories.
+
+{% ifversion actions-cache-admin-ui %}Organization owners can set a lower total cache size that applies to each repository in their organization. {% endif %}People with admin access to a repository can set a total cache size for their repository up to the maximum cache size allowed by the enterprise {% ifversion actions-cache-admin-ui %}or organization{% endif %} policy setting.
+
+{% endif %}
+
+{% ifversion ghec %}
+
+## Fork pull request workflows from outside collaborators
+
+Anyone can fork a public repository, then submit a pull request to propose changes to the repository's workflows. To prevent abuse, workflows will not run automatically on pull requests created by some contributors.
+
+You can configure which pull requests require approval before they are run.
+
+* **Require approval for first-time contributors who are new to {% data variables.product.prodname_dotcom %}**. Requires approval for users who have never committed to the repository and have new {% data variables.product.prodname_dotcom %} accounts.
+* **Require approval for first-time contributors**. Requires approval for users who have never committed to the repository.
+* **Require approval for all outside collaborators**. Requires approval for all users who are not organization members.
+
+> [!NOTE] Workflows on the base branch triggered by `pull_request_target` events will always run, regardless of approval settings.
+
+{% endif %}
+
+## Fork pull request workflows in private repositories
+
+You can control how users can run workflows on `pull_request` events in private and internal repositories.
+
+* **Run workflows from fork pull requests**. Users can run workflows from fork pull requests. By default, workflows will use a `GITHUB_TOKEN` with read-only permission, with no access to secrets.
+* **Send write tokens to workflows from pull requests**. Workflows will use a `GITHUB_TOKEN` with write permission.
+* **Send secrets to workflows from pull requests**. All secrets are available to the pull request.
+{%- ifversion actions-private-fork-workflow-approvals %}
+* **Require approval for fork pull request workflows**. Workflows on pull requests from collaborators without write permission will require approval from someone with write permission before they will run.
+{%- endif %}
+
+If a policy is enabled for an enterprise, the policy can be selectively disabled in individual organizations or repositories. If a policy is disabled for an enterprise, individual organizations or repositories cannot enable it.
+
+{% ifversion ghec or ghes %}
+
+## Workflow permissions
+
+In the "Workflow permissions" section, you can set the **default** permissions granted to the `GITHUB_TOKEN`.
+
+* **Read and write permissions**: By default, `GITHUB_TOKEN` has read and write access for all scopes.
+* **Read repository contents and packages permissions**: By default, `GITHUB_TOKEN` has only read access for the `contents` and `packages` scopes. The more permissive setting cannot be chosen as the default for individual organizations or repositories.
+
+Anyone with write access to a repository can still modify the permissions granted to the `GITHUB_TOKEN` for a specific workflow, by editing the `permissions` key in the workflow file.
+
+**Allow GitHub Actions to create and approve pull requests** is disabled by default. If you enable this setting, `GITHUB_TOKEN` can create and approve pull requests.
+
+{% endif %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md
similarity index 96%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md
index 891d63f6c02c..997ff96bccfc 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md
@@ -11,6 +11,8 @@ topics:
- Enterprise
- Organizations
- Policies
+redirect_from:
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise
---
## About enterprise policies for {% data variables.product.prodname_github_codespaces %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md
similarity index 90%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md
index 8d4a7f21b6e6..6fb75316b62c 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md
@@ -12,6 +12,8 @@ topics:
- Organizations
- Policies
shortTitle: GitHub Copilot policies
+redirect_from:
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise
---
Enterprise admins can:
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise.md
similarity index 91%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise.md
index c8e71fc90366..9da577add460 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise.md
@@ -1,6 +1,6 @@
---
title: Enforcing policies for GitHub Sponsors in your enterprise
-intro: "Enterprise owners can control whether to allow the enterprise's organizations to sponsor open source projects."
+intro: Enterprise owners can control whether to allow the enterprise's organizations to sponsor open source projects.
permissions: 'Enterprise owners can enforce policies for {% data variables.product.prodname_sponsors %} in an enterprise.'
versions:
feature: enterprise-orgs-sponsors-with-cc
@@ -10,6 +10,8 @@ topics:
- Enterprise
- Policies
shortTitle: '{% data variables.product.prodname_sponsors %} policies'
+redirect_from:
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise
---
## About enterprise policies for {% data variables.product.prodname_sponsors %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
similarity index 98%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
index a0e087040cdf..ffd54f3fd0dd 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
@@ -4,6 +4,8 @@ intro: 'Enterprise owners can control whether to allow {% data variables.product
versions:
feature: pat-v2-enterprise
shortTitle: '{% data variables.product.pat_generic_caps %} policies'
+redirect_from:
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise
---
{% note %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md
similarity index 97%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md
index 1eec3292ca52..0e4186530cfc 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md
@@ -10,6 +10,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/enforcing-project-board-policies-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-project-board-policies-in-your-enterprise-account
- /admin/policies/enforcing-policies-for-your-enterprise/enforcing-project-board-policies-in-your-enterprise
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise
versions:
ghec: '*'
ghes: '*'
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
similarity index 99%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
index 6bfa1ba1b0a4..9b67d92f8a22 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
@@ -10,6 +10,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise-account/enforcing-security-settings-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-security-settings-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise
versions:
ghec: '*'
ghes: '*'
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
similarity index 98%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
index 4ed4985515f2..c5d6ff418b76 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
@@ -33,6 +33,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise-account/enforcing-repository-management-policies-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/enforcing-repository-management-policies-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-repository-management-policies-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise
versions:
ghec: '*'
ghes: '*'
@@ -154,7 +155,7 @@ Across all organizations owned by your enterprise, you can set the default branc
Across all organizations owned by your enterprise, you can allow members with admin access to change a repository's visibility, restrict repository visibility changes to organization owners, or allow owners to administer the setting on the organization level. When you prevent members from changing repository visibility, only enterprise owners can change the visibility of a repository.
-If an enterprise owner has restricted repository creation to organization owners only, then members will not be able to change repository visibility. If an enterprise owner has restricted member repository creation to private repositories only, then members will only be able to change the visibility of a repository to private. For more information, see "[Enforcing a policy for repository creation](#enforcing-a-policy-for-repository-creation)."
+If an enterprise owner has restricted repository creation to organization owners only, then members will not be able to change repository visibility. For more information, see "[Enforcing a policy for repository creation](#enforcing-a-policy-for-repository-creation)."
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md
similarity index 95%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md
index 7596f5970af0..6c91e4c88d7e 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md
@@ -9,6 +9,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise-account/enforcing-team-policies-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/enforcing-team-policies-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-team-policies-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise
versions:
ghes: '< 3.13'
type: how_to
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/index.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md
similarity index 95%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/index.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md
index aca7e197a4f0..6b8414d2ec58 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/index.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/policies/enforcing-policies-for-your-enterprise
- /articles/setting-policies-for-organizations-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise-account/setting-policies-for-organizations-in-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise
versions:
ghec: '*'
ghes: '*'
@@ -26,3 +27,4 @@ children:
- /enforcing-policies-for-personal-access-tokens-in-your-enterprise
shortTitle: Enforce policies
---
+
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise.md
similarity index 96%
rename from content/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise.md
rename to content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise.md
index e7865f67af2e..848f7ca2a693 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise.md
@@ -17,6 +17,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/restricting-email-notifications-for-your-enterprise-account-to-approved-domains
- /github/setting-up-and-managing-your-enterprise/restricting-email-notifications-for-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/restricting-email-notifications-for-your-enterprise-account
+ - /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise
shortTitle: Restrict email notifications
---
diff --git a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
similarity index 96%
rename from content/admin/policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
rename to content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
index b2e493d5378a..da5ed7d2b17d 100644
--- a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
+++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/developer-workflow/about-pre-receive-hooks
- /enterprise/admin/policies/about-pre-receive-hooks
- /admin/policies/about-pre-receive-hooks
+ - /admin/policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks
versions:
ghes: '*'
type: overview
diff --git a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md
similarity index 93%
rename from content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md
rename to content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md
index 681e222cf2a4..c01153e6bd86 100644
--- a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md
+++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/developer-workflow/creating-a-pre-receive-hook-environment
- /enterprise/admin/policies/creating-a-pre-receive-hook-environment
- /admin/policies/creating-a-pre-receive-hook-environment
+ - /admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment
versions:
ghes: '*'
type: how_to
@@ -20,6 +21,9 @@ A pre-receive environment for {% data variables.product.prodname_ghe_server %} i
If you have a specific requirement that isn't met by this environment, such as support for a particular language, you can create and upload your own 64-bit Linux `chroot` environment.
+The Git version used in the pre-receive hook environment must be at least 2.11, or if you are using libgit2 you must use at least version 0.18.
+If you are using another Git implementation, it must support relative paths in the `info/alternates` file.
+
## Creating a pre-receive hook environment using Docker
You can use a Linux container management tool to build a pre-receive hook environment. This example uses [Alpine Linux](https://www.alpinelinux.org/) and [Docker](https://www.docker.com/).
diff --git a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md
similarity index 98%
rename from content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md
rename to content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md
index f3c325d6bd45..fa7f3153f4ac 100644
--- a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md
+++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/developer-workflow/creating-a-pre-receive-hook-script
- /enterprise/admin/policies/creating-a-pre-receive-hook-script
- /admin/policies/creating-a-pre-receive-hook-script
+ - /admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script
versions:
ghes: '*'
type: how_to
@@ -71,8 +72,8 @@ The following variables are always available in the pre-receive hook environment
| :- | :- | :- |
|
$GIT_DIR
| Path to the remote repository on the instance | /data/user/repositories/a/ab/ a1/b2/34/100001234/1234.git |
|
$GIT_PUSH_OPTION_COUNT
| The number of push options that were sent by the client with `--push-option`. For more information, see "[git-push](https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt)" in the Git documentation. | 1 |
-|
$GIT\_PUSH\_OPTION\_N
| Where N is an integer starting at 0, this variable contains the push option string that was sent by the client. The first option that was sent is stored in `GIT_PUSH_OPTION_0`, the second option that was sent is stored in `GIT_PUSH_OPTION_1`, and so on. For more information about push options, see "[git-push](https://git-scm.com/docs/git-push#git-push---push-optionltoptiongt)" in the Git documentation. | abcd |{% ifversion ghes %}
-|
$GIT_USER_AGENT
| User-agent string sent by the Git client that pushed the changes | git/2.0.0{% endif %}
+|
$GIT\_PUSH\_OPTION\_N
| Where N is an integer starting at 0, this variable contains the push option string that was sent by the client. The first option that was sent is stored in `GIT_PUSH_OPTION_0`, the second option that was sent is stored in `GIT_PUSH_OPTION_1`, and so on. For more information about push options, see "[git-push](https://git-scm.com/docs/git-push#git-push---push-optionltoptiongt)" in the Git documentation. | abcd |
+|
$GIT_USER_AGENT
| User-agent string sent by the Git client that pushed the changes | git/2.0.0 |
|
$GITHUB_REPO_NAME
| Name of the repository being updated in NAME/OWNER format | octo-org/hello-enterprise |
|
$GITHUB_REPO_PUBLIC
| Boolean representing whether the repository being updated is public |
true: Repository's visibility is public
false: Repository's visibility is private or internal
|
$GITHUB_USER_IP
| IP address of client that initiated the push | 192.0.2.1 |
@@ -92,9 +93,7 @@ The `$GITHUB_VIA` variable is available in the pre-receive hook environment when
|
git refs delete api
| Deletion of a ref via the API | "[AUTOTITLE](/rest/git/refs#delete-a-reference)" |
|
git refs update api
| Update of a ref via the API | "[AUTOTITLE](/rest/git/refs#update-a-reference)" |
|
git repo contents api
| Change to a file's contents via the API | "[AUTOTITLE](/rest/repos/contents#create-or-update-file-contents)" |
-{%- ifversion ghes %}
| `merge` | Merge of a pull request using auto-merge | "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)" |
-{%- endif %}
|
merge base into head
| Update of the topic branch from the base branch when the base branch requires strict status checks (via **Update branch** in a pull request, for example) | "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)" |
|
pull request branch delete button
| Deletion of a topic branch from a pull request in the web interface | "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/deleting-and-restoring-branches-in-a-pull-request#deleting-a-branch-used-for-a-pull-request)" |
|
pull request branch undo button
| Restoration of a topic branch from a pull request in the web interface | "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/deleting-and-restoring-branches-in-a-pull-request#restoring-a-deleted-branch)" |
@@ -104,9 +103,9 @@ The `$GITHUB_VIA` variable is available in the pre-receive hook environment when
|
releases delete button
| Deletion of a release | "[AUTOTITLE](/repositories/releasing-projects-on-github/managing-releases-in-a-repository#deleting-a-release)" |
|
stafftools branch restore
| Restoration of a branch from the site admin dashboard | "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/site-admin-dashboard#repositories)" |
|
tag create api
| Creation of a tag via the API | "[AUTOTITLE](/rest/git/tags#create-a-tag-object)" |
-{%- ifversion ghes < 3.13 %}
+| {% ifversion ghes < 3.13 %} |
|
| Creation of a branch via the web interface | "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository#creating-a-branch)" |
#### Available for pull request merges
diff --git a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/index.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/index.md
similarity index 92%
rename from content/admin/policies/enforcing-policy-with-pre-receive-hooks/index.md
rename to content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/index.md
index 773fcb94892a..9397d86010d2 100644
--- a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/index.md
+++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/index.md
@@ -4,6 +4,7 @@ intro: Use pre-receive hooks to enforce workflow standards within your organizat
redirect_from:
- /enterprise/admin/developer-workflow/using-pre-receive-hooks-to-enforce-policy
- /enterprise/admin/policies/enforcing-policy-with-pre-receive-hooks
+ - /admin/policies/enforcing-policy-with-pre-receive-hooks
versions:
ghes: '*'
topics:
diff --git a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance.md
similarity index 97%
rename from content/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance.md
rename to content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance.md
index cfe69c38cb42..68d7c871c6cf 100644
--- a/content/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance.md
+++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/policies/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance
- /admin/policies/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance
- /admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance
+ - /admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/policies/index.md b/content/admin/enforcing-policies/index.md
similarity index 95%
rename from content/admin/policies/index.md
rename to content/admin/enforcing-policies/index.md
index d494692d14c3..c8ad6283f8d7 100644
--- a/content/admin/policies/index.md
+++ b/content/admin/enforcing-policies/index.md
@@ -5,6 +5,7 @@ intro: 'You can set policies in {% data variables.product.product_name %} to red
redirect_from:
- /enterprise/admin/developer-workflow
- /enterprise/admin/policies
+ - /admin/policies
versions:
ghec: '*'
ghes: '*'
@@ -15,3 +16,4 @@ children:
- /enforcing-policy-with-pre-receive-hooks
shortTitle: Policies
---
+
diff --git a/content/admin/guides.md b/content/admin/guides.md
index 1c609ae08f05..f0b96194c575 100644
--- a/content/admin/guides.md
+++ b/content/admin/guides.md
@@ -18,90 +18,91 @@ learningTracks:
- '{% ifversion ghes %}configure_github_actions{% endif %}'
- '{% ifversion ghes %}configure_github_advanced_security{% endif %}'
includeGuides:
- - /admin/identity-and-access-management/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider
- - /admin/identity-and-access-management/understanding-iam-for-enterprises/changing-authentication-methods
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise
- - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
- - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users
- - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users
- - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users
- - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-using-okta
- - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups
- - /admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas
- - /admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam
+ - /admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider
+ - /admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods
+ - /admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-entra-id
+ - /admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise
+ - /admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes
+ - /admin/managing-iam/understanding-iam-for-enterprises/about-saml-for-enterprise-iam
+ - /admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta
+ - /admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise
+ - /admin/managing-iam/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
+ - /admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users
+ - /admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users
+ - /admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users
+ - /admin/identity-and-access-management/provisioning-user-accounts-with-scim/configuring-scim-provisioning-using-okta
+ - /admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups
+ - /admin/managing-iam/using-cas-for-enterprise-iam/using-cas
+ - /admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap
+ - /admin/managing-iam/using-saml-for-enterprise-iam
- /admin/administering-your-instance/administering-your-instance-from-the-command-line/accessing-the-administrative-shell-ssh
- - /admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance
- - /admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance
+ - /admin/configuring-settings/configuring-network-settings/configuring-the-hostname-for-your-instance
+ - /admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance
- /admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance
- - /admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules
- - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance
+ - /admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules
+ - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance
- /admin/configuration/configuring-data-encryption-for-your-enterprise
- - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
- - /admin/configuration/configuring-network-settings/configuring-dns-nameservers
- - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits
- - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance
- - /admin/configuration/hardening-security-for-your-enterprise/configuring-tls
- - /admin/configuration/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise
- - /admin/configuration/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise
+ - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
+ - /admin/configuring-settings/configuring-network-settings/configuring-dns-nameservers
+ - /admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits
+ - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance
+ - /admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls
+ - /admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise
+ - /admin/configuring-settings/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise
- /admin/configuration/connecting-your-enterprise-account-to-github-enterprise-cloud
- - /admin/configuration/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance
- - /admin/configuration/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance
+ - /admin/configuring-settings/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance
+ - /admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance
- /admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode
- - /admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise
- - /admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode
- - /admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation
- - /admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise
- - /admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise
- - /admin/configuration/configuring-network-settings/network-ports
+ - /admin/configuring-settings/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise
+ - /admin/configuring-settings/hardening-security-for-your-enterprise/enabling-private-mode
+ - /admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation
+ - /admin/configuring-settings/configuring-github-connect/enabling-unified-contributions-for-your-enterprise
+ - /admin/configuring-settings/configuring-github-connect/enabling-unified-search-for-your-enterprise
+ - /admin/configuring-settings/configuring-network-settings/network-ports
- /admin/configuration/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list
- /admin/administering-your-instance/administering-your-instance-from-the-web-ui
- - /admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors
- - /admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer
- - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-high-availability-configuration
- - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard
- - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica
- - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha
- - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks
- - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance
- - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/recommended-alert-thresholds
- - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/setting-up-external-monitoring
- - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements
- - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server
- - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs
+ - /admin/configuring-settings/hardening-security-for-your-enterprise/troubleshooting-tls-errors
+ - /admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer
+ - /admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration
+ - /admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard
+ - /admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica
+ - /admin/monitoring-and-managing-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha
+ - /admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks
+ - /admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance
+ - /admin/monitoring-and-managing-your-instance/monitoring-your-instance/recommended-alert-thresholds
+ - /admin/monitoring-and-managing-your-instance/monitoring-your-instance/setting-up-external-monitoring
+ - /admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process
+ - /admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements
+ - /admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot
+ - /admin/upgrading-your-instance/performing-an-upgrade
+ - /admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs
- /support/learning-about-github-support/about-github-support
- - /admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise
- - /admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
- - /admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise
- - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
- - /admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions
- - /admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment
+ - /admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise
+ - /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
+ - /admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise
+ - /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+ - /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/high-availability-for-github-actions
+ - /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment
- /admin/overview/about-data-residency
- /admin/managing-your-enterprise-account/about-enterprise-accounts
- - /admin/overview/about-upgrades-to-new-releases
- - /admin/packages/configuring-package-ecosystem-support-for-your-enterprise
- - /admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages
- - /admin/policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks
- - /admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment
- - /admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise
- - /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise
- - /admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance
+ - /admin/getting-started-with-enterprise/about-upgrades-to-new-releases
+ - /admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise
+ - /admin/configuring-packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages
+ - /admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks
+ - /admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment
+ - /admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise
+ - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise
+ - /admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance
- /admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-ssh-keys
- /admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise
- /admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise
- /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/configuring-visibility-for-organization-membership
- - /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins
- /admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/disabling-git-ssh-access-on-your-enterprise
- /admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users
- /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise
@@ -136,3 +137,4 @@ includeGuides:
- /admin/administering-your-instance/administering-your-instance-from-the-web-ui/accessing-the-management-console
- /admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console
---
+
diff --git a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users.md b/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users.md
deleted file mode 100644
index a84b84308df3..000000000000
--- a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users.md
+++ /dev/null
@@ -1,123 +0,0 @@
----
-title: Configuring SCIM provisioning for Enterprise Managed Users
-shortTitle: Configure SCIM provisioning
-intro: "You can manage the lifecycle of your enterprise's user accounts on {% data variables.location.product_location %} from your identity provider (IdP) using System for Cross-domain Identity Management (SCIM)."
-product: '{% data reusables.gated-features.emus %}'
-redirect_from:
- - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
- - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
- - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users
- - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users
- - /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users
-versions:
- ghec: '*'
-topics:
- - Accounts
- - Enterprise
----
-
-## About provisioning for {% data variables.product.prodname_emus %}
-
-{% data reusables.enterprise_user_management.about-scim-provisioning %}
-
-After you configure provisioning for {% data variables.product.prodname_emus %}, your IdP uses SCIM to provision user accounts on {% data variables.location.product_location %} and add the accounts to your enterprise. If you assign a group to the application, your IdP will provision new {% data variables.enterprise.prodname_managed_users %} for all members of the group.
-
-{% ifversion emu-public-scim-schema %}
-
-If you use a partner IdP, you can simplify the configuration of SCIM provisioning by using the partner IdP's application. If you don't use a partner IdP for provisioning, you can implement SCIM using calls to {% data variables.product.company_short %}'s REST API for SCIM, which is in beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
-
-{% endif %}
-
-SCIM manages the lifecycle of user accounts in your enterprise. When you update information associated with a user's identity on your IdP, your IdP will update the user's account on {% data variables.product.prodname_dotcom %}. When you unassign the user from the IdP application for {% data variables.product.prodname_emus %} or deactivate a user's account on your IdP, your IdP will communicate with {% data variables.product.prodname_dotcom %} to invalidate any sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username with the short code appended. If you reassign a user to the IdP application for {% data variables.product.prodname_emus %} or reactivate their account on your IdP, the {% data variables.enterprise.prodname_managed_user %} on {% data variables.product.prodname_dotcom %} will be reactivated, and the username will be restored.
-
-To configure team and organization membership, repository access, and permissions on {% data variables.product.product_name %}, you can use groups on your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
-
-## Prerequisites
-
-* {% data reusables.scim.emu-prerequisite-authentication %}
-
-{%- ifversion emu-public-scim-schema %}
-* {% data reusables.scim.emu-understand-types-and-support %}
-{%- endif %}
-
-## Creating a {% data variables.product.pat_generic %}
-
-To configure provisioning for your {% data variables.enterprise.prodname_emu_enterprise %}, you need a {% data variables.product.pat_v1 %} with the **admin:enterprise** scope that belongs to the setup user.
-
-{% warning %}
-
-**Warning:** If the token expires or a provisioned user creates the token, SCIM provisioning may unexpectedly stop working. Make sure that you create the token while signed in as the setup user and that the token expiration is set to "No expiration".
-
-{% endwarning %}
-
-1. Sign into {% data variables.product.prodname_dotcom %} as the setup user for your new enterprise with the username **@SHORT-CODE_admin**.
-{% data reusables.user-settings.access_settings %}
-{% data reusables.user-settings.developer_settings %}
-{% data reusables.user-settings.personal_access_tokens %}
-{% data reusables.user-settings.generate_new_token %}
-1. Under **Note**, give your token a descriptive name.
-1. Select the **Expiration** dropdown menu, then click **No expiration**.
-1. Select the **admin:enterprise** scope.
- 
-1. Click **Generate token**.
-1. To copy the token to your clipboard, click {% octicon "copy" aria-label="Copy token" %}.
-
- 
-1. To save the token for use later, store the new token securely in a password manager.
-
-## Configuring provisioning for {% data variables.product.prodname_emus %}
-
-After creating your {% data variables.product.pat_generic %} and storing it securely, you can configure provisioning on your IdP. {% ifversion emu-public-scim-schema %} The instructions you should follow differ depending on whether you use a partner IdP's application for both authentication and provisioning.
-
-* [Configuring provisioning if you use a partner IdP's application](#configuring-provisioning-if-you-use-a-partner-idps-application)
-* [Configuring provisioning for other identity management systems](#configuring-provisioning-for-other-identity-management-systems)
-
-### Configuring provisioning if you use a partner IdP's application
-
-To use a partner IdP's application both authentication and provisioning, review the partner's instructions for configuring provisioning in the links in the following table. {% else %} For instructions about the configuration of provisioning on your IdP, click a link in the following table.
-
-{% endif %}
-
-{% rowheaders %}
-
-| IdP | SSO method | More information |
-|---|---|---|
-{%- ifversion oidc-for-emu %}
-| Microsoft Entra ID (previously known as Azure AD) | OIDC | [Tutorial: Configure GitHub Enterprise Managed User (OIDC) for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-enterprise-managed-user-oidc-provisioning-tutorial) on Microsoft Learn |
-{%- endif %}
-| Entra ID | SAML | [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) on Microsoft Learn |
-| Okta | SAML | "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)" |
-| PingFederate | SAML | [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_configure_pingfederate_for_provisioning_and_sso) and [Managing channels](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_saasmanagementtasklet_saasmanagementstate) in the PingFederate documentation |
-
-{% endrowheaders %}
-
-{% ifversion emu-public-scim-schema %}
-
-Alternatively, if you configured authentication on a partner IdP, but you would like to provision users from a different identity management system, you can have your IdP make calls to {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning.
-
-### Configuring provisioning for other identity management systems
-
-If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. These endpoints are in beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
-
-{% data reusables.emus.sign-in-as-setup-user %}
-
- {% note %}
-
- **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
-
- {% endnote %}
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.security-tab %}
-1. Under "Open SCIM Configuration", select "Enable open SCIM configuration".
-1. Manage the lifecycle of your users by making calls to the REST API endpoints for SCIM provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
-
-{% endif %}
-
-## Assigning users and groups
-
-{% data reusables.enterprise-managed.assigning-users %}
-
-{% data reusables.enterprise-managed.assigning-roles %}
-
-Entra ID does not support provisioning nested groups. For more information, see [How Application Provisioning works in Microsoft Entra ID](https://learn.microsoft.com/entra/identity/app-provisioning/how-provisioning-works#assignment-based-scoping) on Microsoft Learn.
diff --git a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta.md b/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta.md
deleted file mode 100644
index 5799ab2d9c2c..000000000000
--- a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: Configuring SCIM provisioning with Okta
-shortTitle: SCIM using Okta
-intro: "If you use Okta as an identity provider (IdP), you can manage the lifecycle of your enterprise's user accounts on {% data variables.location.product_location %} using System for Cross-domain Identity Management (SCIM)."
-product: '{% data reusables.gated-features.emus %}'
-versions:
- ghec: '*'
-redirect_from:
- - /early-access/github/articles/configuring-provisioning-for-managed-users-with-okta
- - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
- - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
- - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
- - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
- - /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
-type: tutorial
-topics:
- - Accounts
- - Authentication
- - Enterprise
- - SSO
----
-
-## About provisioning with Okta
-
-If you use Okta as an IdP, you can use Okta's application to provision user accounts, manage enterprise membership, and manage team memberships for organizations in your enterprise. Okta is a partner IdP, so you can simplify your authentication and provisioning configuration by using the Okta application for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
-
-{% ifversion emu-public-scim-schema %}
-
-Alternatively, if you only intend to use Okta for SAML authentication and you want to use a different IdP for provisioning, you can integrate with {% data variables.product.prodname_dotcom %}'s REST API for SCIM. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)."
-
-{% endif %}
-
-For more information about provisioning for {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
-
-## Supported features
-
-{% data variables.product.prodname_emus %} supports the following provisioning features for Okta.
-
-| Feature | Description |
-| --- | --- |
-| Push New Users | Users that are assigned to the {% data variables.product.prodname_emu_idp_application %} application in Okta are automatically created in the enterprise on {% data variables.product.product_name %}. |
-| Push Profile Update | Updates made to the user's profile in Okta will be pushed to {% data variables.product.product_name %}. |
-| Push Groups | Groups in Okta that are assigned to the {% data variables.product.prodname_emu_idp_application %} application as Push Groups are automatically created in the enterprise on {% data variables.product.product_name %}. |
-| Push User Deactivation | Unassigning the user from the {% data variables.product.prodname_emu_idp_application %} application in Okta will disable the user on {% data variables.product.product_name %}. The user will not be able to sign in, but the user's information is maintained. |
-| Reactivate Users | Users in Okta whose Okta accounts are reactivated and who are assigned back to the {% data variables.product.prodname_emu_idp_application %} application will be enabled. |
-
-{% note %}
-
-**Note:** {% data variables.product.prodname_emus %} does not support modifications to usernames.
-
-{% endnote %}
-
-## Prerequisites
-
-{%- ifversion emu-public-scim-schema %}
-
-* You must use Okta's application for both authentication and provisioning.
-
-{%- endif %}
-* {% data reusables.scim.your-okta-product-must-support-scim %}
-
-* {% data reusables.scim.use-pat-from-setup-user %}
-
-## Setting your enterprise name
-
-After your {% data variables.enterprise.prodname_emu_enterprise %} has been created, you can begin to configure provisioning by setting your enterprise name in Okta.
-
-1. Navigate to your {% data variables.product.prodname_emu_idp_application %} application on Okta.
-1. Click the **Sign On** tab.
-1. To make changes, click **Edit**.
-1. Under "Advanced Sign-on Settings", in the "Enterprise Name" text box, type your enterprise name. For example, if you access your enterprise at `https://github.com/enterprises/octoinc`, your enterprise name would be "octoinc".
-1. To save your enterprise name, click **Save**.
-
-## Configuring provisioning
-
-After setting your enterprise name, you can proceed to configure provisioning settings.
-
-To configure provisioning, the setup user with the **@SHORT-CODE_admin** username will need to provide a {% data variables.product.pat_v1 %} with the **admin:enterprise** scope. For more information on creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
-
-1. Navigate to your {% data variables.product.prodname_emu_idp_application %} application on Okta.
-1. Click the **Provisioning** tab.
-1. In the settings menu, click **Integration**.
-1. To make changes, click **Edit**.
-1. Select **Enable API integration**.
-1. In the "API Token" field, enter the {% data variables.product.pat_v1 %} with the **admin:enterprise** scope belonging to the setup user.
-
- {% data reusables.scim.import-groups-unsupported %}
-
-1. Click **Test API Credentials**. If the test is successful, a verification message will appear at the top of the screen.
-1. To save the token, click **Save**.
-1. In the settings menu, click **To App**.
-1. To the right of "Provisioning to App", to allow changes to be made, click **Edit**.
-1. Select **Enable** to the right of **Create Users**, **Update User Attributes**, and **Deactivate Users**.
-1. To finish configuring provisioning, click **Save**.
-
-## Assigning users and groups
-
-{% data reusables.enterprise-managed.assigning-users %}
-
-{% data reusables.scim.emu-scim-rate-limit %}
-
-You can also automatically manage organization membership by adding groups to the "Push Groups" tab in Okta. When the group is provisioned successfully, it will be available to connect to teams in the enterprise's organizations. For more information about managing teams, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
-
-{% data reusables.enterprise-managed.assigning-roles %}
-
-{% note %}
-
-**Note:** You can only set the "Roles" attribute for an individual user, not a group. If you want to set roles for everyone in a group that's assigned to the {% data variables.product.prodname_emu_idp_application %} application, you must use the "Roles" attribute for each group member, individually.
-
-{% endnote %}
-
-## Deprovisioning users and groups
-
-To remove a user or group from {% data variables.product.product_name %}, remove the user or group from both the "Assignments" tab and the "Push groups" tab in Okta. For users, make sure the user is removed from all groups in the "Push Groups" tab.
diff --git a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/index.md b/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/index.md
deleted file mode 100644
index ba57500c7881..000000000000
--- a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/index.md
+++ /dev/null
@@ -1,18 +0,0 @@
----
-title: Provisioning user accounts for Enterprise Managed Users
-shortTitle: Provision managed user accounts
-product: '{% data reusables.gated-features.emus %}'
-intro: 'Learn how to provision accounts and manage organization and team membership for users of your {% data variables.enterprise.prodname_emu_enterprise %}.'
-versions:
- ghec: '*'
-topics:
- - Enterprise
- - Accounts
- - Authentication
-children:
- - /configuring-scim-provisioning-for-enterprise-managed-users
- - /configuring-scim-provisioning-with-okta
- - /provisioning-users-and-groups-with-scim-using-the-rest-api
- - /managing-team-memberships-with-identity-provider-groups
- - /troubleshooting-team-membership-with-identity-provider-groups
----
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md b/content/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md
deleted file mode 100644
index 8d05c58819df..000000000000
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Abilities and restrictions of managed user accounts
-shortTitle: Restrictions for managed users
-intro: "If you centrally manage identity and access for your enterprise members on {% data variables.product.prodname_dotcom %} from your identity provider (IdP), some abilities and restrictions apply for your users' experience on {% data variables.product.prodname_dotcom %}."
-versions:
- ghec: '*'
-type: reference
-topics:
- - Accounts
- - Enterprise
- - Fundamentals
-redirect_from:
- - /admin/identity-and-access-management/managing-iam-for-your-enterprise/abilities-and-restrictions-of-managed-user-accounts
----
-
-## About {% data variables.product.prodname_emus %}
-
-With {% data variables.product.prodname_emus %}, you can control the user accounts of your enterprise members through your identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
-
-## Abilities and restrictions of {% data variables.enterprise.prodname_managed_users %}
-
-{% data variables.enterprise.prodname_managed_users_caps %} can only contribute to private and internal repositories within their enterprise and private repositories owned by their user account. {% data variables.enterprise.prodname_managed_users_caps %} have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions for users and content apply to all requests, including API requests.
-
-* {% data variables.enterprise.prodname_managed_users_caps %} authenticate using only your identity provider, and have no password or two-factor authentication methods stored on {% data variables.product.prodname_dotcom %}. As a result, they do not see the sudo prompt when taking sensitive actions. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)."
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.enterprise.prodname_managed_users %} be invited to other enterprises.
-* {% data variables.enterprise.prodname_managed_users_caps %} and the content they create is only visible to other members of the enterprise.
-* Other {% data variables.product.prodname_dotcom %} users cannot see, mention, or invite a {% data variables.enterprise.prodname_managed_user %} to collaborate.
-* {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories on {% data variables.product.prodname_dotcom_the_website %}, but cannot interact with repositories outside of the enterprise in any of the following ways:
- * Push code to the repository
- * Create issues or pull requests within the repository
- * Create or comment on discussions within the repository
- * Comment on issues or pull requests, or add reactions to comments
- * Star, watch, or fork the repository
-* {% data variables.enterprise.prodname_managed_users_caps %} can be added to organization-owned repositories as repository collaborators, which gives them access to repositories in organizations where they are not members. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators-or-repository-collaborators)."
-* {% data variables.enterprise.prodname_managed_users_caps %} can be assigned the guest collaborator role, which prevents them from accessing internal repositories in the enterprise except in organizations where they are added as members. For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#guest-collaborators)."
-
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot create gists or comment on gists.
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot create personalised profiles.
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot follow users outside of the enterprise.
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot create starter workflows for {% data variables.product.prodname_actions %}.
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot install {% data variables.product.prodname_github_apps %} on their user accounts.
-* {% data variables.enterprise.prodname_managed_users_caps %} can install {% data variables.product.prodname_github_app %} on a repository if the app does not request organization permissions and if the {% data variables.enterprise.prodname_managed_user %} has admin access to the repositories that they are granting the app access to.
-* {% data variables.enterprise.prodname_managed_users_caps %} can install {% data variables.product.prodname_github_app %} on an organization if the {% data variables.enterprise.prodname_managed_user %} is an organization owner.
-* You can choose whether {% data variables.enterprise.prodname_managed_users %} are able to create repositories owned by their user accounts. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation)."
-* If you allow {% data variables.enterprise.prodname_managed_users %} to create repositories owned by their user accounts, they can only own private repositories and can only invite other enterprise members to collaborate on their user-owned repositories.
-* {% data reusables.enterprise-accounts.emu-forks %}
-* Only private and internal repositories can be created in organizations owned by an {% data variables.enterprise.prodname_emu_enterprise %}, depending on organization and enterprise repository visibility settings.
-* {% data variables.enterprise.prodname_managed_users_caps %} are limited in their use of {% data variables.product.prodname_pages %}. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages#limitations-for-enterprise-managed-users)."
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot sign up for {% data variables.product.prodname_copilot_for_individuals %}. To allow a managed user to use {% data variables.product.prodname_copilot_short %}, you must grant the user access to a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription. For more information, see "[AUTOTITLE](/copilot/about-github-copilot#getting-access-to-github-copilot)."
-* {% data variables.enterprise.prodname_managed_users_caps %} can only create and use codespaces that are owned and paid for by their organization or enterprise. This means that {% data variables.enterprise.prodname_managed_users %}:
- * Can create codespaces for repositories owned by their organization, or forks of these repositories, provided that the organization can pay for {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)."
- * Cannot create codespaces for their personal repositories, other than forks of repositories owned by their organization; for any other repositories outside their organization; or from {% data variables.product.company_short %}'s public templates for {% data variables.product.prodname_github_codespaces %}.
- * Cannot publish a codespace created from a template to a new repository.
-* {% data reusables.actions.entitlement-minutes-emus %}
-* {% data variables.enterprise.prodname_managed_users_caps %} can create {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %}.
-
- {% data reusables.emus.oauth-app-note %}
-* {% data reusables.secret-scanning.secret-scanning-user-owned-enablement %}
-* {% data variables.enterprise.prodname_managed_users_caps %} do not have access to the {% data variables.product.prodname_certifications %} program.
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id.md
deleted file mode 100644
index 6e461c59bbde..000000000000
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Configuring authentication and provisioning for your enterprise using Entra ID
-shortTitle: Configure with Entra ID
-intro: 'You can use a tenant in Microsoft Entra ID (previously known as Azure AD) as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.location.product_location %}.'
-permissions: 'Enterprise owners can configure authentication and provisioning for an enterprise on {% data variables.product.product_name %}.'
-versions:
- feature: scim-for-ghes
-type: how_to
-topics:
- - Accounts
- - Authentication
- - Enterprise
- - Identity
- - SSO
-redirect_from:
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
- - /admin/authentication/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
- - /admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
- - /admin/identity-and-access-management/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
----
-
-## About authentication and user provisioning with Entra ID
-
-Entra ID is a service from Microsoft that allows you to centrally manage user accounts and access to web applications. For more information, see [What is Microsoft Entra ID?](https://learn.microsoft.com/entra/fundamentals/whatis) in the Microsoft Docs.
-
-{% data reusables.saml.idp-saml-and-scim-explanation %}
-
-{% data reusables.scim.ghes-beta-note %}
-
-After you enable SAML SSO and SCIM for {% data variables.product.product_name %} using Entra ID, you can accomplish the following from your Entra ID tenant.
-
-* Assign the {% data variables.product.product_name %} application on Entra ID to a user account to automatically create and grant access to a corresponding user account on {% data variables.product.product_name %}.
-* Unassign the {% data variables.product.product_name %} application to a user account on Entra ID to deactivate the corresponding user account on {% data variables.product.product_name %}.
-* Assign the {% data variables.product.product_name %} application to an IdP group on Entra ID to automatically create and grant access to user accounts on {% data variables.product.product_name %} for all members of the IdP group. In addition, the IdP group is available on {% data variables.product.product_name %} for connection to a team and its parent organization.
-* Unassign the {% data variables.product.product_name %} application from an IdP group to deactivate the {% data variables.product.product_name %} user accounts of all IdP users who had access only through that IdP group and remove the users from the parent organization. The IdP group will be disconnected from any teams on {% data variables.product.product_name %}.
-
-For more information about managing identity and access for your enterprise on {% data variables.location.product_location %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)."
-
-## Prerequisites
-
-* To configure authentication and user provisioning for {% data variables.product.product_name %} using Entra ID, you must have an Entra ID account and tenant. For more information, see the [Entra ID website](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) and [Quickstart: Set up a tenant](https://learn.microsoft.com/entra/identity-platform/quickstart-create-new-tenant) in the Microsoft Docs.
-
-{%- ifversion scim-for-ghes %}
-* {% data reusables.saml.ghes-you-must-configure-saml-sso %}
-{%- endif %}
-
-* {% data reusables.saml.create-a-machine-user %}
-
-## Configuring authentication and user provisioning with Entra ID
-
-{% ifversion scim-for-ghes %}
-
-1. Configure SAML SSO for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
-1. Configure user provisioning with SCIM for your instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)."
-
-{% endif %}
-
-## Managing enterprise owners
-
-The steps to make a person an enterprise owner depend on whether you only use SAML or also use SCIM. For more information about enterprise owners, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
-
-If you configured provisioning, to grant the user enterprise ownership in {% data variables.product.product_name %}, assign the enterprise owner role to the user in Entra ID.
-
-If you did not configure provisioning, to grant the user enterprise ownership in {% data variables.product.product_name %}, include the `administrator` attribute in the SAML assertion for the user account on the IdP, with the value of `true`. For more information about including the `administrator` attribute in the SAML claim from Entra ID, see [How to: customize claims issued in the SAML token for enterprise applications](https://docs.microsoft.com/azure/active-directory/develop/active-directory-saml-claims-customization) in the Microsoft Docs.
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise.md
deleted file mode 100644
index b6e239a9e3b5..000000000000
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise.md
+++ /dev/null
@@ -1,118 +0,0 @@
----
-title: Configuring user provisioning with SCIM for your enterprise
-shortTitle: Configure SCIM user provisioning
-intro: 'You can configure System for Cross-domain Identity Management (SCIM) for {% ifversion scim-for-ghes %}{% data variables.location.product_location %}{% endif %}, which automatically provisions user accounts when you assign the application for {% ifversion scim-for-ghes %}your instance{% endif %} to a user on your identity provider (IdP).'
-permissions: '{% ifversion scim-for-ghes %}Site administrators{% endif %} can configure user provisioning for {% ifversion scim-for-ghes %}a {% data variables.product.product_name %} instance{% endif %}.'
-versions:
- feature: scim-for-ghes
-type: how_to
-topics:
- - Accounts
- - Authentication
- - Enterprise
- - Identity
- - SSO
-redirect_from:
- - /admin/authentication/configuring-user-provisioning-for-your-enterprise
- - /admin/identity-and-access-management/managing-iam-for-your-enterprise/configuring-user-provisioning-for-your-enterprise
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-for-your-enterprise
----
-
-{% data reusables.scim.ghes-beta-note %}
-
-## About user provisioning for {% data variables.product.product_name %}
-
-{% ifversion scim-for-ghes %}If you use SAML single sign-on (SSO) for {% data variables.location.product_location %}, you{% endif %} can configure SCIM to automatically create or suspend user accounts and grant access{% ifversion scim-for-ghes %} to your instance{% endif %} when you assign or unassign the application on your IdP. For more information about SCIM, see [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website.
-
-If you do not configure user provisioning with SCIM, your IdP will not communicate with {% data variables.product.product_name %} automatically when you assign or unassign the application to a user. Without SCIM, {% data variables.product.product_name %} creates a user account using SAML Just-in-Time (JIT) provisioning the first time someone navigates to {% data variables.product.product_name %} and signs in by authenticating through your IdP.
-
-Configuring provisioning allows your IdP to communicate with {% data variables.location.product_location %} when you assign or unassign the application for {% data variables.product.product_name %} to a user on your IdP. When you assign the application, your IdP will prompt {% data variables.location.product_location %} to create an account and send an onboarding email to the user. When you unassign the application, your IdP will communicate with {% data variables.product.product_name %} to invalidate any SAML sessions and disable the member's account.
-
-To configure provisioning for your enterprise, you must enable provisioning on {% data variables.product.product_name %}, then install and configure a provisioning application on your IdP.
-
-{% ifversion scim-for-ghes %}
-
-The provisioning application on your IdP communicates with {% data variables.product.product_name %} using the SCIM API. For more information, see "[AUTOTITLE](/rest/enterprise-admin/scim)."
-
-{% endif %}
-
-## About identities and claims
-
-After an IdP administrator grants a person access to {% data variables.location.product_location %}, the user can authenticate through the IdP to access {% data variables.product.product_name %} using SAML SSO.
-
-During authentication, {% ifversion scim-for-ghes %}the instance{% endif %} attempts to associate the user with a SAML identity. By default, {% ifversion scim-for-ghes %}the instance{% endif %} compares the `NameID` claim from the IdP to the account's username. {% data variables.product.product_name %} normalizes the value of `NameID` for the comparison. For more information about username normalization, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#about-username-normalization)."
-
-If there is no existing account with a matching username on the instance, the user will fail to sign in.{% ifversion scim-for-ghes %} To make this match, {% data variables.product.product_name %} compares the SAML `NameId` claim from the IdP to the `username` claim for each user account provisioned by SCIM on the instance.{% endif %}
-
-{% ifversion scim-for-ghes %}
-
-During SAML authentication, some environments may use a value other than `NameID` as the unique identifying claim. If your environment does not use `NameID` to identify users, a site administrator can configure custom user attributes for the instance. {% data variables.product.product_name %} will respect this mapping when SCIM is configured. For more information about mapping user attributes, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
-
-{% endif %}
-
-If {% data variables.product.product_name %} successfully identifies a user from the IdP, but account details such as email address, first name, or last name don't match, the instance overwrites the details with values from the IdP. Any email addresses other than the primary email provisioned by SCIM will also be deleted from the user account.
-
-## Supported identity providers
-
-{% ifversion ghes %}
-
-During the private beta, your account team will provide documentation for the configuration of SCIM for {% data variables.product.product_name %} on a supported IdP.
-
-{% endif %}
-
-## Prerequisites
-
-{% ifversion scim-for-ghes %}
-
-* {% data reusables.saml.ghes-you-must-configure-saml-sso %}
-
-* You must allow built-in authentication for users who don't have an account on your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider)."
-
-* Your IdP must support making SCIM calls to a Service Provider (SP).
-
-{% endif %}
-
-* You must have administrative access on your IdP to configure the application for user provisioning for {% data variables.product.product_name %}.
-
-## Enabling user provisioning for your enterprise
-
-{% ifversion scim-for-ghes %}
-
-To perform provisioning actions on your instance, you will create a built-in user account and promote the account to an enterprise owner.
-
-After you enable SCIM on a {% data variables.product.product_name %} instance, all user accounts are suspended. The built-in user account will continue to perform provisioning actions. After you grant a user access to your instance from your IdP, the IdP will communicate with the instance using SCIM to unsuspend the user's account.
-
-{% endif %}
-
-{%- ifversion scim-for-ghes %}
-1. Create a built-in user account to perform provisioning actions on your instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider#inviting-users-outside-your-provider-to-authenticate-to-your-instance)."
-1. Promote the dedicated user account to an enterprise owner. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#adding-an-enterprise-administrator-to-your-enterprise-account)."
-1. Sign into your instance as the new enterprise owner.
-1. Create a {% data variables.product.pat_v1 %} with **admin:enterprise** scope. Do not specify an expiration date for the {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
-
- {% warning %}
-
- **Warning**: Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes.
-
- {% endwarning %}
- {% note %}
-
- **Note**: You'll need this {% data variables.product.pat_generic %} to test the SCIM configuration, and to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions.
-
- {% endnote %}
-{% data reusables.enterprise_installation.ssh-into-instance %}
-1. To enable SCIM, run the commands provided to you by your account manager on {% data variables.contact.contact_enterprise_sales %}.
-{% data reusables.enterprise_site_admin_settings.wait-for-configuration-run %}
-1. To validate that SCIM is operational, run the following commands. Replace _PAT FROM STEP 3_ and _YOUR INSTANCE'S HOSTNAME_ with actual values.
-
- ```shell
- $ GHES_PAT="PAT FROM STEP 3"
- $ GHES_HOSTNAME="YOUR INSTANCE'S HOSTNAME"
- $ curl --location --request GET 'https://$GHES_HOSTNAME/api/v3/scim/v2/Users' \
- --header 'Content-Type: application/scim' \
- --header 'Authorization: Bearer $GHES_PAT'
- ```
-
- The command should return an empty array.
-{%- endif %}
-1. Configure user provisioning in the application for {% data variables.product.product_name %} on your IdP.{% ifversion scim-for-ghes %} To request documentation for a supported IdP, contact your account manager on {% data variables.contact.contact_enterprise_sales %}. If your IdP is unsupported, you must create the application and configure SCIM manually.{% endif %}
diff --git a/content/admin/index.md b/content/admin/index.md
index 4360874c310a..d455735cf1d9 100644
--- a/content/admin/index.md
+++ b/content/admin/index.md
@@ -71,24 +71,24 @@ changelog:
label: enterprise
featuredLinks:
startHere:
- - '{% ifversion ghec %}/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud{% endif %}'
- - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management
+ - '{% ifversion ghec %}/admin/managing-iam/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud{% endif %}'
+ - /admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management
- '{% ifversion ghec %}/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise{% endif %}'
- /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/best-practices-for-structuring-organizations-in-your-enterprise
- - '{% ifversion ghes %}/admin/overview/about-upgrades-to-new-releases{% endif %}'
+ - '{% ifversion ghes %}/admin/getting-started-with-enterprise/about-upgrades-to-new-releases{% endif %}'
- '{% ifversion ghes %}/billing/managing-your-license-for-github-enterprise{% endif %}'
guideCards:
- - '{% ifversion ghes %}/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server{% endif %}'
- - '{% ifversion ghes %}/admin/packages/getting-started-with-github-packages-for-your-enterprise{% endif %}'
- - '{% ifversion ghes %}/admin/code-security/managing-github-advanced-security-for-your-enterprise{% endif %}'
- - '{% ifversion ghec %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise{% endif %}'
- - '{% ifversion ghec %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise{% endif %}'
- - '{% ifversion ghec %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise{% endif %}'
+ - '{% ifversion ghes %}/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server{% endif %}'
+ - '{% ifversion ghes %}/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise{% endif %}'
+ - '{% ifversion ghes %}/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise{% endif %}'
+ - '{% ifversion ghec %}/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise{% endif %}'
+ - '{% ifversion ghec %}/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise{% endif %}'
+ - '{% ifversion ghec %}/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise{% endif %}'
popular:
- - /admin/overview/about-github-enterprise-server
- - '{% ifversion ghes %}/admin/overview/setting-up-a-trial-of-github-enterprise-server{% endif %}'
- - '{% ifversion ghes %}/admin/installation{% endif %}'
- - '{% ifversion ghec %}/admin/configuration/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise{% endif %}'
+ - /admin/getting-started-with-enterprise/about-github-enterprise-server
+ - '{% ifversion ghes %}/admin/getting-started-with-enterprise/setting-up-a-trial-of-github-enterprise-server{% endif %}'
+ - '{% ifversion ghes %}/admin/installing-your-enterprise-server{% endif %}'
+ - '{% ifversion ghec %}/admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise{% endif %}'
- /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise
- '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/managing-global-webhooks{% endif %}'
- '{% ifversion ghec %}/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise{% endif %}'
@@ -101,18 +101,20 @@ versions:
children:
- /overview
- /managing-your-enterprise-account
- - /installation
- - /configuration
+ - /installing-your-enterprise-server
+ - /configuring-settings
- /administering-your-instance
- - /identity-and-access-management
+ - /managing-iam
- /managing-accounts-and-repositories
+ - /upgrading-your-instance
- /backing-up-and-restoring-your-instance
- - /policies
+ - /enforcing-policies
- /monitoring-activity-in-your-enterprise
- - /monitoring-managing-and-updating-your-instance
- - /github-actions
- - /packages
- - /code-security
+ - /monitoring-and-managing-your-instance
+ - /managing-github-actions-for-your-enterprise
+ - /configuring-packages
+ - /managing-code-security
+ - /copilot-business-only
- /guides
- /release-notes
- /all-releases
diff --git a/content/admin/installation/index.md b/content/admin/installing-your-enterprise-server/index.md
similarity index 97%
rename from content/admin/installation/index.md
rename to content/admin/installing-your-enterprise-server/index.md
index 50f1e34c2751..f033ee844cf0 100644
--- a/content/admin/installation/index.md
+++ b/content/admin/installing-your-enterprise-server/index.md
@@ -10,6 +10,7 @@ redirect_from:
- /enterprise/admin/categories/general
- /enterprise/admin/categories/logging-and-monitoring
- /enterprise/admin/installation
+ - /admin/installation
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/index.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/index.md
similarity index 93%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/index.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/index.md
index 5a60ed58c9ad..2a3a38c8c284 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/index.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/index.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/guides/installation/provisioning-and-installation
- /enterprise/admin/guides/installation/setting-up-a-github-enterprise-instance
- /enterprise/admin/installation/setting-up-a-github-enterprise-server-instance
+ - /admin/installation/setting-up-a-github-enterprise-server-instance
versions:
ghes: '*'
topics:
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md
similarity index 98%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md
index 78ab8c9a16f4..6aa26a9c2278 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/guides/installation/installing-github-enterprise-on-aws
- /enterprise/admin/installation/installing-github-enterprise-server-on-aws
- /admin/installation/installing-github-enterprise-server-on-aws
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md
similarity index 98%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md
index a66fb90395a8..f54468c52f83 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/guides/installation/installing-github-enterprise-on-azure
- /enterprise/admin/installation/installing-github-enterprise-server-on-azure
- /admin/installation/installing-github-enterprise-server-on-azure
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md
similarity index 98%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md
index 4c09d8b3cf2d..5104bf4ca071 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/guides/installation/installing-github-enterprise-on-google-cloud-platform
- /enterprise/admin/installation/installing-github-enterprise-server-on-google-cloud-platform
- /admin/installation/installing-github-enterprise-server-on-google-cloud-platform
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md
similarity index 97%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md
index dacaf9c24d10..96e1ba9e7f88 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/guides/installation/installing-github-enterprise-on-hyper-v
- /enterprise/admin/installation/installing-github-enterprise-server-on-hyper-v
- /admin/installation/installing-github-enterprise-server-on-hyper-v
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md
similarity index 97%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md
index 803e11856702..29f4009040a2 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md
@@ -5,6 +5,7 @@ redirect_from:
- /enterprise/admin/guides/installation/installing-github-enterprise-on-openstack-kvm
- /enterprise/admin/installation/installing-github-enterprise-server-on-openstack-kvm
- /admin/installation/installing-github-enterprise-server-on-openstack-kvm
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md
similarity index 97%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md
index f41ce63c9452..0291184bd83b 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/guides/installation/installing-github-enterprise-on-vmware
- /enterprise/admin/installation/installing-github-enterprise-server-on-vmware
- /admin/installation/installing-github-enterprise-server-on-vmware
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md
similarity index 99%
rename from content/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md
rename to content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md
index 65f0d0998b06..62b49c3492ed 100644
--- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md
+++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md
@@ -4,6 +4,7 @@ intro: 'You can set up a {% data variables.product.product_name %} instance in a
redirect_from:
- /enterprise/admin/installation/setting-up-a-staging-instance
- /admin/installation/setting-up-a-staging-instance
+ - /admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md
index 22389616acba..fa35b9342e68 100644
--- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md
@@ -1,6 +1,6 @@
---
title: Adding organizations to your enterprise
-intro: 'You can add organizations to manage within your enterprise by creating a new organization, inviting an existing organization, or transferring an organization from a different enterprise account.'
+intro: 'Learn how to add organizations to your enterprise using three different methods.'
redirect_from:
- /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/adding-organizations-to-your-enterprise-account
- /articles/adding-organizations-to-your-enterprise-account
@@ -15,43 +15,49 @@ topics:
- Enterprise
- Organizations
shortTitle: Add organizations
-permissions: Enterprise owners can add organizations to an enterprise.
+permissions: Enterprise owners
---
-## About addition of organizations to your enterprise account
+There are three ways to add organizations to your enterprise.
-Your enterprise account can own organizations. Members of your enterprise can collaborate across related projects within an organization. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
+* **Create** a new organization in your enterprise.
+* **Invite** an existing organization to join your enterprise.
+* **Transfer** an existing organization between enterprise accounts.
-You can add new organizations to your enterprise account. If you do not use {% data variables.product.prodname_emus %}, you can add existing organizations on {% data variables.location.product_location %} to your enterprise. You cannot add an existing organization from an {% data variables.enterprise.prodname_emu_enterprise %} to a different enterprise.
+{% data reusables.enterprise.create-an-enterprise-account %} See "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)."
-{% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)."
+## Limitations if you use {% data variables.product.prodname_emus %}
+
+* Adding existing organizations to your enterprise is not possible if you use {% data variables.product.prodname_emus %}.
+* Existing organizations from an enterprise with managed users cannot be added to a different enterprise.
+
+## Changes when adding an existing organization
After you add an existing organization to your enterprise, the organization's resources remain accessible to members at the same URLs, and the following changes will apply.
-* If two-factor authentication (2FA) is required by the enterprise, organization members who do not use 2FA will be removed from the organization.
-* The organization's members will become members of the enterprise, and {% data variables.product.company_short %} will bill the enterprise account for the organization's usage. You must ensure that the enterprise account has enough licenses to accommodate any new members. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
-* Enterprise owners can manage their role within the organization. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
-* Any policies applied to the enterprise will apply to the organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)."
- {% note %}
+* **Two-factor authentication (2FA):** If required by the enterprise, members without 2FA will be removed.
+* **Enterprise licenses:** Members become part of the enterprise, and usage is billed to the enterprise account. You must ensure that the enterprise account has enough licenses to accommodate any new members. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
+* **Enterprise role management:** Enterprise owners can manage their roles within the organization. See "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
+* **Enterprise policies:** Any policies applied to the enterprise will apply to the organization. {% data reusables.actions.org-to-enterprise-actions-permissions %}
+
+* **SAML SSO Configuration:**
- **Note:** {% data reusables.actions.org-to-enterprise-actions-permissions %}
+ * If SAML SSO is configured **for the enterprise**, the enterprise's SAML configuration will apply to the organization. If the organization used SAML SSO, the enterprise account's configuration will replace the organization's configuration. SCIM is not available for enterprise accounts, so SCIM will be disabled for the organization. See "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)."
+ * If SAML SSO was configured **for the organization**, members' existing {% data variables.product.pat_generic %} or SSH keys that were authorized to access the organization's resources will be authorized to access the same resources. To access additional organizations owned by the enterprise, members must authorize the {% data variables.product.pat_generic %} or key. See "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."
- {% endnote %}
-* If SAML SSO is configured for the enterprise account, the enterprise's SAML configuration will apply to the organization. If the organization used SAML SSO, the enterprise account's configuration will replace the organization's configuration. SCIM is not available for enterprise accounts, so SCIM will be disabled for the organization. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)."
-* If SAML SSO was configured for the organization, members' existing {% data variables.product.pat_generic %} or SSH keys that were authorized to access the organization's resources will be authorized to access the same resources. To access additional organizations owned by the enterprise, members must authorize the {% data variables.product.pat_generic %} or key. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."
-* If you add an organization to a trial enterprise, certain features in the organization may be disabled. For more information, see "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud#features-not-included-in-the-trial)."
-* If the organization was connected to {% data variables.product.prodname_ghe_server %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. For more information, see "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation.
-* If the organization uses billed {% data variables.product.prodname_marketplace %} apps, the organization can continue to use the apps, but usage will be billable to the enterprise.
- * If your enterprise is billed via invoice, you must contact the vendor of the app and pay them directly.
- * If your enterprise is billed via credit card or PayPal, billing for the app will continue automatically via your preferred payment method.
-* If your organization was sponsoring any accounts, the sponsorships will be cancelled.
-* Any coupons will be removed from the organization. To reapply the coupon, [contact our sales team](https://github.com/enterprise/contact).
+* **Trial enterprise:** Certain features may be disabled if added to a trial enterprise. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud#features-not-included-in-the-trial)."
+* **{% data variables.product.prodname_github_connect %}:** If the organization was connected to {% data variables.product.prodname_ghe_server %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. See "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation.
+* **{% data variables.product.prodname_marketplace %} apps:** If the organization uses billed {% data variables.product.prodname_marketplace %} apps, the organization can continue to use the apps, but usage will be billable to the enterprise.
+ * If your enterprise is billed via invoice, contact the app vendor and pay directly.
+ * If your enterprise is billed via credit card or PayPal, billing continues automatically.
+* **Sponsorships:** Any sponsorships by the organization will be canceled.
+* **Coupons:** Any coupons will be removed from the organization. To reapply the coupon, [contact our sales team](https://github.com/enterprise/contact).
-## Creating an organization in your enterprise account
+## Creating a new organization
New organizations you create within your enterprise account settings are included in your enterprise account's {% data variables.product.prodname_ghe_cloud %} subscription.
-Enterprise owners who create an organization owned by the enterprise account automatically become organization owners. For more information about organization owners, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."
+Enterprise owners who create an organization owned by the enterprise account automatically become organization owners. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."
During a trial of {% data variables.product.prodname_ghe_cloud %}, you can create up to three new organizations in your enterprise.
@@ -59,48 +65,45 @@ During a trial of {% data variables.product.prodname_ghe_cloud %}, you can creat
{%- ifversion enterprise-readme %}
1. In the left sidebar, click **Organizations**.
{%- endif %}
-1. On the "Organizations" tab, above the list of organizations, click **New organization**.
+1. Above the list of organizations, click **New organization**.
1. Under "Organization name", type a name for your organization.
1. Click **Create organization**.
1. Optionally, under "Invite owners", type the username of a person you'd like to invite to become an organization owner, then click **Invite**.
1. Click **Finish**.
-## Inviting an organization to join your enterprise account
+## Inviting an existing organization
Enterprise owners can invite existing organizations to join their enterprise account.
-During a trial of {% data variables.product.prodname_ghe_cloud %}, you can invite organizations to join your trial enterprise. You can invite organizations that are not currently owned by another enterprise. If an organization you want to invite is already owned by another enterprise, you must be an owner of both enterprise accounts and initiate an organization transfer. For more information, see "[Transferring an organization between enterprise accounts](#transferring-an-organization-between-enterprise-accounts)."
+During a trial of {% data variables.product.prodname_ghe_cloud %}, you can invite organizations to join your trial enterprise. You can invite organizations that are not currently owned by another enterprise. If an organization you want to invite is already owned by another enterprise, you must be an owner of both enterprise accounts and initiate an organization transfer. See "[Transferring an existing organization](#transferring-an-existing-organization)."
-When you invite an organization to join your enterprise account, at least one owner needs to accept the invitation. Then, you must give a final approval for the transfer. After you invite the organization, and before an owner approves the invitation, you can cancel or resend the invitation at any time.
+After you invite the organization, and before an owner approves the invitation, you can cancel or resend the invitation at any time.
{% data reusables.enterprise-accounts.access-enterprise %}
{%- ifversion enterprise-readme %}
{% data reusables.enterprise-accounts.click-organizations-tab %}
{%- endif %}
-1. On the "Organizations" tab, above the list of organizations, click **Invite organization**.
+1. Above the list of organizations, click **Invite organization**.
1. Under "Organization name", start typing the name of the organization you want to invite and select it when it appears in the dropdown list.
1. Click **Invite organization**. The organization owners will receive an email inviting them to join the enterprise.
1. After an organization owner has approved the invitation, navigate back to the **Organizations** tab of the enterprise settings.
1. Under "Organizations", click **X pending**.
1. To complete the transfer, next to the organization name, click **Approve**.
-## Transferring an organization between enterprise accounts
+## Transferring an existing organization
Enterprise owners can transfer existing organizations between enterprise accounts. You must be an enterprise owner of both enterprise accounts.
-{% note %}
-
-**Note:** You cannot transfer an existing organization to or from an {% data variables.enterprise.prodname_emu_enterprise %} or an enterprise account that is currently enrolled in a trial of {% data variables.product.prodname_ghe_cloud %}.
-
-{% endnote %}
+You cannot transfer an existing organization to or from an {% data variables.enterprise.prodname_emu_enterprise %} or an enterprise account that is currently enrolled in a trial of {% data variables.product.prodname_ghe_cloud %}.
{% data reusables.enterprise-accounts.access-enterprise %}
{%- ifversion enterprise-readme %}
{% data reusables.enterprise-accounts.click-organizations-tab %}
{%- endif %}
-1. Next to the organization you want to transfer, select the {% octicon "gear" width="16" aria-label="Organization settings" %} dropdown menu, then click **Transfer organization**.
+1. Next to the organization you want to transfer, select the {% octicon "kebab-horizontal" width="16" aria-label="Organization settings" %} dropdown menu, then click **Transfer organization**.
+
+ 
- {% data reusables.enterprise-accounts.organization-settings-dropdown %}
1. Select the **Select enterprise** dropdown menu, start typing the name of the destination enterprise, and click the enterprise you want to transfer the organization to.
1. Click **Review transfer**.
1. To confirm the transfer, click **Transfer organization**.
diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins.md
deleted file mode 100644
index f2f49f390e11..000000000000
--- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-title: Continuous integration using Jenkins
-intro: 'You can automatically trigger build jobs on a Jenkins server when pushes are made to a repository in {% data variables.location.product_location %}.'
-redirect_from:
- - /enterprise/admin/developer-workflow/continuous-integration-using-jenkins
- - /enterprise/admin/user-management/continuous-integration-using-jenkins
- - /admin/user-management/continuous-integration-using-jenkins
- - /admin/user-management/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins
-
-versions:
- ghes: '*'
-type: reference
-topics:
- - CI
- - Enterprise
-shortTitle: CI using Jenkins
----
-## Requirements
-
-* Follow our webcast "[Continuous integration with {% data variables.product.prodname_enterprise %} and Jenkins](https://resources.github.com/devops/fundamentals/ci-cd/ci-cd-with-github-and-jenkins/)" to get step by step instructions on how you can automatically trigger build jobs on a Jenkins server when pushes are made to a repository in {% data variables.location.product_location %}.
diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/index.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/index.md
index af8822e7d9a9..fcc9b8874804 100644
--- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/index.md
+++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/index.md
@@ -12,6 +12,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/managing-unowned-organizations-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise-account/managing-unowned-organizations-in-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account
+ - /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins
intro: 'You can use organizations to group users within your company, such as divisions or groups working on similar projects, and manage access to repositories.'
versions:
ghec: '*'
@@ -25,9 +26,9 @@ children:
- /preventing-users-from-creating-organizations
- /requiring-two-factor-authentication-for-an-organization
- /managing-your-role-in-an-organization-owned-by-your-enterprise
+ - /managing-requests-for-copilot-business-from-organizations-in-your-enterprise
- /removing-organizations-from-your-enterprise
- /restoring-a-deleted-organization
- /managing-projects-using-jira
- - /continuous-integration-using-jenkins
shortTitle: Manage organizations
---
diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-requests-for-copilot-business-from-organizations-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-requests-for-copilot-business-from-organizations-in-your-enterprise.md
new file mode 100644
index 000000000000..be41c2ba0f0a
--- /dev/null
+++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-requests-for-copilot-business-from-organizations-in-your-enterprise.md
@@ -0,0 +1,27 @@
+---
+title: Managing requests for Copilot Business from organizations in your enterprise
+intro: Learn how to view and satisfy requests to access Copilot from organizations owned by your enterprise.
+permissions: Enterprise owners
+product: Enterprise accounts with a subscription to {% data variables.product.prodname_copilot_for_business %}.
+versions:
+ ghec: '*'
+type: how_to
+topics:
+ - Administrator
+ - Enterprise
+ - Organizations
+shortTitle: Manage requests for Copilot
+---
+
+Organization owners might not have the necessary permissions to satisfy requests from members. For example, if an organization owner is not an enterprise owner, and {% data variables.product.prodname_copilot_for_business %} is not enabled for that organization, they will not have the permissions to approve requests for {% data variables.product.prodname_copilot_for_business %}.
+
+In these cases, when an organization member requests access to {% data variables.product.prodname_copilot_for_business %}, the organization owner will be prompted to ask the enterprise owners to enable {% data variables.product.prodname_copilot_short %} for the organization.
+
+As an enterprise owner, you can view or dismiss these requests from your notifications page. You can approve the request by enabling {% data variables.product.prodname_copilot_short %} for the organization.
+
+## Approving requests for {% data variables.product.prodname_copilot_for_business %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+1. Under "{% octicon "law" aria-hidden="true" %} Policies", click **Copilot**.
+1. In the "Access management" section, next to the organization you want to give access, select the dropdown menu and click **Enabled**.
diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md
index 9e4d9970a71f..13672d088d32 100644
--- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md
@@ -1,6 +1,6 @@
---
title: Removing organizations from your enterprise
-intro: 'If an organization should no longer be a part of your enterprise, you can remove the organization.'
+intro: 'Learn how to remove an organization that should no longer be a part of your enterprise.'
permissions: Enterprise owners can remove any organization from their enterprise.
versions:
ghec: '*'
@@ -29,7 +29,8 @@ You can remove an organization that is owned by your enterprise account, so the
## Removing an organization from your enterprise
{% data reusables.enterprise-accounts.access-enterprise %}
-1. Under "Organizations", in the search bar, begin typing the organization's name until the organization appears in the search results.
+1. In the left sidebar, click **Organizations**.
+1. In the search bar, begin typing the organization's name until the organization appears in the search results.
1. To the right of the organization's name, select the {% octicon "gear" aria-label="Organization settings" %} dropdown menu and click **Remove organization**.
diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise.md
index 08f0a1daa18e..ecd38db90347 100644
--- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise.md
@@ -14,6 +14,7 @@ redirect_from:
- /enterprise/admin/user-management/configuring-git-large-file-storage-for-your-enterprise
- /admin/user-management/configuring-git-large-file-storage-for-your-enterprise
- /admin/user-management/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise
+ - /admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/migrating-to-internal-repositories
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md
index 35392bc69bec..54329ca8bad8 100644
--- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md
+++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md
@@ -14,7 +14,6 @@ children:
- /viewing-user-owned-repositories-in-your-enterprise
- /accessing-user-owned-repositories-in-your-enterprise
- /configuring-git-large-file-storage-for-your-enterprise
- - /migrating-to-internal-repositories
- /disabling-git-ssh-access-on-your-enterprise
- /locking-a-repository
- /restoring-a-deleted-repository
diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/migrating-to-internal-repositories.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/migrating-to-internal-repositories.md
deleted file mode 100644
index 66dacf6d8df2..000000000000
--- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/migrating-to-internal-repositories.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Migrating to internal repositories
-intro: 'You can migrate to internal repositories to unify the innersource experience for developers using both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}.'
-redirect_from:
- - /enterprise/admin/installation/migrating-to-internal-repositories
- - /enterprise/admin/user-management/migrating-to-internal-repositories
- - /admin/user-management/migrating-to-internal-repositories
- - /admin/user-management/managing-repositories-in-your-enterprise//migrating-to-internal-repositories
-permissions: Site administrators can migrate to internal repositories.
-versions:
- ghes: '<3.10'
-type: how_to
-topics:
- - Enterprise
- - Privacy
- - Repositories
- - Security
-shortTitle: Internal repository migration
----
-## About internal repositories
-
-Internal repositories are available in {% data variables.product.prodname_ghe_server %} 2.20+. {% data reusables.repositories.about-internal-repos %} For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
-
-In future releases of {% data variables.product.prodname_ghe_server %}, we will adjust how repository visibility works so that the terms public, internal, and private have a uniform meaning for developers on {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}.
-
-To prepare for these changes, if you have private mode enabled, you can run a migration on your instance to convert public repositories to internal. This migration is currently optional, to allow you to test the changes on a non-production instance. The migration will become mandatory in the future.
-
-When you run the migration, all public repositories owned by organizations on your instance will become internal repositories. If any of those repositories have forks, the forks will become private. Private repositories will remain private.
-
-All public repositories owned by user accounts on your instance will become private repositories. If any of those repositories have forks, the forks will also become private. The owner of each fork will be given read permissions to the fork's parent.
-
-Anonymous Git read access will be disabled for each public repository that becomes internal or private.
-
-If your current default visibility for repositories is public, the default will become internal. If the current default is private, the default will not change. You can change the default at any time. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#configuring-the-default-visibility-of-new-repositories-in-your-enterprise)."
-
-The repository creation policy for the instance will change to disable public repositories and allow private and internal repositories. You can update the policy at any time. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
-
-If you don't have private mode enabled, the migration script will have no effect.
-
-## Running the migration
-
-1. Connect to the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
-{% ifversion ghes %}
-1. Run the migration command.
-
- ```shell
- github-env bin/safe-ruby lib/github/transitions/20191210220630_convert_public_ghes_repos_to_internal.rb --verbose -w | tee -a /tmp/convert_public_ghes_repos_to_internal.log
- ```
-
-{% else %}
-1. Navigate to the `/data/github/current` directory.
-
- ```shell
- cd /data/github/current
- ```
-
-1. Run the migration command.
-
- ```shell
- sudo bin/safe-ruby lib/github/transitions/20191210220630_convert_public_ghes_repos_to_internal.rb --verbose -w | tee -a /tmp/convert_public_ghes_repos_to_internal.log
- ```
-
-{% endif %}
-
-Log output will appear in the terminal and `/tmp/convert_public_ghes_repos_to_internal.log`.
-
-## Further reading
-
-* "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-private-mode)"
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md
new file mode 100644
index 000000000000..2195fac7708e
--- /dev/null
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md
@@ -0,0 +1,55 @@
+---
+title: Deleting users from your instance
+intro: "You can delete a user's account to permanently remove their data from {% data variables.location.product_location %}."
+versions:
+ ghes: '*'
+type: how_to
+topics:
+ - Access management
+ - Enterprise
+ - Security
+ - User account
+shortTitle: Delete a user
+permissions: Site administrators
+---
+
+## What happens when I delete a user account?
+
+Deleting a user account removes all repositories, forks of private repositories, wikis, issues, pull requests, pages, and packages and container images owned by the user account. By deleting a user account, **you may break software projects and workflows that depend on these things.**
+
+Issues and pull requests the user has created and comments they've made in repositories owned by other users or organizations will not be deleted and will instead be associated with a `ghost` user account.
+
+Once a user account has been deleted, the username will be available for use with a different account on {% data variables.location.product_location %}.
+
+## When can I delete a user account?
+
+You cannot delete a user that is currently an **organization owner**.
+
+* **If the user is the only owner**: Transfer ownership to another person, or delete the organization. See "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)" and "[AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account)."
+* **If there are other owners**: Remove the user from the organization. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)."
+
+You cannot delete **your own user account**. If you need to delete your own user account, ask another site administrator to delete your account for you.
+
+If you have enabled SCIM provisioning on your instance, you cannot delete **users who have been provisioned by SCIM**.
+
+## Should I delete or suspend a user account?
+
+{% data variables.product.prodname_dotcom %} recommends suspending users where possible, rather than deleting their accounts. Suspending user accounts on {% data variables.product.product_name %} preserves the history of resources owned by the user account, such as repositories and pull requests, and releases the licensed seat previously consumed by the user. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users)."
+
+As an alternative to deleting or suspending a user account, to stop a user's repositories being permanently removed from your enterprise you can place a legal hold on the user account. See "[Placing a legal hold on a user or organization](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/placing-a-legal-hold-on-a-user-or-organization)."
+
+## Deleting a user from the site admin dashboard
+
+Before deleting a user account, you should consider if a backup or copy of the repositories, private forks, wikis, issues, and pull requests owned by the user account is required. See "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)" and "[AUTOTITLE](/repositories/archiving-a-github-repository/backing-up-a-repository)."
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.search-user %}
+{% data reusables.enterprise_site_admin_settings.click-user %}
+{% data reusables.enterprise_site_admin_settings.admin-top-tab %}
+1. Under "Delete account," in the "Danger Zone" section, click **Delete this account**.
+1. In the "Delete account" dialog box, under "Make sure you want to do this", review the changes. To confirm, enter the username of the account to be deleted.
+1. Click **Delete this account**.
+
+## Further reading
+
+* "[AUTOTITLE](/rest/enterprise-admin/users#delete-a-user)"
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md
index 104526196daf..f8914827302e 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md
@@ -1,6 +1,6 @@
---
title: Enabling guest collaborators
-intro: "You can use the role of guest collaborator to grant limited access to vendors and contractors in your enterprise."
+intro: "Learn how to enable guest collaborators in your identity provider and add guest collaborators to your enterprise."
versions:
feature: guest-collaborators
topics:
@@ -13,18 +13,21 @@ topics:
{% data reusables.emus.about-guest-collaborators %}
-All repository access for organization members, including guest collaborators, is governed by the base permission policy for the organization. See "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization)."
+## Enabling guest collaborators in your IdP
-If you use Microsoft Entra ID (previously known as Azure AD) or Okta for SAML authentication, or if you use Entra ID for OIDC authentication, you may need to update your IdP application to use guest collaborators.
+If you use **Microsoft Entra ID** (previously known as Azure AD) or **Okta** for authentication, you may need update the {% data variables.product.prodname_emus %} application in your IdP.
-## Enabling guest collaborators with Entra ID
+* "[Enabling guest collaborators with Entra ID](#enabling-guest-collaborators-with-entra-id)"
+* "[Enabling guest collaborators with Okta](#enabling-guest-collaborators-with-okta)"
+
+### Enabling guest collaborators with Entra ID
1. Sign into the Microsoft Azure portal.
1. Click **Identity**.
1. Click **Applications**.
1. Click **Enterprise applications**.
1. Click **All applications**.
-1. View the details for your {% data variables.product.prodname_emus %} application
+1. View the details for your {% data variables.product.prodname_emus %} application.
1. In the left sidebar, click **Users and Groups**.
1. View the application registration.
@@ -63,7 +66,7 @@ If you use Microsoft Entra ID (previously known as Azure AD) or Okta for SAML au
{% endnote %}
1. Click **Save**.
-## Enabling guest collaborators with Okta
+### Enabling guest collaborators with Okta
To add the guest collaborator role to your Okta application:
@@ -77,25 +80,35 @@ To add the guest collaborator role to your Okta application:
* For "Value", type `guest_collaborator`.
1. Click **Save**.
-## Enabling guest collaborators with PingFederate
+## Adding guest collaborators to your enterprise
-For more information about adding guest collaborators using PingFederate, see "[Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_configure_pingfederate_for_provisioning_and_sso)."
+When guest collaborators are enabled in your IdP, you can use SCIM to provision users with the `guest_collaborator` role.
-## Enabling guest collaborators with the GitHub REST API
+* If you use a partner IdP, use the "Roles" attribute in the {% data variables.product.prodname_emus %} application.
+* If you use the SCIM endpoints of {% data variables.product.company_short %}'s REST API to provision users, use the `roles` user attribute.
-For more information about adding guest collaborators with SCIM using GitHub's REST API, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api#user-and-group-attributes)."
+For more information about partner IdPs and other identity management systems, see "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems)."
-## Adding guest collaborators to your enterprise
+## Giving guest collaborators access to resources
+
+When you have added a guest collaborator to your enterprise, you can add the user to specific organizations or repositories.
+
+### Add the user to an organization
+
+To give the user access to repositories in an organization, add the user as a **member of the organization**.
-After you enable guest collaborators, you can add guest collaborators to your enterprise as you would any other user. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#assigning-users-and-groups)."
+* As for all members, the base permission policy for the organization determines whether the user has access to internal and private repositories by default. See "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization)."
+* Guest collaborators can be members of IdP groups that are connected to {% data variables.product.prodname_dotcom %} teams, and will be added to the organization via SCIM, just like other enterprise members. See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
-When you have added a guest collaborator to your enterprise, to give the user access to repositories in the enterprise, you can do either of the following things.
+### Add the user to a repository
-* To give the user access to repositories in an organization, add the user as a **member of the organization**.
+To give the user access to specific repositories, add the user to the repositories as a **repository collaborator**.
- The base permission policy for the organization determines whether the guest collaborator has access to internal and private repositories. If the base permission is set to "No permission", the guest collaborator will not have access to internal and private repositories unless added directly to one of the repositories as a collaborator, or through an authorized team. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization)."
-* To give the user access to specific repositories, add the guest collaborator to the repositories as a **repository collaborator**.
+This gives the user access to the repository without giving them access to other internal or private repositories in the same organization. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators-or-repository-collaborators)."
- This gives the user access to the repository without giving them access to other internal or private repositories in the same organization. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators-or-repository-collaborators)."
+## Further reading
-Guest collaborators can be members of IdP groups that are connected to {% data variables.product.prodname_dotcom %} teams, and will be added to the organization via SCIM, just like other enterprise members. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+* [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-enterprise-managed-user-provisioning-tutorial) in the Entra ID documentation
+* [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_configure_pingfederate_for_provisioning_and_sso) in the PingIdentity documentation
+* "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta)"
+* "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)"
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/index.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/index.md
index 739b6f763bfb..f0a27e358be8 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/index.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/index.md
@@ -33,10 +33,10 @@ children:
- /removing-a-member-from-your-enterprise
- /managing-dormant-users
- /suspending-and-unsuspending-users
+ - /deleting-users-from-your-instance
- /placing-a-legal-hold-on-a-user-or-organization
- /auditing-ssh-keys
- /rebuilding-contributions-data
- /enabling-guest-collaborators
shortTitle: Manage users
---
-
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users.md
index c6b01def2916..58dce976f8d8 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users.md
@@ -23,6 +23,8 @@ topics:
{% data reusables.enterprise-accounts.dormant-user-activity %}
+> [!NOTE] You cannot mark a dormant user as active. To become active, a user must perform one of the activities listed above.
+
{% ifversion ghec %}
When assessing user dormancy, we only consider organizations, repositories, or sign-on events that are associated with the enterprise. For example, a user who has recently commented on an issue in a public repository outside of the enterprise may be considered dormant, while a user who has commented on an issue in a public repository within the enterprise will not be considered dormant.
{% endif %}
@@ -39,6 +41,8 @@ Dormancy applies to both enterprise members and outside collaborators.
{% ifversion ghes %}
+Dormant users are not automatically suspended. Consider suspending dormant users to release license seats. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users)."
+
## Viewing dormant users
{% data reusables.enterprise-accounts.viewing-dormant-users %}
@@ -73,7 +77,7 @@ Dormancy applies to both enterprise members and outside collaborators.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.enterprise-accounts-compliance-tab %}
-1. Scroll to "Other."
+1. Scroll to "Reports".
1. Optionally, to generate a new report, next to "Dormant Users", click **New report**.
1. Under "Recent reports", next to the report you want to download, click {% octicon "download" aria-hidden="true" %} **Download**.
{% endif %}
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md
index bff1073bd104..187c6d8b0a7b 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md
@@ -16,7 +16,9 @@ shortTitle: Manage support entitlements
People with support entitlements for your enterprise account can use the support portal to open, view, and comment on support tickets associated with the enterprise account.
-Enterprise owners and billing managers automatically have a support entitlement. Enterprise owners can add support entitlements to up to 20 additional members of organizations owned by their enterprise account.
+Enterprise owners and billing managers automatically have a support entitlement. Enterprise owners can add support entitlements to a limited number of enterprise members.
+* **{% data variables.product.premium_support_plan %}**: Up to 20 members
+* **{% data variables.product.premium_plus_support_plan %}**: Up to 40 members
## Adding a support entitlement to an enterprise member
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md
index ab6ec03c33e5..ec9c0edc8f1d 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md
@@ -17,13 +17,16 @@ topics:
- Enterprise
shortTitle: Manage administrators
---
-{% tip %}
-**Note:** If [LDAP Sync is enabled](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync) and the `Administrators group` attribute is set when [configuring LDAP access for users](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#configuring-ldap-with-your-github-enterprise-server-instance), those users will automatically have site administrator access to your instance. In this case, you can't manually promote users with the steps below; you must add them to the LDAP administrators group.
+> [!NOTE] For information about promoting a user to an organization owner, see the `ghe-org-admin-promote` section of "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-admin-promote)."
-{% endtip %}
+## Considerations with external authentication
-For information about promoting a user to an organization owner, see the `ghe-org-admin-promote` section of "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-admin-promote)."
+If you use certain external authentication features, you may not be able to manage promotion and demotion from the enterprise settings or command line:
+
+* If you use SAML authentication, and have _not_ selected **Disable administrator demotion/promotion** in the SAML settings in the site admin dashboard, administrator rights will be determined by your SAML provider.
+* If you have enabled SCIM provisioning, for SCIM-provisioned users, you must manage roles from your identity provider.
+* If LDAP Sync is enabled, and the `Administrators group` attribute is set when configuring LDAP access for users, those users will automatically have site administrator access to your instance. To promote users, you must add them to the LDAP `Administrators group`.
## Promoting a user from the enterprise settings
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md
index b81f01ff5a0c..9fcb8fc4436c 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md
@@ -55,6 +55,8 @@ When a user has joined your {% data variables.product.prodname_ghe_server %} ins
* Add the user to an organization. See "[AUTOTITLE](/organizations/managing-membership-in-your-organization/adding-people-to-your-organization)."
* Invite the user to become an enterprise owner. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise)."
+If you provision users with SCIM, you assign each user's enterprise role on your identity provider (IdP). The role cannot be changed on {% data variables.product.prodname_dotcom %}.
+
{% endif %}
## Enterprise owners
@@ -81,7 +83,7 @@ Billing managers only have access to your enterprise's billing settings. They ca
* View a list of billing managers
* Add or remove other billing managers
-Billing managers do not have access to organization settings or content by default.
+Billing managers do not have access to organization settings or content by default except for internal repositories within an enterprise in which they are a member.
{% endif %}
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md
index 56e5c4116d06..50b6aeb3a9d3 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md
@@ -20,6 +20,7 @@ topics:
- User account
shortTitle: Manage user suspension
---
+
## About suspended users
If employees leave the company, you can suspend their {% data variables.product.prodname_ghe_server %} accounts to open up user licenses in your {% data variables.product.prodname_enterprise %} license while preserving the issues, comments, repositories, gists, and other data they created. Suspended users cannot sign into your instance, nor can they push or pull code.
@@ -29,18 +30,21 @@ When you suspend a user, the change takes effect immediately with no notificatio
```shell
$ git clone git@[hostname]:john-doe/test-repo.git
Cloning into 'test-repo'...
-ERROR: Your account is suspended. Please check with
+ERROR: Your account is suspended. Please check with
your installation administrator.
fatal: The remote end hung up unexpectedly
```
-Before suspending site administrators, you must demote them to regular users. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator)."
+> [!TIP] {% data variables.product.prodname_dotcom %} recommends suspending users where possible, rather than deleting their accounts.
+
+## Scenarios where you cannot suspend users
-{% tip %}
+Before suspending site administrators, you must demote them to regular users. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator)."
-**Note:** If [LDAP Sync is enabled](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync) for {% data variables.location.product_location %}, users are automatically suspended when they're removed from the LDAP directory server. When LDAP Sync is enabled for your instance, normal user suspension methods are disabled.
+If you use certain external authentication features, you cannot manage user suspension from the site admin dashboard or command line:
-{% endtip %}
+* If LDAP Sync is enabled for {% data variables.location.product_location %}, users are automatically suspended based on the scenarios that are described in "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)."
+* If SCIM provisioning is enabled, SCIM-provisioned users must be suspended or unsuspended through your identity provider.
## Viewing suspended users in the site admin dashboard
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md
index a27da5370a50..024b5265b2d7 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md
@@ -1,7 +1,8 @@
---
title: Viewing and managing a user's SAML access to your enterprise
-intro: 'You can view and revoke an enterprise member''s linked identity, active sessions, and authorized credentials.'
-permissions: Enterprise owners can view and manage a member's SAML access to an organization.
+intro: 'You can view and revoke an enterprise member''s {% ifversion ghec %}linked identity, active sessions, and authorized credentials{% else %}active SAML sessions{% endif %}.'
+permissions: Enterprise owners
+product: '{% ifversion ghes %}Instances that have configured SCIM provisioning{% endif %}'
redirect_from:
- /github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise-account
- /github/setting-up-and-managing-your-enterprise-account/viewing-and-managing-a-users-saml-access-to-your-enterprise-account
@@ -10,16 +11,24 @@ redirect_from:
- /admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise
versions:
ghec: '*'
+ feature: scim-for-ghes-public-beta
topics:
- Enterprise
shortTitle: View & manage SAML access
---
+
## About SAML access to your enterprise account
When you enable SAML single sign-on for your enterprise account, each enterprise member can link their external identity on your identity provider (IdP) to their existing account on {% data variables.location.product_location %}. {% data reusables.saml.about-saml-access-enterprise-account %}
+{% ifversion ghec %}
+
If your enterprise is uses {% data variables.product.prodname_emus %}, your members will use accounts provisioned through your IdP. {% data variables.enterprise.prodname_managed_users_caps %} will not use their existing user account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+{% endif %}
+
+{% ifversion ghec %}
+
## Viewing and revoking a linked identity
{% data reusables.saml.about-linked-identities %}
@@ -36,6 +45,8 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you will not
{% data reusables.saml.revoke-sso-identity %}
{% data reusables.saml.confirm-revoke-identity %}
+{% endif %}
+
## Viewing and revoking an active SAML session
{% data reusables.enterprise-accounts.access-enterprise %}
@@ -45,6 +56,8 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you will not
{% data reusables.saml.view-saml-sessions %}
{% data reusables.saml.revoke-saml-session %}
+{% ifversion ghec %}
+
## Viewing and revoking authorized credentials
{% data reusables.saml.about-authorized-credentials %}
@@ -60,3 +73,5 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you will not
## Further reading
* "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization)"
+
+{% endif %}
diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md
index dc41d3843083..29f159a5563f 100644
--- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md
+++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md
@@ -86,9 +86,7 @@ If a user has multiple roles in an enterprise, the user is counted once for each
An "outside collaborator" is a user who has access to a repository in an organization, but is not a member of the organization. The user might be an outside collaborator in one organization in your enterprise and a member of another organization. In this case, the user counts towards each total. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/adding-outside-collaborators-to-repositories-in-your-organization)."
-{% ifversion ghec %}
-If your enterprise uses {% data variables.enterprise.prodname_managed_users %}, an "unaffiliated user" is someone who been provisioned with a user account, but is not a member of any of your organizations.
-{% endif %}
+If your enterprise uses {% ifversion ghec %}{% data variables.enterprise.prodname_managed_users %}{% else %}SCIM provisioning{% endif %}, an "unaffiliated" user is someone who been provisioned with a user account, but is not a member of any of your organizations.
{% ifversion ghec %}
@@ -174,16 +172,16 @@ If you use {% data variables.visual_studio.prodname_vss_ghe %}, the list of pend
-## Viewing suspended members in an {% data variables.enterprise.prodname_emu_enterprise %}
+{% endif %}
+
+## Viewing suspended members
-If your enterprise uses {% data variables.product.prodname_emus %}, you can view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+If your enterprise uses {% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}SCIM provisioning{% endif %}, you can view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the application or deleted on the identity provider.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.people-tab %}
1. Under "People", click **Suspended**.
-{% endif %}
-
## Viewing dormant users
You can view a list of all dormant users {% ifversion ghes %} who have not been suspended and {% endif %}who are not site administrators. {% data reusables.enterprise-accounts.dormant-user-activity-threshold %} For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users)."
@@ -205,11 +203,27 @@ You can view a list of all dormant users {% ifversion ghes %} who have not been
{% endif %}
+{% ifversion scim-for-ghes-public-beta %}
+
+## Filtering by account type (SAML and SCIM)
+
+If you use SAML authentication and SCIM provisioning, you can filter members based on how they authenticate and how their account was created.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.people-tab %}
+1. Select **Account Type**, then choose from the following options.
+
+ * **Built-in**: Users with local accounts on {% data variables.location.product_location %} who authenticate with a username and password.
+ * **SAML linked**: Users who authenticate with SAML via an identity provider, but were not provisioned by SCIM.
+ * **SAML and SCIM linked**: Users who authenticate with SAML via an identity provider, and were provisioned by SCIM.
+
+{% endif %}
+
{% ifversion ghec or ghes %}
## Viewing members without an email address from a verified domain
-You can view a list of members in your enterprise who don't have an email address from a verified domain associated with their user account on {% data variables.product.prodname_dotcom_the_website %}.
+You can view a list of members in your enterprise who don't have an email address from a verified domain associated with their user account.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
diff --git a/content/admin/code-security/index.md b/content/admin/managing-code-security/index.md
similarity index 92%
rename from content/admin/code-security/index.md
rename to content/admin/managing-code-security/index.md
index 41df3aced5ad..49fbcc32d699 100644
--- a/content/admin/code-security/index.md
+++ b/content/admin/managing-code-security/index.md
@@ -11,4 +11,7 @@ topics:
children:
- /managing-github-advanced-security-for-your-enterprise
- /managing-supply-chain-security-for-your-enterprise
+redirect_from:
+ - /admin/code-security
---
+
diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md
similarity index 98%
rename from content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md
rename to content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md
index 78414f8e5ab8..7614d018b0ca 100644
--- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md
+++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/configuration/configuring-code-scanning-for-your-appliance
- /admin/configuration/configuring-code-scanning-for-your-appliance
- /admin/advanced-security/configuring-code-scanning-for-your-appliance
+ - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance
versions:
ghes: '*'
ghec: '*'
diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md
similarity index 93%
rename from content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md
rename to content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md
index b9b754975428..2461826861db 100644
--- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md
+++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md
@@ -1,7 +1,7 @@
---
title: Configuring dependency review for your appliance
shortTitle: Configuring dependency review
-intro: 'To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
+intro: 'To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.product.prodname_ghe_server %}.'
product: '{% data reusables.gated-features.dependency-review %}'
versions:
feature: dependency-review-action-ghes
@@ -11,6 +11,8 @@ topics:
- Enterprise
- Dependency review
- Security
+redirect_from:
+ - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
---
## About dependency review
diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md
similarity index 82%
rename from content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md
rename to content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md
index 39d448929396..37a0157f2b16 100644
--- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md
+++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md
@@ -1,11 +1,12 @@
---
title: Configuring secret scanning for your appliance
shortTitle: Configuring secret scanning
-intro: 'You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.location.product_location %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.'
+intro: 'You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.'
product: '{% data reusables.gated-features.secret-scanning %}'
redirect_from:
- /admin/configuration/configuring-secret-scanning-for-your-appliance
- /admin/advanced-security/configuring-secret-scanning-for-your-appliance
+ - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance
versions:
ghes: '*'
type: how_to
@@ -18,7 +19,7 @@ topics:
## About {% data variables.product.prodname_secret_scanning %}
-If someone checks a secret with a known pattern into a repository, {% data variables.product.prodname_secret_scanning %} catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the **Security** tab for the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+If someone checks a secret with a known pattern into a repository, {% data variables.product.prodname_secret_scanning %} catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the **Security** tab for the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
## Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
@@ -26,7 +27,7 @@ If someone checks a secret with a known pattern into a repository, {% data varia
## Prerequisites for {% data variables.product.prodname_secret_scanning %}
-* The SSSE3 (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.location.product_location %}. For more information about SSSE3, see [Intel 64 and IA-32 Architectures Optimization Reference Manual](https://cdrdv2-public.intel.com/671488/248966-Software-Optimization-Manual-R047.pdf) in the Intel documentation.
+* The SSSE3 (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.prodname_ghe_server %}. For more information about SSSE3, see [Intel 64 and IA-32 Architectures Optimization Reference Manual](https://cdrdv2-public.intel.com/671488/248966-Software-Optimization-Manual-R047.pdf) in the Intel documentation.
* A license for {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghes %} (see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)"){% endif %}
@@ -43,7 +44,7 @@ The SSSE3 set of instructions is required because {% data variables.product.prod
grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null | echo $?
```
- If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %} for {% data variables.location.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_secret_scanning %}](#enabling-secret-scanning)" below.
+ If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %}. For more information, see "[Enabling {% data variables.product.prodname_secret_scanning %}](#enabling-secret-scanning)" below.
If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to refer to the documentation of the hardware/hypervisor on how to enable the flag, or make it available to guest VMs.
diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md
similarity index 90%
rename from content/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md
rename to content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md
index 28cfdd0edaf4..18ed006bdedf 100644
--- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md
+++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md
@@ -5,6 +5,7 @@ intro: 'You can configure {% data variables.product.product_name %} to include {
product: '{% data reusables.gated-features.ghas %}'
redirect_from:
- /admin/advanced-security/enabling-github-advanced-security-for-your-enterprise
+ - /admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise
versions:
ghes: '*'
type: how_to
@@ -37,7 +38,7 @@ For guidance on a phased deployment of GitHub Advanced Security, see "[AUTOTITLE
1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. For information about licensing, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
1. Download the new license file. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise)."
-1. Upload the new license file to {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)."
+1. Upload the new license file to {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)."
1. Review the prerequisites for the features you plan to enable.
* {% data variables.product.prodname_code_scanning_caps %}, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#prerequisites-for-code-scanning)."
@@ -58,7 +59,7 @@ When {% data variables.product.product_name %} has finished restarting, you're r
## Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} features via the administrative shell (SSH)
-You can enable or disable features programmatically on {% data variables.location.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config)."
+You can enable or disable features programmatically on {% data variables.product.prodname_ghe_server %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config)."
For example, you can enable any {% data variables.product.prodname_GH_advanced_security %} feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/index.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md
similarity index 91%
rename from content/admin/code-security/managing-github-advanced-security-for-your-enterprise/index.md
rename to content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md
index ccaa78894887..71f0de24554c 100644
--- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/index.md
+++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/configuration/configuring-advanced-security-features
- /admin/configuration/configuring-advanced-security-features
- /admin/advanced-security
+ - /admin/code-security/managing-github-advanced-security-for-your-enterprise
versions:
ghec: '*'
ghes: '*'
@@ -19,3 +20,4 @@ children:
- /configuring-dependency-review-for-your-appliance
- /configuring-secret-scanning-for-your-appliance
---
+
diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md
similarity index 67%
rename from content/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md
rename to content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md
index 047249ab2b6b..adde586c5238 100644
--- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md
+++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md
@@ -12,17 +12,15 @@ topics:
- Secret scanning
- Repositories
shortTitle: Manage GitHub Advanced Security
+redirect_from:
+ - /admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise
---
## About management of {% data variables.product.prodname_advanced_security %} features
You can use {% data variables.product.prodname_advanced_security %} features to harden security for the organizations in your enterprise. {% ifversion security-configurations %}{% data reusables.security-configurations.enable-security-features-with-gh-config %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
To manage individual {% data variables.product.prodname_GH_advanced_security %} features, {% else %}To streamline management of {% data variables.product.prodname_advanced_security %}, {% endif %}you can enable or disable each feature for all existing and/or new repositories within the organizations owned by your enterprise.
@@ -46,25 +44,8 @@ When you enable one or more security and analysis features for existing reposito
1. Optionally, enable or disable a feature for all existing repositories.
* To the right of the feature, click **Disable all** or **Enable all**. {% ifversion ghes or ghec %}If the control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled, you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
-
- {% ifversion ghec %}
- 
-
- {% elsif ghes > 3.12 %}
- 
-
- {% else %}
- {% endif %}
* To confirm the change, click the **Enable/Disable all** or **Enable/Disable for eligible repositories** button in the dialog that is displayed.
1. Optionally, to enable or disable a feature automatically when new private and internal repositories{% ifversion secret-scanning-user-owned-repos %}, user namespace repositories {% ifversion ghec %}belonging to {% data variables.product.prodname_emus %}{% endif %}{% endif %}, or public repositories and repositories with {% data variables.product.prodname_GH_advanced_security %} enabled are created, select the checkbox below the feature.
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-1. Optionally, to automatically allow {% data variables.product.prodname_secret_scanning %} to check the validity of a secret by sending it to the relevant partner, select the relevant checkbox under "{% data variables.product.prodname_secret_scanning_caps %}". You can also enable the validity check for a single repository or organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)," and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)."
-
- For information on using the REST API to enable validity checks for partner patterns for your enterprise, see "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis#update-code-security-and-analysis-features-for-an-enterprise)."
-
- {% data reusables.secret-scanning.validity-check-partner-patterns-beta %}
-
-{%- endif %}
{% ifversion secret-scanning-custom-link-on-block %}
1. Optionally, to include a resource link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**.
diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
new file mode 100644
index 000000000000..66da3f1b069e
--- /dev/null
+++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
@@ -0,0 +1,23 @@
+---
+title: About supply chain security for your enterprise
+intro: You can enable features that help your developers understand and update the dependencies their code relies on.
+shortTitle: About supply chain security
+permissions: ''
+versions:
+ ghes: '*'
+type: how_to
+topics:
+ - Enterprise
+ - Security
+ - Dependency graph
+redirect_from:
+ - /admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise
+---
+
+You can allow users to identify their projects' dependencies by enabling the dependency graph for {% data variables.product.prodname_ghe_server %}. For more information, see "[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)."
+
+{% data reusables.dependency-review.dependency-review-enabled-ghes %}
+
+You can also allow users to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
+
+After you enable {% data variables.product.prodname_dependabot_alerts %}, you can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_ghe_server %} and manually sync the data. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)."
diff --git a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
similarity index 73%
rename from content/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
rename to content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
index 48a53ca0c3f3..9d31af05350d 100644
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
+++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
@@ -1,6 +1,6 @@
---
title: Configuring Dependabot to work with limited internet access
-intro: 'You can configure {% data variables.product.prodname_dependabot %} to generate pull requests for version and security updates using private registries when {% data variables.location.product_location %} has limited, or no, internet access.'
+intro: 'You can configure {% data variables.product.prodname_dependabot %} to generate pull requests for version and security updates using private registries when {% data variables.product.prodname_ghe_server %} has limited, or no, internet access.'
versions:
feature: dependabot-ghes-no-public-internet
type: how_to
@@ -11,13 +11,15 @@ topics:
- Repositories
- Dependencies
shortTitle: Limited internet access
+redirect_from:
+ - /admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access
---
## About {% data variables.product.prodname_dependabot %} updates
-You can use {% data variables.product.prodname_dependabot_updates %} to fix vulnerabilities and keep dependencies updated to the latest version in {% data variables.location.product_location %}. {% data variables.product.prodname_dependabot_updates %} require {% data variables.product.prodname_actions %} with self-hosted runners set up for {% data variables.product.prodname_dependabot %} to use. {% data variables.product.prodname_dependabot %} alerts and security updates use information from the {% data variables.product.prodname_advisory_database %} accessed using {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates)" and "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
+You can use {% data variables.product.prodname_dependabot_updates %} to fix vulnerabilities and keep dependencies updated to the latest version in {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_dependabot_updates %} require {% data variables.product.prodname_actions %} with self-hosted runners set up for {% data variables.product.prodname_dependabot %} to use. {% data variables.product.prodname_dependabot %} alerts and security updates use information from the {% data variables.product.prodname_advisory_database %} accessed using {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates)" and "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-{% data reusables.dependabot.private-registry-support %} Alternatively, if {% data variables.location.product_location %} has limited or no internet access, you can configure {% data variables.product.prodname_dependabot %} to use only private registries as a source for security and version updates. For information on which ecosystems are supported as private registries, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries#about-configuring-dependabot-to-only-access-private-registries)."
+{% data reusables.dependabot.private-registry-support %} Alternatively, if your instance has limited or no internet access, you can configure {% data variables.product.prodname_dependabot %} to use only private registries as a source for security and version updates. For information on which ecosystems are supported as private registries, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries#about-configuring-dependabot-to-only-access-private-registries)."
The instructions below assume that you need to set up {% data variables.product.prodname_dependabot %} runners with the following limitations.
* No internet access.
@@ -27,7 +29,7 @@ The instructions below assume that you need to set up {% data variables.product.
Before configuring {% data variables.product.prodname_dependabot %}, install Docker on your self-hosted runner. For more information, see "[AUTOTITLE](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates#configuring-self-hosted-runners-for-dependabot-updates)."
-1. On {% data variables.location.product_location %}, navigate to the `github/dependabot-action` repository and retrieve information about the `dependabot-updater` and `dependabot-proxy` container images from the `containers.json` file.
+1. On {% data variables.product.prodname_ghe_server %}, navigate to the `github/dependabot-action` repository and retrieve information about the `dependabot-updater` and `dependabot-proxy` container images from the `containers.json` file.
Each release of {% data variables.product.product_name %} includes an updated `containers.json` file at: `https://HOSTNAME/github/dependabot-action/blob/ghes-VERSION/docker/containers.json`. You can see the {% data variables.product.prodname_dotcom_the_website %} version of the file at: [containers.json](https://github.com/github/dependabot-action/blob/main/docker/containers.json).
@@ -49,7 +51,7 @@ Before configuring {% data variables.product.prodname_dependabot %}, install Doc
{% endnote %}
-1. When you have finished adding these images to the runner, you are ready to restrict internet access to the {% data variables.product.prodname_dependabot %} runner, ensuring that it can still access your private registries for the required ecosystems and for {% data variables.location.product_location %}.
+1. When you have finished adding these images to the runner, you are ready to restrict internet access to the {% data variables.product.prodname_dependabot %} runner, ensuring that it can still access your private registries for the required ecosystems and for {% data variables.product.prodname_ghe_server %}.
You must add the images first because {% data variables.product.prodname_dependabot %} runners pull `dependabot-updater` and `dependabot-proxy` from the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %} when {% data variables.product.prodname_dependabot %} jobs start running.
@@ -61,6 +63,6 @@ Before configuring {% data variables.product.prodname_dependabot %}, install Doc
1. For ecosystems that you want to test, click **Last checked TIME ago** to display the "Update logs" view.
1. Click **Check for updates** to check for new updates to dependencies for that ecosystem.
-When the check for updates is complete, you should check the "Update logs" view to verify that {% data variables.product.prodname_dependabot %} accessed the configured private registries on {% data variables.location.product_location %} to check for version updates.
+When the check for updates is complete, you should check the "Update logs" view to verify that {% data variables.product.prodname_dependabot %} accessed the configured private registries on your instance to check for version updates.
After you have verified that the configuration is correct, ask repository administrators to update their {% data variables.product.prodname_dependabot %} configurations to use private registries only. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries)."
diff --git a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
similarity index 79%
rename from content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
rename to content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
index 1bd232b56fe8..2f02b222e5f2 100644
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
+++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
@@ -10,6 +10,8 @@ topics:
- Enterprise
- Security
- Dependency graph
+redirect_from:
+ - /admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise
---
## About the dependency graph
@@ -20,11 +22,11 @@ topics:
After you enable the dependency graph for your enterprise, you can enable {% data variables.product.prodname_dependabot %} to detect insecure dependencies in your repository and automatically fix the vulnerabilities. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-You can enable the dependency graph via the {% data variables.enterprise.management_console %} or the administrative shell. We recommend using the {% data variables.enterprise.management_console %} unless {% data variables.location.product_location %} uses clustering.
+You can enable the dependency graph via the {% data variables.enterprise.management_console %} or the administrative shell. We recommend using the {% data variables.enterprise.management_console %} unless your instance uses clustering.
## Enabling the dependency graph via the {% data variables.enterprise.management_console %}
-If {% data variables.location.product_location %} uses clustering, you cannot enable the dependency graph with the {% data variables.enterprise.management_console %} and must use the administrative shell instead. For more information, see "[Enabling the dependency graph via the administrative shell](#enabling-the-dependency-graph-via-the-administrative-shell)."
+If your instance uses clustering, you cannot enable the dependency graph with the {% data variables.enterprise.management_console %} and must use the administrative shell instead. For more information, see "[Enabling the dependency graph via the administrative shell](#enabling-the-dependency-graph-via-the-administrative-shell)."
{% data reusables.enterprise_site_admin_settings.sign-in %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
@@ -37,7 +39,7 @@ If {% data variables.location.product_location %} uses clustering, you cannot en
## Enabling the dependency graph via the administrative shell
{% data reusables.enterprise_site_admin_settings.sign-in %}
-1. In the administrative shell, enable the dependency graph on {% data variables.location.product_location %}:
+1. In the administrative shell, enable the dependency graph:
```shell
ghe-config app.dependency-graph.enabled true
diff --git a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/index.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/index.md
similarity index 84%
rename from content/admin/code-security/managing-supply-chain-security-for-your-enterprise/index.md
rename to content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/index.md
index 1f41bb611d63..ab81395a6bcf 100644
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/index.md
+++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/index.md
@@ -11,5 +11,7 @@ children:
- /enabling-the-dependency-graph-for-your-enterprise
- /viewing-the-vulnerability-data-for-your-enterprise
- /configuring-dependabot-to-work-with-limited-internet-access
+redirect_from:
+ - /admin/code-security/managing-supply-chain-security-for-your-enterprise
---
diff --git a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md
similarity index 71%
rename from content/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md
rename to content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md
index 497f5010b062..6ca8b2a337df 100644
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md
+++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md
@@ -1,8 +1,8 @@
---
title: Viewing the vulnerability data for your enterprise
-intro: 'You can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.location.product_location %}.'
+intro: 'You can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_ghe_server %}.'
shortTitle: View vulnerability data
-permissions: 'Site administrators can view vulnerability data on {% data variables.location.product_location %}.'
+permissions: 'Site administrators'
versions:
ghes: '*'
type: how_to
@@ -10,9 +10,11 @@ topics:
- Enterprise
- Security
- Dependency graph
+redirect_from:
+ - /admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise
---
-If {% data variables.product.prodname_dependabot_alerts %} are enabled for your enterprise, you can view all vulnerabilities that were downloaded to {% data variables.location.product_location %} from the {% data variables.product.prodname_advisory_database %}.
+If {% data variables.product.prodname_dependabot_alerts %} are enabled for your enterprise, you can view all vulnerabilities that were downloaded to {% data variables.product.prodname_ghe_server %} from the {% data variables.product.prodname_advisory_database %}.
You can manually sync vulnerability data from {% data variables.product.prodname_dotcom_the_website %} to update the list.
diff --git a/content/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
similarity index 96%
rename from content/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
rename to content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
index 6eb9778344d1..5b2a4f9b1783 100644
--- a/content/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
@@ -12,6 +12,7 @@ topics:
- Infrastructure
redirect_from:
- /admin/github-actions/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
+ - /admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
---
## About backups of {% data variables.product.product_name %} when using {% data variables.product.prodname_actions %}
diff --git a/content/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/high-availability-for-github-actions.md
similarity index 95%
rename from content/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions.md
rename to content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/high-availability-for-github-actions.md
index f2de79704559..bdc85d77f82d 100644
--- a/content/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/high-availability-for-github-actions.md
@@ -12,6 +12,7 @@ topics:
- Storage
redirect_from:
- /admin/github-actions/high-availability-for-github-actions
+ - /admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions
shortTitle: HA for GitHub Actions
---
## Replication or redundancy of your {% data variables.product.prodname_actions %} data
diff --git a/content/admin/github-actions/advanced-configuration-and-troubleshooting/index.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md
similarity index 87%
rename from content/admin/github-actions/advanced-configuration-and-troubleshooting/index.md
rename to content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md
index 41a97dbb6535..62e5a393ee74 100644
--- a/content/admin/github-actions/advanced-configuration-and-troubleshooting/index.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md
@@ -11,5 +11,7 @@ children:
- /using-a-staging-environment
- /troubleshooting-github-actions-for-your-enterprise
shortTitle: HA & troubleshooting
+redirect_from:
+ - /admin/github-actions/advanced-configuration-and-troubleshooting
---
diff --git a/content/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md
similarity index 96%
rename from content/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md
rename to content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md
index 65de7e88849a..ccce4dd5fbfa 100644
--- a/content/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md
@@ -11,6 +11,7 @@ topics:
- Troubleshooting
redirect_from:
- /admin/github-actions/troubleshooting-github-actions-for-your-enterprise
+ - /admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise
shortTitle: Troubleshoot GitHub Actions
---
@@ -182,15 +183,15 @@ If any of these services are at or near 100% CPU utilization, or the memory is n
## Troubleshooting bundled actions in {% data variables.product.prodname_actions %}
-If you receive the following error when installing {% data variables.product.prodname_actions %} in {% data variables.product.prodname_ghe_server %}, you can resolve the problem by installing the official bundled actions and starter workflows.
+If you receive the following error when installing {% data variables.product.prodname_actions %} in {% data variables.product.prodname_ghe_server %}, you can resolve the problem by installing the official bundled actions and workflow templates.
```shell
A part of the Actions setup had problems and needs an administrator to resolve.
```
-To install the official bundled actions and starter workflows within a designated organization in {% data variables.product.prodname_ghe_server %}, follow this procedure.
+To install the official bundled actions and workflow templates within a designated organization in {% data variables.product.prodname_ghe_server %}, follow this procedure.
-1. Identify an organization that will store the official bundled actions and starter workflows. You can create a new organization or reuse an existing one.
+1. Identify an organization that will store the official bundled actions and workflow templates. You can create a new organization or reuse an existing one.
* To create a new organization, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch)."
* For assistance with choosing a name for this organization, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server#reserved-names)."
diff --git a/content/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
similarity index 97%
rename from content/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
rename to content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
index bcbb6e8b4c17..0d84cb19db01 100644
--- a/content/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
@@ -11,6 +11,7 @@ topics:
- Upgrades
redirect_from:
- /admin/github-actions/using-a-staging-environment
+ - /admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment
shortTitle: Use staging environment
---
diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
similarity index 98%
rename from content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
rename to content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
index 89da0e12b926..e17ca79a8fd0 100644
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
@@ -12,6 +12,7 @@ topics:
- Storage
redirect_from:
- /admin/github-actions/enabling-github-actions-with-amazon-s3-storage
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage
shortTitle: Amazon S3 storage
---
diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
similarity index 98%
rename from content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
rename to content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
index cf9fa9e1d8a1..9447c556601c 100644
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
@@ -12,6 +12,7 @@ topics:
- Storage
redirect_from:
- /admin/github-actions/enabling-github-actions-with-azure-blob-storage
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage
shortTitle: Azure Blob storage
---
diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
similarity index 98%
rename from content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
rename to content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
index 4be406b826c1..a278f2c3caf1 100644
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
@@ -11,6 +11,8 @@ topics:
- Infrastructure
- Storage
shortTitle: Google Cloud Storage
+redirect_from:
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage
---
{% note %}
diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
similarity index 95%
rename from content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
rename to content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
index 0818836b6787..8052d6e66482 100644
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
@@ -13,6 +13,7 @@ topics:
redirect_from:
- /admin/github-actions/enabling-github-actions-with-minio-gateway-for-nas-storage
- /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-gateway-for-nas-storage
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage
shortTitle: MinIO storage
---
diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/index.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/index.md
similarity index 85%
rename from content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/index.md
rename to content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/index.md
index bf48e31352bd..a0fff0d9f1c2 100644
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/index.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/index.md
@@ -12,5 +12,7 @@ children:
- /enabling-github-actions-with-minio-storage
- /managing-self-hosted-runners-for-dependabot-updates
shortTitle: Enable GitHub Actions
+redirect_from:
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server
---
diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md
similarity index 97%
rename from content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md
rename to content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md
index 13eac7e3ee27..17967291debc 100644
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md
@@ -3,6 +3,7 @@ title: Managing self-hosted runners for Dependabot updates on your enterprise
intro: 'You can create dedicated runners for {% data variables.location.product_location %} that {% data variables.product.prodname_dependabot %} uses to create pull requests to help secure and maintain the dependencies used in repositories on your enterprise.'
redirect_from:
- /admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates
+ - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates
allowTitleToDifferFromFilename: true
versions:
ghes: '> 3.2'
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md
similarity index 94%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md
index 653a970e4acf..bb5abae657d9 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md
@@ -9,6 +9,8 @@ type: overview
topics:
- Actions
- Enterprise
+redirect_from:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
---
@@ -23,7 +25,7 @@ topics:
| Automatically and securely package code into artifacts and containers | "[AUTOTITLE](/actions/publishing-packages/about-packaging-with-github-actions)" |
| Automate your project management tasks | "[AUTOTITLE](/actions/managing-issues-and-pull-requests/using-github-actions-for-project-management)" |
-{% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, teams merge significantly more pull requests per day, and the pull requests are merged significantly faster. For more information, see "[Writing and shipping code faster](https://octoverse.github.com/2021/writing-code-faster/#scale-through-automation)" in the State of the Octoverse.
+{% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, pull requests are typically merged faster, allowing teams to merge more pull requests per day.
You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. {% ifversion ghec %}For more information, see "[AUTOTITLE](/actions/learn-github-actions/finding-and-customizing-actions)."{% else %}You can restrict your developers to using actions that exist on {% data variables.location.product_location %}, or you can allow your developers to access actions on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."{% endif %}
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md
similarity index 95%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md
index 3200a6d5af14..da4e39b92ba2 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md
@@ -9,6 +9,8 @@ type: how_to
topics:
- Actions
- Enterprise
+redirect_from:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
---
## About {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_cloud %}
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md
similarity index 98%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md
index 31b6bac45a3d..6ea0563a0776 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md
@@ -8,6 +8,7 @@ redirect_from:
- /admin/github-actions/enabling-github-actions-and-configuring-storage
- /admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server
- /admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md
similarity index 98%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md
index 77b86ef103b7..3841c861ef9c 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md
@@ -11,6 +11,8 @@ topics:
- Actions
- Enterprise
- Fundamentals
+redirect_from:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
---
## About self-hosted runners for {% data variables.product.prodname_actions %}
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/index.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md
similarity index 86%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/index.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md
index 6e441691d6dd..a53d735eac7d 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/index.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md
@@ -15,4 +15,7 @@ children:
- /getting-started-with-github-actions-for-github-enterprise-server
- /getting-started-with-self-hosted-runners-for-your-enterprise
shortTitle: Get started
+redirect_from:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise
---
+
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md
similarity index 97%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md
index 03ab50126421..645e4515fa3d 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md
@@ -9,6 +9,8 @@ type: how_to
topics:
- Actions
- Enterprise
+redirect_from:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
---
## About {% data variables.product.prodname_actions %} for enterprises
@@ -73,7 +75,7 @@ Think about how your enterprise can use features of {% data variables.product.pr
With reusable workflows, your team can call one workflow from another workflow, avoiding exact duplication. Reusable workflows promote best practice by helping your team use workflows that are well designed and have already been tested. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)."
-To provide a starting place for developers building new workflows, you can use starter workflows. This not only saves time for your developers, but promotes consistency and best practice across your enterprise. For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
+To provide a starting place for developers building new workflows, you can use workflow templates. This not only saves time for your developers, but promotes consistency and best practice across your enterprise. For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
{% ifversion not internal-actions %}
Whenever your workflow developers want to use an action that's stored in a private repository, they must configure the workflow to clone the repository first. To reduce the number of repositories that must be cloned, consider grouping commonly used actions in a single repository. For more information, see "[AUTOTITLE](/actions/creating-actions/about-custom-actions#choosing-a-location-for-your-action)."
diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md
similarity index 98%
rename from content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md
rename to content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md
index ce009707318c..bd09dba9fe80 100644
--- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md
@@ -9,6 +9,8 @@ type: how_to
topics:
- Actions
- Enterprise
+redirect_from:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
---
## About enterprise migrations to {% data variables.product.prodname_actions %}
diff --git a/content/admin/github-actions/index.md b/content/admin/managing-github-actions-for-your-enterprise/index.md
similarity index 96%
rename from content/admin/github-actions/index.md
rename to content/admin/managing-github-actions-for-your-enterprise/index.md
index 091256ede2f7..e5ce32d7c8d7 100644
--- a/content/admin/github-actions/index.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/index.md
@@ -4,6 +4,7 @@ allowTitleToDifferFromFilename: true
intro: 'Enable {% data variables.product.prodname_actions %} on {% data variables.product.product_name %}, and manage {% data variables.product.prodname_actions %} policies and settings.'
redirect_from:
- /enterprise/admin/github-actions
+ - /admin/github-actions
versions:
ghec: '*'
ghes: '*'
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md
similarity index 98%
rename from content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md
rename to content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md
index eb3f5243b307..02abec8f664c 100644
--- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md
@@ -6,6 +6,7 @@ redirect_from:
- /admin/github-actions/about-using-githubcom-actions-on-github-enterprise-server
- /admin/github-actions/about-using-actions-on-github-enterprise-server
- /admin/github-actions/about-using-actions-in-your-enterprise
+ - /admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise
versions:
ghes: '*'
type: overview
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
similarity index 97%
rename from content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
rename to content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
index 1979cfdd6624..84a19e88a8db 100644
--- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
@@ -5,6 +5,7 @@ permissions: 'Enterprise owners can enable access to public {% data variables.pr
redirect_from:
- /enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect
- /admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect
+ - /admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/index.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/index.md
similarity index 91%
rename from content/admin/github-actions/managing-access-to-actions-from-githubcom/index.md
rename to content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/index.md
index f1a40f1e8d8c..292b454de041 100644
--- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/index.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/index.md
@@ -3,6 +3,7 @@ title: Managing access to actions from GitHub.com
intro: 'Controlling which actions on {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_marketplace %} can be used in your enterprise.'
redirect_from:
- /enterprise/admin/github-actions/managing-access-to-actions-from-githubcom
+ - /admin/github-actions/managing-access-to-actions-from-githubcom
versions:
ghes: '*'
topics:
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
similarity index 70%
rename from content/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
rename to content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
index cd278199ab44..33ce08ba65e2 100644
--- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
@@ -4,6 +4,7 @@ intro: 'For users that need access to actions from {% data variables.product.pro
redirect_from:
- /enterprise/admin/github-actions/manually-syncing-actions-from-githubcom
- /admin/github-actions/manually-syncing-actions-from-githubcom
+ - /admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom
versions:
ghes: '*'
type: tutorial
@@ -19,9 +20,11 @@ shortTitle: Manually sync actions
{% ifversion ghes %}
-The recommended approach of enabling access to actions from {% data variables.product.prodname_dotcom_the_website %} is to enable automatic access to all actions. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
+We recommend enabling automatic access to all actions by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
-However, if you want stricter control over which actions are allowed in your enterprise, you{% else %}You{% endif %} can follow this guide to use {% data variables.product.company_short %}'s open source [`actions-sync`](https://github.com/actions/actions-sync) tool to sync individual action repositories from {% data variables.product.prodname_dotcom_the_website %} to your enterprise.
+If you want stricter control over which actions are allowed in your enterprise, you{% else %}You{% endif %} can follow this guide to use our open source [`actions-sync`](https://github.com/actions/actions-sync) tool to sync individual action repositories from {% data variables.product.prodname_dotcom_the_website %} to your enterprise.
+
+When you upgrade {% data variables.product.product_name %}, bundled actions are automatically replaced with the default versions in the upgrade package. These may not be the latest available version. As a best practice, if you use `actions-sync` to update actions, you should always rerun `actions-sync` after any {% data variables.product.product_name %} upgrade (major or minor) to ensure that the actions remain up to date.
## About the `actions-sync` tool
@@ -33,14 +36,14 @@ The `actions-sync` tool can only download actions from {% data variables.product
{% note %}
-**Note:** The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
+**Note:** The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
{% endnote %}
## Prerequisites
-* Before using the `actions-sync` tool, you must ensure that all destination organizations already exist in your enterprise. The following example demonstrates how to sync actions to an organization named `synced-actions`. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch)."
-* You must create a {% data variables.product.pat_generic %} on your enterprise that can create and write to repositories in the destination organizations. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% ifversion ghes %}
+* Before using the `actions-sync` tool, you must ensure that all destination organizations already exist in your enterprise. The following example demonstrates how to sync actions to an organization named `synced-actions`. See "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch)."
+* You must create a {% data variables.product.pat_generic %} on your enterprise that can create and write to repositories in the destination organizations. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% ifversion ghes %}
* If you want to sync the bundled actions in the `actions` organization on {% data variables.location.product_location %}, you must be an owner of the `actions` organization.
{% note %}
@@ -49,7 +52,7 @@ The `actions-sync` tool can only download actions from {% data variables.product
{% endnote %}
- Site administrators can use the `ghe-org-admin-promote` command in the administrative shell to promote a user to be an owner of the bundled `actions` organization. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-admin-promote)."
+ Site administrators can use the `ghe-org-admin-promote` command in the administrative shell to promote a user to be an owner of the bundled `actions` organization. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-admin-promote)."
```shell
ghe-org-admin-promote -u USERNAME -o actions
@@ -61,7 +64,7 @@ This example demonstrates using the `actions-sync` tool to sync an individual ac
{% note %}
-**Note:** This example uses the `actions-sync sync` command, which requires concurrent access to both the {% data variables.product.prodname_dotcom_the_website %} API and your enterprise instance's API from your machine. If you can only access one system at a time, you can use the `actions-sync pull` and `push` commands. For more information, see the [`actions-sync` README](https://github.com/actions/actions-sync#not-connected-instances).
+**Note:** This example uses the `actions-sync sync` command, which requires concurrent access to both the {% data variables.product.prodname_dotcom_the_website %} API and your enterprise instance's API from your machine. If you can only access one system at a time, you can use the `actions-sync pull` and `push` commands. See the [`actions-sync` README](https://github.com/actions/actions-sync#not-connected-instances).
{% endnote %}
@@ -92,11 +95,11 @@ This example demonstrates using the `actions-sync` tool to sync an individual ac
* The above example syncs the [`actions/stale`](https://github.com/actions/stale) repository to the `synced-actions/actions-stale` repository on the destination enterprise instance. You must create the organization named `synced-actions` in your enterprise before running the above command.
* If you omit `:destination_owner/destination_repository`, the tool uses the original owner and repository name for your enterprise. Before running the command, you must create a new organization in your enterprise that matches the owner name of the action. Consider using a central organization to store the synced actions in your enterprise, as this means you will not need to create multiple new organizations if you sync actions from different owners.
- * You can sync multiple actions by replacing the `--repo-name` parameter with `--repo-name-list` or `--repo-name-list-file`. For more information, see the [`actions-sync` README](https://github.com/actions/actions-sync#actions-sync).
+ * You can sync multiple actions by replacing the `--repo-name` parameter with `--repo-name-list` or `--repo-name-list-file`. See the [`actions-sync` README](https://github.com/actions/actions-sync#actions-sync).
1. After the action repository is created in your enterprise, people in your enterprise can use the destination repository to reference the action in their workflows. For the example action shown above:
```yaml
uses: synced-actions/actions-stale@v1
```
- For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsuses)."
+ See "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsuses)."
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md
similarity index 97%
rename from content/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md
rename to content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md
index 452b12dc0a3d..9561e3019f18 100644
--- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md
@@ -4,6 +4,7 @@ intro: 'To use the included `actions/setup` actions on self-hosted runners witho
redirect_from:
- /enterprise/admin/github-actions/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access
- /admin/github-actions/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access
+ - /admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access
versions:
ghes: '*'
type: tutorial
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
similarity index 97%
rename from content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
rename to content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
index 8f967a46109f..7076fbab666f 100644
--- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
@@ -10,6 +10,7 @@ topics:
- GitHub Connect
redirect_from:
- /admin/github-actions/using-the-latest-version-of-the-official-bundled-actions
+ - /admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions
shortTitle: Use the latest bundled actions
---
{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
similarity index 85%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
index 512b4b80d634..e249331162b1 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
@@ -12,6 +12,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy
---
{% data reusables.enterprise-accounts.azure-emu-support-oidc %}
@@ -20,7 +21,10 @@ redirect_from:
{% data reusables.enterprise-accounts.emu-cap-validates %}
-{% data variables.product.product_name %} supports CAP for any {% data variables.enterprise.prodname_emu_enterprise %} where OIDC SSO is enabled. {% data variables.product.product_name %} enforces your IdP's IP conditions but cannot enforce your device compliance conditions. Enterprise owners can choose to use this IP allow list configuration instead of {% data variables.product.product_name %}'s IP allow list, and can do so once OIDC SSO is configured. For more information about IP allow lists, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
+{% data variables.product.product_name %} supports CAP for any {% data variables.enterprise.prodname_emu_enterprise %} where OIDC SSO is enabled. Enterprise owners can choose to use this IP allow list configuration instead of {% data variables.product.product_name %}'s IP allow list, and can do so once OIDC SSO is configured. For more information about IP allow lists, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list#about-your-idps-allow-list)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
+
+* {% data variables.product.product_name %} enforces your IdP's IP conditions but cannot enforce your device compliance conditions.
+* Policies for multi-factor authentication are only enforced at the point of sign-in to the IdP.
For more information about using OIDC with {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)" and "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)."
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
similarity index 96%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
index e86e0368a732..3dc148f6eef1 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
@@ -12,6 +12,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users
---
{% data reusables.enterprise-accounts.azure-emu-support-oidc %}
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
similarity index 82%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
index ef92a2f73730..1c4652023832 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
@@ -9,6 +9,7 @@ redirect_from:
- /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users
- /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users
versions:
ghec: '*'
type: tutorial
@@ -18,6 +19,10 @@ topics:
- SSO
---
+**Before** following the steps in this article, make sure that your enterprise uses **managed users**. You can do so by checking whether your enterprise view has the "Users managed by ACCOUNT NAME" header bar at the top of the screen. If you see this, your enterprise uses **managed users** and you can follow the steps in this article.
+
+If your enterprise uses **personal accounts**, you must follow a different process to configure SAML single sign-on. See "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
+
## About SAML SSO for {% data variables.product.prodname_emus %}
With {% data variables.product.prodname_emus %}, access to your enterprise's resources on {% data variables.location.product_location %} must be authenticated through your identity provider (IdP). Instead of signing in to {% data variables.product.prodname_dotcom %} with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
@@ -28,21 +33,20 @@ After you configure SAML SSO, we recommend storing your recovery codes so you ca
## Prerequisites
-* Ensure that you understand the integration requirements and level of support for your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
-
-* Your IdP must adhere to the SAML 2.0 specification. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
-
-{% ifversion emu-public-scim-schema %}-{% endif %} To configure your IdP for SAML SSO with {% data variables.product.prodname_emus %}, you must have a tenant and administrative access on your IdP.
+* Understand the integration requirements and level of support for your IdP. See "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
+* Your IdP must adhere to the SAML 2.0 specification. See the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
+* You must have tenant administrative access to your IdP.
+* If you're configuring SAML SSO for a new enterprise, make sure to complete all previous steps in the initial configuration process. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
-## Configuring SAML SSO for {% data variables.product.prodname_emus %}
+## Configure SAML SSO for {% data variables.product.prodname_emus %}
To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterprise %}, you must configure an application on your IdP, then configure your enterprise on {% data variables.location.product_location %}. After you configure SAML SSO, you can configure user provisioning.
-1. [Configure your IdP](#configuring-your-idp)
-1. [Configure your enterprise](#configuring-your-enterprise)
-1. [Enable provisioning](#enabling-provisioning)
+1. [Configure your IdP](#configure-your-idp)
+1. [Configure your enterprise](#configure-your-enterprise)
+1. [Enable provisioning](#enable-provisioning)
-### Configuring your IdP
+### Configure your IdP
1. {% ifversion emu-public-scim-schema %}If you use a partner IdP, to install the {% data variables.product.prodname_emu_idp_application %} application, click one of the following links.{% else %}To install the {% data variables.product.prodname_emu_idp_application %} application, click the link for your IdP below:{% endif %}
@@ -73,7 +77,7 @@ To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterpr
| IdP Identifier URL | Issuer | IdP's identifier to service providers for SAML authentication |
| Signing certificate, Base64-encoded | Public certificate | Public certificate that IdP uses to sign authentication requests |
-### Configuring your enterprise
+### Configure your enterprise
After you configure SAML SSO for {% data variables.product.prodname_emus %} on your IdP, you can configure your enterprise on {% data variables.location.product_location %}.
@@ -106,11 +110,11 @@ After the initial configuration of SAML SSO, the only setting you can update on
{% data reusables.enterprise-accounts.download-recovery-codes %}
-### Enabling provisioning
+### Enable provisioning
After you enable SAML SSO, enable provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
-### Enabling guest collaborators
+### Enable guest collaborators
You can use the role of guest collaborator to grant limited access to vendors and contractors in your enterprise. Unlike enterprise members, guest collaborators only have access to internal repositories within organizations where they are a member.
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md
similarity index 94%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md
index 4261bcd96adf..f74afbb75558 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md
@@ -10,6 +10,8 @@ topics:
- Authentication
- Enterprise
- SSO
+redirect_from:
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users
---
>[!WARNING]
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md
similarity index 94%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md
index 4ac7d2c7d507..979bd5effb93 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md
@@ -14,6 +14,7 @@ permissions: 'The setup user can disable SAML or OIDC SSO and SCIM provisioning
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/disabling-authentication-for-enterprise-managed-users
- /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-for-enterprise-managed-users
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users
---
## About disabled authentication for {% data variables.product.prodname_emus %}
@@ -21,7 +22,7 @@ redirect_from:
After you disable SAML or OIDC SSO and SCIM provisioning for your enterprise, the following effects apply:
* All external identities for the enterprise will be removed. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise)."
-* All {% data variables.enterprise.prodname_managed_users %} will be suspended. The suspended accounts will not be renamed. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members-in-an-enterprise-with-managed-users)."
+* All {% data variables.enterprise.prodname_managed_users %} will be suspended. The suspended accounts will not be renamed. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members)."
* All {% data variables.product.pat_generic_plural %} and SSH keys associated with {% data variables.enterprise.prodname_managed_users %} will be deleted.
* All of the external groups provisioned by SCIM will be deleted. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md
similarity index 94%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md
index 0bb55f21bf60..56def5765b56 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md
@@ -10,6 +10,8 @@ topics:
- Authentication
- Enterprise
- SSO
+redirect_from:
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application
---
You can adjust the lifetime of a session, and how often a managed user account needs to reauthenticate with your IdP, by changing the lifetime policy property of the ID tokens issued for {% data variables.product.prodname_dotcom %} from your IdP. The default lifetime is one hour.
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/index.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/index.md
similarity index 85%
rename from content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/index.md
rename to content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/index.md
index b0901b8eae92..e3df8f5b7165 100644
--- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/index.md
+++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/index.md
@@ -2,7 +2,7 @@
title: Configuring authentication for Enterprise Managed Users
shortTitle: Authentication for managed users
product: '{% data reusables.gated-features.emus %}'
-intro: 'You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, or disable authentication for your {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.product.prodname_dotcom_the_website %}.'
+intro: 'You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, or disable authentication for your {% data variables.enterprise.prodname_emu_enterprise %}.'
versions:
ghec: '*'
topics:
@@ -16,4 +16,6 @@ children:
- /finding-the-object-id-for-your-entra-oidc-application
- /about-support-for-your-idps-conditional-access-policy
- /disabling-authentication-and-provisioning-for-enterprise-managed-users
+redirect_from:
+ - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users
---
diff --git a/content/admin/identity-and-access-management/iam-configuration-reference/index.md b/content/admin/managing-iam/iam-configuration-reference/index.md
similarity index 85%
rename from content/admin/identity-and-access-management/iam-configuration-reference/index.md
rename to content/admin/managing-iam/iam-configuration-reference/index.md
index 7cd1bcd89f93..fac9a9457d46 100644
--- a/content/admin/identity-and-access-management/iam-configuration-reference/index.md
+++ b/content/admin/managing-iam/iam-configuration-reference/index.md
@@ -12,4 +12,7 @@ topics:
children:
- /saml-configuration-reference
- /username-considerations-for-external-authentication
+redirect_from:
+ - /admin/identity-and-access-management/iam-configuration-reference
---
+
diff --git a/content/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference.md b/content/admin/managing-iam/iam-configuration-reference/saml-configuration-reference.md
similarity index 98%
rename from content/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference.md
rename to content/admin/managing-iam/iam-configuration-reference/saml-configuration-reference.md
index 27eb97d73b6e..34350f0d2fcc 100644
--- a/content/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference.md
+++ b/content/admin/managing-iam/iam-configuration-reference/saml-configuration-reference.md
@@ -14,6 +14,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference
+ - /admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference
---
## About SAML configuration
@@ -58,7 +59,7 @@ The SP metadata for {% data variables.location.product_location %} is available
| Value | Other names | Description | Example |
| :- | :- | :- | :- |
-| SP Entity ID | SP URL, audience restriction | Your top-level URL for {% data variables.product.product_name %} | `http(s)://HOSTNAME`
+| SP Entity ID | SP URL, audience restriction | Your top-level URL for {% data variables.product.product_name %} | `http(s)://HOSTNAME` |
| SP Assertion Consumer Service (ACS) URL | Reply, recipient, or destination URL | URL where IdP sends SAML responses | `http(s)://HOSTNAME/saml/consume` |
| SP Single Sign-On (SSO) URL | | URL where IdP begins SSO | `http(s)://HOSTNAME/sso` |
@@ -72,10 +73,10 @@ The following SAML attributes are available for {% data variables.product.produc
| :- | :- | :- |
| `NameID` | {% octicon "check" aria-label="Required" %} | A persistent user identifier. Any persistent name identifier format may be used. {% ifversion ghec %}If you use an enterprise with {% data variables.product.prodname_emus %}, {% endif %}{% data variables.product.product_name %} will normalize the `NameID` element to use as a username unless one of the alternative assertions is provided. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)."
{% note %}**Note:** It's important to use a human-readable, persistent identifier. Using a transient identifier format like `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` will result in re-linking of accounts on every sign-in, which can be detrimental to authorization management.{% endnote %} |
| `SessionNotOnOrAfter` | {% octicon "x" aria-label="Optional" %} | The date that {% data variables.product.product_name %} invalidates the associated session. After invalidation, the person must authenticate once again to access {% ifversion ghec %}your enterprise's resources{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. For more information, see "[Session duration and timeout](#session-duration-and-timeout)." |
-{%- ifversion ghes %}
+| {% ifversion ghes %} |
| `administrator` | {% octicon "x" aria-label="Optional" %} | When the value is `true`, {% data variables.product.product_name %} will automatically promote the user to be a {% ifversion ghes %}site administrator{% endif %}. Setting this attribute to anything but `true` will result in demotion, as long as the value is not blank. Omitting this attribute or leaving the value blank will not change the role of the user. |
| `username` | {% octicon "x" aria-label="Optional" %} | The username for {% data variables.location.product_location %}. |
-{%- endif %}
+| {% endif %} |
| `full_name` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} full name of the user to display on the user's profile page. |
| `emails` | {% octicon "x" aria-label="Optional" %} | The email addresses for the user.{% ifversion ghes %} You can specify more than one address.{% endif %}{% ifversion ghec or ghes %} If you sync license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.prodname_github_connect %} uses `emails` to identify unique users across products. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."{% endif %} |
| `public_keys` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} public SSH keys for the user. You can specify more than one key. |
diff --git a/content/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication.md b/content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md
similarity index 99%
rename from content/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication.md
rename to content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md
index 6abdc41d9e6b..ccc1ce22fe55 100644
--- a/content/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication.md
+++ b/content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md
@@ -15,6 +15,7 @@ topics:
redirect_from:
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication
- /admin/identity-and-access-management/understanding-iam-for-enterprises/username-considerations-for-external-authentication
+ - /admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication
---
{% ifversion ghec %}
diff --git a/content/admin/identity-and-access-management/index.md b/content/admin/managing-iam/index.md
similarity index 90%
rename from content/admin/identity-and-access-management/index.md
rename to content/admin/managing-iam/index.md
index 20ac0c012abd..526d253a1cfe 100644
--- a/content/admin/identity-and-access-management/index.md
+++ b/content/admin/managing-iam/index.md
@@ -4,6 +4,7 @@ intro: 'You can configure how people access {% ifversion ghec %}your enterprise
redirect_from:
- /enterprise/admin/authentication
- /admin/authentication
+ - /admin/identity-and-access-management
versions:
ghec: '*'
ghes: '*'
@@ -20,7 +21,8 @@ children:
- /using-ldap-for-enterprise-iam
- /using-saml-for-enterprise-iam
- /configuring-authentication-for-enterprise-managed-users
- - /provisioning-user-accounts-for-enterprise-managed-users
+ - /provisioning-user-accounts-with-scim
- /reconfiguring-iam-for-enterprise-managed-users
- /managing-recovery-codes-for-your-enterprise
---
+
diff --git a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
similarity index 88%
rename from content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
rename to content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
index 5cc1b3aec536..70f9e08db210 100644
--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
+++ b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
@@ -11,6 +11,8 @@ topics:
- Enterprise
- SSO
permissions: Enterprise owners can use a recovery code to access an enterprise account.
+redirect_from:
+ - /admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable
---
## About recovery codes
diff --git a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
similarity index 93%
rename from content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
rename to content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
index e69a38c1a2ae..bb2c4407dcb8 100644
--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
+++ b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
@@ -12,6 +12,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes
+ - /admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes
permissions: Enterprise owners can download the SSO recovery codes for the enterprise account.
---
diff --git a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/index.md b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/index.md
similarity index 82%
rename from content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/index.md
rename to content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/index.md
index 052080e27646..17e914a17e94 100644
--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/index.md
+++ b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/index.md
@@ -12,5 +12,7 @@ topics:
children:
- /downloading-your-enterprise-accounts-single-sign-on-recovery-codes
- /accessing-your-enterprise-account-if-your-identity-provider-is-unavailable
+redirect_from:
+ - /admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise
---
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-entra-id.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-entra-id.md
new file mode 100644
index 000000000000..743b47bc1031
--- /dev/null
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-entra-id.md
@@ -0,0 +1,107 @@
+---
+title: Configuring authentication and provisioning with Entra ID
+shortTitle: Set up Entra ID
+intro: 'You can use a tenant in Microsoft Entra ID (previously known as Azure AD) as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.location.product_location %}.'
+permissions: Site administrators with admin access to the IdP
+versions:
+ ghes: '*'
+type: how_to
+topics:
+ - Accounts
+ - Authentication
+ - Enterprise
+ - Identity
+ - SSO
+redirect_from:
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
+ - /admin/authentication/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
+ - /admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
+ - /admin/identity-and-access-management/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id
+ - /admin/managing-iam/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id
+---
+
+{% data reusables.scim.ghes-beta-note %}
+
+## About authentication and user provisioning with Entra ID
+
+Entra ID is a service from Microsoft that allows you to centrally manage user accounts and access to web applications. For more information, see [What is Microsoft Entra ID?](https://learn.microsoft.com/entra/fundamentals/whatis) in the Microsoft Docs.
+
+{% data reusables.saml.idp-saml-and-scim-explanation %}
+
+For more information, see "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
+
+## Prerequisites
+
+{% ifversion scim-for-ghes-public-beta %}
+The general prerequisites for using SCIM on {% data variables.product.product_name %} apply. See the "Prerequisites" section in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#prerequisites)."
+
+In addition:
+
+* To configure SCIM, you must have completed **steps 1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+ * You will need the {% data variables.product.pat_v1 %} created for the setup user to authenticate requests from Entra ID.
+{% else %}
+* {% data reusables.saml.ghes-you-must-configure-saml-sso %}
+* {% data reusables.saml.create-a-machine-user %}
+{% endif %}
+* To configure authentication and user provisioning for {% data variables.product.product_name %} using Entra ID, you must have an Entra ID account and tenant. For more information, see the [Entra ID website](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) and [Quickstart: Set up a tenant](https://learn.microsoft.com/entra/identity-platform/quickstart-create-new-tenant) in the Microsoft Docs.
+
+{% ifversion scim-for-ghes-public-beta %}
+
+## 1. Configure SAML
+
+>[!NOTE] Even if you have previously configured SAML on Entra ID, you will need to configure SAML and SCIM on a **new application** to enable SCIM provisioning.
+
+Before starting this section, ensure you have followed steps **1 and 2** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+
+### In Entra ID
+
+1. Create the "{% data variables.product.prodname_ghe_server %}" application in Entra ID. For instructions, see the "Adding {% data variables.product.prodname_ghe_server %} from the gallery" section in Microsoft's guide [Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Server](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-ae-tutorial#adding-github-enterprise-server-from-the-gallery).
+
+ >[!NOTE] Do **not** use the application labeled "(Legacy)."
+
+1. In the "{% data variables.product.prodname_ghe_server %}" application settings, click **Single sign-on** in the left sidebar, then click **SAML**.
+1. In the "Basic SAML Configuration" section, click **Edit**, then add the following details.
+
+ * "Identifier": your {% data variables.product.prodname_ghe_server %} host URL (`https://HOSTNAME.com`)
+ * "Reply URL": your host URL, followed by `/saml/consume` (`https://HOSTNAME.com/saml/consume`)
+
+1. In the "SAML certificates" section, download the SAML certificate (Base64).
+1. In the "Set up {% data variables.product.prodname_ghe_server %}" section, make a note of the Login URL and Microsoft Entra Identifier.
+
+### On {% data variables.product.product_name %}
+
+1. Sign in to {% data variables.location.product_location %} as a user with access to the Management Console.
+1. Configure SAML using the information you have gathered. See "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+
+## 2. Configure SCIM
+
+Before starting this section, ensure you have followed steps **1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+
+1. In the "{% data variables.product.prodname_ghe_server %}" application in Entra ID, click **Provisioning** in the left sidebar, then click **Get started**.
+1. Select the "Automatic" provisioning mode.
+1. In the "Admin Credentials" section, add the following details.
+
+ * "Tenant URL": your {% data variables.product.prodname_ghe_server %} host URL, followed by `/api/v3/scim/v2` (`https://HOSTNAME.com/api/v3/scim/v2`)
+ * "Secret Token": the {% data variables.product.pat_v1 %} created for the setup user
+1. Click **Test Connection**.
+1. When the test is complete, click **Save**.
+
+When you have finished configuring SCIM, you may want to disable some SAML settings you enabled for the configuration process. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#6-disable-optional-settings)."
+
+{% else %}
+
+## Configuring authentication and user provisioning with Entra ID
+
+1. Configure SAML SSO for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+1. Configure user provisioning with SCIM for your instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)."
+
+## Managing enterprise owners
+
+The steps to make a person an enterprise owner depend on whether you only use SAML or also use SCIM. For more information about enterprise owners, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
+
+If you configured provisioning, to grant the user enterprise ownership in {% data variables.product.product_name %}, assign the enterprise owner role to the user in Entra ID.
+
+If you did not configure provisioning, to grant the user enterprise ownership in {% data variables.product.product_name %}, include the `administrator` attribute in the SAML assertion for the user account on the IdP, with the value of `true`. For more information about including the `administrator` attribute in the SAML claim from Entra ID, see [How to: customize claims issued in the SAML token for enterprise applications](https://docs.microsoft.com/azure/active-directory/develop/active-directory-saml-claims-customization) in the Microsoft Docs.
+
+{% endif %}
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md
new file mode 100644
index 000000000000..74286aa23060
--- /dev/null
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md
@@ -0,0 +1,291 @@
+---
+title: Configuring authentication and provisioning with PingFederate
+intro: 'You can use PingFederate as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.location.product_location %}.'
+permissions: Site administrators with admin access to the IdP
+shortTitle: Set up PingFederate
+versions:
+ feature: scim-for-ghes-public-beta
+type: how_to
+topics:
+ - Accounts
+ - Authentication
+ - Enterprise
+ - Identity
+ - SSO
+---
+
+{% data reusables.scim.ghes-beta-note %}
+
+{% data reusables.saml.idp-saml-and-scim-explanation %} For more information, see "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
+
+## Overview
+
+This guide will help you to set up both SAML authentication and SCIM provisioning for {% data variables.product.prodname_ghe_server %} on PingFederate.
+
+Before you start, please note the following:
+
+* The use of PingFederate as an IdP for {% data variables.product.prodname_ghe_server %} is in beta. Please contact your account team to provide feedback.
+* This guide is based on PingFederate version 12.1. Instructions may vary for other versions.
+* This guide assumes that you are using an LDAP server as the backing data store. JDBC data stores should work, but the instructions may vary slightly.
+* This guide provides the minimal steps to configure a working setup. Because your identity directory may be connected to PingFederate differently, you’ll need to pick the correct data attributes for SAML and SCIM based on what is available from your backing data store.
+
+## Prerequisites
+
+The general prerequisites for using SCIM on {% data variables.product.product_name %} apply. See the "Prerequisites" section in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#prerequisites)."
+
+In addition:
+
+* To configure SCIM, you must have completed **steps 1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+ * You will need the {% data variables.product.pat_v1 %} created for the setup user to authenticate requests from PingFederate.
+* You must have installed the "GitHub EMU connector" on PingFederate. To download and install the connector, see [Install the connector](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_install_the_connector) in the PingIdentity documentation.
+ * You may need to configure the firewall in PingFederate to allow outbound connections to the `https://HOSTNAME/api/v3/scim/v2` endpoint on your {% data variables.product.prodname_ghe_server %} instance.
+* PingFederate's "provisioner mode" must be set to a value that allows SCIM provisioning. See the "Before you begin" section in PingIdentity's [Configuring outbound provisioning settings](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_protocolsettingstasklet_saasglobalprovisioningsettingsstate) guide.
+* During this procedure, you will need to upload an X509 certificate to PingFederate. You may want to create and store the certificate before proceeding. You will also need the challenge password for the certificate. See the "[Example of creating an X509 certificate](#example-of-creating-an-x509-certificate)" section later in this article.
+
+## 1. Configure SAML
+
+In this section you will create a SAML connector in PingFederate, set up an LDAP IdP adapter instance, and manage SAML output from your IdP adapter.
+
+1. [Create a SAML adapter](#create-a-saml-adapter)
+1. [Set up an LDAP IdP adapter instance](#set-up-an-ldap-idp-adapter-instance)
+1. [Manage SAML output from your IdP adapter](#manage-saml-output-from-your-idp-adapter)
+
+Before starting this section, ensure you have followed steps **1 and 2** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+
+### Create a SAML adapter
+
+1. Open the PingFederate administrative console.
+1. Click **Applications** in the header, then click **SP Connections** in the left sidebar.
+1. Click **Use a template for this connection**, then select the "GitHub EMU Connector" from the "Connection Template" dropdown.
+
+ >[!NOTE] If you don't see this option, the GitHub EMU Connector has not been installed. If you need assistance, contact your Ping representative.
+1. In a new tab, sign in to your {% data variables.product.prodname_ghe_server %} instance as the built-in setup user, then navigate to `https://HOSTNAME/saml/metadata`. Download the page as an XML file.
+1. On the PingFederate "SP Connection" page, upload the file from the previous step as the metadata file. Ensure you do this within 5 minutes of downloading the file.
+1. Go to the "Connection Type" tab.
+1. Select **Browser SSO Profiles**, and deselect **Outbound provisioning** (this will be enabled later).
+1. Click **Next**.
+1. On the "Connection Options" tab, ensure only **Browser SSO** is selected.
+1. Click **Next**.
+1. On the "General Info" tab, enter the following details.
+
+ * "Partner’s Entity ID": your {% data variables.product.prodname_ghe_server %} host URL (`https://HOSTNAME.com`)
+ * "Connection Name": A descriptive name for your SP connection within PingFederate
+ * "Base URL": your {% data variables.product.prodname_ghe_server %} host URL (`https://HOSTNAME.com`)
+ * "Transaction Logging": Standard
+ * All other fields may be left blank.
+
+1. Click **Next**.
+1. Click **Configure Browser SSO**.
+1. Click **Configure Assertion Creation**.
+1. On the "Authentication Source Mapping" tab, click **Map New Adapter Instance**.
+1. On the "Adapter Instance" Tab, click **Manage Adapter Instances**.
+1. Click **Create New Instance**.
+
+### Set up an LDAP IdP adapter instance
+
+>[!NOTE] This section applies if you use an LDAP server. If you don't use LDAP, you will need to connect to your adapter using the appropriate settings for your requirements.
+
+1. On the "Create Adapter Instance" page on PingFederate, on the "Type" tab, enter the following details.
+
+ * "Instance Name": A name to identify the instance, such as `pfghadapter`
+ * "Instance ID": An ID for the instance, such as `pfghadapter`
+ * "Type": HTML Form IDP Adaptor
+ * "Parent Instance": None
+1. Click **Next**.
+1. On the "IDP Adapter" tab, at the bottom of the page, click **Manage Password Credential Validators**.
+1. Click **Create New Instance**.
+1. On the "Type" tab, enter the following details.
+
+ * "Instance Name": A name to identify the instance, such as `pfghdocscv`
+ * "Instance ID": An ID for the instance, such as `pfghdocscv`
+ * "Type": LDAP Username Password Credential Validator
+ * "Parent Instance": None
+1. Click **Next**.
+1. On the "Instance Configuration" tab, click **Manage Data Stores**.
+1. Click **Add New Data Store**.
+1. On the "Data Store Type" tab, enter the following details.
+
+ * "Instance Name": Any unique value, such as `pfghdocsds`
+ * "Type": Directory (LDAP)
+ * "Mask Values In Log": Deselected
+
+1. Click **Next**.
+1. On the "LDAP Configuration" tab, configure your LDAP server details.
+1. Click **Test Connection**. You should see "Connectivity test was successful."
+1. At the bottom of the page, click **Advanced**.
+1. Click the "LDAP Binary Attributes" tab, and add `guidAttribute` and `objectGUID` as attributes.
+1. Click **Done**. You should be back on the "LDAP Configuration" tab.
+1. Click **Next**, then **Save**.
+1. On the "Manage Data Stores" tab, click **Done**.
+1. On the "Instance Configuration" tab, enter the following details.
+
+ * "LDAP Datastore": The name of the data store you created above
+ * "Search Base": The location in the directory where you want LDAP searches to begin
+ * "Search Filter": A filter that ensures the username the user enters when signing in matches a field in the LDAP server (for example: `sAMAccountName=${username}`)
+ * "Scope of Search": Subtree
+ * "Case-Sensitive Matching": Selected
+
+1. Click **Next**, **Next** again, then **Save**.
+
+### Manage SAML output from your IdP adapter
+
+1. On the "Manage Password Credential Validators" page, click **Done**.
+1. On the "IDP Adapter" tab, enter the following details.
+
+ * "Password Credential Validator Instance": The name of the validator instance you created above (for example `pfghdocscv`). Click **Update** to finalize your selection.
+ * All other fields can be left as the defaults, or modified to your requirements.
+1. Click **Next**, then **Next** again.
+1. On the "Adapter Attributes" tab, enter the following details.
+
+ * "Unique User Key Attribute": `username`
+ * Next to the `username` attribute, select "Pseudonym".
+
+ >[!NOTE] This step is important. The adapter attribute is used to uniquely identify a user on your instance during SCIM provisioning.
+1. Click **Next**, then **Next** again.
+1. Review your settings on the summary page, then click **Save**.
+1. On the "IdP Adapters" tab, you should see the adapter you just created. Click **Done**.
+1. On the "Adapter Instance" tab, in the "Adapter Instance" dropdown, select the adapter you just created.
+1. Click **Next**.
+1. On the "Mapping Method" tab, select **Use only the Adapter Contract Values in the SAML Assertion** (other selections may work, but have not been confirmed).
+1. Click **Next**.
+1. On the "Attribute Contract Fulfillment" tab, map the `SAML_SUBJECT` to "Adapter" as the source and `username` as the value.
+
+ >[!NOTE] This step is important. The normalized `SAML_SUBJECT` will need to match the normalized usernames of users provisioned by SCIM.
+1. Click **Next**, **Next** again, then **Done**.
+1. You should be back on the "Authentication Source Mapping" tab, and the "Adapter Instance Name" section should contain the adapter instance that you just created.
+1. Click **Next** and **Done** until you reach the "Credentials" tab.
+1. On the "Credentials" tab, click **Configure Credentials**, then click **Manage Certificates**.
+1. On the "Certificate Management" page, click **Import**, then upload an X509 certificate (for help, see the "[Example of creating an X509 certificate](#example-of-creating-an-x509-certificate)" section).
+1. For the "Password," use the challenge password for the certificate.
+1. Click **Next**, then **Save**.
+1. On the "Certificate Management" tab, you should see the certificate you just imported. Click **Done**.
+1. On the "Digital Signature Settings" tab:
+
+ * Select the certificate you just created for the "Signing Certificate."
+ * You can leave the secondary certificate blank and the "Include the certificate in the signature" checkbox deselected.
+ * The signing algorithm should be "RSA SHA256."
+
+1. Click **Next**, then **Done**, then **Next**.
+1. On the "Summary" tab, enable the toggle for "SSO Application Endpoint."
+1. Click **Save**. You should be taken back to the list of SP connections, where you should see your newly created SP connection.
+
+### Collect information for your SAML configuration
+
+You will need some details from PingFederate to configure SAML on {% data variables.product.prodname_dotcom %}.
+
+1. On the "SP Connections" page, in the row for your new connection, click **Select Action**, then **Export Metadata**.
+1. On the "Metadata Signing" tab, in the row for your new connection, select the signing certificate you created above. To download the certificate, click **Next**, then click **Export**.
+1. On PingFederate, click **System** in the header, then **Server**, then **Protocol Settings**. Check that the `SAML 2.0 ENTITY ID` is defined. Make a note of this, as you will need it for the “Issuer” field in {% data variables.product.prodname_dotcom %}'s SAML settings.
+1. Open the metadata file you downloaded, and have it ready for the next steps.
+
+### Configure {% data variables.product.prodname_ghe_server %}
+
+1. Sign in to {% data variables.location.product_location %} as a user with access to the Management Console.
+1. Navigate to the "Authentication" section of the Management Console, then enable SAML. See "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+1. Enter the following values from the metadata file you downloaded in the previous section.
+
+ * For the "Single sign-on URL," use the `location` value of the `` field. This should be a URL ending `/idp/SSO.saml2`.
+ * For the "Issuer," use the `entityId` value of the `` field (a URL).
+
+1. For the "Verification certificate," upload the X509 certificate file that you created earlier.
+1. Click **Save settings**.
+
+## 2. Configure SCIM
+
+In this section, you'll configure SCIM settings and attribute mapping on PingFederate.
+
+1. [Configure SCIM settings](#configure-scim-settings)
+1. [Map LDAP fields to SCIM](#map-ldap-fields-to-scim)
+1. [Finish configuration and test](#finish-configuration-and-test)
+
+Before starting this section, ensure you have followed steps **1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+
+### Configure SCIM settings
+
+1. Go back to the "SP Connections" page on PingFederate, and select the SP connection you created earlier.
+1. Click the "Connection Type" tab.
+1. Select **Outbound Provisioning**.
+1. Ensure **Browser SSO Profiles** is selected.
+1. Click **Next** until you reach the "Outbound Provisioning" tab, then click **Configure Provisioning**.
+1. On the "Target" tab, enter the following details.
+
+ * "Base URL": `https://HOSTNAME/api/v3/scim/v2/`
+ * "Access Token": The {% data variables.product.pat_v1 %} created for the built-in setup user
+1. Click **Next**.
+1. On the "Manage Channel" tab, click **Create**, then enter a unique channel name, such as `pfghscim`.
+1. Click **Next**.
+1. On the "Source" tab, choose the data store that you created earlier.
+1. Click **Next**.
+1. On the "Source Settings" tab, you can keep all default settings. Other settings are likely to work, but have not been confirmed.
+1. Click **Next**.
+1. On the "Source Location" tab, configure where in your LDAP server you would like provisioned users to come from. This will vary depending on your setup and needs. After configuring, click **Next**.
+
+### Map LDAP fields to SCIM
+
+On the "Attribute Mapping" tab, you will need to map fields from your LDAP server to SCIM fields. See the following list for {% data variables.product.prodname_dotcom %}'s supported SCIM fields and the values expected in each one.
+
+* **Username**: This will be normalized and used as the {% data variables.product.company_short %} username for the provisioned user. See "[AUTOTITLE](/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication#about-username-normalization)." This must match the normalization of the subject sent with the SAML assertion that you configured with the `SAML_SUBJECT` property in PingFederate.
+* **Email**: A field containing the user's email address.
+* **Display Name**: A human-readable name for the user.
+* **Formatted Name**: The user's full name, including all middle names, titles, and suffixes, formatted for display.
+* **First Name**: The first name of the user.
+* **Last Name**: The last name of the user.
+* **External ID**: This identifier is generated by an IdP provider.
+* **Roles**: This field should contain a string that represents the user's intended role on {% data variables.product.prodname_dotcom %}. Valid roles are `enterprise_owner` and `user`.
+
+When you have finished configuring these settings, click **Next**.
+
+### Finish configuration and test
+
+1. On the "Activation & Summary" tab, for the "Channel Status," select **Active**.
+1. On the "Manage Channels" tab, click **Done**.
+1. On the "Outbound Provisioning" tab, click **Save**. SCIM is now configured and enabled.
+1. Wait a few minutes for provisioning to run, then open a new private browser window and navigate to your instance at `https://HOSTNAME/login`.
+1. Click **Sign in with SAML**. You should be redirected to the PingFederate login page.
+1. You should be able to sign in with the credentials for a user in the LDAP server that has been provisioned to {% data variables.product.prodname_ghe_server %}.
+
+PingFederate provisioning handles users and groups independently. Users must be assigned directly in order to be provisioned. Users who are in an assigned group but not directly assigned will not be provisioned.
+
+When you have finished configuring SCIM, you may want to disable some SAML settings you enabled for the configuration process. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#6-disable-optional-settings)."
+
+## Example of creating an X509 certificate
+
+There are multiple ways to create an X509 certificate. Here is an example that may work for your requirements.
+
+1. In a terminal window, check that OpenSSL is installed by running `openssl version`. If it's not installed, install it.
+1. Generate the private key using the following command.
+
+ ```shell copy
+ openssl req -nodes -sha256 -newkey rsa:2048 -keyout MyPrivateKey.key -out MyCertificateRequest.csr
+ ```
+
+ Enter the required information, and **take note** of the challenge password you create.
+1. To ensure the key was created, run the following command. A file named `MyPrivateKey.key` should be listed in the command output.
+
+ ```shell copy
+ ls | grep MyPrivateKey.key
+ ```
+
+1. Generate the certificate using the following command.
+
+ ```shell copy
+ openssl x509 -req -days 365 -sha256 -in MyCertificateRequest.csr -signkey MyPrivateKey.key -out pfgh256.crt
+ ```
+
+1. To ensure the certificate was created, run the following command. A file named `pfgh256.crt` should be listed in the command output.
+
+ ```shell copy
+ ls | grep pfgh256.crt
+ ```
+
+1. Export a PKCS #12 file using the following command. This is the file you should **upload to PingFederate**.
+
+ ```shell copy
+ openssl pkcs12 -export -in pfgh256.crt -inkey MyPrivateKey.key -out pfgh256.p12
+ ```
+
+1. To ensure the file was exported, run the following command. A file named `pfgh256.p12` should be listed in the command output.
+
+ ```shell copy
+ ls | grep pfgh256.p12
+ ```
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md
new file mode 100644
index 000000000000..73a2a5bed81d
--- /dev/null
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md
@@ -0,0 +1,196 @@
+---
+title: Configuring SCIM provisioning {% ifversion ghec %}for Enterprise Managed Users{% else %}to manage users{% endif %}
+shortTitle: Configure SCIM provisioning
+intro: 'You can manage the lifecycle of your enterprise''s user accounts from your identity provider (IdP) using System for Cross-domain Identity Management (SCIM).'
+allowTitleToDifferFromFilename: true
+permissions: '{% ifversion scim-for-ghes-public-beta %}Site administrators{% endif %}'
+product: '{% data reusables.gated-features.emus %}'
+redirect_from:
+ - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
+ - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
+ - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users
+ - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users
+ - /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users
+ - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users
+ - /admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users
+versions:
+ ghec: '*'
+ feature: scim-for-ghes-public-beta
+topics:
+ - Accounts
+ - Enterprise
+---
+
+{% data reusables.scim.ghes-beta-note %}
+
+{% data reusables.enterprise_user_management.about-scim-provisioning %}
+
+If you use a partner IdP, you can simplify the configuration of SCIM provisioning by using the partner IdP's application. If you don't use a partner IdP for provisioning, you can implement SCIM using calls to {% data variables.product.company_short %}'s REST API for SCIM{% ifversion ghec %}, which is in beta and subject to change{% endif %}. For more information, see {% ifversion ghec %}"[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems)."{% else %}"[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes#supported-identity-providers)."{% endif %}
+
+{% ifversion ghec %}
+
+## About user lifecycle management with SCIM
+
+{% data reusables.enterprise_user_management.scim-manages-user-lifecycle %}
+
+{% endif %}
+
+## Prerequisites
+
+{% ifversion ghec %}
+
+If you're configuring SCIM provisioning for a new enterprise, make sure to complete all previous steps in the initial configuration process. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
+
+{% else %}
+
+* For authentication, your instance must use SAML SSO, or a mix of SAML and built-in authentication.
+ * You cannot mix SCIM with other external authentication methods. If you use CAS or LDAP, you will need to migrate to SAML before using SCIM.
+ * After you have configured SCIM, you must keep SAML authentication enabled to continue using SCIM.
+* You must have administrative access on your IdP to configure user provisioning for {% data variables.product.product_name %}.
+* You must have access to the Management Console on {% data variables.product.product_name %}.
+* If you are configuring SCIM on an instance with existing users, ensure you have understood how SCIM will identify and update these users. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes#what-will-happen-to-existing-users-on-my-instance)."
+
+{% endif %}
+
+{% ifversion ghes %}
+
+## 1. Create a built-in setup user
+
+To ensure you can continue to sign in and configure settings when SCIM is enabled, you'll create an enterprise owner using built-in authentication.
+
+1. Sign in to {% data variables.product.product_name %} as a user with access to the Management Console.
+1. If you have **already enabled SAML authentication**, ensure your settings allow you to create and promote a built-in setup user. Go to the "Authentication" section of the Management Console and enable the following settings:
+
+ * Select **Allow creation of accounts with built-in authentication**, so you can create the user.
+ * Select **Disable administrator demotion/promotion**, so admin permissions can be granted outside of your SAML provider.
+
+ For help finding these settings, see "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+
+1. Create a built-in user account to perform provisioning actions on your instance. See "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider#inviting-users-outside-your-provider-to-authenticate-to-your-instance)."
+
+ >[!NOTE] Ensure the user's email and username are different from any user you plan on provisioning through SCIM. If your email provider supports it, you can modify an email address by adding `+admin`, for example `johndoe+admin@example.com`.
+
+1. Promote the user to an enterprise owner. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator#promoting-a-user-from-the-enterprise-settings)."
+
+## 2. Create a {% data variables.product.pat_generic %}
+
+1. Sign in to your instance as the **built-in setup user** you created in the previous section.
+1. Create a {% data variables.product.pat_v1 %}. For instructions, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic)."
+
+ * The token must have the **admin:enterprise** scope.
+ * The token must have **no expiration**. If you specify an expiration date, SCIM will no longer function after the expiration date passes.
+
+1. Store the token securely in a password manager until you need the token again later in the setup process. You'll need the token to configure SCIM on your IdP.
+
+## 3. Enable SAML on your instance
+
+> [!NOTE] Complete this section if either of the following situations applies:
+> * If you have **not already enabled SAML authentication**, you will need to do so before you can enable SCIM.
+> * If you already use SAML authentication and want to use a **partner IdP for both authentication and provisioning**, you must configure SAML using an application that supports automatic provisioning via SCIM.
+
+1. Sign in to your instance as a user with access to the Management Console.
+1. Go to the "Authentication" section of the Management Console. For instructions, see "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+1. Select **SAML**.
+1. Configure the SAML settings according to your requirements and the IdP you're using.
+
+ * So the built-in setup user can continue to authenticate, ensure you select the following settings:
+ * **Allow creation of accounts with built-in authentication**
+ * **Disable administrator demotion/promotion**
+ * If you're using a partner IdP, to find the information you need to configure the settings, follow the "Configure SAML" section of the relevant guide.
+ * "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-entra-id#1-configure-saml)"
+ * "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate#1-configure-saml)"
+ * "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta#1-configure-saml)"
+
+1. Optionally, complete configuration of the SAML settings within the application in your IdP. Alternatively, you can leave this step until later.
+
+## 4. Enable SCIM on your instance
+
+1. Sign in to your instance as the **built-in setup user** you created earlier.
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SCIM Configuration", select **Enable SCIM configuration**.
+
+{% endif %}
+
+{% ifversion ghec %}
+
+## Configuring user provisioning for {% data variables.product.prodname_emus %}
+
+{% else %}
+
+## 5. Configure your identity provider
+
+{% endif %}
+
+After completing the setup on {% data variables.product.prodname_dotcom %}, you can configure provisioning on your IdP. The instructions you should follow differ depending on whether you use a partner IdP's application for both authentication and provisioning.
+
+* [Configuring provisioning if you use a partner IdP's application](#configuring-provisioning-if-you-use-a-partner-idps-application)
+* [Configuring provisioning for other identity management systems](#configuring-provisioning-for-other-identity-management-systems)
+
+### Configuring provisioning if you use a partner IdP's application
+
+{% ifversion ghec %}
+
+To use a partner IdP's application both authentication and provisioning, review the partner's instructions for configuring provisioning in the links in the following table.
+
+{% rowheaders %}
+
+| IdP | SSO method | More information |
+|---|---|---|
+| Microsoft Entra ID (previously known as Azure AD) | OIDC | [Tutorial: Configure GitHub Enterprise Managed User (OIDC) for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-enterprise-managed-user-oidc-provisioning-tutorial) on Microsoft Learn |
+| Entra ID | SAML | [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) on Microsoft Learn |
+| Okta | SAML | "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)" |
+| PingFederate | SAML | [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_configure_pingfederate_for_provisioning_and_sso) and [Managing channels](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_saasmanagementtasklet_saasmanagementstate) in the PingFederate documentation |
+
+{% endrowheaders %}
+
+{% else %}
+
+To use a partner IdP's application for both authentication and provisioning, review the instructions that are linked below. Complete the steps for enabling SCIM, plus any SAML configuration that you haven't already performed.
+
+* "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-entra-id)"
+* "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate)"
+* "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta)"
+
+{% endif %}
+
+### Configuring provisioning for other identity management systems
+
+If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. These endpoints are in beta and subject to change. See "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
+
+{% ifversion emu-public-scim-schema %}
+
+{% data reusables.emus.sign-in-as-setup-user %}
+
+ {% note %}
+
+ **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
+
+ {% endnote %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "Open SCIM Configuration", select "Enable open SCIM configuration".
+1. Manage the lifecycle of your users by making calls to the REST API endpoints for SCIM provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
+
+{% endif %}
+
+{% ifversion scim-for-ghes-public-beta %}
+
+## 6. Disable optional settings
+
+After you have finished the configuration process, you can disable the following settings in the Management Console:
+
+* **Allow creation of accounts with built-in authentication**: Disable this setting if you want all users to be provisioned from your IdP.
+* **Disable administrator demotion/promotion**: Disable this setting if you want to be able to grant the enterprise owner role via SCIM.
+
+{% endif %}
+
+## {% ifversion ghec %}Assigning{% else %}7. Assign{% endif %} users and groups
+
+{% data reusables.enterprise-managed.assigning-users %}
+
+{% data reusables.enterprise-managed.assigning-roles %}
+
+Entra ID does not support provisioning nested groups. For more information, see [How Application Provisioning works in Microsoft Entra ID](https://learn.microsoft.com/entra/identity/app-provisioning/how-provisioning-works#assignment-based-scoping) on Microsoft Learn.
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md
new file mode 100644
index 000000000000..cd8804b864b0
--- /dev/null
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md
@@ -0,0 +1,159 @@
+---
+title: Configuring {% ifversion ghec %}SCIM{% else %}authentication and{% endif %} provisioning with Okta
+shortTitle: Set up Okta
+intro: 'Learn how to configure Okta to communicate with your enterprise using System for Cross-domain Identity Management (SCIM).'
+product: '{% data reusables.gated-features.emus %}'
+permissions: '{% ifversion ghes %}Site administrators{% else %}People{% endif %} with admin access to the IdP'
+allowTitleToDifferFromFilename: true
+versions:
+ ghec: '*'
+ feature: scim-for-ghes-public-beta
+redirect_from:
+ - /early-access/github/articles/configuring-provisioning-for-managed-users-with-okta
+ - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
+ - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
+ - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
+ - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
+ - /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
+ - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta
+ - /admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta
+type: tutorial
+topics:
+ - Accounts
+ - Authentication
+ - Enterprise
+ - SSO
+---
+
+{% data reusables.scim.ghes-beta-note %}
+
+## About provisioning with Okta
+
+If you use Okta as an IdP, you can use Okta's application to provision user accounts, manage enterprise membership, and manage team memberships for organizations in your enterprise. Okta is a partner IdP, so you can simplify your authentication and provisioning configuration by using the Okta application {% ifversion ghec %}for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."{% else %}to manage both SAML single-sign on and SCIM provisioning on {% data variables.product.prodname_ghe_server %}.{% endif %}
+
+Alternatively, if you only intend to use Okta for SAML authentication and you want to use a different IdP for provisioning, you can integrate with {% data variables.product.prodname_dotcom %}'s REST API for SCIM. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)."
+
+## Supported features
+
+{% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}{% data variables.product.prodname_ghe_server %}{% endif %} supports the following provisioning features for Okta.
+
+| Feature | Description |
+| --- | --- |
+| Push New Users | Users that are assigned to {% ifversion ghec %}the {% data variables.product.prodname_emu_idp_application %}{% else %}{% data variables.product.company_short %}'s{% endif %} application in Okta are automatically created in the enterprise on {% data variables.product.product_name %}. |
+| Push Profile Update | Updates made to the user's profile in Okta will be pushed to {% data variables.product.product_name %}. |
+| Push Groups | Groups in Okta that are assigned to the {% ifversion ghec %}the {% data variables.product.prodname_emu_idp_application %}{% else %}{% data variables.product.company_short %}'s{% endif %} application as Push Groups are automatically created in the enterprise on {% data variables.product.product_name %}. |
+| Push User Deactivation | Unassigning the user from {% ifversion ghec %}the {% data variables.product.prodname_emu_idp_application %}{% else %}{% data variables.product.company_short %}'s{% endif %} application in Okta will disable the user on {% data variables.product.product_name %}. The user will not be able to sign in, but the user's information is maintained. |
+| Reactivate Users | Users in Okta whose Okta accounts are reactivated and who are assigned back to {% ifversion ghec %}the {% data variables.product.prodname_emu_idp_application %}{% else %}{% data variables.product.company_short %}'s{% endif %} application on Okta will be enabled. |
+
+{% ifversion ghec %}
+{% note %}
+
+**Note:** {% data variables.product.prodname_emus %} does not support modifications to usernames.
+
+{% endnote %}
+{% endif %}
+
+## Prerequisites
+
+{% ifversion ghes %}
+The general prerequisites for using SCIM on {% data variables.product.product_name %} apply. See the "Prerequisites" section in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#prerequisites)."
+
+In addition:
+
+* To configure SCIM, you must have completed **steps 1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+ * You will need the {% data variables.product.pat_v1 %} created for the setup user to authenticate requests from Okta.
+{% else %}
+* {% data reusables.scim.use-pat-from-setup-user %}
+{% endif %}
+* You must use Okta's application for both authentication and provisioning.
+* {% data reusables.scim.your-okta-product-must-support-scim %}
+
+{% ifversion ghec %}
+
+## 1. Set your enterprise name
+
+After your {% data variables.enterprise.prodname_emu_enterprise %} has been created, you can begin to configure provisioning by setting your enterprise name in Okta.
+
+1. Navigate to your {% data variables.product.prodname_emu_idp_application %} application on Okta.
+1. Click the **Sign On** tab.
+1. To make changes, click **Edit**.
+1. Under "Advanced Sign-on Settings", in the "Enterprise Name" text box, type your enterprise name. For example, if you access your enterprise at `https://github.com/enterprises/octoinc`, your enterprise name would be "octoinc".
+1. To save your enterprise name, click **Save**.
+
+{% else %}
+
+## 1. Configure SAML
+
+During the public beta of SCIM on {% data variables.product.prodname_ghe_server %}, you will use the **GitHub AE** application in Okta to configure SAML authentication and SCIM provisioning. Do **not** use the "{% data variables.product.prodname_ghe_server %}" application, which is incompatible with {% data variables.product.prodname_dotcom %}'s latest SCIM API endpoints.
+
+Before starting this section, ensure you have followed steps **1 and 2** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+
+### In Okta
+
+1. Go to the [GitHub AE](https://www.okta.com/integrations/github-ae/) application in Okta.
+1. Click **Add integration**.
+1. In the general settings, for the base URL, enter your {% data variables.product.prodname_ghe_server %} host URL (`https://HOSTNAME.com`).
+1. Click the **Sign On** tab.
+1. Ensure the "Credential Details" match the following.
+
+ * "Application username format": Okta username
+ * "Update application username on": Create and update
+ * "Password reveal": Deselected
+1. In the "SAML Signing Certificates" section, download your certificate by selecting **Actions**, then clicking **Download certificate**.
+1. On the right side of the page, click **View SAML setup instructions**.
+1. Make a note of the "Sign on URL" and the "Issuer" URL.
+
+### On {% data variables.product.product_name %}
+
+1. Sign in to {% data variables.location.product_location %} as a user with access to the Management Console.
+1. Configure SAML using the information you have gathered. See "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+
+{% endif %}
+
+## 2. Configure SCIM
+
+After {% ifversion ghec %}setting your enterprise name{% else %}configuring your SAML settings{% endif %}, you can proceed to configure provisioning settings.
+
+{% ifversion ghec %}
+To configure provisioning, the setup user {% ifversion ghec %}with the **@SHORT-CODE_admin** username {% endif %}will need to provide a {% data variables.product.pat_v1 %} with the **admin:enterprise** scope. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users#create-a-personal-access-token)."
+{% else %}
+Before starting this section, ensure you have followed steps **1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+{% endif %}
+
+1. Navigate to your {% data variables.product.prodname_emu_idp_application %} application on Okta.
+1. Click the **Provisioning** tab.
+1. In the settings menu, click **Integration**.
+1. To make changes, click **Edit**.
+1. Click **Configure API integration**.
+1. In the "API Token" field, enter the {% data variables.product.pat_v1 %} with the **admin:enterprise** scope belonging to the setup user.
+
+ {% data reusables.scim.import-groups-unsupported %}
+
+1. Click **Test API Credentials**. If the test is successful, a verification message will appear at the top of the screen.
+1. To save the token, click **Save**.
+1. In the settings menu, click **To App**.
+1. To the right of "Provisioning to App", to allow changes to be made, click **Edit**.
+1. Select **Enable** to the right of **Create Users**, **Update User Attributes**, and **Deactivate Users**.
+1. To finish configuring provisioning, click **Save**.
+
+When you have finished configuring SCIM, you may want to disable some SAML settings you enabled for the configuration process. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#6-disable-optional-settings)."
+
+## How do I assign users and groups?
+
+{% data reusables.enterprise-managed.assigning-users %}
+
+{% data reusables.scim.emu-scim-rate-limit %}
+
+You can also automatically manage organization membership by adding groups to the "Push Groups" tab in Okta. When the group is provisioned successfully, it will be available to connect to teams in the enterprise's organizations. For more information about managing teams, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+
+{% data reusables.enterprise-managed.assigning-roles %}
+
+{% note %}
+
+**Note:** You can only set the "Roles" attribute for an individual user, not a group. If you want to set roles for everyone in a group that is assigned to the application in Okta, you must use the "Roles" attribute for each group member, individually.
+
+{% endnote %}
+
+## How do I deprovision users and groups?
+
+To remove a user or group from {% data variables.product.product_name %}, remove the user or group from both the "Assignments" tab and the "Push groups" tab in Okta. For users, make sure the user is removed from all groups in the "Push Groups" tab.
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md
new file mode 100644
index 000000000000..2b0a61d32848
--- /dev/null
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md
@@ -0,0 +1,26 @@
+---
+title: 'Provisioning accounts{% ifversion ghec %} for Enterprise Managed Users{% else %} with SCIM{% endif %}'
+shortTitle: 'Provision{% ifversion ghec %} managed user accounts{% else %} accounts with SCIM{% endif %}'
+product: '{% data reusables.gated-features.emus %}'
+intro: 'Learn how to provision accounts and manage organization and team membership for users{% ifversion ghec %} of your {% data variables.enterprise.prodname_emu_enterprise %}{% elsif ghes %} on {% data variables.location.product_location %}{% endif %}.'
+versions:
+ ghec: '*'
+ ghes: '*'
+topics:
+ - Enterprise
+ - Accounts
+ - Authentication
+children:
+ - /user-provisioning-with-scim-on-ghes
+ - /configuring-scim-provisioning-for-users
+ - /configuring-authentication-and-provisioning-with-entra-id
+ - /configuring-authentication-and-provisioning-with-pingfederate
+ - /configuring-scim-provisioning-with-okta
+ - /provisioning-users-and-groups-with-scim-using-the-rest-api
+ - /managing-team-memberships-with-identity-provider-groups
+ - /troubleshooting-team-membership-with-identity-provider-groups
+redirect_from:
+ - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users
+ - /admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users
+---
+
diff --git a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md
similarity index 65%
rename from content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups.md
rename to content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md
index b0e0b376a920..d929d4f7f7ab 100644
--- a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups.md
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md
@@ -1,7 +1,7 @@
---
title: Managing team memberships with identity provider groups
shortTitle: Manage teams with your IdP
-intro: 'You can manage team and organization membership on {% data variables.product.product_name %} through your identity provider (IdP) by connecting IdP groups with teams within your {% data variables.enterprise.prodname_emu_enterprise %}.'
+intro: 'Connect IdP groups with teams on {% data variables.product.prodname_dotcom %} to manage team and organization membership through your identity provider.'
product: '{% data reusables.gated-features.emus %}'
redirect_from:
- /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/managing-team-memberships-with-identity-provider-groups
@@ -9,8 +9,11 @@ redirect_from:
- /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups
- /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/managing-team-memberships-with-identity-provider-groups
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups
+ - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups
+ - /admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups
versions:
ghec: '*'
+ feature: scim-for-ghes-public-beta
type: how_to
topics:
- Accounts
@@ -19,33 +22,35 @@ topics:
- Teams
---
-## About team management with {% data variables.product.prodname_emus %}
+{% data reusables.scim.ghes-beta-note %}
+
+## About team management with {% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}SCIM{% endif %}
{% data reusables.emus.about-team-management-with-idp %} When you connect a team in one of your enterprise's organizations to an IdP group, changes to membership from the IdP group are reflected in your enterprise automatically, reducing the need for manual updates and custom scripts.
-When a change to an IdP group or a new team connection results in a {% data variables.enterprise.prodname_managed_user %} joining a team in an organization they were not already a member of, the {% data variables.enterprise.prodname_managed_user %} will automatically be added to the organization. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means.
+When a change to an IdP group or a new team connection results in a user joining a team in an organization they were not already a member of, the user will automatically be added to the organization. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means.
{% note %}
-**Note:** Organization owners can also add {% data variables.enterprise.prodname_managed_users %} to organizations manually, as long as the accounts have already been provisioned via SCIM.
+**Note:** Organization owners can also add users to organizations manually, as long as the accounts have already been provisioned via SCIM.
{% endnote %}
-When group membership changes on your IdP, your IdP sends a SCIM request with the changes to {% data variables.product.prodname_dotcom_the_website %} according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning.
+When group membership changes on your IdP, your IdP sends a SCIM request with the changes to {% data variables.product.prodname_dotcom %} according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning.
{% data variables.product.prodname_dotcom %} also runs a reconciliation job once per day, which synchronizes team membership with IdP group membership that is stored on {% data variables.product.prodname_dotcom %}, based on information previously sent from the IdP via SCIM. If this job finds that a user is a member of an IdP group in the enterprise, but they are not a member of the mapped team or its organization, the job will attempt to add the user to the organization and team.
Teams connected to IdP groups cannot be parents of other teams nor a child of another team. If the team you want to connect to an IdP group is a parent or child team, we recommend creating a new team or removing the nested relationships that make your team a parent team.
-To manage repository access for any team in your enterprise, including teams connected to an IdP group, you must make changes on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-team-access-to-an-organization-repository)".
+To manage repository access for any team in your enterprise, including teams connected to an IdP group, you must make changes on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-team-access-to-an-organization-repository)".
## Requirements for connecting IdP groups with teams
-Before you can connect an IdP group with a team on {% data variables.product.prodname_dotcom %}, you must assign the group to the {% data variables.product.prodname_emu_idp_application %} application in your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
+Before you can connect an IdP group with a team on {% data variables.product.prodname_dotcom %}, you must assign the group to the {% ifversion ghec %}{% data variables.product.prodname_emu_idp_application %}{% else %}relevant{% endif %} application in your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
You can connect a team in your enterprise to one IdP group. You can assign the same IdP group to multiple teams in your enterprise.
-If you are connecting an existing team to an IdP group, you must first remove any members that were added manually. After you connect a team in your enterprise to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on {% data variables.product.prodname_dotcom_the_website %}.
+If you are connecting an existing team to an IdP group, you must first remove any members that were added manually. After you connect a team in your enterprise to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership directly on {% data variables.product.prodname_dotcom %}.
If you use Microsoft Entra ID (previously known as Azure AD) as your IdP, you can only connect a team to a security group. Nested group memberships and Microsoft 365 groups are not supported.
@@ -64,11 +69,11 @@ Any member of an organization can create a new team and connect the team to an I
## Managing the connection between an existing team and an IdP group
-Organization owners can manage the existing connection between an IdP group and a team. If your enterprise does not use {% data variables.enterprise.prodname_managed_users %}, team maintainers can also manage the connection.
+Organization owners {% ifversion ghes %}and team maintainers {% endif %}can manage the existing connection between an IdP group and a team.{% ifversion ghec %} If your enterprise does not use {% data variables.enterprise.prodname_managed_users %}, team maintainers can also manage the connection.{% endif %}
{% note %}
-**Note**: Before you connect an existing team on {% data variables.product.prodname_dotcom_the_website %} to an IdP group for the first time, all members of the team on {% data variables.product.prodname_dotcom_the_website %} must first be removed. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)."
+**Note**: Before you connect an existing team on {% data variables.product.prodname_dotcom %} to an IdP group for the first time, all members of the team on {% data variables.product.prodname_dotcom %} must first be removed. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)."
{% endnote %}
@@ -100,7 +105,7 @@ If a team cannot sync with the group on your IdP, the team will display an error
The way a member is added to an organization owned by your enterprise determines how they must be removed from an organization.
-* **If a member was added to an organization manually, you must remove them manually.** Unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization.
+* **If a member was added to an organization manually, you must remove them manually.** Unassigning them from the {% ifversion ghec %}{% data variables.product.prodname_emu_idp_application %}{% else %}relevant{% endif %} application on your IdP will suspend the user but not remove them from the organization.
* **If a user became an organization member because they were added to IdP groups, remove them from _all_ of the mapped IdP groups** associated with the organization.
-To discover how a member was added to an organization, you can filter the member list by type. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."
+To discover how a member was added to an organization, you can filter the member list by type. See {% ifversion ghec %}"[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."{% else %}"[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type)."{% endif %}
diff --git a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md
similarity index 63%
rename from content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api.md
rename to content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md
index 72572678cb92..8ab2690c3655 100644
--- a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api.md
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md
@@ -1,13 +1,16 @@
---
title: Provisioning users and groups with SCIM using the REST API
shortTitle: SCIM using REST API
-intro: "You can manage the lifecycle of your enterprise's user accounts on {% data variables.location.product_location %} from your identity provider (IdP) using {% data variables.product.company_short %}'s REST API for System for Cross-domain Identity Management (SCIM)."
+intro: 'Manage the lifecycle of user accounts from your identity provider using {% data variables.product.company_short %}''s REST API for System for Cross-domain Identity Management (SCIM).'
product: '{% data reusables.gated-features.emus %}'
versions:
- feature: emu-public-scim-schema
+ ghec: '*'
+ feature: scim-for-ghes-public-beta
type: tutorial
redirect_from:
- /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api
+ - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api
+ - /admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api
topics:
- Accounts
- Authentication
@@ -15,6 +18,8 @@ topics:
- SSO
---
+{% ifversion ghec %}
+
{% note %}
**Notes**:
@@ -24,6 +29,14 @@ topics:
{% endnote %}
+{% else %}
+
+{% data reusables.scim.ghes-beta-note %}
+
+{% endif %}
+
+{% ifversion ghec %}
+
## About IAM for {% data variables.product.prodname_emus %}
If your enterprise on {% data variables.product.prodname_dotcom %} is created for {% data variables.product.prodname_emus %}, you must configure an external identity management system to provision and maintain user accounts. Your identity management system must offer the following functionality:
@@ -33,6 +46,17 @@ If your enterprise on {% data variables.product.prodname_dotcom %} is created fo
* OpenID Connect (OIDC), which is only supported if you use Microsoft Entra ID (previously known as Azure AD)
* User lifecycle management with System for Cross-domain Identity Management (SCIM)
+{% else %}
+
+## About SCIM provisioning on {% data variables.product.product_name %}
+
+To provision and maintain user accounts using SCIM, your identity management system must offer the following functionality:
+
+* Single sign-on authentication implementing Security Assertion Markup Language (SAML) 2.0
+* User lifecycle management with System for Cross-domain Identity Management (SCIM)
+
+{% endif %}
+
When you configure authentication and provisioning for your enterprise, you can either use a partner IdP, or you can use another combination of identity management systems.
* [Using a partner identity provider](#using-a-partner-identity-provider)
@@ -40,9 +64,7 @@ When you configure authentication and provisioning for your enterprise, you can
### Using a partner identity provider
-Each partner IdP provides a "paved-path" application, which implements both SSO and user lifecycle management. To simplify your configuration of {% data variables.product.prodname_emus %}, {% data variables.product.company_short %} recommends that you use a partner IdP's application for both authentication and provisioning. For more information and a list of partner IdPs, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems)."
-
-When you use a single partner IdP for both authentication and provisioning, {% data variables.product.company_short %} provides support for the application on the partner IdP, as well as the IdPs' integration with {% data variables.product.product_name %}.
+Each partner IdP provides a "paved-path" application, which implements both SSO and user lifecycle management. To simplify configuration, {% data variables.product.company_short %} recommends that you use a partner IdP's application for both authentication and provisioning. For more information and a list of partner IdPs, see {% ifversion ghec %}"[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems)."{% else %}"[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes#supported-identity-providers)."{% endif %}
For more information about configuring SCIM provisioning using a partner IdP, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."
@@ -50,15 +72,24 @@ For more information about configuring SCIM provisioning using a partner IdP, se
If you cannot use a partner IdP for both authentication and provisioning due to migration overhead, licensing costs, or organizational inertia, you can use another identity management system or combination of systems. The systems must provide authentication using SAML and user lifecycle management using SCIM, and must adhere to {% data variables.product.company_short %}'s integration guidelines.
-{% data variables.product.company_short %} has not tested integration with every identity management system. While integration with {% data variables.product.prodname_emus %} may be possible, {% data variables.product.company_short %}'s support team may not be able to assist you with issues related to these systems. If you need help with an identity management system that's not a partner IdP, or if you use a partner IdP only for SAML authentication, you must consult the system's documentation, support team, or other resources.
+{% data variables.product.company_short %} has not tested integration with every identity management system. While integration with {% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}{% data variables.product.product_name %}{% endif %} may be possible, {% data variables.product.company_short %}'s support team may not be able to assist you with issues related to these systems. If you need help with an identity management system that's not a partner IdP, or if you use a partner IdP only for SAML authentication, you must consult the system's documentation, support team, or other resources.
## Prerequisites
+{%- ifversion ghec %}
* {% data reusables.enterprise-managed.emu-prerequisite %}
* {% data reusables.scim.emu-prerequisite-authentication %}
-* {% data reusables.scim.scim-standard-prerequisite %}
* You must enable an open SCIM configuration for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#configuring-provisioning-for-other-identity-management-systems)."
-* To authenticate requests to the REST API endpoints for SCIM, you must use a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **admin:enterprise** scope. {% data variables.product.company_short %} recommends that you do not configure an expiration date for the token. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
+* To authenticate requests to the REST API endpoints for SCIM, you must use a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **admin:enterprise** scope. {% data variables.product.company_short %} recommends that you do not configure an expiration date for the token. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users#create-a-personal-access-token)."
+{%- else %}
+To implement SCIM using the REST API, the general prerequisites for using SCIM on {% data variables.product.product_name %} apply. See the "Prerequisites" section in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#prerequisites)."
+
+In addition, the following prerequisites apply:
+
+* You must have completed steps 1 to 3 in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+ * You must use the {% data variables.product.pat_v1 %} created for the built-in setup user to authenticate requests to the REST API.
+{%- endif %}
+{% data reusables.scim.scim-standard-prerequisite %}
* The user records for the systems that you use for authentication and provisioning must share a unique identifier and satisfy {% data variables.product.company_short %}'s matching criteria. For more information, see "[AUTOTITLE](/rest/enterprise-admin/scim#mapping-of-saml-and-scim-data)" in the REST API documentation.
## Best practices for SCIM provisioning with {% data variables.product.prodname_dotcom %}'s REST API
@@ -68,8 +99,8 @@ When you configure your identity management system to provision users or groups
* [Ensure your identity management system is the only source of write operations](#ensure-your-identity-management-system-is-the-only-source-of-write-operations)
* [Send valid requests to REST API endpoints](#send-valid-requests-to-rest-api-endpoints)
* [Provision users before you provision groups](#provision-users-before-you-provision-groups)
-* [Validate access for groups on {% data variables.product.product_name %}](#validate-access-for-groups-on-github-enterprise-cloud)
-* [Understand rate limits for {% data variables.product.product_name %}](#understand-rate-limits-for-github-enterprise-cloud)
+* [Validate access for groups on {% data variables.product.prodname_dotcom %}](#validate-access-for-groups-on-github)
+* [Understand rate limits on {% data variables.product.prodname_dotcom %}](#understand-rate-limits-on-github)
* [Configure audit log streaming](#configure-audit-log-streaming)
### Ensure your identity management system is the only source of write operations
@@ -102,15 +133,21 @@ To manage team membership with groups on your identity management system, you mu
1. Update the membership of the group on your identity management system.
1. Create a team on {% data variables.product.product_name %} that's mapped to the group on your identity management system.
-### Validate access for groups on {% data variables.product.product_name %}
+### Validate access for groups on {% data variables.product.prodname_dotcom %}
If you manage access using groups on your identity management system, you can validate that users get the access you intend. You can use the REST API to compare your system's group memberships with {% data variables.product.prodname_dotcom %}'s understanding of those groups. For more information, see "[AUTOTITLE](/rest/teams/external-groups#about-external-groups)" and "[AUTOTITLE](/rest/teams/teams#get-a-team-by-name)" in the REST API documentation.
-### Understand rate limits for {% data variables.product.product_name %}
+### Understand rate limits on {% data variables.product.prodname_dotcom %}
-To ensure the availability and reliability of the platform, {% data variables.product.company_short %} implements rate limits. For more information, see "[AUTOTITLE](/rest/using-the-rest-api/rate-limits-for-the-rest-api)."
+{% ifversion ghec %}
+To ensure the availability and reliability of the platform, {% data variables.product.company_short %} implements rate limits.
Without considering rate limits, large enterprises onboarding with {% data variables.product.prodname_emus %} for the first time are likely to exceed the limits. {% data reusables.scim.emu-scim-rate-limit-details %}
+{% else %}
+If a site administrator has enabled rate limits on your instance, you may encounter errors when you provision users for the first time. You can review your IdP logs to confirm if attempted SCIM provisioning or push operations failed due to a rate limit error. The response to a failed provisioning attempt will depend on the IdP.
+{% endif %}
+
+For more information, see "[AUTOTITLE](/rest/using-the-rest-api/rate-limits-for-the-rest-api)."
### Configure audit log streaming
@@ -129,16 +166,16 @@ Before a person with an identity on your identity management system can sign in
| Action | Method | Endpoint and more information | Events in the audit log |
| :- | :- | :- | :- |
-| List all provisioned users for your enterprise, which includes all users who are soft-deprovisioned by setting `active` to `false`. | `GET` | [`/scim/v2/enterprises/{enterprise}/Users`](/rest/enterprise-admin/scim#list-scim-provisioned-identities-for-an-enterprise) | N/A |
-| Create a user. The API's response includes an `id` field for uniquely identifying the user. | `POST` | [`/scim/v2/enterprises/{enterprise}/Users`](/rest/enterprise-admin/scim#provision-a-scim-enterprise-user) |
`external_identity.provision`
`user.create`
If request adds the `enterprise_owner` role, `business.add_admin`
If request adds the `billing_manager` role, `business.add_billing_manager`
|
-| Retrieve an existing user in your enterprise using the `id` field from the `POST` request that you sent to create the user. | `GET` | [`/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}`](/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-user) | N/A |
-| Update all of an existing user's attributes using the `id` field from the `POST` request that you sent to create the user. Update `active` to `false` to soft-deprovision the user, or `true` to reactivate the user. {% data reusables.scim.public-scim-more-info-about-deprovisioning-and-reactivating %} | `PUT` | [`/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}`](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-user) | {% data reusables.scim.public-scim-put-or-patch-user-audit-log-events %} |
-| Update an individual attribute for an existing user using the `id` field from the `POST` request that you sent to create the user. Update `active` to `false` to soft-deprovision the user, or `true` to reactivate the user. {% data reusables.scim.public-scim-more-info-about-deprovisioning-and-reactivating %} | `PATCH` | [`/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}`](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-user) | {% data reusables.scim.public-scim-put-or-patch-user-audit-log-events %} |
-| To completely delete an existing user, you can hard-deprovision the user. After hard-deprovisioning, you cannot reactivate the user, and you must provision the user as a new user. For more information, see "[Hard-deprovisioning users with the REST API](#hard-deprovisioning-users-with-the-rest-api)." | `DELETE` | [`/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}`](/rest/enterprise-admin/scim#delete-a-scim-user-from-an-enterprise) |
`external_identity.deprovision`
`user.remove_email`
|
+| List all provisioned users for your enterprise, which includes all users who are soft-deprovisioned by setting `active` to `false`. | `GET` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users`](/rest/enterprise-admin/scim#list-scim-provisioned-identities-for-an-enterprise) | N/A |
+| Create a user. The API's response includes an `id` field for uniquely identifying the user. | `POST` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users`](/rest/enterprise-admin/scim#provision-a-scim-enterprise-user) |
`external_identity.provision`
`user.create`
If request adds the `enterprise_owner` role, `business.add_admin`
If request adds the `billing_manager` role, `business.add_billing_manager`
{% ifversion ghes %}
If request succeeds, `external_identity.scim_api_success`
If request fails, `external_identity.scim_api_failure`
{% endif %}
|
+| Retrieve an existing user in your enterprise using the `id` field from the `POST` request that you sent to create the user. | `GET` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}`](/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-user) | N/A |
+| Update all of an existing user's attributes using the `id` field from the `POST` request that you sent to create the user. Update `active` to `false` to soft-deprovision the user, or `true` to reactivate the user. {% data reusables.scim.public-scim-more-info-about-deprovisioning-and-reactivating %} | `PUT` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}`](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-user) | {% data reusables.scim.public-scim-put-or-patch-user-audit-log-events %} |
+| Update an individual attribute for an existing user using the `id` field from the `POST` request that you sent to create the user. Update `active` to `false` to soft-deprovision the user, or `true` to reactivate the user. {% data reusables.scim.public-scim-more-info-about-deprovisioning-and-reactivating %} | `PATCH` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}`](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-user) | {% data reusables.scim.public-scim-put-or-patch-user-audit-log-events %} |
+| To completely delete an existing user, you can hard-deprovision the user. After hard-deprovisioning, you cannot reactivate the user, and you must provision the user as a new user. For more information, see "[Hard-deprovisioning users with the REST API](#hard-deprovisioning-users-with-the-rest-api)." | `DELETE` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}`](/rest/enterprise-admin/scim#delete-a-scim-user-from-an-enterprise) |
`external_identity.deprovision`
`user.remove_email`
{% ifversion ghes %}
If request succeeds, `external_identity.scim_api_success`
If request fails, `external_identity.scim_api_failure`
{% endif %}
|
## Soft-deprovisioning users with the REST API
-To prevent a user from signing in to access your enterprise, you can soft-deprovision the user by sending a `PUT` or `PATCH` request to update a user's `active` field to `false` to `/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}`. When you soft-deprovision a user, {% data variables.product.product_name %} obfuscates the user record's `login` and `email` fields, and the user is suspended.
+To prevent a user from signing in to access your enterprise, you can soft-deprovision the user by sending a `PUT` or `PATCH` request to update a user's `active` field to `false` to `/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}`. When you soft-deprovision a user, {% data variables.product.product_name %} obfuscates the user record's `login` and `email` fields, and the user is suspended.
When you soft-deprovision a user, the `external_identity.update` event does not appear in the audit log. The following events appear in the audit log:
@@ -146,12 +183,16 @@ When you soft-deprovision a user, the `external_identity.update` event does not
* `user.remove_email`
* `user.rename`
* `external_identity.deprovision`
+{%- ifversion ghes %}
+* If the request succeeds, `external_identity.scim_api_success`
+* If the request fails, `external_identity.scim_api_failure`
+{%- endif %}
-You can view all suspended users for your enterprise. For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members-in-an-enterprise-with-managed-users)."
+You can view all suspended users for your enterprise. For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members).
## Reactivating users with the REST API
-To allow a soft-deprovisioned user to sign in to access your enterprise, unsuspend the user by sending a `PUT` or `PATCH` request to `/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}` that updates the user's `active` field to `true`.
+To allow a soft-deprovisioned user to sign in to access your enterprise, unsuspend the user by sending a `PUT` or `PATCH` request to `/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}` that updates the user's `active` field to `true`.
When you reactivate a user, the `external_identity.update` event does not appear in the audit log. The following events appear in the audit log:
@@ -159,10 +200,14 @@ When you reactivate a user, the `external_identity.update` event does not appear
* `user.remove_email`
* `user.rename`
* `external_identity.provision`
+{%- ifversion ghes %}
+* If the request succeeds, `external_identity.scim_api_success`
+* If the request fails, `external_identity.scim_api_failure`
+{%- endif %}
## Hard-deprovisioning users with the REST API
-To completely delete a user, you can hard-deprovision the user by sending a `DELETE` request to `/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}`. Your enterprise will retain any resources and comments created by the user.
+To completely delete a user, you can hard-deprovision the user by sending a `DELETE` request to `/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Users/{scim_user_id}`. Your enterprise will retain any resources and comments created by the user.
When you hard-deprovision a user, the following events occur:
@@ -177,7 +222,7 @@ To reprovision the user, you must use the `POST` method to create a new user. Th
To control access to repositories in your enterprise, you can use groups on your identity management system to control organization and team membership for users in your enterprise. You can read about the associated API endpoints in the REST API documentation and see code examples, and you can review audit log events associated with each request.
-While your enterprise doesn't require an available license to provision a new user account, if you provision a group that results in the addition of users to an organization, you must have available licenses for those users. If your enterprise only uses {% data variables.visual_studio.prodname_vss_ghe %}, the associated user must be assigned to a subscriber. For more information, see "[AUTOTITLE](/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise#about-licenses-for-visual-studio-subscriptions-with-github-enterprise)."
+While your enterprise doesn't require an available license to provision a new user account, if you provision a group that results in the addition of users to an organization, you must have available licenses for those users.{% ifversion ghec %} If your enterprise only uses {% data variables.visual_studio.prodname_vss_ghe %}, the associated user must be assigned to a subscriber. For more information, see "[AUTOTITLE](/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise#about-licenses-for-visual-studio-subscriptions-with-github-enterprise)."{% endif %}
* For an overview of the supported attributes for groups, see "[SCIM](/rest/enterprise-admin/scim#supported-scim-group-attributes)" in the REST API documentation.
* For an overview of audit log events related to groups, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#external_group)."
@@ -185,16 +230,16 @@ While your enterprise doesn't require an available license to provision a new us
| Action | Method | Endpoint and more information | Related events in the audit log |
| :- | :- | :- | :- |
-| List all groups defined for your enterprise. | `GET` | [`/scim/v2/enterprises/{enterprise}/Groups`](/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise) | N/A |
-| To define a new IdP group for your enterprise, create the group. The API's response includes an `id` field for uniquely identifying the group. | `POST` | [`/scim/v2/enterprises/{enterprise}/Groups`](/rest/enterprise-admin/scim#provision-a-scim-enterprise-group) |
`external_group.provision`
`external_group.update_display_name`
If the request included a list of users, `external_group.add_member`
|
-| Retrieve an existing group for your enterprise using the `id` from the `POST` request that you sent to create the group. | `GET` | [`/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}`](/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-group) | N/A |
-| Update all of the attributes for an existing group. | `PUT` | [`/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}`](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-group) | {% data reusables.scim.public-scim-put-or-patch-group-audit-log-events %} |
-| Update an individual attribute for an existing group. | `PATCH` | [`/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}`](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-group) | {% data reusables.scim.public-scim-put-or-patch-group-audit-log-events %} |
-| Completely delete an existing group. | `DELETE` | [`/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}`](/rest/enterprise-admin/scim#delete-a-scim-group-from-an-enterprise) |
`external_group.delete`
If the request deletes a group linked to a team in an organization where the user has no other team membership, `org.remove_member`
If the request deletes a group linked to a team in an organization where the user has other team membership, `team.remove_member`
|
+| List all groups defined for your enterprise. | `GET` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups`](/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise) | N/A |
+| To define a new IdP group for your enterprise, create the group. The API's response includes an `id` field for uniquely identifying the group. | `POST` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups`](/rest/enterprise-admin/scim#provision-a-scim-enterprise-group) |
`external_group.provision`
`external_group.update_display_name`
If the request included a list of users, `external_group.add_member`
{% ifversion ghes %}
If request succeeds, `external_group.scim_api_success`
If request fails, `external_group.scim_api_failure`
{% endif %}
|
+| Retrieve an existing group for your enterprise using the `id` from the `POST` request that you sent to create the group. | `GET` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups/{scim_group_id}`](/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-group) | N/A |
+| Update all of the attributes for an existing group. | `PUT` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups/{scim_group_id}`](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-group) | {% data reusables.scim.public-scim-put-or-patch-group-audit-log-events %} |
+| Update an individual attribute for an existing group. | `PATCH` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups/{scim_group_id}`](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-group) | {% data reusables.scim.public-scim-put-or-patch-group-audit-log-events %} |
+| Completely delete an existing group. | `DELETE` | [`/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups/{scim_group_id}`](/rest/enterprise-admin/scim#delete-a-scim-group-from-an-enterprise) |
`external_group.delete`
If the request deletes a group linked to a team in an organization where the user has no other team membership, `org.remove_member`
If the request deletes a group linked to a team in an organization where the user has other team membership, `team.remove_member`
{% ifversion ghes %}
If request succeeds, `external_group.scim_api_success`
If request fails, `external_group.scim_api_failure`
{% endif %}
|
### Additional audit log events for changes to IdP groups
-If you update the members of an existing group using a `PUT` or `PATCH` request to `/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}`, {% data variables.product.product_name %} may add the user to the organization or remove the user from the organization depending on the user's current organization membership. If the user is already a member of at least one team in the organization, the user is a member of the organization. If the user is not a member of any teams in the organization, the user may also not already be a member of the organization.
+If you update the members of an existing group using a `PUT` or `PATCH` request to `/scim/v2/{% ifversion ghec %}enterprises/{enterprise}/{% endif %}Groups/{scim_group_id}`, {% data variables.product.product_name %} may add the user to the organization or remove the user from the organization depending on the user's current organization membership. If the user is already a member of at least one team in the organization, the user is a member of the organization. If the user is not a member of any teams in the organization, the user may also not already be a member of the organization.
If your request updates a group linked to a team in an organization where a user is not already a member, in addition to `external_group.update`, the following events appear in the audit log:
@@ -207,21 +252,25 @@ If your request updates a group linked to a team in an organization where a user
* If the request removes the user from a group that's linked to a team in an organization, and the team is not the last team in the organization where the user is a member, `team.remove_member`
* If the request removes a user from a group that's linked to the last team in an organization where the user is already a member, `org.remove_member`
+{% ifversion ghec %}
+
## Migrating to a new SCIM provider
After you configure SCIM provisioning for your enterprise, you may need to migrate to a new SCIM provider. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant)."
+{% endif %}
+
## Troubleshooting SCIM provisioning
-* If {% data variables.product.prodname_dotcom %} is rate-limiting your requests to the REST API, you can learn more in "[Understand rate limits for {% data variables.product.product_name %}](#understand-rate-limits-for-github-enterprise-cloud)."
+* If your requests to the REST API are rate-limited, you can learn more in "[Understand rate limits on {% data variables.product.prodname_dotcom %}](#understand-rate-limits-on-github)."
* If you enable audit log streaming and stream events for API requests, you can review any requests to the REST API endpoints for SCIM provisioning by filtering for events from the `EnterpriseUsersScim` or `EnterpriseGroupsScim` controllers.
-* If a SCIM request fails and you're unable to determine the cause, check the status of your identity management system to ensure that services were available. Additionally, check {% data variables.product.company_short %}'s status page. For more information, see "[AUTOTITLE](/support/learning-about-github-support/about-github-support#about-github-status)."
+* If a SCIM request fails and you're unable to determine the cause, check the status of your identity management system to ensure that services were available.{% ifversion ghec %} Additionally, check {% data variables.product.company_short %}'s status page. For more information, see "[AUTOTITLE](/support/learning-about-github-support/about-github-support#about-github-status)."{% endif %}
* If a request to provision a user fails with a `400` error, and the error message in your identity management system's log indicates issues with account ownership or username formatting, review "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication)."
-* After successful authentication, {% data variables.product.product_name %} links the user who authenticated to an identity provisioned by SCIM. The unique identifiers for authentication and provisioning must match. For more information, see "[AUTOTITLE](/rest/enterprise-admin/scim#mapping-of-saml-and-scim-data)." You can also view this mapping on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-a-linked-identity)."
+* After successful authentication, {% data variables.product.product_name %} links the user who authenticated to an identity provisioned by SCIM. The unique identifiers for authentication and provisioning must match. For more information, see "[AUTOTITLE](/rest/enterprise-admin/scim#mapping-of-saml-and-scim-data)."{% ifversion ghec %} You can also view this mapping on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-a-linked-identity)."{% endif %}
* If you manage access using groups on your identity management system, you can troubleshoot using the REST API or web UI for {% data variables.product.product_name %}.
diff --git a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md
similarity index 91%
rename from content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups.md
rename to content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md
index 0e62b19c68e7..258b74bba8f4 100644
--- a/content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups.md
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md
@@ -5,6 +5,7 @@ intro: 'If you manage team membership using groups on your identity provider (Id
product: '{% data reusables.gated-features.emus %}'
versions:
ghec: '*'
+ feature: scim-for-ghes-public-beta
type: how_to
topics:
- Accounts
@@ -13,8 +14,12 @@ topics:
- Troubleshooting
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/troubleshooting-team-membership-with-identity-provider-groups
+ - /admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups
+ - /admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups
---
+{% data reusables.scim.ghes-beta-note %}
+
## About management of team membership with IdP groups
{% data reusables.emus.about-team-management-with-idp %} You can review a list of teams that you've synchronized to IdP groups from your enterprise's settings. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups#viewing-idp-groups-group-membership-and-connected-teams)."
@@ -33,6 +38,8 @@ If {% data variables.product.prodname_dotcom %} is unable to synchronize team me
If a team is unable to sync membership with a group on your IdP, you'll see a description of the problem under the team's name and membership count.
+{% ifversion ghec %}
+
### Error: "Out of sync due to insufficient licenses"
If your enterprise does not have sufficient licenses and {% data variables.product.prodname_dotcom %} is unable to synchronize team membership with a group on your IdP, you'll see a message that reads "Out of sync due to insufficient licenses".
@@ -48,6 +55,8 @@ The team may be missing members because your enterprise does not have sufficient
* Deprovision users from your enterprise.
* Purchase additional licenses to allow synchronization to complete. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing#about-changes-to-your-subscription)."
+{% endif %}
+
### Error: "Out of sync"
If synchronization of team membership with a group on your IdP fails due to a problem other than licensing, you'll see a message that reads "Out of sync".
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md
new file mode 100644
index 000000000000..944862e28d29
--- /dev/null
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md
@@ -0,0 +1,168 @@
+---
+title: '{% ifversion scim-for-ghes-public-beta %}About{% else %}Configuring{% endif %} user provisioning with SCIM on GitHub Enterprise Server'
+shortTitle: '{% ifversion scim-for-ghes-public-beta %}About SCIM provisioning{% else %}Configure SCIM user provisioning{% endif %}'
+intro: '{% ifversion scim-for-ghes-public-beta %}Learn about{% else %}Get started with{% endif %} managing the lifecycle of user accounts with SCIM on {% data variables.location.product_location %}.'
+permissions: '{% ifversion scim-for-ghes-public-beta %}{% else %}Site administrators{% endif %}'
+versions:
+ ghes: '*'
+allowTitleToDifferFromFilename: true
+type: how_to
+topics:
+ - Accounts
+ - Authentication
+ - Enterprise
+ - Identity
+ - SSO
+redirect_from:
+ - /admin/authentication/configuring-user-provisioning-for-your-enterprise
+ - /admin/identity-and-access-management/managing-iam-for-your-enterprise/configuring-user-provisioning-for-your-enterprise
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-for-your-enterprise
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise
+ - /admin/managing-iam/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise
+---
+
+{% data reusables.scim.ghes-beta-note %}
+
+## About user provisioning for {% data variables.product.product_name %}
+
+If you use SAML single sign-on (SSO) for {% data variables.location.product_location %}, you can configure SCIM to automatically create or suspend user accounts and grant access to your instance when you assign or unassign the application on your IdP. For more information about SCIM, see [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website.
+
+If you do not configure user provisioning with SCIM, your IdP will not communicate with {% data variables.product.product_name %} automatically when you assign or unassign the application to a user. Without SCIM, {% data variables.product.product_name %} creates a user account using SAML Just-in-Time (JIT) provisioning the first time someone navigates to {% data variables.product.product_name %} and signs in by authenticating through your IdP.
+
+To configure provisioning for your enterprise, you must enable provisioning on {% data variables.product.product_name %}, then {% ifversion scim-for-ghes-public-beta %}either {% endif %}install and configure a provisioning application on your IdP{% ifversion scim-for-ghes-public-beta %}, or configure SCIM provisioning manually using {% data variables.product.company_short %}'s REST API endpoints for SCIM{% endif %}.
+
+## Supported identity providers
+
+{% ifversion scim-for-ghes-public-beta %}
+
+{% data reusables.enterprise_user_management.emu-paved-path-iam-integrations %}
+
+### Partner identity providers
+
+The following IdPs are partner IdPs. They offer an application that you can use to configure both SAML authentication and SCIM provisioning.
+
+* Microsoft Entra ID
+* Okta
+* PingFederate (beta)
+
+When you use a single partner IdP for both authentication and provisioning, {% data variables.product.company_short %} provides support for the application on the partner IdP and the IdP's integration with {% data variables.product.prodname_dotcom %}. Support for PingFederate is in beta.
+
+### Other identity management systems
+
+If you cannot use a single partner IdP for both authentication and provisioning, you can use another identity management system or combination of systems. The system must:
+
+* Adhere to **{% data variables.product.company_short %}'s integration guidelines**
+* Provide **authentication using SAML**, adhering to SAML 2.0 specification
+* Provide **user lifecycle management using SCIM**, adhering to the SCIM 2.0 specification and communicating with {% data variables.product.company_short %}'s REST API (see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)")
+
+{% else %}
+
+During the private beta, your account team will provide documentation for the configuration of SCIM for {% data variables.product.product_name %} on a supported IdP.
+
+{% endif %}
+
+## How will I manage user lifecycles with SCIM?
+
+{% data reusables.enterprise_user_management.scim-manages-user-lifecycle %}
+
+When SCIM is enabled, you will no longer be able to delete, suspend, or promote SCIM-provisioned users directly on {% data variables.product.product_name %}. You must manage these processes from your IdP.
+
+## What will happen to existing users on my instance?
+
+If you currently use SAML SSO, and you are enabling SCIM, you should be aware of what happens to existing users during SCIM provisioning.
+
+* When SCIM is enabled, users with SAML-linked identities will **not be able to sign in** until their identities have been provisioned by SCIM.
+* When your instance receives a SCIM request, SCIM identities are matched to existing users by **comparing the `userName` SCIM field with the {% data variables.product.prodname_dotcom %} username**. If a user with a matching username doesn't exist, {% data variables.product.prodname_dotcom %} creates a new user.
+* If {% data variables.product.prodname_dotcom %} successfully identifies a user from the IdP, but account details such as email address, first name, or last name don't match, the instance **overwrites the details** with values from the IdP. Any email addresses other than the primary email provisioned by SCIM will also be deleted from the user account.
+
+## What happens during SAML authentication?
+
+After an IdP administrator grants a person access to {% data variables.location.product_location %}, the user can authenticate through the IdP to access {% data variables.product.product_name %} using SAML SSO.
+
+* When a user authenticates through SAML, to associate a user with a SAML identity, {% data variables.product.prodname_dotcom %} compares a normalized `NameID` claim from the IdP (or another value you have configured) to the account's username. For details about normalization, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#about-username-normalization)."
+* If there is no account with a matching username on the instance, the user will fail to sign in.
+ * To make this match, {% data variables.product.product_name %} compares the SAML `NameId` claim from the IdP to the SCIM `userName` attribute for each user account provisioned by SCIM on the instance.
+ * Additionally, for Entra ID, {% data variables.product.product_name %} compares the object identifier from the SAML request with an existing SCIM external ID.
+* If your environment does not use `NameID` to uniquely identify users, a site administrator can configure custom user attributes for the instance. {% data variables.product.product_name %} will respect this mapping when SCIM is configured. For more information about mapping user attributes, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
+
+{% ifversion scim-for-ghes-public-beta %}
+
+## What happens if I disable SCIM?
+
+SCIM will be disabled on your instance if any of the following things happens.
+
+* The **Enable SCIM configuration** checkbox is unselected on the "Authentication security" page in the enterprise settings.
+* The **SAML** radio button is unselected in the "Authentication" section of the Management Console.
+* The SAML **Issuer** or **Single sign-on URL** field is updated in the "Authentication" section of the Management Console.
+
+If SCIM is disabled on the instance:
+
+* Requests to the SCIM API endpoints on your instance will no longer succeed.
+* SCIM-provisioned users will remain unchanged and will not be suspended.
+* Site administrators will be able to manage the lifecycle of SCIM-provisioned users, such as suspension and deletion, from the site admin dashboard.
+* Users will still be able to sign on via SAML, if enabled.
+* Users will be unlinked from their external identity record, and the record will be deleted.
+
+{% endif %}
+
+{% ifversion scim-for-ghes-public-beta %}
+
+## Getting started
+
+To get started with SCIM, you will:
+
+1. Complete initial setup, required regardless of which IdP you will use, in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+1. Configure settings in your IdP.
+ * If you're using a partner IdP for authentication and provisioning, you'll follow a guide for your IdP.
+ * Otherwise, you'll set up a SCIM integration with the REST API, as described in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api)."
+
+{% else %}
+
+## Prerequisites
+
+* {% data reusables.saml.ghes-you-must-configure-saml-sso %}
+
+* You must allow built-in authentication for users who don't have an account on your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider)."
+
+* Your IdP must support making SCIM calls to a Service Provider (SP).
+
+* You must have administrative access on your IdP to configure the application for user provisioning for {% data variables.product.product_name %}.
+
+## Enabling user provisioning for your enterprise
+
+To perform provisioning actions on your instance, you will create a built-in user account and promote the account to an enterprise owner.
+
+After you enable SCIM on a {% data variables.product.product_name %} instance, all user accounts are suspended. The built-in user account will continue to perform provisioning actions. After you grant a user access to your instance from your IdP, the IdP will communicate with the instance using SCIM to unsuspend the user's account.
+
+1. Create a built-in user account to perform provisioning actions on your instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider#inviting-users-outside-your-provider-to-authenticate-to-your-instance)."
+1. Promote the dedicated user account to an enterprise owner. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#adding-an-enterprise-administrator-to-your-enterprise-account)."
+1. Sign into your instance as the new enterprise owner.
+1. Create a {% data variables.product.pat_v1 %} with **admin:enterprise** scope. Do not specify an expiration date for the {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+
+ {% warning %}
+
+ **Warning**: Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes.
+
+ {% endwarning %}
+ {% note %}
+
+ **Note**: You'll need this {% data variables.product.pat_generic %} to test the SCIM configuration, and to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions.
+
+ {% endnote %}
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. To enable SCIM, run the commands provided to you by your account manager on {% data variables.contact.contact_enterprise_sales %}.
+{% data reusables.enterprise_site_admin_settings.wait-for-configuration-run %}
+1. To validate that SCIM is operational, run the following commands. Replace _PAT FROM STEP 3_ and _YOUR INSTANCE'S HOSTNAME_ with actual values.
+
+ ```shell
+ $ GHES_PAT="PAT FROM STEP 3"
+ $ GHES_HOSTNAME="YOUR INSTANCE'S HOSTNAME"
+ $ curl --location --request GET 'https://$GHES_HOSTNAME/api/v3/scim/v2/Users' \
+ --header 'Content-Type: application/scim' \
+ --header 'Authorization: Bearer $GHES_PAT'
+ ```
+
+ The command should return an empty array.
+1. Configure user provisioning in the application for {% data variables.product.product_name %} on your IdP. To request documentation for a supported IdP, contact your account manager on {% data variables.contact.contact_enterprise_sales %}. If your IdP is unsupported, you must create the application and configure SCIM manually.
+
+{% endif %}
diff --git a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/index.md b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/index.md
similarity index 81%
rename from content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/index.md
rename to content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/index.md
index 0baddb4e36e9..fe32ad3fe832 100644
--- a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/index.md
+++ b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/index.md
@@ -2,7 +2,7 @@
title: Reconfiguring IAM for Enterprise Managed Users
shortTitle: Reconfigure IAM for managed users
product: '{% data reusables.gated-features.emus %}'
-intro: 'If the systems you use for IAM change, you can migrate your users to the new configuration by reconfiguring your managed enterprise on {% data variables.product.prodname_dotcom_the_website %}.'
+intro: 'If the systems you use for IAM change, you can migrate your users to the new configuration by reconfiguring your managed enterprise.'
versions:
ghec: '*'
topics:
@@ -13,5 +13,6 @@ children:
- /migrating-your-enterprise-to-a-new-identity-provider-or-tenant
- /migrating-from-oidc-to-saml
- /migrating-from-saml-to-oidc
+redirect_from:
+ - /admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users
---
-
diff --git a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md
similarity index 95%
rename from content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md
rename to content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md
index 811ccac3594c..763116832d90 100644
--- a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md
+++ b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md
@@ -12,6 +12,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-oidc-to-saml
+ - /admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml
---
{% data reusables.enterprise-accounts.azure-emu-support-oidc %}
diff --git a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md
similarity index 84%
rename from content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md
rename to content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md
index 7303787d8ab7..f981a2a2edc7 100644
--- a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md
+++ b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md
@@ -12,6 +12,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc
+ - /admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc
---
{% data reusables.enterprise-accounts.azure-emu-support-oidc %}
@@ -47,7 +48,7 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {%
{% endwarning %}
1. Before you begin the migration, sign in to Azure and disable provisioning in the existing {% data variables.product.prodname_emu_idp_application %} application.
-1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Entra ID, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account on {% data variables.product.prodname_dotcom_the_website %}, disable the IP allow lists. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
+1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Entra ID, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account, disable the IP allow lists. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
{% data reusables.emus.sign-in-as-setup-user %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
@@ -64,7 +65,7 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {%
**Warning:** Do not provision new users from the application on Entra ID during the migration.
{% endwarning %}
-1. In a new tab or window, while signed in as the setup user on {% data variables.product.prodname_dotcom_the_website %}, create a {% data variables.product.pat_v1 %} with the **admin:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
+1. In a new tab or window, while signed in as the setup user, create a {% data variables.product.pat_v1 %} with the **admin:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", type `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account.
For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
diff --git a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md
similarity index 94%
rename from content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md
rename to content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md
index 7abff2e42962..cd57fd310254 100644
--- a/content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md
+++ b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md
@@ -1,7 +1,7 @@
---
title: Migrating your enterprise to a new identity provider or tenant
shortTitle: Migrate to new IdP or tenant
-intro: "If your enterprise will use a new identity provider (IdP) or tenant for authentication and provisioning after you initially configure Security Assertion Markup Language (SAML) or OpenID Connect (OIDC) and SCIM, you can migrate to a new configuration."
+intro: 'If your enterprise will use a new identity provider (IdP) or tenant for authentication and provisioning after you initially configure Security Assertion Markup Language (SAML) or OpenID Connect (OIDC) and SCIM, you can migrate to a new configuration.'
product: '{% data reusables.gated-features.emus %}'
permissions: Enterprise owners and people with administrative access to your IdP can migrate your enterprise to a new IdP or tenant.
versions:
@@ -15,6 +15,7 @@ topics:
- SSO
redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-your-enterprise-to-a-new-identity-provider-or-tenant
+ - /admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant
---
## About migrations between IdPs and tenants
@@ -70,7 +71,7 @@ If you don't already have single sign-on recovery codes for your enterprise, dow
### 4. Disable authentication and provisioning for your enterprise
-1. Use a recovery code to sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user, whose username is your enterprise's shortcode suffixed with `_admin`. For more information about the setup user, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
+1. Use a recovery code to sign into {% data variables.product.prodname_dotcom %} as the setup user, whose username is your enterprise's shortcode suffixed with `_admin`. For more information about the setup user, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
1. Disable authentication and provisioning for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-for-enterprise-managed-users#disabling-authentication)."
1. Wait up to an hour for {% data variables.product.product_name %} to reset your enterprise's SCIM records and suspend your enterprise's members.
@@ -78,7 +79,7 @@ If you don't already have single sign-on recovery codes for your enterprise, dow
After you disable authentication and provisioning, {% data variables.product.product_name %} will suspend all of the {% data variables.enterprise.prodname_managed_users %} for your enterprise. You can validate suspension of your enterprise's members using the web UI.
-1. View the suspended members in your enterprise. For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members-in-an-enterprise-with-managed-users)."
+1. View the suspended members in your enterprise. For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members)."
1. If all of your enterprise's members are not yet suspended, continue waiting, and review the logs on your SCIM provider.
* If you use Entra ID, suspension of your members can take up to 40 minutes. To expedite the process for an individual user, click the **Provision on Demand** button in the "Provisioning" tab of the application for {% data variables.product.prodname_emus %}.
diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md b/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md
new file mode 100644
index 000000000000..19b8d255f092
--- /dev/null
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md
@@ -0,0 +1,91 @@
+---
+title: Abilities and restrictions of managed user accounts
+shortTitle: Restrictions for managed users
+intro: 'Learn what users can and cannot do if you manage accounts from an identity provider (IdP).'
+versions:
+ ghec: '*'
+type: reference
+topics:
+ - Accounts
+ - Enterprise
+ - Fundamentals
+redirect_from:
+ - /admin/identity-and-access-management/managing-iam-for-your-enterprise/abilities-and-restrictions-of-managed-user-accounts
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts
+---
+
+With {% data variables.product.prodname_emus %}, you can control the user accounts of your enterprise members through your identity provider (IdP). See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+
+{% data variables.enterprise.prodname_managed_users_caps %} can contribute only to private and internal repositories within their enterprise and their own private repositories. They have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions apply to all requests, including API requests.
+
+## Authentication
+
+* {% data variables.enterprise.prodname_managed_users_caps %} authenticate using only your identity provider, and have no password or two-factor authentication methods stored on {% data variables.product.prodname_dotcom %}. As a result, they do not see the sudo prompt when taking sensitive actions.
+
+## {% data variables.product.prodname_actions %}
+
+* {% data variables.enterprise.prodname_managed_users_caps %} cannot create workflow templates for {% data variables.product.prodname_actions %}.
+* Entitlement minutes for {% data variables.product.company_short %}-hosted runners are not available for {% data variables.enterprise.prodname_managed_users %}.
+* {% data variables.product.prodname_emus %} can trigger workflows in organizations where they are not members by forking the organization repository, then creating a pull request targeting the organization repository.
+
+## {% data variables.product.prodname_github_apps %}
+
+{% data variables.enterprise.prodname_managed_users_caps %}:
+
+* Cannot install {% data variables.product.prodname_github_apps %} on their user accounts.
+* Can install {% data variables.product.prodname_github_apps %} on a repository if the app doesn't request organization permissions and if the {% data variables.enterprise.prodname_managed_user %} has admin access to the repository.
+* Can install {% data variables.product.prodname_github_apps %} on an organization if the {% data variables.enterprise.prodname_managed_user %} is an organization owner.
+* Can purchase and install paid {% data variables.product.prodname_github_apps %} only if the {% data variables.enterprise.prodname_managed_user %} is an enterprise owner.
+* Can create {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %}.
+
+ {% data reusables.emus.oauth-app-note %}
+
+## {% data variables.product.prodname_github_codespaces %}
+
+* {% data variables.enterprise.prodname_managed_users_caps %} can only create codespaces that are owned by the enterprise. This means that {% data variables.enterprise.prodname_managed_users %}:
+ * Can create codespaces for repositories owned by their organization, or forks of these repositories, provided that the organization can pay for {% data variables.product.prodname_github_codespaces %}. See "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)."
+ * Cannot create codespaces for their personal repositories, any repositories outside their organizations, or {% data variables.product.company_short %}'s public templates for {% data variables.product.prodname_github_codespaces %}.
+ * Cannot publish a codespace created from a template to a new repository.
+
+## {% data variables.product.prodname_copilot %}
+
+* {% data variables.enterprise.prodname_managed_users_caps %} cannot sign up for {% data variables.product.prodname_copilot_for_individuals %}. To allow a managed user to use {% data variables.product.prodname_copilot_short %}, you must grant the user access to a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription. See "[AUTOTITLE](/copilot/about-github-copilot#getting-access-to-github-copilot)."
+
+## {% data variables.product.prodname_pages %}
+
+* {% data variables.enterprise.prodname_managed_users_caps %} are limited in their use of {% data variables.product.prodname_pages %}. See "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages#limitations-for-enterprise-managed-users)."
+
+## Interactions
+
+* {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories, but cannot interact with repositories outside of the enterprise in any of the following ways:
+ * Push code to the repository
+ * Create issues or pull requests within the repository
+ * Create or comment on discussions within the repository
+ * Comment on issues or pull requests, or add reactions to comments
+ * Star, watch, or fork the repository
+* {% data variables.enterprise.prodname_managed_users_caps %} cannot follow users outside of the enterprise.
+
+## Repository management
+
+* You can choose whether {% data variables.enterprise.prodname_managed_users %} are able to create repositories owned by their user accounts. See "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation)."
+* If you allow {% data variables.enterprise.prodname_managed_users %} to create repositories owned by their user accounts, they can only own private repositories and can only invite other enterprise members to collaborate on their user-owned repositories.
+* {% data reusables.enterprise-accounts.emu-forks %}
+* Only private and internal repositories can be created in organizations owned by an {% data variables.enterprise.prodname_emu_enterprise %}, depending on organization and enterprise repository visibility settings.
+
+## Visibility and invitations
+
+{% data variables.enterprise.prodname_managed_users_caps %}:
+
+* Cannot be invited to organizations or repositories outside of the enterprise, or to other enterprises.
+* Are only visible, along with the content they create, to other members of the enterprise.
+* Cannot be seen, mentioned, or invited to collaborate by other {% data variables.product.prodname_dotcom %} users.
+* Can be added to organization-owned repositories as repository collaborators, giving them access to repositories in organizations where they are not members
+* Can be assigned the guest collaborator role, preventing them from accessing internal repositories in the enterprise except in organizations where they are added as members
+
+## Other restrictions
+
+{% data variables.enterprise.prodname_managed_users_caps %}:
+
+* Cannot create gists or comment on gists.
+* Cannot create personalized profiles.
+* Do not have access to the {% data variables.product.prodname_certifications %} program.
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users.md b/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md
similarity index 98%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md
index f57417c87dd2..09dcc1e64453 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md
@@ -15,6 +15,7 @@ redirect_from:
- /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam
- /admin/identity-and-access-management/using-enterprise-managed-users-for-iam
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-enterprise-managed-users
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users
versions:
ghec: '*'
type: overview
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management.md b/content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md
similarity index 98%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md
index 130bf2a12e73..24962e47e708 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md
@@ -9,6 +9,7 @@ type: overview
redirect_from:
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-identity-and-access-management
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management
topics:
- Accounts
- Authentication
@@ -25,7 +26,7 @@ topics:
After learning more about authentication and provisioning for each of these options, to determine which method is best for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise)."
-{% elsif scim-for-ghes %}
+{% elsif ghes %}
Administrators who configure a {% data variables.product.product_name %} instance can use local accounts and built-in authentication on the instance. Alternatively, to centralize identity and access for an enterprise's web applications, administrators can configure an external authentication method. If you use SAML, you can optionally provision user accounts on the instance from your identity provider (IdP) using System for Cross-domain Identity Management (SCIM).
@@ -96,7 +97,7 @@ If you use [authentication through {% data variables.location.product_location %
Alternatively, if you use [{% data variables.product.prodname_emus %}](#authentication-with-enterprise-managed-users-and-federation), you must configure your IdP to provision user accounts within your enterprise on {% data variables.location.product_location %} using System for Cross-domain Identity Management (SCIM). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users)."
-{% elsif scim-for-ghes %}
+{% elsif ghes %}
If you configure built-in authentication, CAS, LDAP, or SAML, {% data variables.product.product_name %} creates a user account when an authorized person signs into the instance, or "just in time" (JIT). Optionally, if you use SAML, you can provision user accounts from your identity provider (IdP) using SCIM. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)."
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md b/content/admin/managing-iam/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md
similarity index 94%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md
index 31b00bea489e..7ae7705122df 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md
@@ -23,6 +23,7 @@ redirect_from:
- /admin/identity-and-access-management/using-saml-for-enterprise-iam/about-identity-and-access-management-for-your-enterprise
- /admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-saml-for-enterprise-iam
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam
---
## About SAML SSO for {% ifversion ghec %}your enterprise on {% endif %}{% ifversion ghec or ghes %}{% data variables.location.product_location %}{% endif %}
@@ -67,9 +68,9 @@ After you configure SAML, people who use {% data variables.location.product_loca
{% endif %}
-For more information about the configuration of SAML SSO on {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."{% ifversion ghec or scim-for-ghes %} To learn how to configure both authentication and {% ifversion ghes %}user {% endif %}provisioning for {% data variables.location.product_location %}, see the articles for individual IdPs in "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)."{% endif %}
+For more information about the configuration of SAML SSO on {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
-{% ifversion scim-for-ghes %}
+{% ifversion ghes %}
## About creation of user accounts
@@ -112,6 +113,4 @@ If your IdP supports encrypted assertions, you can configure encrypted assertion
* "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)"
* [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website
-{%- ifversion scim-for-ghes %}
* [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website
-{%- endif %}
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md b/content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md
similarity index 96%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md
index 65e7c7ff92e8..ecbe9a9e227d 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/allowing-built-in-authentication-for-users-outside-your-identity-provider
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/allowing-built-in-authentication-for-users-outside-your-identity-provider
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/changing-authentication-methods.md b/content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md
similarity index 97%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/changing-authentication-methods.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md
index ad23f7fe3e65..98e7fd0943ce 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/changing-authentication-methods.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/changing-authentication-methods
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/changing-authentication-methods
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/changing-authentication-methods
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/changing-authentication-methods
versions:
ghes: '*'
type: overview
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md b/content/admin/managing-iam/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md
similarity index 96%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md
index 9197150ac853..7b6df4cf0d38 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md
@@ -1,7 +1,7 @@
---
title: Choosing an enterprise type for GitHub Enterprise Cloud
shortTitle: Choosing an enterprise type
-intro: "Decide whether {% data variables.product.prodname_emus %} is right for your enterprise by asking yourself some questions."
+intro: 'Decide whether {% data variables.product.prodname_emus %} is right for your enterprise by asking yourself some questions.'
versions:
ghec: '*'
type: overview
@@ -14,6 +14,7 @@ topics:
redirect_from:
- /admin/identity-and-access-management/understanding-iam-for-enterprises/identifying-the-best-authentication-method-for-your-enterprise
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud
---
**Before** you create your enterprise account, you must choose an enterprise type:
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md b/content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md
similarity index 82%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md
index 78593b6949e3..9475f5501dd3 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md
@@ -11,6 +11,8 @@ topics:
- Enterprise
- SSO
allowTitleToDifferFromFilename: true
+redirect_from:
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users
---
Before your developers can use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}, you must follow a series of configuration steps.
@@ -19,12 +21,7 @@ Before your developers can use {% data variables.product.prodname_ghe_cloud %} w
To use {% data variables.product.prodname_emus %}, you need a **separate type of enterprise account** with {% data variables.product.prodname_emus %} enabled.
-To request a new enterprise account, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact). You'll discuss options for trialing {% data variables.product.prodname_emus %} or migrating from an existing enterprise.
-
-When you're ready, your contact on the {% data variables.product.prodname_dotcom %} Sales team will create your new {% data variables.enterprise.prodname_emu_enterprise %}. You'll be asked to provide the following information:
-
-* The **email address** for the user who will set up your enterprise.
-* A **short code** that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %}
+Start a free 30-day trial of {% data variables.product.prodname_ghe_cloud %}, and choose **Enterprise with managed users**. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
## Create the setup user
@@ -38,6 +35,16 @@ Using an **incognito or private browsing window**:
{% data reusables.enterprise-accounts.emu-password-reset-session %}
+## Create a {% data variables.product.pat_generic %}
+
+Next, create a {% data variables.product.pat_generic %} that you can use to configure provisioning.
+
+* You must be **signed in as the setup user** when you create the token.
+* The token must have **admin:enterprise** scope.
+* The token must have **no expiration**.
+
+To learn how to create a {% data variables.product.pat_v1 %}, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)."
+
## Configure authentication
Next, configure how your members will authenticate.
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/index.md b/content/admin/managing-iam/understanding-iam-for-enterprises/index.md
similarity index 96%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/index.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/index.md
index 4fd8563b62df..d559561e3c07 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/index.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/index.md
@@ -15,6 +15,7 @@ redirect_from:
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance
- /admin/identity-and-access-management/managing-iam-for-your-enterprise
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises
versions:
ghec: '*'
ghes: '*'
@@ -35,3 +36,4 @@ children:
- /troubleshooting-identity-and-access-management-for-your-enterprise
shortTitle: Understand enterprise IAM
---
+
diff --git a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md b/content/admin/managing-iam/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md
similarity index 96%
rename from content/admin/identity-and-access-management/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md
rename to content/admin/managing-iam/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md
index c92d0582af6e..cd7c9e8c9571 100644
--- a/content/admin/identity-and-access-management/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md
+++ b/content/admin/managing-iam/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md
@@ -16,6 +16,7 @@ topics:
- Troubleshooting
redirect_from:
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/troubleshooting-identity-and-access-management-for-your-enterprise
+ - /admin/identity-and-access-management/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise
---
{% ifversion ghec %}
diff --git a/content/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication.md b/content/admin/managing-iam/using-built-in-authentication/configuring-built-in-authentication.md
similarity index 88%
rename from content/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication.md
rename to content/admin/managing-iam/using-built-in-authentication/configuring-built-in-authentication.md
index cf12224b8bc7..eaaf724364e7 100644
--- a/content/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication.md
+++ b/content/admin/managing-iam/using-built-in-authentication/configuring-built-in-authentication.md
@@ -8,6 +8,7 @@ redirect_from:
- /admin/authentication/using-built-in-authentication
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-built-in-authentication
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-built-in-authentication
+ - /admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication
versions:
ghes: '*'
type: how_to
@@ -23,6 +24,12 @@ shortTitle: Configure built-in authentication
By default, {% data variables.product.product_name %} uses built-in authentication. Each person creates a user account on {% data variables.location.product_location %} from an invitation or by signing up, and then authenticates with the credentials for the account to access your instance. Your {% data variables.product.product_name %} instance stores the authentication information for the account.
+{% ifversion passkeys %}
+
+By default, users can use passkeys for built-in authentication, but you can disable passkeys for your instance. See "[AUTOTITLE](/admin/managing-iam/using-built-in-authentication/disabling-passkeys-for-your-instance)."
+
+{% endif %}
+
You can prevent unauthenticated people from creating new user accounts on your instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-built-in-authentication/disabling-unauthenticated-sign-ups)."
{% data reusables.enterprise_user_management.alternatively-enable-external-authentication %}
diff --git a/content/admin/managing-iam/using-built-in-authentication/disabling-passkeys-for-your-instance.md b/content/admin/managing-iam/using-built-in-authentication/disabling-passkeys-for-your-instance.md
new file mode 100644
index 000000000000..c44c19f28a1f
--- /dev/null
+++ b/content/admin/managing-iam/using-built-in-authentication/disabling-passkeys-for-your-instance.md
@@ -0,0 +1,26 @@
+---
+title: Disabling passkeys for your instance
+intro: 'Learn how to disable passkeys for all users on your instance.'
+permissions: 'Site administrators'
+versions:
+ ghes: '>=3.14'
+type: how_to
+topics:
+ - Accounts
+ - Authentication
+ - Enterprise
+ - Identity
+shortTitle: Disable passkeys
+---
+
+Passkeys are enabled by default.
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.authentication %}
+1. In the "Passkeys" section, deselect **Enable passkeys**.
+{% data reusables.enterprise_management_console.save-settings %}
+
+## Further reading
+
+* "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)"
diff --git a/content/admin/identity-and-access-management/using-built-in-authentication/disabling-unauthenticated-sign-ups.md b/content/admin/managing-iam/using-built-in-authentication/disabling-unauthenticated-sign-ups.md
similarity index 94%
rename from content/admin/identity-and-access-management/using-built-in-authentication/disabling-unauthenticated-sign-ups.md
rename to content/admin/managing-iam/using-built-in-authentication/disabling-unauthenticated-sign-ups.md
index ecf4d143b060..10bc7343279d 100644
--- a/content/admin/identity-and-access-management/using-built-in-authentication/disabling-unauthenticated-sign-ups.md
+++ b/content/admin/managing-iam/using-built-in-authentication/disabling-unauthenticated-sign-ups.md
@@ -7,6 +7,7 @@ redirect_from:
- /admin/authentication/disabling-unauthenticated-sign-ups
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/disabling-unauthenticated-sign-ups
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/disabling-unauthenticated-sign-ups
+ - /admin/identity-and-access-management/using-built-in-authentication/disabling-unauthenticated-sign-ups
intro: 'If you''re using built-in authentication for {% data variables.location.product_location %}, you can block unauthenticated people from creating new user accounts on your instance.'
permissions: 'Site administrators can disable unauthenticated sign-ups on a {% data variables.product.product_name %} instance.'
versions:
diff --git a/content/admin/identity-and-access-management/using-built-in-authentication/index.md b/content/admin/managing-iam/using-built-in-authentication/index.md
similarity index 80%
rename from content/admin/identity-and-access-management/using-built-in-authentication/index.md
rename to content/admin/managing-iam/using-built-in-authentication/index.md
index 1980ce727328..68a577b70939 100644
--- a/content/admin/identity-and-access-management/using-built-in-authentication/index.md
+++ b/content/admin/managing-iam/using-built-in-authentication/index.md
@@ -12,5 +12,7 @@ children:
- /configuring-built-in-authentication
- /inviting-people-to-use-your-instance
- /disabling-unauthenticated-sign-ups
+ - /disabling-passkeys-for-your-instance
+redirect_from:
+ - /admin/identity-and-access-management/using-built-in-authentication
---
-
diff --git a/content/admin/identity-and-access-management/using-built-in-authentication/inviting-people-to-use-your-instance.md b/content/admin/managing-iam/using-built-in-authentication/inviting-people-to-use-your-instance.md
similarity index 92%
rename from content/admin/identity-and-access-management/using-built-in-authentication/inviting-people-to-use-your-instance.md
rename to content/admin/managing-iam/using-built-in-authentication/inviting-people-to-use-your-instance.md
index 6a6d8571b80a..e08db2b1f7e3 100644
--- a/content/admin/identity-and-access-management/using-built-in-authentication/inviting-people-to-use-your-instance.md
+++ b/content/admin/managing-iam/using-built-in-authentication/inviting-people-to-use-your-instance.md
@@ -11,6 +11,8 @@ topics:
- Enterprise
- Identity
shortTitle: Invite people
+redirect_from:
+ - /admin/identity-and-access-management/using-built-in-authentication/inviting-people-to-use-your-instance
---
## About invitations for new users
diff --git a/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/index.md b/content/admin/managing-iam/using-cas-for-enterprise-iam/index.md
similarity index 77%
rename from content/admin/identity-and-access-management/using-cas-for-enterprise-iam/index.md
rename to content/admin/managing-iam/using-cas-for-enterprise-iam/index.md
index eb31c7102770..d85c39b93e43 100644
--- a/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/index.md
+++ b/content/admin/managing-iam/using-cas-for-enterprise-iam/index.md
@@ -6,5 +6,7 @@ versions:
ghes: '*'
children:
- /using-cas
+redirect_from:
+ - /admin/identity-and-access-management/using-cas-for-enterprise-iam
---
diff --git a/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md b/content/admin/managing-iam/using-cas-for-enterprise-iam/using-cas.md
similarity index 97%
rename from content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md
rename to content/admin/managing-iam/using-cas-for-enterprise-iam/using-cas.md
index 540b5f997055..476598288a1f 100644
--- a/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md
+++ b/content/admin/managing-iam/using-cas-for-enterprise-iam/using-cas.md
@@ -8,6 +8,7 @@ redirect_from:
- /admin/authentication/using-cas
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-cas
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-cas
+ - /admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas
intro: 'If you use Central Authentication Service (CAS) to centralize access to multiple web applications, you can integrate {% data variables.product.product_name %} by configuring CAS authentication for your instance.'
versions:
ghes: '*'
diff --git a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/index.md b/content/admin/managing-iam/using-ldap-for-enterprise-iam/index.md
similarity index 76%
rename from content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/index.md
rename to content/admin/managing-iam/using-ldap-for-enterprise-iam/index.md
index 67af5b858642..b864ba63292f 100644
--- a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/index.md
+++ b/content/admin/managing-iam/using-ldap-for-enterprise-iam/index.md
@@ -6,5 +6,7 @@ versions:
ghes: '*'
children:
- /using-ldap
+redirect_from:
+ - /admin/identity-and-access-management/using-ldap-for-enterprise-iam
---
diff --git a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md b/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md
similarity index 98%
rename from content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md
rename to content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md
index 139257a9dd3e..682db400deb0 100644
--- a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md
+++ b/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md
@@ -11,6 +11,7 @@ redirect_from:
- /admin/authentication/using-ldap
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-ldap
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-ldap
+ - /admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap
intro: 'If you use Lightweight Directory Access Protocol (LDAP) to centralize access across applications, you can integrate {% data variables.product.product_name %} by configuring LDAP authentication for your instance.'
versions:
ghes: '*'
@@ -230,7 +231,7 @@ If LDAP Sync is **not** enabled, you must manually suspend the {% data variables
## About logging for LDAP
-Log events for LDAP appear in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}systemd journal logs{% else %}log files{% endif %} on {% data variables.location.product_location %}. You'll find events related to LDAP operations in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the logs for `github-unicorn` and `github-resqued`{% else %}`auth.log`, `ldap-sync.log`, and `ldap.log`{% endif %}. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#{% ifversion opentelemetry-and-otel-log-migration-phase-1 %}journal-logs-for-the-github-application{% else %}log-files-for-authentication{% endif %})."
+Log events for LDAP appear in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}systemd journal logs{% else %}log files{% endif %} on {% data variables.location.product_location %}. You'll find events related to LDAP operations in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the logs for `github-unicorn` and `github-resqued`{% else %}`auth.log`, `ldap-sync.log`, and `ldap.log`{% endif %}. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs#{% ifversion opentelemetry-and-otel-log-migration-phase-1 %}journal-logs-for-the-github-application{% else %}log-files-for-authentication{% endif %})."
## Limitations for LDAP on {% data variables.product.product_name %}
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
similarity index 96%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
index 08392a58acfd..c9f796577333 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
@@ -8,6 +8,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account/configuring-saml-single-sign-on-for-your-enterprise-account-using-okta
- /admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise-using-okta
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise-using-okta
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta
versions:
ghec: '*'
topics:
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
similarity index 91%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
index daa4b8046ca3..d16acfa7072f 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
@@ -20,9 +20,16 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account/enforcing-saml-single-sign-on-for-organizations-in-your-enterprise-account
- /admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise
---
-{% data reusables.enterprise-accounts.emu-saml-note %}
+{% ifversion ghec %}
+
+**Before** following the steps in this article, make sure that your enterprise uses **personal accounts**. You can do so by checking whether your enterprise view has the "Users managed by ACCOUNT NAME" header bar at the top of the screen.
+
+If you see this, your enterprise uses **managed users** and you must follow a different process to configure SAML single sign-on. See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+
+{% endif %}
## About SAML SSO
@@ -89,7 +96,10 @@ For more detailed information about how to enable SAML using Okta, see "[AUTOTIT
1. Under "SAML single sign-on", select **Require SAML authentication**.
1. In the **Sign on URL** field, type the HTTPS endpoint of your IdP for single sign-on requests. This value is available in your IdP configuration.
1. Optionally, in the **Issuer** field, type your SAML issuer URL to verify the authenticity of sent messages.
-1. Under **Public Certificate**, paste a certificate to verify SAML responses.
+1. Under **Public Certificate**, paste a certificate to verify SAML responses. This is the public key corresponding to the private key used to sign SAML responses.
+
+ To find the certificate, refer to the documentation for your IdP. Some IdPs call this an X.509 certificate.
+
{% data reusables.saml.edit-signature-and-digest-methods %}
1. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click **Test SAML configuration** . {% data reusables.saml.test-must-succeed %}
1. Click **Save**.
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations.md
similarity index 92%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations.md
index ad2b58ba1ce0..45c651b50775 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations.md
@@ -1,7 +1,7 @@
---
title: Deciding whether to configure SAML for your enterprise or your organizations
shortTitle: Enterprise or organization
-intro: "You can configure SAML for your enterprise account, with the same configuration applying to all of its organizations, or you can create separate configurations for individual organizations."
+intro: 'You can configure SAML for your enterprise account, with the same configuration applying to all of its organizations, or you can create separate configurations for individual organizations.'
versions:
ghec: '*'
type: overview
@@ -11,6 +11,8 @@ topics:
- Authentication
- Enterprise
- Identity
+redirect_from:
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations
---
{% data reusables.enterprise.ghec-authentication-options %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise)."
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md
similarity index 88%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md
index 60cb0c4a8ce2..aa4287543f5a 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md
@@ -1,6 +1,6 @@
---
title: Disabling SAML single sign-on for your enterprise
-intro: 'You can disable SAML single sign-on (SSO) for your enterprise account.'
+intro: You can disable SAML single sign-on (SSO) for your enterprise account.
versions:
ghec: '*'
topics:
@@ -8,6 +8,8 @@ topics:
- Enterprise
type: how_to
shortTitle: Disable SAML SSO
+redirect_from:
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise
---
## About disabled SAML SSO for your enterprise
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md
similarity index 96%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md
index 5f86d14a68a0..abddbb4fe25c 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md
@@ -13,6 +13,8 @@ topics:
- Identity
- Security
- SSO
+redirect_from:
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions
---
## About encrypted assertions
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/index.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/index.md
similarity index 92%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/index.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/index.md
index ca94c2595edc..3b0456f7e3ff 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/index.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/index.md
@@ -16,14 +16,13 @@ redirect_from:
- /admin/authentication/using-saml
- /enterprise/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-saml
- /admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-saml
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam
children:
- /deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations
- /configuring-saml-single-sign-on-for-your-enterprise
- - /configuring-user-provisioning-with-scim-for-your-enterprise
- /managing-team-synchronization-for-organizations-in-your-enterprise
- /configuring-saml-single-sign-on-for-your-enterprise-using-okta
- /disabling-saml-single-sign-on-for-your-enterprise
- - /configuring-authentication-and-provisioning-for-your-enterprise-using-entra-id
- /enabling-encrypted-assertions
- /updating-a-users-saml-nameid
- /switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md
similarity index 96%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md
index 98800ec7a629..580a0e362974 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md
@@ -15,6 +15,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account/managing-team-synchronization-for-organizations-in-your-enterprise-account
- /admin/authentication/managing-identity-and-access-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise
shortTitle: Manage team synchronization
---
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md
similarity index 84%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md
index 347b2f9e45aa..c50940a8af9f 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md
@@ -14,6 +14,7 @@ redirect_from:
- /github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
- /admin/authentication/managing-identity-and-access-for-your-enterprise/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
- /admin/identity-and-access-management/managing-iam-for-your-enterprise/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
---
## About SAML single sign-on for enterprise accounts
@@ -24,7 +25,13 @@ redirect_from:
When you configure SAML SSO at the organization level, each organization must be configured with a unique SSO tenant in your IdP, which means that your members will be associated with a unique SAML identity record for each organization they have successfully authenticated with. If you configure SAML SSO for your enterprise account instead, each enterprise member will have one SAML identity that is used for all organizations owned by the enterprise account.
-After you configure SAML SSO for your enterprise account, the new configuration will override any existing SAML SSO configurations for organizations owned by the enterprise account. Any team synchronization settings you have configured will also be removed from these organizations. If you intend to re-enable team synchronization, before enabling SAML SSO for your enterprise, take note of the current team sync configuration in the affected organizations. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)."
+After you configure SAML SSO for your enterprise account, the new configuration will override any existing SAML SSO configurations for organizations owned by the enterprise account. Any team synchronization settings you have configured will also be removed from these organizations.
+
+* Your organization members will be removed from {% data variables.product.prodname_dotcom %} teams following the removal of the organization's team synchronization settings.
+* If you intend to re-enable team synchronization, before enabling SAML SSO for your enterprise, take note of the current team sync configuration in the affected organizations. See "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)."
+
+ You will need to re-add your organization members to {% data variables.product.prodname_dotcom %} teams after re-enabling team synchronization.
+* Schedule a time to make changes to your organization's team synchronization settings when people aren't actively using your organization's resources. Changes to team synchronization may result in some downtime for your members.
Enterprise members will not be notified when an enterprise owner enables SAML for the enterprise account. If SAML SSO was previously enforced at the organization level, members should not see a major difference when navigating directly to organization resources. The members will continue to be prompted to authenticate via SAML. If members navigate to organization resources via their IdP dashboard, they will need to click the new tile for the enterprise-level app, instead of the old tile for the organization-level app. The members will then be able to choose the organization to navigate to.
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
similarity index 95%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
index 9e48f50d59ad..27a2034c4aee 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
@@ -14,6 +14,8 @@ topics:
- Security
- SSO
- Troubleshooting
+redirect_from:
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication
---
{% ifversion ghes %}
@@ -42,7 +44,7 @@ You can configure {% data variables.product.product_name %} to write verbose deb
{% data reusables.enterprise-accounts.options-tab %}
1. Under "SAML debugging", select the drop-down and click **Enabled**.
1. Attempt to sign into {% data variables.location.product_location %} through your SAML IdP.
-1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% endif %} on {% data variables.location.product_location %}. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal-for-github-enterprise-server)."{% endif %}
+1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% endif %} on {% data variables.location.product_location %}. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs#system-logs-in-the-systemd-journal-for-github-enterprise-server)."{% endif %}
1. When you're done troubleshooting, select the drop-down and click **Disabled**.
## Decoding responses
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
similarity index 94%
rename from content/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
rename to content/admin/managing-iam/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
index 2c6a6ecd0f83..85240f01b152 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
@@ -11,6 +11,8 @@ topics:
- Enterprise
- Identity
- SSO
+redirect_from:
+ - /admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid
---
## About updates to users' SAML `NameID`
diff --git a/content/admin/managing-your-enterprise-account/about-enterprise-accounts.md b/content/admin/managing-your-enterprise-account/about-enterprise-accounts.md
index 3c87471d5230..97aa28a83bce 100644
--- a/content/admin/managing-your-enterprise-account/about-enterprise-accounts.md
+++ b/content/admin/managing-your-enterprise-account/about-enterprise-accounts.md
@@ -1,6 +1,6 @@
---
title: About enterprise accounts
-intro: 'With {% data variables.product.product_name %}, you can use an enterprise account to {% ifversion ghec %}enable collaboration between your organizations, while giving{% elsif ghes %}give{% endif %} administrators a single point of visibility and management.'
+intro: Learn how enterprise accounts enable scalability by simplifying administration and billing across multiple organizations.
redirect_from:
- /articles/about-github-business-accounts
- /articles/about-enterprise-accounts
@@ -20,100 +20,48 @@ topics:
- Fundamentals
---
-## About enterprise accounts on {% ifversion ghec %}{% data variables.product.prodname_ghe_cloud %}{% else %}{% data variables.product.product_name %}{% endif %}
+## What are enterprise accounts?
+
{% ifversion ghec %}
-
-Your enterprise account on {% data variables.product.prodname_ghe_cloud %} allows you to manage multiple organizations. Your enterprise account must have a handle, like an organization or user account on {% data variables.product.prodname_dotcom %}.
-
-{% elsif ghes %}
-
-The enterprise account on {% data variables.location.product_location %} allows you to manage the organizations on your instance.
-
+> [!NOTE] Starting September 3, 2024, {% data variables.product.prodname_ghe_cloud %} customers who use a single organization will be automatically upgraded to an enterprise account at no additional cost. For details, see "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account#what-will-happen-after-i-upgrade-my-organization)."
{% endif %}
+
+
-Organizations are shared accounts where enterprise members can collaborate across many projects at once. Organization owners can manage access to the organization's data and projects with sophisticated security and administrative features. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
+An enterprise account enables centralized management for **multiple organizations**.
-{% ifversion ghec %}
-You can create new organizations that belong to your enterprise account. If your enterprise uses personal accounts on {% data variables.product.prodname_dotcom_the_website %}, enterprise owners can invite existing organizations to join your enterprise, or transfer organizations between enterprises. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise)."
-{% endif %}
+Administrators for the enterprise account can:
-Your enterprise account allows you to manage and enforce policies for all the organizations owned by the enterprise. {% data reusables.enterprise.about-policies %} For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)."
+* View and manage enterprise membership
+* Manage billing and usage
+* Configure security, such as single sign-on, IP allow lists, SSH certificate authorities, and two-factor authentication
+* Stream audit and Git events data
+* Use internal repositories
+* Access features like {% data variables.product.prodname_copilot_enterprise %} and {% data variables.product.prodname_advanced_security %}
+* Enforce policies. See "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)."
{% ifversion ghec %}
-{% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)."
-
-{% endif %}
-
-## About administration of your enterprise account
-
-{% ifversion ghes %}
-
-From your enterprise account on a {% data variables.product.prodname_ghe_server %} instance, administrators can view{% ifversion remove-enterprise-members %} and manage{% endif %} enterprise membership{% ifversion enterprise-owner-join-org %}, manage their own membership in organizations owned by the enterprise,{% endif %} and manage the following functionality for the instance.
-
-{% ifversion ghes %}
-* License usage{% endif %}
-* Security (SSH certificate authorities, two-factor authentication)
-* Enterprise policies for organizations owned by the enterprise account
-
-{% endif %}
-
-{% ifversion ghes %}
-{% note %}
-
-**Notes:**
-
-* Changing the enterprise display name in the settings for {% data variables.location.product_location %} will not change the enterprise name in {% data variables.location.product_location %} URL. The enterprise name in your instance's URL is generated based on the customer name in the {% data variables.product.prodname_ghe_server %} license file.
-* There is only one default enterprise account for {% data variables.product.prodname_ghe_server %}. You cannot create additional enterprise accounts.
-
-{% endnote %}
-
-### About administration of your enterprise account on {% data variables.product.prodname_ghe_cloud %}
-
-{% endif %}
-
-{% ifversion ghec or ghes %}When you try or purchase {% data variables.product.prodname_enterprise %}, you can{% ifversion ghes %} also{% endif %} create an enterprise account for {% data variables.product.prodname_ghe_cloud %} on {% data variables.product.prodname_dotcom_the_website %}. Administrators for the enterprise account on {% data variables.product.prodname_dotcom_the_website %} can view {% ifversion remove-enterprise-members %} and manage{% endif %} enterprise membership{% ifversion enterprise-owner-join-org %}, manage their own membership in organizations owned by the enterprise,{% endif %} and manage the following for the enterprise account{% ifversion ghes %} on {% data variables.product.prodname_dotcom_the_website %}{% endif %}.
-
-* Billing and usage (services on {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_GH_advanced_security %}, user licenses)
-* Security (single sign-on, IP allow lists, SSH certificate authorities, two-factor authentication)
-* Enterprise policies for organizations owned by the enterprise account
-
-If you use both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}, you can also manage the following for {% data variables.product.prodname_ghe_server %} from your enterprise account on {% data variables.product.prodname_dotcom_the_website %}.
-
-* Billing and usage for {% data variables.product.prodname_ghe_server %} instances
-* Requests and support bundle sharing with {% data variables.contact.enterprise_support %}
-
-You can also connect the enterprise account on {% data variables.location.product_location_enterprise %} to your enterprise account on {% data variables.product.prodname_dotcom_the_website %} to see license usage details for your {% data variables.product.prodname_enterprise %} subscription from {% data variables.product.prodname_dotcom_the_website %}. For more information, see {% ifversion ghec %}"[AUTOTITLE](/enterprise-server@latest/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)" in the {% data variables.product.prodname_ghe_server %} documentation.{% elsif ghes %}"[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."{% endif %}
-
-For more information about the differences between {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." {% data reusables.enterprise-accounts.to-upgrade-or-get-started %}
+{% data reusables.enterprise.create-an-enterprise-account %} See "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)."
{% endif %}
-## About billing for your enterprise account
+## What if I use multiple deployment options?
-The bill for your enterprise account includes the monthly cost for each member of your enterprise. The bill includes {% ifversion ghec %}any paid licenses in organizations outside of your enterprise account, subscriptions to apps in {% data variables.product.prodname_marketplace %}, {% endif %}{% ifversion ghec %}additional paid services for your enterprise{% ifversion ghec %} like data packs for {% data variables.large_files.product_name_long %},{% endif %} and{% endif %} usage for {% data variables.product.prodname_GH_advanced_security %}.
+If you use both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}, you'll have an enterprise account for each.
-{% ifversion ghec %}
-
-For more information about billing for your {% data variables.product.prodname_ghe_cloud %} subscription, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account)" and "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
-
-{% elsif ghes %}
+For the most part, you will manage each enterprise account separately. For example, you will configure the policies and settings for your {% data variables.product.prodname_ghe_server %} instance using the enterprise account on {% data variables.product.prodname_ghe_server %}.
-{% data reusables.enterprise-accounts.enterprise-accounts-billing %}
+However, you can also use the enterprise account on {% data variables.product.prodname_ghe_cloud %} to view all license usage across all deployments. This allows you to ensure people with accounts in both environments only consume one user license. See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
-For more information about billing for {% ifversion ghec %}{% data variables.product.prodname_ghe_cloud %}{% else %}{% data variables.product.product_name %}{% endif %}, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
-
-{% endif %}
+## What if I only use {% data variables.product.prodname_ghe_server %}?
-{% ifversion ghec or ghes %}
+Even if you **only** use {% data variables.product.prodname_ghe_server %}, we recommend creating an enterprise account on {% data variables.product.prodname_ghe_cloud %}. This will make it easier to contact {% data variables.contact.enterprise_support %} and share support bundles with them.
-{% ifversion ghec %}
-
-{% data variables.product.prodname_enterprise %} offers two deployment options. In addition to {% data variables.product.prodname_ghe_cloud %}, you can use {% data variables.product.prodname_ghe_server %} to host development work for your enterprise in your data center or supported cloud provider. {% endif %}Enterprise owners on {% data variables.product.prodname_dotcom_the_website %} can use an enterprise account to manage payment and licensing for {% data variables.product.prodname_ghe_server %} instances. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans#github-enterprise)" and "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise)."
-
-{% endif %}
+To create an additional enterprise account on {% data variables.product.prodname_ghe_cloud %}, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
## Further reading
-* "[AUTOTITLE](/graphql/guides/managing-enterprise-accounts)" in the GraphQL API documentation
+* "[AUTOTITLE](/graphql/guides/managing-enterprise-accounts)" in the GraphQL API documentation {% ifversion ghec %}
+* "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise)"{% endif %}
diff --git a/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md b/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md
index f2d3d3def65a..845b47422d03 100644
--- a/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md
+++ b/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md
@@ -15,6 +15,10 @@ redirect_from:
- /admin/overview/creating-an-enterprise-account
---
+
+{% data reusables.enterprise.single-organizations-enterprise-migration %}
+
+
## When should I create an enterprise account?
{% data variables.product.prodname_ghe_cloud %} allows you to create an enterprise account, which enables collaboration between **multiple organizations** and gives administrators a single point of visibility and management. See "[AUTOTITLE](/admin/managing-your-enterprise-account/about-enterprise-accounts)."
@@ -26,19 +30,27 @@ In most cases, you can create an enterprise account **yourself**.
You'll **need help** creating an enterprise account for:
-* {% data variables.product.prodname_emus %}
* {% data variables.product.prodname_ghe_server %}
* Invoicing
+* Managing {% data variables.product.prodname_copilot_for_business %} licenses without adopting {% data variables.product.prodname_enterprise %}
In these cases, contact {% data variables.contact.contact_enterprise_sales %}.
## What will happen after I upgrade my organization?
-* Your existing organization will automatically be owned by the enterprise account. To learn how the organization will change, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#about-addition-of-organizations-to-your-enterprise-account)."
-* The organization's billing details will become the billing details for the enterprise.
-* All of the organization's owners will become owners of the enterprise.
-* All of the organization's billing managers will become billing managers for the enterprise.
-* Going forward, {% data variables.product.company_short %} will bill the enterprise account for usage within **all** organizations owned by the enterprise.
+The following changes also apply to single organizations that are automatically upgraded to an enterprise account. For details, see the [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2024-06-19-upcoming-automatic-upgrade-to-the-enterprise-account-experience/).
+
+* **Ownership transfer**: Your organization will automatically be owned by the enterprise account. For details, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#about-addition-of-organizations-to-your-enterprise-account)."
+* **Ownership roles**: All organization owners will become enterprise owners.
+* **Billing details**: The organization’s billing details will now apply to the enterprise account.
+* **Billing managers**: All organization billing managers will become enterprise billing managers.
+* **Billing process**: {% data variables.product.company_short %} will bill the enterprise account for usage within **all** organizations owned by the enterprise.
+* **Enterprise account name**: During the upgrade, the new enterprise account name will match your organization name or be as close as possible if taken. You can rename it after the upgrade.
+* **SAML SSO:** Existing SAML SSO will stay at the organization level after being added to the new enterprise account. You can configure SSO at the enterprise level post-upgrade, which will override the organization level. Existing PATs and SAML-authorized tokens will remain unchanged.
+* **Policies**: The new enterprise account starts with no policies, so existing organization policies won't be overridden.
+* **Spending limits**: Existing organization spending limits transfer to the new enterprise account. Post-upgrade, billing is handled at the enterprise level. To adjust spending limits, under "Settings" in the enterprise account sidebar, select **Billing**.
+* **Coupons**: Existing coupons will carry over to the new enterprise account with no interruptions.
+* **Workflow permissions**: The new enterprise account will inherit your organization's workflow permissions. If the organization has a permissive setting ("Read and write"), the enterprise account will also default to permissive. Otherwise, it defaults to restrictive ("Read repository contents and packages"). For workflows with the id-token permission, the default changes to read-only due to a February 2023 update. Add an explicit permissions block in these workflows to grant the required permissions.
## Upgrading an organization to an enterprise account
diff --git a/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md b/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md
index b380eb04f625..0e3b513dfa39 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md
@@ -52,120 +52,122 @@ After you enable {% data variables.product.prodname_server_statistics %}, metric
The following aggregate metrics will be collected and transmitted on a daily basis and represent the total counts for the day.
-CSV column | Name | Description |
----------- | ---- | ----------- |
-A | `github_connect.features_enabled` | Array of {% data variables.product.prodname_github_connect %} features that are enabled for your instance (see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect#github-connect-features)" ) |
-B | `host_name` | The hostname for your instance |
-C | `dormant_users.dormancy_threshold` | The length of time a user must be inactive to be considered dormant |
-D | `dormant_users.total_dormant_users` | Number of dormant user accounts |
-E | `ghes_version` | The version of {% data variables.product.product_name %} that your instance is running |
-F | `server_id` | The UUID generated for your instance
-G | `collection_date` | The date the metrics were collected |
-H | `schema_version` | The version of the database schema used to store this data |
-I | `ghe_stats.comments.total_commit_comments` | Number of comments on commits |
-J | `ghe_stats.comments.total_gist_comments` | Number of comments on gists |
-K | `ghe_stats.comments.total_issue_comments` | Number of comments on issues |
-L | `ghe_stats.comments.total_pull_request_comments` | Number of comments on pull requests |
-M | `ghe_stats.gists.total_gists` | Number of gists (both secret and public) |
-N | `ghe_stats.gists.private_gists` | Number of secret gists |
-O | `ghe_stats.gists.public_gists` | Number of public gists |
-P | `ghe_stats.hooks.total_hooks` | Number of pre-receive hooks (both active and inactive) |
-Q | `ghe_stats.hooks.active_hooks` | Number of active pre-receive hooks |
-R | `ghe_stats.hooks.inactive_hooks` | Number of inactive pre-receive hooks |
-S | `ghe_stats.issues.total_issues` | Number of issues (both open and closed) |
-T | `ghe_stats.issues.open_issues` | Number of open issues |
-U | `ghe_stats.issues.closed_issues` | Number of closed issues |
-V | `ghe_stats.milestones.total_milestones` | Number of milestones (both open and closed) |
-W | `ghe_stats.milestones.open_milestones` | Number of open milestones |
-X | `ghe_stats.milestones.closed_milestones` | Number of closed milestones |
-Y | `ghe_stats.orgs.total_orgs` | Number of organizations (both enabled and disabled) |
-Z | `ghe_stats.orgs.disabled_orgs` | Number of disabled organizations |
-AA | `ghe_stats.orgs.total_teams` | Number of teams |
-AB | `ghe_stats.orgs.total_team_members` | Number of team members |
-AC | `ghe_stats.pages.total_pages` | Number of {% data variables.product.prodname_pages %} sites |
-AD | `ghe_stats.pulls.total_pulls` | Number of pull requests |
-AE | `ghe_stats.pulls.merged_pulls` | Number of merged pull requests |
-AF | `ghe_stats.pulls.mergeable_pulls` | Number of pull requests that are currently mergeable |
-AG | `ghe_stats.pulls.unmergeable_pulls` | Number of pull requests that are currently unmergeable |
-AH | `ghe_stats.repos.total_repos` | Number of repositories (both upstream repositories and forks) |
-AI | `ghe_stats.repos.root_repos` | Number of upstream repositories |
-AJ | `ghe_stats.repos.fork_repos` | Number of forks |
-AK | `ghe_stats.repos.org_repos` | Number of repositories owned by organizations |
-AL | `ghe_stats.repos.total_pushes` | Number of pushes to repositories |
-AM | `ghe_stats.repos.total_wikis` | Number of wikis |
-AN | `ghe_stats.users.total_users` | Number of user accounts |
-AO | `ghe_stats.users.admin_users` | Number of user accounts that are site administrators |
-AP | `ghe_stats.users.suspended_users` | Number of user accounts that are suspended |{% ifversion actions-server-statistics %}
-AQ | `actions_stats.number_of_repos_using_actions` | Number of repositories using {% data variables.product.prodname_actions %}
-AR | `actions_stats.percentage_of_repos_using_actions` | Percentage of repositories using {% data variables.product.prodname_actions %}
-AS | `packages_stats.registry_enabled` | Whether {% data variables.product.prodname_registry %} with repository-scoped packages is enabled for {% data variables.location.product_location %}
-AT | `packages_stats.registry_v2_enabled` | Whether {% data variables.product.prodname_registry %} with granular permissions is enabled for {% data variables.location.product_location %}
-AU | `packages_stats.ecosystems.docker.registry_enabled` | Whether Docker is enabled for {% data variables.product.prodname_registry %}
-AV | `packages_stats.ecosystems.docker.published_packages_count` | Number of published Docker images (private, public, and internal)
-AW | `packages_stats.ecosystems.docker.private_packages_count`| Number of private Docker images
-AX | `packages_stats.ecosystems.docker.public_packages_count` | Number of public Docker images
-AY | `packages_stats.ecosystems.docker.internal_packages_count` | Number of internal Docker images
-AZ | `packages_stats.ecosystems.docker.user_packages_count` | Number of Docker images owned by users
-BA | `packages_stats.ecosystems.docker.organization_packages_count` | Number of Docker images owned by organizations
-BB | `packages_stats.ecosystems.docker.daily_download_count` | Number of downloads of Docker images
-BC | `packages_stats.ecosystems.docker.daily_update_count` | Number of Docker images updated
-BD | `packages_stats.ecosystems.docker.daily_delete_count` | Number of Docker images deleted
-BE | `packages_stats.ecosystems.docker.daily_create_count` | Number of Docker images created
-BF | `packages_stats.ecosystems.maven.registry_enabled` | Whether Maven is enabled for {% data variables.product.prodname_registry %}
-BG | `packages_stats.ecosystems.maven.published_packages_count` | Number of published Maven packages (private, public, and internal)
-BH | `packages_stats.ecosystems.maven.private_packages_count` | Number of private Maven packages
-BI | `packages_stats.ecosystems.maven.public_packages_count` | Number of public Maven packages
-BJ | `packages_stats.ecosystems.maven.internal_packages_count` | Number of internal Maven packages
-BK | `packages_stats.ecosystems.maven.user_packages_count` | Number of Maven packages owned by user accounts
-BL | `packages_stats.ecosystems.maven.organization_packages_count` | Number of Maven packages owned by organizations
-BM | `packages_stats.ecosystems.maven.daily_download_count` | Number of downloads of Maven packages
-BN | `packages_stats.ecosystems.maven.daily_update_count` | Number of Maven packages updated
-BO | `packages_stats.ecosystems.maven.daily_delete_count` | Number of Maven packages deleted
-BP | `packages_stats.ecosystems.maven.daily_create_count` | Number of Maven packages created
-BQ | `packages_stats.ecosystems.npm.registry_enabled` | Whether npm is enabled for {% data variables.product.prodname_registry %}
-BR | `packages_stats.ecosystems.npm.published_packages_count` | Number of published npm packages (private, public, and internal)
-BS | `packages_stats.ecosystems.npm.private_packages_count` | Number of private npm packages
-BT | `packages_stats.ecosystems.npm.public_packages_count` | Number of public npm packages
-BU | `packages_stats.ecosystems.npm.internal_packages_count` | Number of internal npm packages
-BV | `packages_stats.ecosystems.npm.user_packages_count` | Number of npm packages owned by user accounts
-BW | `packages_stats.ecosystems.npm.organization_packages_count` | Number of npm packages owned by organizations
-BX | `packages_stats.ecosystems.npm.daily_download_count` | Number of downloads of npm packages
-BY | `packages_stats.ecosystems.npm.daily_update_count` | Number of npm packages updated
-BZ | `packages_stats.ecosystems.npm.daily_delete_count` | Number of npm packages deleted
-CA | `packages_stats.ecosystems.npm.daily_create_count` | Number of npm packages created
-CB | `packages_stats.ecosystems.nuget.registry_enabled` | Whether NuGet is enabled for {% data variables.product.prodname_registry %}
-CC | `packages_stats.ecosystems.nuget.published_packages_count` | Number of published NuGet packages (private, public, and internal)
-CD | `packages_stats.ecosystems.nuget.private_packages_count` | Number of private NuGet packages
-CE | `packages_stats.ecosystems.nuget.public_packages_count` | Number of public NuGet packages
-CF | `packages_stats.ecosystems.nuget.internal_packages_count` | Number of internal NuGet packages
-CG | `packages_stats.ecosystems.nuget.user_packages_count` | Number of NuGet packages owned by user accounts
-CH | `packages_stats.ecosystems.nuget.organization_packages_count` | Number of NuGet packages owned by organizations
-CI | `packages_stats.ecosystems.nuget.daily_download_count` | Number of downloads of Nuget packages
-CJ | `packages_stats.ecosystems.nuget.daily_update_count` | Number of NuGet packages updated
-CK | `packages_stats.ecosystems.nuget.daily_delete_count` | Number of NuGet packages deleted
-CL | `packages_stats.ecosystems.nuget.daily_create_count` | Number of NuGet packages created
-CM | `packages_stats.ecosystems.ruby_gems.registry_enabled` | Whether Rubygems is enabled for {% data variables.product.prodname_registry %}
-CN | `packages_stats.ecosystems.ruby_gems.published_packages_count` | Number of published Rubygems packages (private, public, and internal)
-CO | `packages_stats.ecosystems.ruby_gems.private_packages_count` | Number of private Rubygems packages
-CP | `packages_stats.ecosystems.ruby_gems.public_packages_count` | Number of public Rubygems packages
-CQ | `packages_stats.ecosystems.ruby_gems.internal_packages_count` | Number of internal Rubygems packages
-CR | `packages_stats.ecosystems.ruby_gems.user_packages_count` | Number of Rubygems packages owned by user accounts
-CS | `packages_stats.ecosystems.ruby_gems.organization_packages_count` | Number of Rubygems packages owned by organizations
-CT | `packages_stats.ecosystems.ruby_gems.daily_download_count` | Number of downloads of Rubygems packages
-CU | `packages_stats.ecosystems.ruby_gems.daily_update_count` | Number of Rubygems packages updated
-CV | `packages_stats.ecosystems.ruby_gems.daily_delete_count` | Number of Rubygems packages deleted
-CW | `packages_stats.ecosystems.ruby_gems.daily_create_count` | Number of Rubygems packages created
-CX | `packages_stats.ecosystems.containers.registry_enabled` | Whether {% data variables.product.prodname_container_registry %} is enabled for {% data variables.product.prodname_registry %}
-CY | `packages_stats.ecosystems.containers.published_packages_count` | Number of published container images (private, public, and internal)
-CZ | `packages_stats.ecosystems.containers.private_packages_count` | Number of private container images
-DA | `packages_stats.ecosystems.containers.public_packages_count` | Number of public container images
-DB | `packages_stats.ecosystems.containers.internal_packages_count` | Number of internal container images
-DC | `packages_stats.ecosystems.containers.user_packages_count` | Number of container images owned by user accounts
-DD | `packages_stats.ecosystems.containers.organization_packages_count` | Number of container images owned by organizations
-DE |`packages_stats.ecosystems.containers.daily_download_count` | Number of downloads of container images
-DF |`packages_stats.ecosystems.containers.daily_update_count` | Number of container images updated
-DG |`packages_stats.ecosystems.containers.daily_delete_count` | Number of container images deleted
-DH | `packages_stats.ecosystems.containers.daily_create_count` | Number of container images created | {% endif %}
+| CSV column | Name | Description |
+| ---------- | ---- | ----------- |
+| A | `github_connect.features_enabled` | Array of {% data variables.product.prodname_github_connect %} features that are enabled for your instance (see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect#github-connect-features)" ) |
+| B | `host_name` | The hostname for your instance |
+| C | `dormant_users.dormancy_threshold` | The length of time a user must be inactive to be considered dormant |
+| D | `dormant_users.total_dormant_users` | Number of dormant user accounts |
+| E | `ghes_version` | The version of {% data variables.product.product_name %} that your instance is running |
+| F | `server_id` | The UUID generated for your instance
+| G | `collection_date` | The date the metrics were collected |
+| H | `schema_version` | The version of the database schema used to store this data |
+| I | `ghe_stats.comments.total_commit_comments` | Number of comments on commits |
+| J | `ghe_stats.comments.total_gist_comments` | Number of comments on gists |
+| K | `ghe_stats.comments.total_issue_comments` | Number of comments on issues |
+| L | `ghe_stats.comments.total_pull_request_comments` | Number of comments on pull requests |
+| M | `ghe_stats.gists.total_gists` | Number of gists (both secret and public) |
+| N | `ghe_stats.gists.private_gists` | Number of secret gists |
+| O | `ghe_stats.gists.public_gists` | Number of public gists |
+| P | `ghe_stats.hooks.total_hooks` | Number of pre-receive hooks (both active and inactive) |
+| Q | `ghe_stats.hooks.active_hooks` | Number of active pre-receive hooks |
+| R | `ghe_stats.hooks.inactive_hooks` | Number of inactive pre-receive hooks |
+| S | `ghe_stats.issues.total_issues` | Number of issues (both open and closed) |
+| T | `ghe_stats.issues.open_issues` | Number of open issues |
+| U | `ghe_stats.issues.closed_issues` | Number of closed issues |
+| V | `ghe_stats.milestones.total_milestones` | Number of milestones (both open and closed) |
+| W | `ghe_stats.milestones.open_milestones` | Number of open milestones |
+| X | `ghe_stats.milestones.closed_milestones` | Number of closed milestones |
+| Y | `ghe_stats.orgs.total_orgs` | Number of organizations (both enabled and disabled) |
+| Z | `ghe_stats.orgs.disabled_orgs` | Number of disabled organizations |
+| AA | `ghe_stats.orgs.total_teams` | Number of teams |
+| AB | `ghe_stats.orgs.total_team_members` | Number of team members |
+| AC | `ghe_stats.pages.total_pages` | Number of {% data variables.product.prodname_pages %} sites |
+| AD | `ghe_stats.pulls.total_pulls` | Number of pull requests |
+| AE | `ghe_stats.pulls.merged_pulls` | Number of merged pull requests |
+| AF | `ghe_stats.pulls.mergeable_pulls` | Number of pull requests that are currently mergeable |
+| AG | `ghe_stats.pulls.unmergeable_pulls` | Number of pull requests that are currently unmergeable |
+| AH | `ghe_stats.repos.total_repos` | Number of repositories (both upstream repositories and forks) |
+| AI | `ghe_stats.repos.root_repos` | Number of upstream repositories |
+| AJ | `ghe_stats.repos.fork_repos` | Number of forks |
+| AK | `ghe_stats.repos.org_repos` | Number of repositories owned by organizations |
+| AL | `ghe_stats.repos.total_pushes` | Number of pushes to repositories |
+| AM | `ghe_stats.repos.total_wikis` | Number of wikis |
+| AN | `ghe_stats.users.total_users` | Number of user accounts |
+| AO | `ghe_stats.users.admin_users` | Number of user accounts that are site administrators |
+| AP | `ghe_stats.users.suspended_users` | Number of user accounts that are suspended |
+| {% ifversion actions-server-statistics %} |
+| AQ | `actions_stats.number_of_repos_using_actions` | Number of repositories using {% data variables.product.prodname_actions %} |
+| AR | `actions_stats.percentage_of_repos_using_actions` | Percentage of repositories using {% data variables.product.prodname_actions %} |
+| AS | `packages_stats.registry_enabled` | Whether {% data variables.product.prodname_registry %} with repository-scoped packages is enabled for {% data variables.location.product_location %} |
+| AT | `packages_stats.registry_v2_enabled` | Whether {% data variables.product.prodname_registry %} with granular permissions is enabled for {% data variables.location.product_location %} |
+| AU | `packages_stats.ecosystems.docker.registry_enabled` | Whether Docker is enabled for {% data variables.product.prodname_registry %} |
+| AV | `packages_stats.ecosystems.docker.published_packages_count` | Number of published Docker images (private, public, and internal) |
+| AW | `packages_stats.ecosystems.docker.private_packages_count`| Number of private Docker images |
+| AX | `packages_stats.ecosystems.docker.public_packages_count` | Number of public Docker images |
+| AY | `packages_stats.ecosystems.docker.internal_packages_count` | Number of internal Docker images |
+| AZ | `packages_stats.ecosystems.docker.user_packages_count` | Number of Docker images owned by users |
+| BA | `packages_stats.ecosystems.docker.organization_packages_count` | Number of Docker images owned by organizations |
+| BB | `packages_stats.ecosystems.docker.daily_download_count` | Number of downloads of Docker images |
+| BC | `packages_stats.ecosystems.docker.daily_update_count` | Number of Docker images updated |
+| BD | `packages_stats.ecosystems.docker.daily_delete_count` | Number of Docker images deleted |
+| BE | `packages_stats.ecosystems.docker.daily_create_count` | Number of Docker images created |
+| BF | `packages_stats.ecosystems.maven.registry_enabled` | Whether Maven is enabled for {% data variables.product.prodname_registry %} |
+| BG | `packages_stats.ecosystems.maven.published_packages_count` | Number of published Maven packages (private, public, and internal) |
+| BH | `packages_stats.ecosystems.maven.private_packages_count` | Number of private Maven packages |
+| BI | `packages_stats.ecosystems.maven.public_packages_count` | Number of public Maven packages |
+| BJ | `packages_stats.ecosystems.maven.internal_packages_count` | Number of internal Maven packages |
+| BK | `packages_stats.ecosystems.maven.user_packages_count` | Number of Maven packages owned by user accounts |
+| BL | `packages_stats.ecosystems.maven.organization_packages_count` | Number of Maven packages owned by organizations |
+| BM | `packages_stats.ecosystems.maven.daily_download_count` | Number of downloads of Maven packages |
+| BN | `packages_stats.ecosystems.maven.daily_update_count` | Number of Maven packages updated |
+| BO | `packages_stats.ecosystems.maven.daily_delete_count` | Number of Maven packages deleted |
+| BP | `packages_stats.ecosystems.maven.daily_create_count` | Number of Maven packages created |
+| BQ | `packages_stats.ecosystems.npm.registry_enabled` | Whether npm is enabled for {% data variables.product.prodname_registry %} |
+| BR | `packages_stats.ecosystems.npm.published_packages_count` | Number of published npm packages (private, public, and internal) |
+| BS | `packages_stats.ecosystems.npm.private_packages_count` | Number of private npm packages |
+| BT | `packages_stats.ecosystems.npm.public_packages_count` | Number of public npm packages |
+| BU | `packages_stats.ecosystems.npm.internal_packages_count` | Number of internal npm packages |
+| BV | `packages_stats.ecosystems.npm.user_packages_count` | Number of npm packages owned by user accounts |
+| BW | `packages_stats.ecosystems.npm.organization_packages_count` | Number of npm packages owned by organizations |
+| BX | `packages_stats.ecosystems.npm.daily_download_count` | Number of downloads of npm packages |
+| BY | `packages_stats.ecosystems.npm.daily_update_count` | Number of npm packages updated |
+| BZ | `packages_stats.ecosystems.npm.daily_delete_count` | Number of npm packages deleted |
+| CA | `packages_stats.ecosystems.npm.daily_create_count` | Number of npm packages created |
+| CB | `packages_stats.ecosystems.nuget.registry_enabled` | Whether NuGet is enabled for {% data variables.product.prodname_registry %} |
+| CC | `packages_stats.ecosystems.nuget.published_packages_count` | Number of published NuGet packages (private, public, and internal) |
+| CD | `packages_stats.ecosystems.nuget.private_packages_count` | Number of private NuGet packages |
+| CE | `packages_stats.ecosystems.nuget.public_packages_count` | Number of public NuGet packages |
+| CF | `packages_stats.ecosystems.nuget.internal_packages_count` | Number of internal NuGet packages |
+| CG | `packages_stats.ecosystems.nuget.user_packages_count` | Number of NuGet packages owned by user accounts |
+| CH | `packages_stats.ecosystems.nuget.organization_packages_count` | Number of NuGet packages owned by organizations |
+| CI | `packages_stats.ecosystems.nuget.daily_download_count` | Number of downloads of Nuget packages |
+| CJ | `packages_stats.ecosystems.nuget.daily_update_count` | Number of NuGet packages updated |
+| CK | `packages_stats.ecosystems.nuget.daily_delete_count` | Number of NuGet packages deleted |
+| CL | `packages_stats.ecosystems.nuget.daily_create_count` | Number of NuGet packages created |
+| CM | `packages_stats.ecosystems.ruby_gems.registry_enabled` | Whether Rubygems is enabled for {% data variables.product.prodname_registry %} |
+| CN | `packages_stats.ecosystems.ruby_gems.published_packages_count` | Number of published Rubygems packages (private, public, and internal) |
+| CO | `packages_stats.ecosystems.ruby_gems.private_packages_count` | Number of private Rubygems packages |
+| CP | `packages_stats.ecosystems.ruby_gems.public_packages_count` | Number of public Rubygems packages |
+| CQ | `packages_stats.ecosystems.ruby_gems.internal_packages_count` | Number of internal Rubygems packages |
+| CR | `packages_stats.ecosystems.ruby_gems.user_packages_count` | Number of Rubygems packages owned by user accounts |
+| CS | `packages_stats.ecosystems.ruby_gems.organization_packages_count` | Number of Rubygems packages owned by organizations |
+| CT | `packages_stats.ecosystems.ruby_gems.daily_download_count` | Number of downloads of Rubygems packages |
+| CU | `packages_stats.ecosystems.ruby_gems.daily_update_count` | Number of Rubygems packages updated |
+| CV | `packages_stats.ecosystems.ruby_gems.daily_delete_count` | Number of Rubygems packages deleted |
+| CW | `packages_stats.ecosystems.ruby_gems.daily_create_count` | Number of Rubygems packages created |
+| CX | `packages_stats.ecosystems.containers.registry_enabled` | Whether {% data variables.product.prodname_container_registry %} is enabled for {% data variables.product.prodname_registry %} |
+| CY | `packages_stats.ecosystems.containers.published_packages_count` | Number of published container images (private, public, and internal) |
+| CZ | `packages_stats.ecosystems.containers.private_packages_count` | Number of private container images |
+| DA | `packages_stats.ecosystems.containers.public_packages_count` | Number of public container images |
+| DB | `packages_stats.ecosystems.containers.internal_packages_count` | Number of internal container images |
+| DC | `packages_stats.ecosystems.containers.user_packages_count` | Number of container images owned by user accounts |
+| DD | `packages_stats.ecosystems.containers.organization_packages_count` | Number of container images owned by organizations |
+| DE |`packages_stats.ecosystems.containers.daily_download_count` | Number of downloads of container images |
+| DF |`packages_stats.ecosystems.containers.daily_update_count` | Number of container images updated |
+| DG |`packages_stats.ecosystems.containers.daily_delete_count` | Number of container images deleted |
+| DH | `packages_stats.ecosystems.containers.daily_create_count` | Number of container images created |
+| {% endif %} |
## {% data variables.product.prodname_server_statistics %} data examples
diff --git a/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics.md b/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics.md
index 0a7f6a59c695..0dc7056a5b13 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics.md
@@ -24,7 +24,7 @@ To learn more about {% data variables.product.prodname_github_connect %}, see "[
{% data reusables.enterprise-accounts.access-enterprise %}
-1. In the enterprise account sidebar, click **GitHub Connect**.
+1. On the left side of the page, in the enterprise account sidebar, click **GitHub Connect**.
{% data reusables.server-statistics.csv-download %}
diff --git a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/activity-dashboard.md b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/activity-dashboard.md
index 3790808301bf..f2d945cb1d50 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/activity-dashboard.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/activity-dashboard.md
@@ -13,7 +13,9 @@ versions:
topics:
- Enterprise
---
+
The Activity dashboard provides weekly, monthly, and yearly graphs of the number of:
+
* New pull requests
* Merged pull requests
* New issues
@@ -26,6 +28,16 @@ The Activity dashboard provides weekly, monthly, and yearly graphs of the number
## Accessing the Activity dashboard
+{% ifversion global-nav-update %}
+1. In the top-left corner of any page, select {% octicon "three-bars" aria-label="Open global navigation menu" %}, then click {% octicon "telescope" aria-hidden="true" %} **Explore**.
+
+ 
+{% else %}
1. At the top of any page, click **Explore**.
-
+
+ 
+{% endif %}
1. In the upper-right corner of the page, click {% octicon "pulse" aria-hidden="true" %} **Activity**.
+1. To view activity over different periods, click **This week**, **This month**, or **This year**.
+
+ 
diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise.md
index 5e1e2583d05b..4f74b7337c88 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise.md
@@ -2,7 +2,7 @@
title: Exporting audit log activity for your enterprise
intro: You can export audit and Git events data to a file for offline analysis.
shortTitle: Export audit logs
-permissions: Enterprise owners can export the audit log.
+permissions: Enterprise owners
versions:
ghec: '*'
type: tutorial
@@ -11,9 +11,10 @@ topics:
- Enterprise
- Logging
---
+
## About exports of audit log and Git events data
-You can export the audit log by downloading a JSON or CSV file from your enterprise on {% data variables.product.product_name %}. When you export audit log events, you can query by one or more of these supported qualifiers to filter for specific log events to export. For more information about search qualifiers, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise#search-based-on-the-action-performed)."
+You can export the audit log by downloading a JSON or CSV file from your enterprise on {% data variables.product.product_name %}. When you export audit log events, you can query by one or more of these supported qualifiers to filter for specific log events to export. See "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise#search-based-on-the-action-performed)."
The audit log lists events triggered by activities that affect your enterprise within the last 180 days. {% data reusables.audit_log.git-events-retention-period %}
@@ -35,14 +36,14 @@ As an alternative to exporting log events, you can use the API to retrieve audit
## Exporting Git events data
-You can also export Git events data by date range.
+You can also export Git events data by date range. The data is exported as a compressed, newline-delimited JSON file.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.audit-log-tab %}
1. Select the {% octicon "download" aria-hidden="true" %} **Export Git Events** dropdown menu and choose a date range to export log events for.
1. Click {% octicon "file-zip" aria-hidden="true" %} **Download Results**.
-1. The data is exported as a compressed JSON file. To extract the JSON data, uncompress the file using an archive utility client or command. For example:
+1. To extract the JSON data, uncompress the file using an archive utility client or command. For example:
```shell
gunzip export-avocado-corp-1642896556.json.gz
diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md
index 8514d0f950a1..81f1b9075991 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md
@@ -39,63 +39,80 @@ You cannot search for entries using text. You can, however, construct search que
## Search query filters
-Filter| Description
---------------:| -----------
-`Yesterday's activity` | All actions created in the past day.
-`Enterprise account management` | All actions in the `business` category.
-`Organization membership` | All actions for when a new user was invited to join an organization.
-`Team management` | All actions related to team management. - When a user account or repository was added or removed from a team - When a team maintainer was promoted or demoted - When a team was deleted
-`Repository management` | All actions for repository management. - When a repository was created or deleted - When the repository visibility was changed - When a team was added or removed from a repository{% ifversion ghec %}
-`Billing updates` | All actions concerning how your enterprise pays for {% data variables.product.prodname_dotcom %} and for when your billing email address was changed.{% endif %}
-`Hook activity` | All actions for webhooks and pre-receive hooks.
-`Security management` | All actions concerning SSH keys, deploy keys, security keys, 2FA, and SAML single sign-on credential authorization, and vulnerability alerts for repositories.
+| Filter | Description |
+| ------:| ----------- |
+| `Yesterday's activity` | All actions created in the past day. |
+| `Enterprise account management` | All actions in the `business` category. |
+| `Organization membership` | All actions for when a new user was invited to join an organization. |
+| `Team management` | All actions related to team management. - When a user account or repository was added or removed from a team - When a team maintainer was promoted or demoted - When a team was deleted |
+| `Repository management` | All actions for repository management. - When a repository was created or deleted - When the repository visibility was changed - When a team was added or removed from a repository |
+| {% ifversion ghec %} |
+| `Billing updates` | All actions concerning how your enterprise pays for {% data variables.product.prodname_dotcom %} and for when your billing email address was changed. |
+| {% endif %} |
+| `Hook activity` | All actions for webhooks and pre-receive hooks. |
+| `Security management` | All actions concerning SSH keys, deploy keys, security keys, 2FA, and SAML single sign-on credential authorization, and vulnerability alerts for repositories. |
## Search query syntax
-You can compose a search query from one or more `key:value` pairs, separated by AND/OR logical operators. For example, to see all actions that have affected the repository `octocat/Spoon-Knife` since the beginning of 2017:
+You can compose a search query from one or more `key:value` pairs. For example, to see all actions that have affected the repository `octocat/Spoon-Knife` since the beginning of 2017:
-`repo:"octocat/Spoon-Knife" AND created:>=2017-01-01`
+`repo:"octocat/Spoon-Knife" created:>=2017-01-01`
The `key:value` pairs that can be used in a search query are:
-Key | Value
--------------- | --------------------------------------------------------
-`action` | Name of the audited action.
-`actor` | Name of the user account that initiated the action.
-{%- ifversion ghes %}
-`actor_id` | ID of the user account that initiated the action.{% endif %}
-{%- ifversion ghes %}
-`actor_ip` | IP address from which the action was initiated.{% endif %}
-{%- ifversion ghes %}
-`business` | Name of the enterprise affected by the action (if applicable).{% endif %}
-{%- ifversion ghes %}
-`business_id` | ID of the enterprise affected by the action (if applicable).{% endif %}
-{%- ifversion token-audit-log %}
-`created` | Time at which the action occurred.{% ifversion ghes %} If querying the audit log from the site admin dashboard, use `created_at` instead.{% endif %}
-`country` | Name of the country where the actor was when performing the action.
-`country_code` | Two-letter short code of the country where the actor was when performing the action.
-{%- ifversion ghes %}
-`from` | View from which the action was initiated.{% endif %}
-`hashed_token` | The token used to authenticate for the action (if applicable, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)"). {% endif %}
-`ip` | IP address of the actor.
-{%- ifversion ghes %}
-`note` | Miscellaneous event-specific information (in either plain text or JSON format).{% endif %}
-{%- ifversion ghes %}
-`oauth_app_id` | ID of the {% data variables.product.prodname_oauth_app %} associated with the action.{% endif %}
-`operation` | Operation type that corresponds with the action. Operation types are `create`, `access`, `modify`, `remove`, `authentication`, `transfer`, and `restore`.
-{%- ifversion ghes %}
-`org` | Name of the organization affected by the action (if applicable).{% endif %}
-{%- ifversion ghes %}
-`org_id` | ID of the organization affected by the action (if applicable).{% endif %}
-{%- ifversion ghes %}
-`repo_id` | ID of the repository affected by the action (if applicable).{% endif %}
-{%- ifversion ghes %}
-`repository` | Name with owner of the repository where the action occurred (such as `"octocat/octo-repo"`).{% endif %}
-{%- ifversion ghec %}
-`repository` | Name with owner of the repository where the action occurred (such as `octocat/octo-repo`).{% endif %}
-{%- ifversion ghes %}
-`user_id` | ID of the user affected by the action.{% endif %}
-`user` | Name of the user affected by the action.
+| Key | Value |
+| ------------ | ----- |
+| `action` | Name of the audited action. |
+| `actor` | Name of the user account that initiated the action. |
+| {% ifversion ghes %} |
+| `actor_id` | ID of the user account that initiated the action.
+| {% endif %} |
+| {% ifversion ghes %} |
+| `actor_ip` | IP address from which the action was initiated. |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `business` | Name of the enterprise affected by the action (if applicable). |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `business_id` | ID of the enterprise affected by the action (if applicable). |
+| {% endif %} |
+| {% ifversion token-audit-log %} |
+| `created` | Time at which the action occurred.{% ifversion ghes %} If querying the audit log from the site admin dashboard, use `created_at` instead. |
+| {% endif %} |
+| `country` | Name of the country where the actor was when performing the action. |
+| `country_code` | Two-letter short code of the country where the actor was when performing the action. |
+| {% ifversion ghes %} |
+| `from` | View from which the action was initiated. |
+| {% endif %} |
+| `hashed_token` | The token used to authenticate for the action (if applicable, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)"). |
+| {% endif %} |
+| `ip` | IP address of the actor. |
+| {% ifversion ghes %} |
+| `note` | Miscellaneous event-specific information (in either plain text or JSON format). |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `oauth_app_id` | ID of the {% data variables.product.prodname_oauth_app %} associated with the action. |
+| {% endif %} |
+| `operation` | Operation type that corresponds with the action. Operation types are `create`, `access`, `modify`, `remove`, `authentication`, `transfer`, and `restore`. |
+| {% ifversion ghes %} |
+| `org` | Name of the organization affected by the action (if applicable). |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `org_id` | ID of the organization affected by the action (if applicable). |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `repo_id` | ID of the repository affected by the action (if applicable). |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `repository` | Name with owner of the repository where the action occurred (such as `"octocat/octo-repo"`). |
+| {% endif %} |
+| {% ifversion ghec %} |
+| `repository` | Name with owner of the repository where the action occurred (such as `octocat/octo-repo`). |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `user_id` | ID of the user affected by the action. |
+| {% endif %} |
+| `user` | Name of the user affected by the action. |
To see actions grouped by category, you can also use the action qualifier as a `key:value` pair. For more information, see "[Search based on the action performed](#search-based-on-the-action-performed)."
diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md
index 59a6471fc618..6a3d9ab2c3ad 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md
@@ -1,6 +1,6 @@
---
title: Streaming the audit log for your enterprise
-intro: 'You can stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system.'
+intro: 'Learn how to stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system.'
versions:
feature: audit-log-streaming
ghec: '*'
@@ -14,37 +14,31 @@ shortTitle: Stream audit logs
redirect_from:
- /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/streaming-the-audit-logs-for-organizations-in-your-enterprise-account
- /admin/user-management/managing-organizations-in-your-enterprise/streaming-the-audit-logs-for-organizations-in-your-enterprise-account
-permissions: Enterprise owners can configure audit log streaming.
+permissions: Enterprise owners
---
-{% note %}
-
-**Note:** {% ifversion ghes %}{% data reusables.webhooks.webhooks-as-audit-log-alternative %}{% else %}{% data reusables.webhooks.webhooks-as-audit-log-alternative %}{% endif %}
-
-{% endnote %}
+>[!NOTE] {% ifversion ghes %}{% data reusables.webhooks.webhooks-as-audit-log-alternative %}{% else %}{% data reusables.webhooks.webhooks-as-audit-log-alternative %}{% endif %}
## About audit log streaming
-To help protect your intellectual property and maintain compliance for your company, you can use streaming to keep copies of your audit log data. The audit log details events such as changes to settings and access, user membership, app permissions, and more. If you stream audit log data, you can take advantage of the following benefits.
+You can help protect intellectual property and maintain compliance for your company by using streaming to keep copies of your audit log data. The audit log details events such as changes to settings and access, user membership, app permissions, and more. See "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)", "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)", and "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)."
-* **Data exploration**. You can examine streamed events using your preferred tool for querying large quantities of data. The stream contains both audit events and Git events across the entire enterprise account.{% ifversion pause-audit-log-stream %}
-* **Data continuity**. When you pause a stream, it retains a buffer for seven days, so there is no data loss for the first week. If the stream remains paused for more than seven days, it will resume from a point one week prior to the current time. If paused for three weeks or more, the stream won't retain any data and will start anew from the current timestamp.{% endif %}
-* **Data retention**. You can keep your exported audit logs and Git events data as long as you need to.
+Streaming audit log data has these benefits:
-Enterprise owners can set up{% ifversion pause-audit-log-stream %}, pause,{% endif %} or delete a stream at any time. The stream exports audit and Git events data for all of the organizations in your enterprise, for activity from the time the stream is enabled onwards.
+* **Data exploration**. Examine streamed events using your preferred tool for querying large quantities of data. The stream contains both audit events and Git events across the entire enterprise account.{% ifversion pause-audit-log-stream %}
+* **Data continuity**. If you pause a stream, it retains a buffer for seven days, so there is no data loss for the first week. If the stream remains paused for more than seven days, it will resume from a point one week prior to the current time. If paused for three weeks or more, the stream won't retain any data and will start anew from the current timestamp.{% endif %}
+* **Data retention**. Keep your exported audit logs and Git events data as long as you need to.
-All streamed audit logs are sent as compressed JSON files. The filename format is in`YYYY/MM/HH/MM/.json.gz`.
+You can set up{% ifversion pause-audit-log-stream %}, pause,{% endif %} or delete a stream at any time. The stream exports audit and Git events data for all of the organizations in your enterprise, for activity from the time the stream is enabled onwards.
-{% note %}
-
-**Note**: {% data variables.product.prodname_dotcom %} uses an at-least-once delivery method. Due to certain network or system issues, some events may be duplicated.
+All streamed audit logs are sent as compressed JSON files. The filename format is in`YYYY/MM/HH/MM/.json.gz`.
-{% endnote %}
+>[!NOTE] {% data variables.product.prodname_dotcom %} uses an at-least-once delivery method. Due to certain network or system issues, some events may be duplicated.
{% ifversion ghes %}
-Enabling audit log streaming can cause a minor impact on the performance of {% data variables.location.product_location %}. For more information about increasing resources to mitigate this performance impact, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources)."
+Enabling audit log streaming can cause a minor impact on the performance of {% data variables.location.product_location %}. To learn about increasing resources to mitigate this performance impact, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources)."
{% endif %}
@@ -54,21 +48,13 @@ Enabling audit log streaming can cause a minor impact on the performance of {% d
Every 24 hours, a health check runs for each stream. If a stream is set up incorrectly, an email will be sent to the enterprise owners. To avoid audit log events being dropped from the stream, a misconfigured stream must be fixed within six days.
-To fix your streaming configuration, follow the steps outlined in "[Setting up audit log streaming](#setting-up-audit-log-streaming)."
+To fix your streaming configuration, follow the steps in "[Setting up audit log streaming](#setting-up-audit-log-streaming)."
{% endif %}
-## Events that appear in audit log streams
-
-You can review the specific events that appear in streamed audit logs. For more information, see the following articles.
-
-* "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)"
-* "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)"
-* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)"
-
## Setting up audit log streaming
-You set up the audit log stream on {% data variables.product.product_name %} by following the instructions for your provider.
+To set up the audit log stream, follow the instructions for your provider:
* [Amazon S3](#setting-up-streaming-to-amazon-s3)
* [Azure Blob Storage](#setting-up-streaming-to-azure-blob-storage)
@@ -78,21 +64,17 @@ You set up the audit log stream on {% data variables.product.product_name %} by
* [Splunk](#setting-up-streaming-to-splunk)
{% ifversion ghec %}
-{% note %}
-**Note:** To get a list of IP address ranges that {% data variables.product.prodname_dotcom %} uses for connections to the Streaming endpoint, you can use the REST API. The `meta` endpoint for {% data variables.product.product_name %} includes a `hooks` key with a list of the IP addresses. For more information, see "[AUTOTITLE](/rest/meta/meta#get-github-enterprise-cloud-meta-information)."
+>[!NOTE] To get a list of IP address ranges that {% data variables.product.prodname_dotcom %} uses for connections to the streaming endpoint, use the REST API. The `meta` endpoint for {% data variables.product.product_name %} includes a `hooks` key with a list of the IP addresses. See "[AUTOTITLE](/rest/meta/meta#get-github-enterprise-cloud-meta-information)."
-{% endnote %}
{% endif %}
### Setting up streaming to Amazon S3
{% ifversion ghes %}
-{% note %}
-**Note**: The Amazon region `us-east-1` must be reachable from your appliance in order for streaming to S3 to work accordingly.
+>[!NOTE] The Amazon region `us-east-1` must be reachable from your appliance for streaming to S3 to work.
-{% endnote %}
{% endif %}
{% ifversion streaming-oidc-s3 %}
@@ -113,15 +95,20 @@ To set up audit log streaming from {% data variables.product.prodname_dotcom %}
For information on creating or accessing your access key ID and secret key, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html) in the AWS documentation.
+From AWS:
+
{% data reusables.audit_log.create-s3-bucket %}
{% data reusables.audit_log.create-s3-policy %}
+
+From {% data variables.product.prodname_dotcom %}:
+
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
{% data reusables.audit_log.streaming-choose-s3 %}{% ifversion streaming-oidc-s3 %}
1. Under "Authentication", click **Access keys**.{% endif %}
1. Configure the stream settings.
{% ifversion ghec %}
- - Under "Region", select the bucket's region. For example, `us-east-1`; an option for Auto Discovery is also available.{% endif %}
+ - Under "Region", select the bucket's region. For example, `us-east-1`.{% endif %}
- Under "Bucket", type the name of the bucket you want to stream to. For example, `auditlog-streaming-test`.
- Under "Access Key ID", type your access key ID. For example, `ABCAIOSFODNN7EXAMPLE1`.
- Under "Secret Key", type your secret key. For example, `aBcJalrXUtnWXYZ/A1MDENG/zPxRfiCYEXAMPLEKEY`.
@@ -132,15 +119,17 @@ For information on creating or accessing your access key ID and secret key, see
#### Setting up streaming to S3 with OpenID Connect
-1. In AWS, add the {% data variables.product.prodname_dotcom %} OIDC provider to IAM. For more information, see [Creating OpenID Connect (OIDC) identity providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) in the AWS documentation.
+From AWS:
+
+1. Add the {% data variables.product.prodname_dotcom %} OIDC provider to IAM. See [Creating OpenID Connect (OIDC) identity providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) in the AWS documentation.
* For the provider URL, use `https://oidc-configuration.audit-log.githubusercontent.com`.
* For "Audience", use `sts.amazonaws.com`.
{% data reusables.audit_log.create-s3-bucket %}
{% data reusables.audit_log.create-s3-policy %}
-1. Configure the role and trust policy for the {% data variables.product.prodname_dotcom %} IdP. For more information, see [Creating a role for web identity or OpenID Connect Federation (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) in the AWS documentation.
+1. Configure the role and trust policy for the {% data variables.product.prodname_dotcom %} IdP. See [Creating a role for web identity or OpenID Connect Federation (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) in the AWS documentation.
- * Add the permissions policy you created above to allow writes to the bucket.
+ * Add the permissions policy you created earlier to allow writes to the bucket.
* Edit the trust relationship to add the `sub` field to the validation conditions, replacing `ENTERPRISE` with the name of your enterprise.
```json
@@ -153,6 +142,8 @@ For information on creating or accessing your access key ID and secret key, see
```
* Make note of the Amazon Resource Name (ARN) of the created role.
+
+From {% data variables.product.prodname_dotcom %}:
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
{% data reusables.audit_log.streaming-choose-s3 %}
1. Under "Authentication", click **OpenID Connect**.
@@ -167,23 +158,23 @@ For information on creating or accessing your access key ID and secret key, see
#### Disabling streaming to S3 with OpenID Connect
-If you want to disable streaming to S3 with OIDC for any reason, such as the discovery of a security vulnerability in OIDC, delete the {% data variables.product.prodname_dotcom %} OIDC provider you created in AWS when you set up streaming. For more information, see [Creating OpenID Connect (OIDC) identity providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) in the AWS documentation.
+To disable streaming to S3 with OIDC, delete the {% data variables.product.prodname_dotcom %} OIDC provider you created in AWS when you set up streaming. See [Creating OpenID Connect (OIDC) identity providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) in the AWS documentation.
-Then, set up streaming with access keys until the vulnerability is resolved. For more information, see "[Setting up streaming to S3 with access keys](#setting-up-streaming-to-s3-with-access-keys)."
+If you disable streaming due to a security vulnerability in OIDC, after you delete the provider, set up streaming with access keys until the vulnerability is resolved. See "[Setting up streaming to S3 with access keys](#setting-up-streaming-to-s3-with-access-keys)."
{% endif %}
#### Integrating with AWS CloudTrail Lake
-You can consolidate your audit logs from {% data variables.product.product_name %} with AWS activity logs by integrating audit log streaming to S3 with AWS CloudTrail Lake. For additional information, see the [AWS CloudTrail Documentation](https://docs.aws.amazon.com/cloudtrail/) or the [GitHub Audit Log to CloudTrail Open Audit](https://github.com/aws-samples/aws-cloudtrail-lake-github-audit-log) in the `aws-samples/aws-cloudtrail-lake-github-audit-log` repository.
+You can consolidate your audit logs by integrating streaming to S3 with AWS CloudTrail Lake. See the [AWS CloudTrail Documentation](https://docs.aws.amazon.com/cloudtrail/) or the [GitHub Audit Log to CloudTrail Open Audit](https://github.com/aws-samples/aws-cloudtrail-lake-github-audit-log) in the `aws-samples/aws-cloudtrail-lake-github-audit-log` repository.
### Setting up streaming to Azure Blob Storage
-Before setting up a stream in {% data variables.product.prodname_dotcom %}, you must first have created a storage account and a container in Microsoft Azure. For details, see the Microsoft documentation, "[Introduction to Azure Blob Storage](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction)."
+Before setting up a stream in {% data variables.product.prodname_dotcom %}, first create a storage account and a container in Microsoft Azure. See [Introduction to Azure Blob Storage](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction) in the Microsoft documentation.
-To configure the stream in {% data variables.product.prodname_dotcom %} you need the URL of a SAS token.
+To configure the stream, you need the URL of a SAS token.
-**On Microsoft Azure portal**:
+From the Microsoft Azure portal:
1. On the Home page, click **Storage Accounts**.
1. Under "Name", click the name of the storage account you want to use.
1. Under "Data storage", click **Containers**.
@@ -194,97 +185,83 @@ To configure the stream in {% data variables.product.prodname_dotcom %} you need
1. Click **Generate SAS token and URL**.
1. Copy the value of the **Blob SAS URL** field that's displayed. You will use this URL in {% data variables.product.prodname_dotcom %}.
-**On {% data variables.product.prodname_dotcom %}**:
+From {% data variables.product.prodname_dotcom %}:
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
1. Select the **Configure stream** dropdown menu and click **Azure Blob Storage**.
1. On the configuration page, enter the blob SAS URL that you copied in Azure. The **Container** field is auto-filled based on the URL.
1. Click **Check endpoint** to verify that {% data variables.product.prodname_dotcom %} can connect and write to the Azure Blob Storage endpoint.
-
{% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
### Setting up streaming to Azure Event Hubs
-Before setting up a stream in {% data variables.product.prodname_dotcom %}, you must first have an event hub namespace in Microsoft Azure. Next, you must create an event hub instance within the namespace. You'll need the details of this event hub instance when you set up the stream. For details, see the Microsoft documentation, "[Quickstart: Create an event hub using Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create)."
+> [!NOTE] Event Hubs instances in Azure Government are not supported.
+
+Before setting up a stream in {% data variables.product.prodname_dotcom %}, you need:
-You need two pieces of information about your event hub: its instance name and the connection string.
+* An event hub namespace in Microsoft Azure
+* An event hub instance within the namespace (see [Quickstart: Create an event hub using Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) in the Microsoft documentation)
-**On Microsoft Azure portal**:
-1. At the top of the page, next to "Microsoft Azure", use the search box to search for "Event Hubs".
+From the Microsoft Azure portal:
+1. At the top of the page, use the search box to search for "Event Hubs".
1. Select **Event Hubs**. The names of your event hubs are listed.
1. Make a note of the name of the event hub to which you want to stream. Click the event hub.
1. In the left menu, click **Shared Access Policies**.
1. Select a shared access policy from the list of policies, or create a new policy.
1. Copy the connection string from the **Connection string-primary key** field.
-**On {% data variables.product.prodname_dotcom %}**:
+From {% data variables.product.prodname_dotcom %}:
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
-1. Select the **Configure stream** dropdown menu and click **Azure Event Hubs**.
-
+1. Select the **Configure stream** dropdown and click **Azure Event Hubs**.
1. On the configuration page, enter:
* The name of the Azure Event Hubs instance.
* The connection string.
-
1. Click **Check endpoint** to verify that {% data variables.product.prodname_dotcom %} can connect and write to the Azure Events Hub endpoint.
-
{% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
{% ifversion streaming-datadog %}
### Setting up streaming to Datadog
-To set up streaming to Datadog, you must create a client token or an API key in Datadog, then configure audit log streaming in {% data variables.product.product_name %} using the token for authentication. You do not need to create a bucket or other storage container in Datadog.
+To set up streaming to Datadog, create a client token or an API key in Datadog, then configure audit log streaming in {% data variables.product.product_name %} using the token for authentication. You do not need to create a bucket or other storage container in Datadog.
-After you set up streaming to Datadog, you can see your audit log data by filtering by "github.audit.streaming." For more information, see [Log Management](https://docs.datadoghq.com/logs/).
+After you set up streaming to Datadog, you can see your audit log data by filtering by "github.audit.streaming." See [Log Management](https://docs.datadoghq.com/logs/).
1. If you don't already have a Datadog account, create one.
-1. In Datadog, generate a client token or an API key and then click **Copy key**. For more information, see [API and Application Keys](https://docs.datadoghq.com/account_management/api-app-keys/) in Datadog Docs.
+1. In Datadog, generate a client token or an API key and then click **Copy key**. See [API and Application Keys](https://docs.datadoghq.com/account_management/api-app-keys/) in Datadog Docs.
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
-1. Select the **Configure stream** dropdown menu and click **Datadog**.
-
+1. Select the **Configure stream** dropdown and click **Datadog**.
1. In the **Token** field, paste the token you copied earlier.
-
-1. Select the **Site** dropdown menu and click your Datadog site. To determine your Datadog site, compare your Datadog URL to the table in [Datadog sites](https://docs.datadoghq.com/getting_started/site/) in Datadog Docs.
-
+1. Select the **Site** dropdown and click your Datadog site. To determine your site, compare your Datadog URL to the table in [Datadog sites](https://docs.datadoghq.com/getting_started/site/) in Datadog Docs.
1. To verify that {% data variables.product.prodname_dotcom %} can connect and write to the Datadog endpoint, click **Check endpoint**.
-
{% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
-1. After a few minutes, confirm that audit log data is appearing on the **Logs** tab in Datadog. If audit log data is not appearing, confirm that your token and site are correct in {% data variables.product.prodname_dotcom %}.
+1. After a few minutes, confirm that audit log data appears on the **Logs** tab in Datadog. If it doesn't appear, confirm that your token and site are correct in {% data variables.product.prodname_dotcom %}.
{% endif %}
### Setting up streaming to Google Cloud Storage
-To set up streaming to Google Cloud Storage, you must create a service account in Google Cloud with the appropriate credentials and permissions, then configure audit log streaming in {% data variables.product.product_name %} using the service account's credentials for authentication.
+To set up streaming to Google Cloud Storage, create a service account in Google Cloud with the appropriate credentials and permissions, then configure audit log streaming in {% data variables.product.product_name %} using the service account's credentials for authentication.
-1. Create a service account for Google Cloud. You do not need to set access controls or IAM roles for the service account. For more information, see [Creating and managing service accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating) in the Google Cloud documentation.
-1. Create a JSON key for the service account, and store the key securely. For more information, see [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating) in the Google Cloud documentation.
-1. If you haven't created a bucket yet, create the bucket. For more information, see [Creating storage buckets](https://cloud.google.com/storage/docs/creating-buckets) in the Google Cloud documentation.
-1. Give the service account the Storage Object Creator role for the bucket. For more information, see [Using Cloud IAM permissions](https://cloud.google.com/storage/docs/access-control/using-iam-permissions#bucket-add) in the Google Cloud documentation.
+1. Create a service account for Google Cloud. You do not need to set access controls or IAM roles for this account. See [Creating and managing service accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating) in the Google Cloud documentation.
+1. Create a JSON key for the service account, and store the key securely. See [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating) in the Google Cloud documentation.
+1. If you haven't yet, create a bucket. See [Creating storage buckets](https://cloud.google.com/storage/docs/creating-buckets) in the Google Cloud documentation.
+1. Give the service account the Storage Object Creator role for the bucket. See [Using Cloud IAM permissions](https://cloud.google.com/storage/docs/access-control/using-iam-permissions#bucket-add) in the Google Cloud documentation.
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
-1. Select the **Configure stream** dropdown menu and click **Google Cloud Storage**.
-
+1. Select the **Configure stream** dropdown and click **Google Cloud Storage**.
1. Under "Bucket", type the name of your Google Cloud Storage bucket.
-
-1. Under "JSON Credentials", paste the entire contents of the file for your service account's JSON key.
-
+1. Under "JSON Credentials", paste the entire contents of your service account's JSON key file.
1. To verify that {% data variables.product.prodname_dotcom %} can connect and write to the Google Cloud Storage bucket, click **Check endpoint**.
-
{% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
### Setting up streaming to Splunk
-To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must make sure that the endpoint is configured to accept HTTPS connections. For more information, see [Set up and use HTTP Event Collector in Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) in the Splunk documentation.
+To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint, make sure that the endpoint is configured to accept HTTPS connections. See [Set up and use HTTP Event Collector in Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) in the Splunk documentation.
-{% note %}
-
-**Note**: {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the HEC endpoint (such as with [Splunk HEC Receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), ensure the endpoint is reachable at this destination.
-
-{% endnote %}
+>[!NOTE] {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the endpoint (such as with [Splunk HEC Receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), make sure it's reachable at this destination.
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
-1. Select the **Configure stream** dropdown menu and click **Splunk**.
-
+1. Select the **Configure stream** dropdown and click **Splunk**.
1. On the configuration page, enter:
- * The domain on which the application you want to stream to is hosted.
+ * The domain where the application you want to stream to is hosted.
If you're using Splunk Cloud, `Domain` should be `http-inputs-`, where `host` is the domain you use in Splunk Cloud. For example, `http-inputs-mycompany.splunkcloud.com`.
@@ -292,15 +269,14 @@ To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must ma
* The port on which the application accepts data.
- If you're using Splunk Cloud and haven't changed the port configuration, `Port` should be `443`.
+ If you're using Splunk Cloud, `Port` should be `443`.
If you're using the free trial version of Splunk Cloud, `Port` should be `8088`.
* A token that {% data variables.product.prodname_dotcom %} can use to authenticate to the third-party application.
-
1. Leave the **Enable SSL verification** check box selected.
- Audit logs are always streamed as encrypted data, however, with this option selected, {% data variables.product.prodname_dotcom %} verifies the SSL certificate of your Splunk instance when delivering events. SSL verification helps ensure that events are delivered to your URL endpoint securely. You can clear the selection of this option, but we recommend you leave SSL verification enabled.
+ Audit logs are always streamed as encrypted data, however, with this option selected, {% data variables.product.prodname_dotcom %} verifies the SSL certificate of your Splunk instance when delivering events. SSL verification helps ensure that events are delivered to your URL endpoint securely. Verification is optional, but we recommend you leave SSL verification enabled.
1. Click **Check endpoint** to verify that {% data variables.product.prodname_dotcom %} can connect and write to the Splunk endpoint.
{% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
@@ -308,7 +284,7 @@ To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must ma
## Pausing audit log streaming
-Pausing the stream allows you to perform maintenance on the receiving application without losing audit data. Audit logs are stored for up to seven days on {% data variables.location.product_location %} and are then exported when you unpause the stream.
+Pause the stream to perform maintenance on the receiving application without losing audit data. Audit logs are stored for up to seven days on {% data variables.location.product_location %} and are then exported when you unpause the stream.
{% ifversion streaming-datadog %}
Datadog only accepts logs from up to 18 hours in the past. If you pause a stream to a Datadog endpoint for more than 18 hours, you risk losing logs that Datadog won't accept after you resume streaming.
@@ -316,28 +292,22 @@ Datadog only accepts logs from up to 18 hours in the past. If you pause a stream
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
1. To the right of your configured stream, click **Pause stream**.
+1. A confirmation message displays. Click **Pause stream** to confirm.
-1. A confirmation message is displayed. Click **Pause stream** to confirm.
-
-When the application is ready to receive audit logs again, click **Resume stream** to restart streaming audit logs.
+To restart streaming, click **Resume stream**.
{% endif %}
## Deleting the audit log stream
{% data reusables.enterprise.navigate-to-log-streaming-tab %}
1. Under "Danger zone", click **Delete stream**.
-
-1. A confirmation message is displayed. Click **Delete stream** to confirm.
+1. A confirmation message displays. Click **Delete stream** to confirm.
{% ifversion audit-log-streaming-for-api %}
## Enabling audit log streaming of API requests
-{% note %}
-
-**Note:** This feature is currently in public beta and subject to change.
-
-{% endnote %}
+>[!NOTE] This feature is currently in public beta and subject to change.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md
index 1299f5aa4e7a..1d2e92514c76 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md
@@ -1,8 +1,8 @@
---
title: Using the audit log API for your enterprise
-intro: You can programmatically retrieve enterprise events with the REST API.
+intro: Learn how to programmatically retrieve enterprise events with the REST API.
shortTitle: Audit log API
-permissions: 'Enterprise owners {% ifversion ghes %}and site administrators {% endif %}can use the audit log API.'
+permissions: 'Enterprise owners {% ifversion ghes %}and site administrators {% endif %}'
versions:
ghec: '*'
ghes: '*'
@@ -14,29 +14,29 @@ topics:
- API
---
-## Using the audit log API
+>[!NOTE] {% data reusables.webhooks.webhooks-as-audit-log-alternative %}
-{% note %}
+Maintain compliance and secure intellectual property with endpoints relating to the audit log. See "[AUTOTITLE](/rest/enterprise-admin/audit-log)" and "[AUTOTITLE](/rest/orgs#get-the-audit-log-for-an-organization)."
-**Note:** {% data reusables.webhooks.webhooks-as-audit-log-alternative %}
-
-{% endnote %}
-
-You can maintain compliance for your enterprise and secure your intellectual property by interacting with the audit log using the REST API. For more information about the specific events that you can access via the audit log API, see the following articles.
+For more information about the specific events that you can access via the audit log endpoints, see the following articles.
* "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)"
* "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)"
* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)"
+## Audit log details
+
{% data reusables.audit_log.retention-periods %}
Timestamps and date fields in the API response are measured in [UTC epoch milliseconds](https://en.wikipedia.org/wiki/Unix_time).
{% ifversion read-audit-scope %}You can use the `read:audit_log` scope to access the audit log via the API.{% endif %}
-{% ifversion ghec %}Each audit log API endpoint has a rate limit of 1,750 queries per hour for a given combination of user and IP address. To avoid rate limiting, integrations that query the audit log API should query at a maximum frequency of 1,750 queries per hour. Additionally, if your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the API. For more information, see "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)" and "[AUTOTITLE](/rest/guides/best-practices-for-integrators)."{% endif %}
+{% ifversion ghec %}
+
+## Rate limit
-For more information about the audit log REST API, see "[AUTOTITLE](/rest/enterprise-admin/audit-log)" and "[AUTOTITLE](/rest/orgs#get-the-audit-log-for-an-organization)."
+Each audit log API endpoint has a rate limit of 1,750 queries per hour for a given combination of user and IP address. To avoid rate limiting, integrations that query the audit log API should query at a maximum frequency of 1,750 queries per hour. Additionally, if your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the API. See "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)" and "[AUTOTITLE](/rest/guides/best-practices-for-integrators)."{% endif %}
## Example 1: All events in an enterprise, for a specific date, with pagination
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/about-repository-caching.md b/content/admin/monitoring-and-managing-your-instance/caching-repositories/about-repository-caching.md
similarity index 96%
rename from content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/about-repository-caching.md
rename to content/admin/monitoring-and-managing-your-instance/caching-repositories/about-repository-caching.md
index c3f6583383a7..5f527448717e 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/about-repository-caching.md
+++ b/content/admin/monitoring-and-managing-your-instance/caching-repositories/about-repository-caching.md
@@ -8,6 +8,7 @@ topics:
- Enterprise
redirect_from:
- /admin/enterprise-management/caching-repositories/about-repository-caching
+ - /admin/monitoring-managing-and-updating-your-instance/caching-repositories/about-repository-caching
---
If you have teams and CI farms located around the world, you may experience reduced performance on your primary {% data variables.product.prodname_ghe_server %} instance. While active geo-replicas can improve the performance of read requests, this comes at the cost of limiting write throughput. To reduce load on your primary instance and improve write throughput performance, you can configure a repository cache, an asynchronous read-only mirror of repositories located near these geographically-distributed clients.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/configuring-a-repository-cache.md b/content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md
similarity index 98%
rename from content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/configuring-a-repository-cache.md
rename to content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md
index faa6cc021d2e..156cb7a92c7c 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/configuring-a-repository-cache.md
+++ b/content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md
@@ -8,6 +8,7 @@ topics:
- Enterprise
redirect_from:
- /admin/enterprise-management/caching-repositories/configuring-a-repository-cache
+ - /admin/monitoring-managing-and-updating-your-instance/caching-repositories/configuring-a-repository-cache
---
## About configuration for repository caching
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/index.md b/content/admin/monitoring-and-managing-your-instance/caching-repositories/index.md
similarity index 83%
rename from content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/index.md
rename to content/admin/monitoring-and-managing-your-instance/caching-repositories/index.md
index 2ec6fdf80fdd..49de83d6ce0c 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/index.md
+++ b/content/admin/monitoring-and-managing-your-instance/caching-repositories/index.md
@@ -10,4 +10,6 @@ children:
- /configuring-a-repository-cache
redirect_from:
- /admin/enterprise-management/caching-repositories
+ - /admin/monitoring-managing-and-updating-your-instance/caching-repositories
---
+
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-cluster-nodes.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md
similarity index 97%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-cluster-nodes.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md
index 95246cde900f..778587c400d9 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-cluster-nodes.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/about-cluster-nodes
- /admin/enterprise-management/about-cluster-nodes
- /admin/enterprise-management/configuring-clustering/about-cluster-nodes
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-cluster-nodes
versions:
ghes: '*'
type: overview
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-clustering.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-clustering.md
similarity index 86%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-clustering.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-clustering.md
index 88ba6c11c9e1..14f97d8d05c7 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-clustering.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-clustering.md
@@ -1,7 +1,7 @@
---
title: About clustering
-intro: "The cluster topology for {% data variables.product.prodname_ghe_server %} is designed to support tens of thousands of users where other topologies would experience resource exhaustion. In a cluster, the instance's services scale horizontally across multiple nodes."
-product: "{% data variables.product.company_short %} determines eligibility for clustering, and must enable the configuration for your instance's license. Clustering requires careful planning and additional administrative overhead."
+intro: 'The cluster topology for {% data variables.product.prodname_ghe_server %} is designed to support tens of thousands of users where other topologies would experience resource exhaustion. In a cluster, the instance''s services scale horizontally across multiple nodes.'
+product: '{% data variables.product.company_short %} determines eligibility for clustering, and must enable the configuration for your instance''s license. Clustering requires careful planning and additional administrative overhead.'
redirect_from:
- /enterprise/admin/clustering/overview
- /enterprise/admin/clustering/about-clustering
@@ -9,6 +9,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/about-clustering
- /admin/enterprise-management/about-clustering
- /admin/enterprise-management/configuring-clustering/about-clustering
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-clustering
versions:
ghes: '*'
type: overview
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/cluster-network-configuration.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/cluster-network-configuration.md
similarity index 98%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/cluster-network-configuration.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/cluster-network-configuration.md
index c3a581574fa0..1174663f380a 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/cluster-network-configuration.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/cluster-network-configuration.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/cluster-network-configuration
- /admin/enterprise-management/cluster-network-configuration
- /admin/enterprise-management/configuring-clustering/cluster-network-configuration
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/cluster-network-configuration
versions:
ghes: '*'
type: reference
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md
similarity index 99%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md
index a38a043bd764..8a2e5d0b766b 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md
@@ -4,6 +4,7 @@ intro: 'You can configure a replica of your entire {% data variables.product.pro
redirect_from:
- /enterprise/admin/enterprise-management/configuring-high-availability-replication-for-a-cluster
- /admin/enterprise-management/configuring-high-availability-replication-for-a-cluster
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster
versions:
ghes: '>= 3.9'
type: how_to
@@ -17,8 +18,6 @@ shortTitle: Configure HA replication
## About high availability replication for clusters
-{% data reusables.enterprise_clustering.high-availability-requires-391 %}
-
You can provide protection against disruption in a datacenter or cloud region by configuring a cluster deployment of {% data variables.product.prodname_ghe_server %} for high availability. In a high availability configuration, an identical set of replica nodes sync with the nodes in your active cluster. If hardware or software failures affect the datacenter with your active cluster, you can manually fail over to the replica nodes and continue processing user requests, minimizing the impact of the outage.
In a high availability configuration, nodes that host data services sync regularly with the replica cluster. Replica nodes run in standby and do not serve applications or process user requests.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/deferring-database-seeding.md
similarity index 89%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/deferring-database-seeding.md
index dd4d8a49147a..f59d086713b9 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/deferring-database-seeding.md
@@ -1,13 +1,15 @@
---
title: Deferring database seeding
-intro: "You can speed up the process of adding a new MySQL replica node to your cluster by opting to defer database seeding."
-product: "{% data reusables.gated-features.cluster %}"
+intro: You can speed up the process of adding a new MySQL replica node to your cluster by opting to defer database seeding.
+product: '{% data reusables.gated-features.cluster %}'
versions:
ghes: '*'
type: how_to
topics:
- Clustering
- Enterprise
+redirect_from:
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding
---
## About deferring database seeding of a MySQL replica node
@@ -17,7 +19,7 @@ topics:
{%- ifversion ghes = 3.12 %} 3.12.1{%- endif %}
{%- ifversion ghes = 3.11 %} 3.11.7{%- endif %}
{%- ifversion ghes = 3.10 %} 3.10.10{%- endif %}
-{%- ifversion ghes = 3.9 %} 3.9.13{%- endif %} and{% endif %} is available as a public beta.
+ and{% endif %} is available as a public beta.
Adding a new MySQL replica node to your cluster when your primary node has more than seven days of data will normally trigger database seeding which can take several hours depending on the amount of data. You can choose to defer database seeding, allowing the config apply run to complete sooner, resulting in being able to open your appliance to traffic sooner.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha.md
similarity index 96%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha.md
index 5576e6bcbf58..e3bf47f462af 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/differences-between-clustering-and-high-availability-ha
- /admin/enterprise-management/differences-between-clustering-and-high-availability-ha
- /admin/enterprise-management/configuring-clustering/differences-between-clustering-and-high-availability-ha
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/differences-between-clustering-and-high-availability-ha
versions:
ghes: '*'
type: reference
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md
similarity index 94%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md
index f2d6675d4d88..b164054bf3da 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md
@@ -1,7 +1,7 @@
---
title: Evacuating a cluster node running data services
shortTitle: Evacuating a data node
-intro: If a node in your {% data variables.product.product_name %} cluster runs services that store distributed data, you can ensure redundancy as you prepare to replace the node by evacuating the node's data.
+intro: 'If a node in your {% data variables.product.product_name %} cluster runs services that store distributed data, you can ensure redundancy as you prepare to replace the node by evacuating the node''s data.'
product: '{% data reusables.gated-features.cluster %}'
redirect_from:
- /enterprise/admin/clustering/evacuating-a-cluster-node
@@ -9,8 +9,9 @@ redirect_from:
- /admin/enterprise-management/evacuating-a-cluster-node
- /admin/enterprise-management/configuring-clustering/evacuating-a-cluster-node
- /admin/enterprise-management/configuring-clustering/evacuating-a-cluster-node-running-data-services
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services
versions:
- ghes: '<=3.11'
+ ghes: <=3.11
type: how_to
topics:
- Clustering
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/index.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/index.md
similarity index 81%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/index.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/index.md
index 87f0b88ff461..5b9ccd4a56f6 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/index.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/index.md
@@ -1,6 +1,6 @@
---
title: Configuring clustering
-intro: The cluster topology for {% data variables.product.product_name %} provides horizontal scaling for environments with tens of thousands of developers.
+intro: 'The cluster topology for {% data variables.product.product_name %} provides horizontal scaling for environments with tens of thousands of developers.'
product: '{% data reusables.gated-features.cluster %}'
redirect_from:
- /enterprise/admin/clustering/setting-up-the-cluster-instances
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/guides/clustering/managing-a-github-enterprise-cluster
- /enterprise/admin/enterprise-management/configuring-clustering
- /admin/enterprise-management/configuring-clustering
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering
versions:
ghes: '*'
topics:
@@ -28,3 +29,4 @@ children:
- /configuring-high-availability-replication-for-a-cluster
- /initiating-a-failover-to-your-replica-cluster
---
+
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initializing-the-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/initializing-the-cluster.md
similarity index 98%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initializing-the-cluster.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/initializing-the-cluster.md
index ba3347757b33..55e5cf4f5122 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initializing-the-cluster.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/initializing-the-cluster.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/initializing-the-cluster
- /admin/enterprise-management/initializing-the-cluster
- /admin/enterprise-management/configuring-clustering/initializing-the-cluster
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initializing-the-cluster
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md
similarity index 95%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md
index 0ff8710803d4..edc35cc12184 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md
@@ -4,6 +4,7 @@ intro: 'If your {% data variables.product.prodname_ghe_server %} cluster fails,
redirect_from:
- /enterprise/admin/enterprise-management/initiating-a-failover-to-your-replica-cluster
- /admin/enterprise-management/initiating-a-failover-to-your-replica-cluster
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster
versions:
ghes: '>= 3.9'
type: how_to
@@ -27,8 +28,6 @@ After failover, you will have two standalone clusters without high availability
To fail over to replica nodes, you must have configured high availability replication for your cluster. For more information, see "[AUTOTITLE](/enterprise/admin/enterprise-management/configuring-high-availability-replication-for-a-cluster)."
-{% data reusables.enterprise_clustering.high-availability-requires-391 %}
-
## Initiating a failover to your replica cluster
{% ifversion ghes < 3.13 %}{% data reusables.enterprise_clustering.cluster-ip-note %} For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)."{% endif %}
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md
similarity index 95%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md
index fff69324d18f..9f25062764fa 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md
@@ -1,11 +1,11 @@
---
title: Monitoring the health of your cluster nodes with Node Eligibility Service
shortTitle: Node Eligibility Service
-intro: "You can monitor when nodes in a {% data variables.product.product_name %} cluster have been offline long enough to cause issues by using {% data variables.product.prodname_nes %}."
-permissions: People with administrative SSH access to a {% data variables.product.product_name %} instance can monitor cluster nodes.
+intro: 'You can monitor when nodes in a {% data variables.product.product_name %} cluster have been offline long enough to cause issues by using {% data variables.product.prodname_nes %}.'
+permissions: 'People with administrative SSH access to a {% data variables.product.product_name %} instance can monitor cluster nodes.'
product: '{% data reusables.gated-features.cluster %}'
versions:
- feature: 'node-eligibility-service'
+ feature: node-eligibility-service
type: how_to
topics:
- Clustering
@@ -16,6 +16,7 @@ topics:
- Performance
redirect_from:
- /admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service
---
## About {% data variables.product.prodname_nes %}
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md
similarity index 97%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md
index f46b285e518b..7cca2dc02956 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md
@@ -1,7 +1,7 @@
---
title: Monitoring the health of your cluster
shortTitle: Monitor cluster health
-intro: "To ensure the performance and redundancy of a {% data variables.product.product_name %} cluster, you can monitor the cluster's health."
+intro: 'To ensure the performance and redundancy of a {% data variables.product.product_name %} cluster, you can monitor the cluster''s health.'
product: '{% data reusables.gated-features.cluster %}'
redirect_from:
- /enterprise/admin/clustering/monitoring-cluster-nodes
@@ -9,6 +9,7 @@ redirect_from:
- /admin/enterprise-management/monitoring-cluster-nodes
- /admin/enterprise-management/configuring-clustering/monitoring-cluster-nodes
- /admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/rebalancing-cluster-workloads.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md
similarity index 92%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/rebalancing-cluster-workloads.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md
index 5413dabe681d..890dbe0dd1ac 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/rebalancing-cluster-workloads.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md
@@ -1,17 +1,18 @@
---
title: Rebalancing cluster workloads
shortTitle: Rebalance workloads
-intro: "You can force your {% data variables.product.product_name %} cluster to evenly distribute job allocations for workloads on the cluster's nodes."
+intro: 'You can force your {% data variables.product.product_name %} cluster to evenly distribute job allocations for workloads on the cluster''s nodes.'
product: '{% data reusables.gated-features.cluster %}'
-permissions: People with administrative SSH access to a {% data variables.product.product_name %} instance can rebalance cluster workloads on the instance.
+permissions: 'People with administrative SSH access to a {% data variables.product.product_name %} instance can rebalance cluster workloads on the instance.'
versions:
- feature: 'cluster-rebalancing'
+ feature: cluster-rebalancing
type: how_to
topics:
- Clustering
- Enterprise
redirect_from:
- /admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/rebalancing-cluster-workloads
---
## About workload balance for a {% data variables.product.product_name %} cluster
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md
similarity index 90%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md
index 5b6c8110ce1d..8d2629274b12 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/replacing-a-cluster-node
- /admin/enterprise-management/replacing-a-cluster-node
- /admin/enterprise-management/configuring-clustering/replacing-a-cluster-node
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node
versions:
ghes: '*'
type: how_to
@@ -78,7 +79,7 @@ To replace a node in an emergency, you'll take the failed node offline, add your
1. To remove the node that is experiencing issues from the cluster, from the primary MySQL node of your cluster, run the following command. Replace NODE-HOSTNAME with the hostname of the node you're taking offline.
```shell
- ghe-remove-node --no-evacuate NODE-HOSTNAME
+ ghe-remove-node --no-evacuate NODE-HOSTNAME
```
This command will mark the node as offline in your configuration and stop traffic being routed to the node. You can run this command in `no-evacuate` mode now because, later in this procedure, you'll run commands that instruct data services on the node to copy any replicas onto the other available nodes in the cluster. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node)."
@@ -166,7 +167,7 @@ To replace a node in an emergency, install the {% data variables.product.product
## Replacing the primary MySQL node
-To provide database services, your cluster requires a primary MySQL node and at least one secondary MySQL node. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/about-cluster-nodes)."
+To provide database services, your cluster requires a primary MySQL node and at least one replica MySQL node. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes)."
If you want to provide the VM for your primary MySQL node with more resources, or if the node fails, you can replace the node. To minimize downtime, add the new node to your cluster, replicate the MySQL data, and then promote the node. Some downtime is required during promotion.
@@ -194,10 +195,10 @@ If you want to provide the VM for your primary MySQL node with more resources, o
{% data reusables.enterprise_clustering.replacing-a-cluster-node-initialize-new-node %}
-{% data reusables.enterprise_clustering.replacing-a-cluster-node-validate-config %}
+1. From the administrative shell of the node where you modified `cluster.conf`, run `ghe-cluster-config-apply`. The newly added node will become a replica MySQL node and any other configured services will run there.
1. Wait for MySQL replication to finish. To monitor MySQL replication from any node in the cluster, run `ghe-cluster-status -v`.
- Shortly after adding the node to the cluster, you may see an error for replication status while replication catches up. Replication can take hours depending on the instance's load and the last time the instance generated a database seed.
+ Shortly after adding the node to the cluster, you may see an error for replication status while replication catches up. Replication can take hours depending on the instance's load, the amount of database data, and the last time the instance generated a database seed.
1. During your scheduled maintenance window, enable maintenance mode. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#enabling-or-disabling-maintenance-mode-for-all-nodes-in-a-cluster-via-the-cli)."
1. Ensure that MySQL replication is finished from any node in the cluster by running `ghe-cluster-status -v`.
@@ -212,13 +213,13 @@ If you want to provide the VM for your primary MySQL node with more resources, o
echo "SET GLOBAL super_read_only = 1;" | sudo mysql
```
-1. Wait until Global Transaction Identifiers (GTIDs) set on the primary and secondary MySQL nodes are identical. To check the GTIDs, run the following command from any of the instance's nodes.
+1. Wait until Global Transaction Identifiers (GTIDs) set on the primary and replica MySQL nodes are identical. To check the GTIDs, run the following command from any of the instance's nodes.
```shell copy
ghe-cluster-each -r mysql -- 'echo "SELECT @@global.gtid_executed;" | sudo mysql'
```
-1. After the GTIDs on the primary and secondary MySQL nodes match, update the cluster configuration by opening the cluster configuration file at `/data/user/common/cluster.conf` in a text editor.
+1. After the GTIDs on the primary and replica MySQL nodes match, update the cluster configuration by opening the cluster configuration file at `/data/user/common/cluster.conf` in a text editor.
* Create a backup of the `cluster.conf` file before you edit the file.
* In the top-level `[cluster]` section, remove the hostname for the node you replaced from the `mysql-master` key-value pair, then assign the new node instead. If the new node is also a primary Redis node, adjust the `redis-master` key-value pair.
@@ -230,6 +231,6 @@ If you want to provide the VM for your primary MySQL node with more resources, o
primary-datacenter = primary
...
-{% data reusables.enterprise_clustering.replacing-a-cluster-node-validate-config %}
+1. From the administrative shell of the node where you modified `cluster.conf`, run `ghe-cluster-config-apply`. This will reconfigure the cluster so that the newly added node becomes the primary MySQL node and the original primary MySQL node becomes a replica MySQL node.
1. Check the status of MySQL replication from any node in the cluster by running `ghe-cluster-status -v`.
1. If MySQL replication is finished, from any node in the cluster, disable maintenance mode. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#enabling-or-disabling-maintenance-mode-for-all-nodes-in-a-cluster-via-the-cli)."
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/upgrading-a-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/upgrading-a-cluster.md
similarity index 87%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/upgrading-a-cluster.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-clustering/upgrading-a-cluster.md
index b70306603cae..2ad09b44400c 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/upgrading-a-cluster.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/upgrading-a-cluster.md
@@ -1,12 +1,13 @@
---
title: Upgrading a cluster
-intro: "To upgrade a {% data variables.product.prodname_ghe_server %} cluster to the latest release, use the administrative shell (SSH)."
+intro: 'To upgrade a {% data variables.product.prodname_ghe_server %} cluster to the latest release, use the administrative shell (SSH).'
product: '{% data reusables.gated-features.cluster %}'
redirect_from:
- /enterprise/admin/clustering/upgrading-a-cluster
- /enterprise/admin/enterprise-management/upgrading-a-cluster
- /admin/enterprise-management/upgrading-a-cluster
- /admin/enterprise-management/configuring-clustering/upgrading-a-cluster
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/upgrading-a-cluster
versions:
ghes: '*'
type: how_to
@@ -37,7 +38,7 @@ Use an upgrade package to upgrade a {% data variables.product.prodname_ghe_serve
### Preparing to upgrade
-1. Review [Cluster network configuration](/admin/enterprise-management/configuring-clustering/cluster-network-configuration) for the version you are upgrading to, and update your configuration as needed.
+1. Review [AUTOTITLE](/admin/enterprise-management/configuring-clustering/cluster-network-configuration) for the version you are upgrading to, and update your configuration as needed.
1. Back up your data with [{% data variables.product.prodname_enterprise_backup_utilities %}](https://github.com/github/backup-utils#readme).
1. Schedule a maintenance window for end users of your {% data variables.product.prodname_ghe_server %} cluster, as it will be unavailable for normal use during the upgrade. Maintenance mode blocks user access and prevents data changes while the cluster upgrade is in progress.
1. On the [{% data variables.product.prodname_ghe_server %} Download Page](https://enterprise.github.com/download), copy the URL for the upgrade _.pkg_ file to the clipboard.
@@ -68,14 +69,14 @@ Use an upgrade package to upgrade a {% data variables.product.prodname_ghe_serve
1. Enable maintenance mode according to your scheduled window by connecting to the administrative shell of any cluster node and running `ghe-cluster-maintenance -s`.
{% ifversion ghes > 3.10 and ghes < 3.15 %}
-1. If you're upgrading from version 3.11 or 3.12 to version 3.13 or later, Elasticsearch will be upgraded as part of the upgrade to your cluster. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)."
+1. If you're upgrading from version 3.11 or 3.12 to version 3.13 or later, Elasticsearch will be upgraded as part of the upgrade to your cluster. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade)."
Before upgrading, you will need to run a script to prepare your cluster for an upgrade to 3.13 or 3.14.
1. Ensure you are running the required patch release for your current version: **3.11.9** or later for 3.11, or **3.12.3** or later for 3.12.
1. On any `elasticsearch-server` node, run `/usr/local/share/enterprise/ghe-es-auditlog-cluster-rebalance`.
{% endif %}
1. **With the exception of the primary MySQL node**, connect to the administrative shell of each of the {% data variables.product.prodname_ghe_server %} nodes.
-Run the `ghe-upgrade` command, providing the package file name you downloaded in Step 4 of [Preparing to upgrade](#preparing-to-upgrade):
+Run the `ghe-upgrade` command, providing the package file name you downloaded in step 4 of [Preparing to upgrade](#preparing-to-upgrade):
```shell
$ ghe-upgrade PACKAGE-FILENAME.pkg
@@ -89,7 +90,7 @@ Run the `ghe-upgrade` command, providing the package file name you downloaded in
```
1. The upgrade process will reboot the node once it completes. Verify that you can `ping` each node after it reboots.
-1. Connect to the administrative shell of the primary MySQL node. Run the `ghe-upgrade` command, providing the package file name you downloaded in Step 4 of [Preparing to upgrade](#preparing-to-upgrade):
+1. Connect to the administrative shell of the primary MySQL node. Run the `ghe-upgrade` command, providing the package file name you downloaded in step 4 of [Preparing to upgrade](#preparing-to-upgrade):
```shell
$ ghe-upgrade PACKAGE-FILENAME.pkg
@@ -102,7 +103,14 @@ Run the `ghe-upgrade` command, providing the package file name you downloaded in
> gpg: Good signature from "GitHub Enterprise (Upgrade Package Key) > "
```
-1. The upgrade process will reboot the primary MySQL node once it completes. Verify that you can `ping` each node after it reboots.{% ifversion ghes %}
+1. The upgrade process will reboot the primary MySQL node once it completes. Verify that you can `ping` each node after it reboots
+
+ > [!IMPORTANT] Before proceeding with the next step, you must wait for the post-upgrade configuration to complete. To monitor progress of the configuration run, read the output in `/data/user/common/ghe-config.log`. For example, you can tail the log by running the following command:
+ >
+ > ```shell
+ > tail -f /data/user/common/ghe-config.log
+ > ```
+
1. Connect to the administrative shell of the primary MySQL node and run the `ghe-cluster-config-apply` command.
-1. When `ghe-cluster-config-apply` is complete, check that the services are in a healthy state by running `ghe-cluster-status`.{% endif %}
+1. When `ghe-cluster-config-apply` is complete, check that the services are in a healthy state by running `ghe-cluster-status`.
1. Exit maintenance mode from the administrative shell of any node by running `ghe-cluster-maintenance -u`.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-geo-replication.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-geo-replication.md
similarity index 96%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-geo-replication.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-geo-replication.md
index 449a0abc7737..ccad789e3fc4 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-geo-replication.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-geo-replication.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/about-geo-replication
- /admin/enterprise-management/about-geo-replication
- /admin/enterprise-management/configuring-high-availability/about-geo-replication
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-geo-replication
versions:
ghes: '*'
type: overview
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-high-availability-configuration.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration.md
similarity index 97%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-high-availability-configuration.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration.md
index 2468f43e8262..9123c8b65e32 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-high-availability-configuration.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/about-high-availability-configuration
- /admin/enterprise-management/about-high-availability-configuration
- /admin/enterprise-management/configuring-high-availability/about-high-availability-configuration
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-high-availability-configuration
versions:
ghes: '*'
type: overview
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md
similarity index 97%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md
index 4084d7ed711e..8ff5839c1581 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/creating-a-high-availability-replica
- /admin/enterprise-management/creating-a-high-availability-replica
- /admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/index.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/index.md
similarity index 92%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/index.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/index.md
index 27acfe485b79..c3910a80fe4e 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/index.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/index.md
@@ -7,6 +7,7 @@ redirect_from:
- /enterprise/admin/guides/installation/configuring-github-enterprise-for-high-availability
- /enterprise/admin/enterprise-management/configuring-high-availability
- /admin/enterprise-management/configuring-high-availability
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability
intro: '{% data variables.product.prodname_ghe_server %} supports a high availability mode of operation designed to minimize service disruption in the event of hardware failure or major network outage affecting the primary appliance.'
versions:
ghes: '*'
@@ -22,3 +23,4 @@ children:
- /about-geo-replication
shortTitle: Configure high availability
---
+
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md
similarity index 96%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md
index 8a9f644c85d3..fba58ea767df 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/initiating-a-failover-to-your-replica-appliance
- /admin/enterprise-management/initiating-a-failover-to-your-replica-appliance
- /admin/enterprise-management/configuring-high-availability/initiating-a-failover-to-your-replica-appliance
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md
similarity index 95%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md
index 3853cd9f805d..bdbe2af525a9 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md
@@ -1,9 +1,9 @@
---
title: Monitoring a high-availability configuration
-intro: "After configuration of high availability for {% data variables.location.product_location %}, you can monitor the status of data replication among to your instance's replica nodes."
+intro: 'After configuration of high availability for {% data variables.location.product_location %}, you can monitor the status of data replication among to your instance''s replica nodes.'
versions:
ghes: '*'
-permissions: Site administrators can monitor a high-availability configuration for a {% data variables.product.product_name %} instance.
+permissions: 'Site administrators can monitor a high-availability configuration for a {% data variables.product.product_name %} instance.'
type: how_to
topics:
- Enterprise
@@ -13,6 +13,7 @@ topics:
shortTitle: Monitor HA configuration
redirect_from:
- /admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration
---
## About observability for high availability
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md
similarity index 94%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md
index cb9028f35417..9b75ac3fde00 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/recovering-a-high-availability-configuration
- /admin/enterprise-management/recovering-a-high-availability-configuration
- /admin/enterprise-management/configuring-high-availability/recovering-a-high-availability-configuration
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/recovering-a-high-availability-configuration
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/removing-a-high-availability-replica.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md
similarity index 93%
rename from content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/removing-a-high-availability-replica.md
rename to content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md
index ed70a4ba45d8..ebf8865d267a 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/removing-a-high-availability-replica.md
+++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/removing-a-high-availability-replica
- /admin/enterprise-management/removing-a-high-availability-replica
- /admin/enterprise-management/configuring-high-availability/removing-a-high-availability-replica
+ - /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/removing-a-high-availability-replica
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/index.md b/content/admin/monitoring-and-managing-your-instance/index.md
similarity index 52%
rename from content/admin/monitoring-managing-and-updating-your-instance/index.md
rename to content/admin/monitoring-and-managing-your-instance/index.md
index f77742afada1..0bafdd26d4b8 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/index.md
+++ b/content/admin/monitoring-and-managing-your-instance/index.md
@@ -1,9 +1,10 @@
---
-title: 'Monitoring, managing, and updating your instance'
-intro: 'You can monitor your instance, upgrade to a newer version, and configure clustering or high availability'
+title: 'Monitoring and managing your instance'
+intro: 'You can monitor your instance, update your virtual machine resources, and configure clustering or high availability, and repository caching.'
redirect_from:
- /enterprise/admin/enterprise-management
- /admin/enterprise-management
+ - /admin/monitoring-managing-and-updating-your-instance
versions:
ghes: '*'
topics:
@@ -14,5 +15,5 @@ children:
- /configuring-clustering
- /configuring-high-availability
- /caching-repositories
-shortTitle: 'Monitor, manage, and update your instance'
+shortTitle: 'Monitor and manage your instance'
---
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md
similarity index 94%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md
index aa07d8c02133..577298599ebc 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md
@@ -12,6 +12,7 @@ topics:
redirect_from:
- /admin/enterprise-management/monitoring-your-appliance/about-system-logs
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs
---
## About system logs for {% data variables.product.product_name %}
@@ -42,8 +43,8 @@ In addition to reviewing your system logs, you can monitor activity on your inst
* [Log files for databases](#log-files-for-databases)
* [Log files for the {% data variables.product.prodname_dotcom %} application](#log-files-for-the-github-application)
* [Log files for the HTTP server](#log-files-for-the-http-server)
-* [Log files for instance configuration](#log-files-for-instance-configuration)
* [Log files for the {% data variables.enterprise.management_console %}](#log-files-for-the-management-console)
+* [Log files for instance configuration](#log-files-for-instance-configuration)
* [Log files for search](#log-files-for-search)
* [Log files for system services](#log-files-for-system-services)
@@ -55,6 +56,7 @@ The following log files record events from database services on your instance.
| :- | :- |
|
/var/log/mysql/mysql.log
| Records events related to the instance's MySQL database. |
|
/var/log/mysql/mysql.err
| Records errors related to the instance's MySQL database. |
+|
/data/user/mssql/log/errorlog
| Records errors related to the instance's MSSQL database. See [Journal logs for databases](#journal-logs-for-databases) later in this article for other events. |
### Log files for the {% data variables.product.prodname_dotcom %} application
@@ -87,9 +89,7 @@ The following log files contain events from your instance's {% data variables.en
| Path | Description |
| :- | :- |
-{%- ifversion ghes %}
|
/var/log/enterprise-manage/audit.log
| Records activity in the instance's {% data variables.enterprise.management_console %}. |
-{%- endif %}
|
/var/log/enterprise-manage/unicorn.log
| Records HTTP and HTTPS operations that administrators perform in the {% data variables.enterprise.management_console %} using the web UI or REST API. |
### Log files for instance configuration
@@ -99,9 +99,9 @@ The following log files contain events related to the configuration of your inst
| Path | Description |
| :- | :- |
|
/data/user/common/ghe-config.log
| Records events associated with {% ifversion unique-config-run-logs %}the latest{% else %}each{% endif %} configuration run. If a configuration run fails, output to the log stops. This log also records information about migrations that run during the process of upgrading an instance's software. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config-apply)." |
-{%- ifversion unique-config-run-logs %}
+| {% ifversion unique-config-run-logs %} |
|
/data/user/config-apply/logs/YYYYMMDD/*
| Stores log files for previous configuration runs. The instance stores the files in a directory that reflects the date, and each file name reflects the node and the ID of the run. |
-{%- endif %}
+| {% endif %} |
### Log files for search
@@ -111,14 +111,6 @@ The following log files contain events from services that provide search functio
| :- | :- |
|
/var/log/elasticsearch/github-enterprise.log
| Records events associated with the Elasticsearch service, which your instance uses to provide search services. |
-### Journal logs for webhooks
-
-The following log files contain events related to webhooks that your instance sends.
-
-| Service name | Description |
-| :- | :- |
-|
hookshot-go
| Records events for all webhook activity on the instance, including triggered webhooks, deliveries, and failures.|
-
### Log files for system services
The following logs contain events from system services on your instance.
@@ -138,7 +130,7 @@ Several {% data variables.product.product_name %} services, such as the `babeld`
People with administrative SSH access to the instance can parse these logs using the `journalctl` command. For more information, see [journalctl(1)](http://man7.org/linux/man-pages/man1/journalctl.1.html) in the online Linux manual pages.
-To view logs in the systemd journal, run the following command, replacing SERVICE-NAME with a service name from the following list of logs.
+To view logs in the systemd journal, run the following command, replacing SERVICE-NAME with a service name from the following list of logs. For view logs of all other containerized services, run `nomad job status` and use the `ID` as the SERVICE-NAME.
```shell
journalctl -t SERVICE-NAME
@@ -175,6 +167,23 @@ The following logs contain events from services that store or retrieve data on y
| :- | :- |
|
alambic
| Records events related to the storage and retrieval of files, such as {% data variables.large_files.product_name_short %} objects, avatar images, file attachments from comments in the web UI, and release archives. |
+### Journal logs for databases
+
+The following logs contain events related to database services on your instance.
+
+| Service name | Description |
+| :- | :- |
+|
mysql
| Records events related to the instance's MySQL database. |
+|
mssql
| Records events related to the instance's MSSQL database. |
+
+### Journal logs for webhooks
+
+The following log files contain events related to webhooks that your instance sends.
+
+| Service name | Description |
+| :- | :- |
+|
hookshot-go
| Records events for all webhook activity on the instance, including triggered webhooks, deliveries, and failures.|
+
## About system logs in support bundles
If you generate a support bundle, the file includes system logs. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)."
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
similarity index 97%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
index e41951727a3d..8a325d931384 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
@@ -7,6 +7,7 @@ redirect_from:
- /admin/enterprise-management/accessing-the-monitor-dashboard
- /admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/accessing-the-monitor-dashboard
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server.md
similarity index 92%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server.md
index 82a073ceb1de..3fb2da4e8dcb 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server.md
@@ -1,7 +1,7 @@
---
title: collectd metrics for GitHub Enterprise Server
shortTitle: collectd metrics
-intro: "You can review the metrics that `collectd` gathers for {% data variables.location.product_location %}."
+intro: 'You can review the metrics that `collectd` gathers for {% data variables.location.product_location %}.'
versions:
ghes: '*'
type: reference
@@ -11,11 +11,13 @@ topics:
- Infrastructure
- Monitoring
- Performance
+redirect_from:
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server
---
## About `collectd` metrics
-By default, `collectd` on {% data variables.location.product_location %} gathers metrics related to the instance's performance. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance)."
+By default, `collectd` on {% data variables.location.product_location %} gathers metrics related to the instance's performance. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance)."
You can learn more about the type of data that `collectd` gathers, and you can download a CSV file that contains a full list of metrics.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md
similarity index 88%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md
index e81452f47a72..cfa28e548f51 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md
@@ -1,7 +1,7 @@
---
title: Configuring collectd for your instance
shortTitle: Configure collectd
-intro: "To gain insight into {% data variables.product.product_name %}'s performance, you can review data from `collectd` on your instance, or optionally send the data to an external `collectd` server."
+intro: 'To gain insight into {% data variables.product.product_name %}''s performance, you can review data from `collectd` on your instance, or optionally send the data to an external `collectd` server.'
redirect_from:
- /enterprise/admin/installation/configuring-collectd
- /enterprise/admin/articles/configuring-collectd
@@ -10,6 +10,7 @@ redirect_from:
- /admin/enterprise-management/monitoring-your-appliance/configuring-collectd
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/configuring-collectd
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/configuring-collectd
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance
versions:
ghes: '*'
type: how_to
@@ -25,9 +26,9 @@ topics:
`collectd` is a service that runs on {% data variables.location.product_location %} to gather and provide metrics about the system's performance. Common metrics that `collectd` gathers includes CPU utilization, memory and disk consumption, network interface traffic and errors, and a system's overall load. You can also forward the data to another `collectd` server. For more information see the [collectd wiki](https://github.com/collectd/collectd/wiki).
-Your instance uses metrics from `collectd` to display graphs in the {% data variables.enterprise.management_console %}'s monitor dashboard. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/accessing-the-monitor-dashboard)."
+Your instance uses metrics from `collectd` to display graphs in the {% data variables.enterprise.management_console %}'s monitor dashboard. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard)."
-You can review a list of the metrics that `collectd` gathers on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server)."
+You can review a list of the metrics that `collectd` gathers on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/collectd-metrics-for-github-enterprise-server)."
## Set up an external `collectd` server
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md
similarity index 95%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md
index 229c8f719b43..c9d7e588d3f1 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md
@@ -14,6 +14,7 @@ product: '{% data reusables.gated-features.generated-health-checks %}'
redirect_from:
- /admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/generating-a-health-check-for-your-enterprise
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise
---
{% note %}
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/index.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/index.md
similarity index 93%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/index.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/index.md
index 4b5df960af9b..b40ef2aab525 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/index.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/index.md
@@ -8,6 +8,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/monitoring-your-appliance
- /admin/enterprise-management/monitoring-your-appliance
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance
versions:
ghes: '*'
topics:
@@ -23,3 +24,4 @@ children:
- /generating-a-health-check-for-your-enterprise
shortTitle: Monitor your instance
---
+
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/monitoring-using-snmp.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md
similarity index 98%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/monitoring-using-snmp.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md
index a272602fb9b3..5545195c792a 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/monitoring-using-snmp.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md
@@ -6,8 +6,9 @@ redirect_from:
- /enterprise/admin/articles/monitoring-using-snmp
- /enterprise/admin/enterprise-management/monitoring-using-snmp
- /admin/enterprise-management/monitoring-using-snmp
- - /admin/enterprise-management/monitoring-your-appliance/monitoring-using-snmp
+ - /admin/enterprise-management/monitoring-your-appliance/monitoring-using-snmp
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/monitoring-using-snmp
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/monitoring-using-snmp
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/recommended-alert-thresholds.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/recommended-alert-thresholds.md
similarity index 96%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/recommended-alert-thresholds.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/recommended-alert-thresholds.md
index a8a03d06df0c..484b00361c88 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/recommended-alert-thresholds.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/recommended-alert-thresholds.md
@@ -9,6 +9,7 @@ redirect_from:
- /admin/enterprise-management/recommended-alert-thresholds
- /admin/enterprise-management/monitoring-your-appliance/recommended-alert-thresholds
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/recommended-alert-thresholds
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/recommended-alert-thresholds
versions:
ghes: '*'
type: reference
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/setting-up-external-monitoring.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/setting-up-external-monitoring.md
similarity index 88%
rename from content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/setting-up-external-monitoring.md
rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/setting-up-external-monitoring.md
index ae8a2fcc859a..b48ab4cf601d 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/setting-up-external-monitoring.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/setting-up-external-monitoring.md
@@ -7,6 +7,7 @@ redirect_from:
- /admin/enterprise-management/setting-up-external-monitoring
- /admin/enterprise-management/monitoring-your-appliance/setting-up-external-monitoring
- /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/setting-up-external-monitoring
+ - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/setting-up-external-monitoring
versions:
ghes: '*'
type: how_to
@@ -25,4 +26,4 @@ Simple Network Management Protocol (SNMP) is a widely supported method of monito
collectd is an open source statistics collection and reporting daemon with built-in support for writing to RRD files. Statistics on CPU utilization, memory and disk consumption, network interface traffic and errors, and system load can be forwarded to an external collectd server where graphs, analysis, and alerting may be configured using a wide range of available tools and plugins. To configure `collectd` forwarding, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/configuring-collectd)".
-Additionally, the monitoring tools built into underlying virtualization platforms may also be used for basic monitoring and alerting of system resources. For more information, see [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) and [VMware vSphere Monitoring](https://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-monitoring-performance-guide.pdf) documentation.
+Additionally, the monitoring tools built into underlying virtualization platforms may also be used for basic monitoring and alerting of system resources. For more information, see [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) and [VMware vSphere](https://docs.vmware.com/en/VMware-vSphere/index.html) documentation.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md
similarity index 86%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md
rename to content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md
index 7240998a8f45..cdc8a295d150 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md
+++ b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/increasing-cpu-or-memory-resources
- /admin/enterprise-management/increasing-cpu-or-memory-resources
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources
versions:
ghes: '*'
type: how_to
@@ -30,9 +31,9 @@ To add CPU or memory resources for an instance on AWS, you must change the insta
You can review resizing considerations, see supported instance types, and learn how to resize an instance on AWS.
-* [Resizing considerations for AWS](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-considerations-for-aws)
-* [Supported instance types on AWS](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#supported-instance-types-on-aws)
-* [Resizing an instance on AWS](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-an-instance-on-aws)
+* [Resizing considerations for AWS](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-considerations-for-aws)
+* [Supported instance types on AWS](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#supported-instance-types-on-aws)
+* [Resizing an instance on AWS](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-an-instance-on-aws)
### Resizing considerations for AWS
@@ -67,9 +68,9 @@ To add CPU or memory resources for an instance on Microsoft Azure, you must chan
You can review resizing considerations, see supported instance types, and learn how to resize an instance on Microsoft Azure.
-* [Resizing considerations for Microsoft Azure](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-considerations-for-microsoft-azure)
-* [Supported instance types on Microsoft Azure](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#supported-instance-types-on-microsoft-azure)
-* [Resizing an instance on Microsoft Azure](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-an-instance-on-microsoft-azure)
+* [Resizing considerations for Microsoft Azure](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-considerations-for-microsoft-azure)
+* [Supported instance types on Microsoft Azure](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#supported-instance-types-on-microsoft-azure)
+* [Resizing an instance on Microsoft Azure](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources#resizing-an-instance-on-microsoft-azure)
### Resizing considerations for Microsoft Azure
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md
similarity index 97%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md
rename to content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md
index 9a6b8629b7ba..0b7be90d7f3b 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md
+++ b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md
@@ -6,6 +6,7 @@ redirect_from:
- /enterprise/admin/enterprise-management/increasing-storage-capacity
- /admin/enterprise-management/increasing-storage-capacity
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity
versions:
ghes: '*'
type: how_to
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/index.md b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/index.md
similarity index 61%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/index.md
rename to content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/index.md
index c1dc2b79c2cb..2e97dbac653d 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/index.md
+++ b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/index.md
@@ -1,24 +1,20 @@
---
title: Updating the virtual machine and physical resources
-intro: 'Upgrading the virtual software and virtual hardware requires some downtime for your instance, so be sure to plan your upgrade in advance.'
+intro: 'Learn how to increase specific resources for the virtual machine that runs your {% data variables.product.product_name %} instance.'
redirect_from:
- /enterprise/admin/guides/installation/upgrading-the-vm
- /enterprise/admin/guides/installation/upgrading-physical-resources
- /enterprise/admin/installation/updating-the-virtual-machine-and-physical-resources
- /enterprise/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources
versions:
ghes: '*'
topics:
- Enterprise
children:
- - /upgrade-requirements
- - /upgrading-github-enterprise-server
- - /enabling-automatic-update-checks
- /increasing-storage-capacity
- /increasing-cpu-or-memory-resources
- - /migrating-from-github-enterprise-1110x-to-2123
- - /preparing-for-the-elasticsearch-upgrade
- - /known-issues-with-upgrades-to-your-instance
+ - /using-generation-2-virtual-machines
shortTitle: Update VM & resources
---
diff --git a/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines.md b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines.md
new file mode 100644
index 000000000000..0520e8eada91
--- /dev/null
+++ b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines.md
@@ -0,0 +1,33 @@
+---
+title: Using generation 2 virtual machines
+intro: 'New installs of {% data variables.product.prodname_ghe_server %} 3.14 or later can use generation 2 virtual machines.'
+redirect_from:
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines
+versions:
+ ghes: '>3.13'
+type: reference
+topics:
+ - Enterprise
+ - Upgrades
+shortTitle: Generation 2 virtual machines
+allowTitleToDifferFromFilename: true
+---
+
+## About generation 2 virtual machines
+
+Generation 2 virtual machines (Gen 2 VMs) allow you to vertically scale your appliance to cope with increased demand.
+
+Cloud service providers such as Microsoft Azure expect Gen 2 VMs to be bootable in UEFI mode. In new installations of version 3.14 and later, {% data variables.product.prodname_ghe_server %} supports both BIOS mode and UEFI mode. The partition layout has been updated to use four partitions:
+
+* Two for the supported boot modes (BIOS and UEFI)
+* Two for the {% data variables.product.prodname_ghe_server %} primary and fallback
+
+## Can I upgrade to a Gen 2 VM?
+
+If you are upgrading from 3.13 or earlier, your instance will **continue to boot** using BIOS firmware, with no changes to the partition layout. There is no upgrade path to the Gen 2 VM in UEFI mode.
+
+## How do I use a Gen 2 VM?
+
+To use a Gen 2 VM, you must deploy a **new** Gen 2 VM instance running version 3.14 or later, then restore your existing data onto this instance. This instance will have the required partition layout. Future upgrades from this point will have four partitions.
+
+Once you are running an instance on a Gen 2 VM with four partitions, during upgrades to a future release, the partition selection prompt will suggest a different default value. The partition selection will be between the third and fourth partitions.
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md b/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md
deleted file mode 100644
index 47ae628a0eef..000000000000
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md
+++ /dev/null
@@ -1,321 +0,0 @@
----
-title: Upgrading GitHub Enterprise Server
-intro: 'Upgrade {% data variables.product.product_name %} to get the latest features and security updates.'
-permissions: 'Site administrators can upgrade a {% data variables.product.product_name %} instance.'
-redirect_from:
- - /enterprise/admin/installation/upgrading-github-enterprise-server
- - /enterprise/admin/articles/upgrading-to-the-latest-release
- - /enterprise/admin/articles/migrations-and-upgrades
- - /enterprise/admin/guides/installation/upgrading-the-github-enterprise-virtual-machine
- - /enterprise/admin/guides/installation/upgrade-packages-for-older-releases
- - /enterprise/admin/articles/upgrading-older-installations
- - /enterprise/admin/hidden/upgrading-older-installations
- - /enterprise/admin/hidden/upgrading-github-enterprise-using-a-hotpatch-early-access-program
- - /enterprise/admin/hidden/upgrading-github-enterprise-using-a-hotpatch
- - /enterprise/admin/guides/installation/upgrading-github-enterprise
- - /enterprise/admin/enterprise-management/upgrading-github-enterprise-server
- - /admin/enterprise-management/upgrading-github-enterprise-server
- - /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server
-versions:
- ghes: '*'
-type: how_to
-topics:
- - Enterprise
- - Upgrades
-shortTitle: Upgrading GHES
----
-
-## About upgrades to {% data variables.product.product_name %}
-
-{% data reusables.enterprise.constantly-improving %} You are responsible for upgrades to your instance. For more information, see "[AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)."
-
-To upgrade an instance, you must plan and communicate the upgrade, choose the appropriate package, back up your data, and then perform the upgrade.
-
-> [!NOTE] Upgrading to a new feature release will cause a few hours of downtime, during which none of your users will be able to use the enterprise. You can inform your users about downtime by publishing a global announcement banner, using your enterprise settings or the REST API. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner)" and "[AUTOTITLE](/rest/enterprise-admin#announcements)."
-
-## Prerequisites
-
-To successfully upgrade {% data variables.location.product_location %}, the instance's data disk must be at least 15% free. {% data variables.product.company_short %} recommends ensuring there is more free storage on the disk. In some rare cases, for customers with large data volumes, this threshold may differ.
-
-{% data reusables.enterprise_installation.preflight-checks %}
-
-## Preparing to upgrade
-
-To prepare for an upgrade, plan the upgrade path, optionally upgrade {% data variables.product.prodname_actions %} runners, and schedule a maintenance window.
-
-1. Determine an upgrade strategy and choose a version to upgrade to. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements)" and refer to the [{% data variables.enterprise.upgrade_assistant %}](https://support.github.com/enterprise/server-upgrade) to find the upgrade path from your current release version.
-1. Create a fresh backup of your instance's primary node with the {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see the [README](https://github.com/github/backup-utils#readme) in the {% data variables.product.prodname_enterprise_backup_utilities %} project documentation.
-
- {% note %}
-
- **Note:** Your {% data variables.product.prodname_enterprise_backup_utilities %} version needs to be the same version as, or at most two versions ahead of, {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance#upgrading-github-enterprise-server-backup-utilities)."
-
- {% endnote %}
-
-1. If {% data variables.location.product_location %} uses ephemeral self-hosted runners for {% data variables.product.prodname_actions %} and you've disabled automatic updates, upgrade your runners to the version of the runner application that your upgraded instance will run. To find the minimum required version for your release, see "[AUTOTITLE](/admin/all-releases#minimum-github-actions-runner-application-versions)."
-1. If you are upgrading using an upgrade package, schedule a maintenance window for {% data variables.product.prodname_ghe_server %} end users. If you are using a hotpatch, maintenance mode is not required.
-
- {% note %}
-
- **Note:** The maintenance window depends on the type of upgrade you perform. Upgrades using a hotpatch usually don't require a maintenance window. Sometimes a reboot is required, which you can perform at a later time. Following the versioning scheme of MAJOR.FEATURE.PATCH, patch releases using an upgrade package typically require less than five minutes of downtime. Feature releases that include data migrations take longer depending on storage performance and the amount of data that's migrated. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
-
- {% endnote %}
-
-## Taking a snapshot
-
-A snapshot stores the state of a virtual machine (VM) at a point in time. {% data variables.product.company_short %} highly recommends taking a snapshot before upgrading your VM so that if an upgrade fails, you can revert your VM back to the snapshot. {% data variables.product.company_short %} only recommends taking a VM snapshot when the instance's VM is powered down, or when the instance is in maintenance mode and all background jobs have finished.
-
-If you're upgrading to a new feature release, you must take a VM snapshot. If you're upgrading to a patch release, you can attach the existing data disk.
-
-There are two types of snapshots:
-
-* **VM snapshots** save your entire VM state, including user data and configuration data. This snapshot method requires a large amount of disk space and is time consuming.
-* **Data disk snapshots** only save your user data.
-
- {% note %}
-
- **Notes:**
- * Some platforms don't allow you to take a snapshot of just your data disk. For these platforms, you'll need to take a snapshot of the entire VM.
- * If your hypervisor does not support full VM snapshots, you should take a snapshot of the root disk and data disk in quick succession.
-
- {% endnote %}
-
-| Platform | Snapshot method | Documentation |
-|---|---|---|
-| Amazon AWS | Disk | [Create Amazon EBS snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html) in the AWS documentation
-| Azure | VM | [Create a snaphot of a virtual hard disk on an Azure VM](https://learn.microsoft.com/azure/virtual-machines/snapshot-copy-managed-disk) in Microsoft Learn
-| Hyper-V | VM | [Enable or disable checkpoints in Hyper-V](https://docs.microsoft.com/windows-server/virtualization/hyper-v/manage/enable-or-disable-checkpoints-in-hyper-v) in Microsoft Learn
-| Google Compute Engine | Disk | [Create and manage disk snapshots](https://cloud.google.com/compute/docs/disks/create-snapshots) in the Google Cloud documentation
-| VMware | VM | [Taking Snapshots of a Virtual Machine](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.hostclient.doc/GUID-64B866EF-7636-401C-A8FF-2B4584D9CA72.html) in VMware Docs
-
-## Choosing an upgrade package
-
-You can upgrade a {% data variables.product.product_name %} instance to a new patch release or to a new feature release. To upgrade to a patch release, you can use a hotpatch or an upgrade package. To upgrade to a feature release, you must use an upgrade package.
-
-A {% data variables.product.product_name %} instance comprises one or more nodes. The upgrade process you must follow depends on how many nodes your instance has. For more information, see "[AUTOTITLE](/admin/overview/about-github-enterprise-server#about-deployment-topologies)."
-
-* [Upgrading with a hotpatch](#upgrading-with-a-hotpatch)
- * [Upgrading a standalone instance using a hotpatch](#upgrading-a-standalone-instance-using-a-hotpatch)
- * [Upgrading an instance with multiple nodes using a hotpatch](#upgrading-an-instance-with-multiple-nodes-using-a-hotpatch)
-* [Upgrading with an upgrade package](#upgrading-with-an-upgrade-package)
- * [Upgrading a standalone instance using an upgrade package](#upgrading-a-standalone-instance-using-an-upgrade-package)
- * [Upgrading an instance with multiple nodes using an upgrade package](#upgrading-an-instance-with-multiple-nodes-using-an-upgrade-package)
-
-## Upgrading with a hotpatch
-
-{% data reusables.enterprise_installation.hotpatching-explanation %}
-
-Using the {% data variables.enterprise.management_console %}, you can install a hotpatch immediately or schedule it for later installation. You can use the administrative shell to install a hotpatch with the `ghe-upgrade` utility. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements)."
-
-{% note %}
-
-**Notes**:
-
-* If {% data variables.location.product_location %} is running a release candidate build, you can't upgrade with a hotpatch.
-
-* Installing a hotpatch using the {% data variables.enterprise.management_console %} is not available for clusters. To install a hotpatch for a cluster, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/upgrading-a-cluster#upgrading-with-a-hotpatch)."
-
-{% endnote %}
-
-* [Upgrading a standalone instance using a hotpatch](#upgrading-a-standalone-instance-using-a-hotpatch)
-* [Upgrading an instance with multiple nodes using a hotpatch](#upgrading-an-instance-with-multiple-nodes-using-a-hotpatch)
-
-### Upgrading a standalone instance using a hotpatch
-
-If you're upgrading an instance with one node using a hotpatch, and your target is a patch release, you can upgrade using {% data variables.enterprise.management_console %}. To upgrade to a feature release, you must use the administrative shell.
-
-* [Installing a hotpatch using the {% data variables.enterprise.management_console %}](#installing-a-hotpatch-using-the-management-console)
-* [Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)
-
-#### Installing a hotpatch using the {% data variables.enterprise.management_console %}
-
-You can use the {% data variables.enterprise.management_console %} to upgrade with a hotpatch by enabling automatic updates. You will then be presented with the latest available version of {% data variables.product.prodname_ghe_server %} that you can upgrade to.
-
-If the upgrade target you're presented with is a feature release instead of a patch release, you cannot use the {% data variables.enterprise.management_console %} to install a hotpatch. You must install the hotpatch using the administrative shell instead. For more information, see "[Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)."
-
-1. Enable automatic updates. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks)."
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.updates-tab %}
-1. When a new hotpatch has been downloaded, select the **Install package** dropdown menu.
- * To install immediately, click **Now**.
- * To install later, select a later date.
-1. Click **Install**.
-
-#### Installing a hotpatch using the administrative shell
-
-{% data reusables.enterprise_installation.download-note %}
-
-{% data reusables.enterprise_installation.ssh-into-instance %}
-1. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %} Copy the URL for the upgrade hotpackage (_.hpkg_ file).
-{% data reusables.enterprise_installation.download-package %}
-1. Run the `ghe-upgrade` command using the package file name:
-
- ```shell
- admin@HOSTNAME:~$ ghe-upgrade GITHUB-UPGRADE.hpkg
- *** verifying upgrade package signature...
- ```
-
-1. If at least one service or system component requires a reboot, the hotpatch upgrade script notifies you. For example, updates to the kernel, MySQL, or Elasticsearch may require a reboot.
-
-### Upgrading an instance with multiple nodes using a hotpatch
-
-If you are installing a hotpatch, you do not need to enter maintenance mode or stop replication.
-
-* [Upgrading the primary node using a hotpatch](#upgrading-the-primary-node-using-a-hotpatch)
-* [Upgrading additional nodes using a hotpatch](#upgrading-additional-nodes-using-a-hotpatch)
-
-#### Upgrading the primary node using a hotpatch
-
-For instructions to upgrade the primary node, see "[Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)."
-
-#### Upgrading additional nodes using a hotpatch
-
-{% data reusables.enterprise_installation.multiple-node-upgrade-admonishment %}
-
-1. To upgrade the node, follow the instructions in "[Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)."
-{% data reusables.enterprise_installation.replica-ssh %}
-{% data reusables.enterprise_installation.replica-verify %}
-{% data reusables.enterprise_installation.multiple-node-repeat-upgrade-process %}
-
-## Upgrading with an upgrade package
-
-While you can use a hotpatch to upgrade to the latest patch release within a feature series, you must use an upgrade package to upgrade to a newer feature release. For example to upgrade from 2.11.10 to 2.12.4 you must use an upgrade package since these are in different feature series. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements)."
-
-* [Upgrading a standalone instance using an upgrade package](#upgrading-a-standalone-instance-using-an-upgrade-package)
-* [Upgrading an instance with multiple nodes using an upgrade package](#upgrading-an-instance-with-multiple-nodes-using-an-upgrade-package)
-
-### Upgrading a standalone instance using an upgrade package
-
-{% data reusables.enterprise_installation.download-note %}
-
-{% data reusables.enterprise_installation.ssh-into-instance %}
-1. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %} Select the appropriate platform and copy the URL for the upgrade package (_.pkg_ file).
-{% data reusables.enterprise_installation.download-package %}
-1. Enable maintenance mode and wait for all active processes to complete on the {% data variables.product.prodname_ghe_server %} instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
-
- {% note %}
-
- **Note**: When upgrading the primary node in a high availability configuration, the instance should already be in maintenance mode if you are following the instructions in "[Upgrading the primary node with an upgrade package](#upgrading-the-primary-node-with-an-upgrade-package)."
-
- {% endnote %}
-
-1. Run the `ghe-upgrade` command using the package file name:
-
- ```shell
- admin@HOSTNAME:~$ ghe-upgrade GITHUB-UPGRADE.pkg
- *** verifying upgrade package signature...
- ```
-
-1. Confirm that you'd like to continue with the upgrade and restart after the package signature verifies. The new root filesystem writes to the secondary partition and the instance automatically restarts in maintenance mode:
-
- ```shell
- *** applying update...
- This package will upgrade your installation to version VERSION-NUMBER
- Current root partition: /dev/xvda1 [VERSION-NUMBER]
- Target root partition: /dev/xvda2
- Proceed with installation? [y/N]
- ```
-
-{%- ifversion ghe-migrations-cli-utility %}
-1. Optionally, during an upgrade to a feature release, you can monitor the status of database migrations using the `ghe-migrations` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
-{%- endif %}
-1. After the instance restarts, the upgrade will continue in the background. You cannot unset maintenance mode until the process completes.
-
- {% ifversion ghes-upgrade-complete-indicator %}
- To check the status of background jobs, use the `ghe-check-background-upgrade-jobs` utility. If you're running back-to-back upgrades, you must ensure background jobs are complete before proceeding with the following upgrade to a feature release.
-
- {%- ifversion ghes < 3.12 %} To use this utility with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.{% endif %}{%- endif %} For more information{% ifversion ghes < 3.12 %} about the utility{% endif %}, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-check-background-upgrade-jobs)."
-
- To monitor progress of the configuration run, read the output in `/data/user/common/ghe-config.log`. For example, you can tail the log by running the following command:
-
- ```shell
- tail -f /data/user/common/ghe-config.log
- ```
-
-{% ifversion ip-exception-list %}
-1. Optionally, after the upgrade, validate the upgrade by configuring an IP exception list to allow access to a specified list of IP addresses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)."
-{% endif %}
-1. For single node upgrades, disable maintenance mode so users can use {% data variables.location.product_location %}.
-
- {% note %}
-
- **Note**: After you upgrade an instance in a high availability configuration, you should remain in maintenance mode until you have upgraded all of the replica nodes and replication is current. For more information, see "[Upgrading additional nodes with an upgrade package](#upgrading-additional-nodes-with-an-upgrade-package)."
-
- {% endnote %}
-
-### Upgrading an instance with multiple nodes using an upgrade package
-
-To upgrade an instance that comprises multiple nodes using an upgrade package, you must upgrade the primary node, then upgrade any additional nodes.
-
-* [Upgrading the primary node with an upgrade package](#upgrading-the-primary-node-with-an-upgrade-package)
-* [Upgrading additional nodes with an upgrade package](#upgrading-additional-nodes-with-an-upgrade-package)
-
-#### Upgrading the primary node with an upgrade package
-
-{% warning %}
-
-**Warning:** When replication is stopped, if the primary fails, any work that is done before the replica is upgraded and the replication begins again will be lost.
-
-{% endwarning %}
-
-1. On the primary node, enable maintenance mode and wait for all active processes to complete. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
-{% data reusables.enterprise_installation.replica-ssh %}
-1. To stop replication on all nodes, run `ghe-repl-stop` on each node.
-1. To upgrade the primary node, follow the instructions in "[Upgrading a standalone instance using an upgrade package](#upgrading-a-standalone-instance-using-an-upgrade-package)."
-
-#### Upgrading additional nodes with an upgrade package
-
-{% data reusables.enterprise_installation.multiple-node-upgrade-admonishment %}
-
-1. Upgrade the node by following the instructions in "[Upgrading a standalone instance using an upgrade package](#upgrading-a-standalone-instance-using-an-upgrade-package)."
-{% data reusables.enterprise_installation.replica-ssh %}
-{% data reusables.enterprise_installation.replica-verify %}
-{% data reusables.enterprise_installation.start-replication %}
-{% data reusables.enterprise_installation.replication-status %} If the command returns `Replication is not running`, the replication may still be starting. Wait about one minute before running `ghe-repl-status` again.
-
- {% note %}
-
- **Notes:**
-
- * While the resync is in progress `ghe-repl-status` may indicate that replication is behind. For example, you may see the following message.
-
- ```text
- CRITICAL: git replication is behind the primary by more than 1007 repositories and/or gists
- ```
-
- * If {% data variables.product.prodname_actions %} is enabled on {% data variables.location.product_location %}, you may see a message like the following. This message is expected when replication is paused due to maintenance mode being set on the primary appliance. Once maintenance mode is unset, this message should be resolved.
-
- ```text
- CRITICAL: mssql replication is down, didn't find Token_Configuration!
- ```
-
- {% endnote %}
-
- If `ghe-repl-status` did not return `OK`, and the explanation isn't listed in the note above, contact {% data variables.contact.enterprise_support %}. For more information, see "[AUTOTITLE](/support/contacting-github-support)."
-
-{% data reusables.enterprise_installation.multiple-node-repeat-upgrade-process %}
-1. After you have upgraded the last replica node and the resync is complete, disable maintenance mode so users can use {% data variables.location.product_location %}.
-
-## Restoring from a failed upgrade
-
-If an upgrade fails or is interrupted, you should revert your instance back to its previous state. The process for completing this depends on the type of upgrade.
-
-### Rolling back a patch release
-
-To roll back a patch release, use the `ghe-upgrade` command with the `--allow-patch-rollback` switch. Before rolling back, replication must be temporarily stopped by running `ghe-repl-stop` on all replica nodes. {% data reusables.enterprise_installation.command-line-utilities-ghe-upgrade-rollback %}
-
-After the rollback is complete, restart replication by running `ghe-repl-start` on all nodes.
-
-For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-upgrade)."
-
-### Rolling back a feature release
-
-To roll back from a feature release, restore from a VM snapshot to ensure that root and data partitions are in a consistent state. For more information, see "[Taking a snapshot](#taking-a-snapshot)."
-
-{% ifversion ghes %}
-
-## Further reading
-
-* "[AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)"
-{% endif %}
diff --git a/content/admin/overview/about-github-enterprise-cloud.md b/content/admin/overview/about-github-enterprise-cloud.md
index d969bd3c92a1..2501a34a03bb 100644
--- a/content/admin/overview/about-github-enterprise-cloud.md
+++ b/content/admin/overview/about-github-enterprise-cloud.md
@@ -1,6 +1,6 @@
---
title: About GitHub Enterprise Cloud
-intro: '{% data reusables.enterprise.about-ghec %}'
+intro: 'Learn about {% data variables.product.prodname_ghe_cloud %}, its features, and management options for large businesses and teams.'
versions:
ghec: '*'
type: overview
@@ -9,23 +9,25 @@ topics:
- Fundamentals
---
-## About {% data variables.product.product_name %}
+{% data variables.product.prodname_ghe_cloud %} is a deployment option for {% data variables.product.prodname_enterprise %}, adding advanced features to {% data variables.product.prodname_dotcom %}, including:
-{% data variables.product.product_name %} adds advanced functionality to {% data variables.product.prodname_dotcom_the_website %}, such as SAML authentication, additional {% data variables.product.prodname_actions %} minutes, the ability to restrict email notifications to verified domains, and privately published {% data variables.product.prodname_pages %} sites. For a full list of features included with {% data variables.product.product_name %}, see our [Pricing](https://github.com/pricing) page.
+* SAML authentication
+* Additional {% data variables.product.prodname_actions %} minutes
+* Restrict email notifications to verified domains
+* Privately published {% data variables.product.prodname_pages %} sites
+* {% data variables.enterprise.prodname_managed_users_caps %}
+* Repository rulesets
+* {% data variables.product.company_short %}'s compliance reports
-One of the main differences between {% data variables.product.product_name %} and other plans for {% data variables.product.prodname_dotcom_the_website %} is access to an enterprise account. Enterprise accounts provide administrators with a single point of visibility and management across multiple organizations. For more information, see "[AUTOTITLE](/admin/overview/about-enterprise-accounts)."
+For a full list of features included with {% data variables.product.product_name %}, see our [Pricing](https://github.com/pricing) page.
-{% data reusables.enterprise.ghe-includes-ghec-and-ghes %} For more information about {% data variables.product.prodname_ghe_server %} and how it differs from {% data variables.product.prodname_ghe_cloud %}, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises#about-deployment-options)."
-
-## About enterprise types
+## What are the differences between {% data variables.product.product_name %} and other plans?
-Before you start using {% data variables.product.product_name %}, you must decide whether you want to allow your developers to create and manage their own personal accounts, or whether you want to use {% data variables.product.prodname_emus %}, which allows you to create and manage the user accounts for your developers through your IdP.
+A key difference between {% data variables.product.product_name %} and other {% data variables.product.prodname_dotcom %} plans is access to an enterprise account, which gives administrators a central point for managing multiple organizations. See "[AUTOTITLE](/admin/overview/about-enterprise-accounts)."
-If you choose {% data variables.product.prodname_emus %}, all user accounts must be provisioned by a supported IdP via SCIM, and you can manage team and organization membership via your IdP, too. {% data variables.enterprise.prodname_managed_users_caps %} are strongly restricted in their ability to contribute outside of your enterprise.
-
-If you choose not to use {% data variables.product.prodname_emus %}, your developers will create their own personal accounts on {% data variables.product.prodname_dotcom_the_website %}, but you can optionally require SAML authentication before those personal accounts can access your enterprise's resources.
+{% data reusables.enterprise.ghe-includes-ghec-and-ghes %} For more information about {% data variables.product.prodname_ghe_server %} and how it differs from {% data variables.product.prodname_ghe_cloud %}, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises#about-deployment-options)."
-To help you decide which choice is best for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud)."
+{% data reusables.enterprise.enterprise-types %}
## About documentation
@@ -36,9 +38,9 @@ Documentation for both administrators and users of {% data variables.product.pro
{% data reusables.docs.ghec-docs %}
-## Trying {% data variables.product.product_name %}
+## Can I try {% data variables.product.product_name %}?
-You can sign up for a free, 30-day trial of {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
+You can sign up for a free, 30-day trial of {% data variables.product.product_name %}. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
## Further reading
diff --git a/content/admin/overview/about-github-enterprise-server.md b/content/admin/overview/about-github-enterprise-server.md
index 751596154f5e..5d34dce81e88 100644
--- a/content/admin/overview/about-github-enterprise-server.md
+++ b/content/admin/overview/about-github-enterprise-server.md
@@ -1,6 +1,6 @@
---
title: About GitHub Enterprise Server
-intro: '{% data variables.product.product_name %} is a software development platform that you can host in a private environment.'
+intro: 'Find out if {% data variables.product.product_name %} is right for your business.'
versions:
ghes: '*'
type: overview
@@ -9,97 +9,65 @@ topics:
- Fundamentals
---
-## About {% data variables.product.product_name %}
+{% data reusables.enterprise.ghes-is-a-self-hosted-platform %} Your business can benefit from increased control and avoid issues associated the public cloud, while your developers can benefit from familiar features and workflows from {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise.ghes-is-a-self-hosted-platform %} Your team can use {% data variables.product.product_name %} to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with {% data variables.product.prodname_dotcom_the_website %} can onboard and contribute seamlessly using familiar features and workflows. {% data reusables.enterprise.about-github-for-enterprises %}
+{% data variables.product.product_name %} is suitable for enterprises that are subject to regulatory compliance. It runs on your infrastructure and is governed by access and security controls that you define, such as firewalls, network policies, IAM, monitoring, and VPNs.
-{% data reusables.enterprise.ghes-runs-on-your-infrastructure %}
+{% data variables.product.product_name %} is a deployment option for the {% data variables.product.prodname_enterprise %} plan. To learn about available features and assess other deployment options, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises)."
-{% data reusables.enterprise.github-distributes-ghes %} For more information, see "[AUTOTITLE](/admin/overview/system-overview)."
+## Features and releases
-{% note %}
+{% data reusables.enterprise.constantly-improving %}
-**Note:** Installing third-party software or making changes to the underlying operating system is not supported for {% data variables.product.prodname_ghe_server %}.
+Most features are released on {% data variables.product.prodname_dotcom_the_website %} first, then come to {% data variables.product.product_name %} through the release process. You can see which features we're working on in the [{% data variables.product.prodname_roadmap %}]({% data variables.product.prodname_roadmap_link %}).
-{% endnote %}
+### Optional features
-You can choose to deploy {% data variables.product.product_name %} on premises, or to a supported cloud environment.
+You can also configure optional features on {% data variables.product.product_name %} to improve the software development lifecycle for your enterprise.
-## Supported environments for deployment
+* **{% data variables.product.prodname_actions %}**: Automate CI/CD and development workflows
+* **{% data variables.product.prodname_GH_advanced_security %}**: Scan code for secrets and vulnerabilities
+* **{% data variables.product.prodname_github_connect %}**: Benefit from data and features on {% data variables.product.prodname_dotcom_the_website %}
+* **{% data variables.product.prodname_registry %}**: Host software packages for your enterprise
+
+## How do I deploy {% data variables.product.product_name %}?
+
+{% data reusables.enterprise.github-distributes-ghes %} Installing third-party software or making changes to the underlying operating system is not supported.
You can deploy {% data variables.product.product_name %} to a virtualization hypervisor within your on-premises datacenter, or to a public cloud service.
-{% data variables.product.company_short %} supports the following virtualization hypervisors for on-premises deployment.
+### Supported on-premises hypervisors
* Microsoft Hyper-V
* OpenStack KVM
* VMware ESXi
-{% data variables.product.company_short %} supports the following services for cloud deployment.
+### Supported cloud services
* Amazon Web Services (AWS)
* Google Cloud Platform (GCP)
* Microsoft Azure
-For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)."
-
-## About releases and upgrades
-
-{% data reusables.enterprise.constantly-improving %} You are responsible for upgrades to your instance. For more information, see "[AUTOTITLE](/admin/all-releases)."
-
-## About administration
-
-You can configure and monitor {% data variables.product.product_name %} via browser, administrative SSH access, and REST or GraphQL APIs. {% data variables.product.company_short %} has found that people with Linux administration experience are more successful with the deployment and maintenance of {% data variables.product.product_name %}.
-
-You can give certain employees administrative access to {% data variables.product.product_name %}, so they can set up external authentication, configure the instance to meet developer needs, and monitor the instance's activity and performance. To ensure compliance with business rules or regulatory restrictions, administrators can configure policies that control how people use {% data variables.location.product_location %}. For more information, see the following articles.
-
-* "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise)"
-* "[AUTOTITLE](/admin/configuration/configuring-your-enterprise)"
-* "[AUTOTITLE](/admin/overview/about-the-github-enterprise-api)"
-* "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance)"
-* "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise)"
-* "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)"
-
-## About optional features
-
-You can configure optional features for {% data variables.product.product_name %} that improve the software development lifecycle for your enterprise.
-
-| Feature | Description | More information |
-| :- | :- | :- |
-| {% data variables.product.prodname_actions %} | Automate CI/CD and development workflows | "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)" |
-| {% data variables.product.prodname_github_connect %} | Benefit from the power of {% data variables.product.prodname_dotcom_the_website %} in limited ways | "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)" |
-| {% data variables.product.prodname_GH_advanced_security %} | Improve code security and quality | "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" |
-| {% data variables.product.prodname_registry %} | Host software packages for your enterprise | "[AUTOTITLE](/packages/learn-github-packages/introduction-to-github-packages)" |
-
-## About deployment topologies
-
-By default, {% data variables.product.product_name %} runs as a standalone instance. You can increase the reliability and performance of {% data variables.product.product_name %} by using a different topology for your deployment.
-
-* To mitigate the impact of system or network failures, you can deploy a passive replica instance. During an outage that affects your primary instance, you can manually fail over to the replica instance. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)."
-* You can configure multiple active replicas to improve performance for developers who are geographically distant from your primary instance. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-geo-replication)."
-* Some enterprises with tens of thousands of developers may benefit from a cluster configuration that scales horizontally instead of vertically. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-clustering)."
-
-## About backups and disaster recovery
-
-To safeguard against data loss or service disruptions for your developers, {% data variables.product.company_short %} strongly recommends that you establish a plan for disaster recovery. You can back up your instance's configuration and user data by deploying and configuring a Linux or Unix host system with {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)."
+## Administrative options
-Additionally, you can configure a passive replica instance to fail over to in the event of a system or network failure. For more information, see "[About deployment topologies](#about-deployment-topologies)."
+You can give certain employees administrative access to your {% data variables.product.product_name %} instance. {% data variables.product.company_short %} has found that people with Linux administration experience are more successful with deployment and maintenance.
-## About documentation
+Administrators can:
-Documentation for both administrators and users of {% data variables.product.product_name %} is available on this site, {% data variables.product.prodname_docs %}.
+* Configure and monitor the instance via browser, administrative SSH access, and REST or GraphQL APIs
+* Set up external authentication using CAS, LDAP, or SAML
+* Set usage policies to ensure compliance with business rules or regulatory restrictions
-* [Enterprise administrator documentation](/admin)
-* [User documentation](/)
+## Backups and availability
-Different versions of {% data variables.product.product_name %} are reflected separately in the documentation on {% data variables.product.prodname_docs %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-versions-of-github-docs)."
+{% data variables.product.product_name %} provides options for safeguarding against data loss or service disruptions.
-## Trying {% data variables.product.product_name %}
+* To back up configuration and user data, you can take regular snapshots of your instance using our Backup Utilities system.
+* To increase reliability, you can configure a passive replica instance to fail over to in the event of a system or network failure.
+* To improve performance, you can configure active replicas to scale the instance for dispersed users or high demand.
-You can sign up for a free, 45-day trial of {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-server)."
+## Getting started
-## Further reading
+You can sign up for a free, 45-day trial of {% data variables.product.product_name %}. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-server)."
-* "[AUTOTITLE](/get-started/onboarding/getting-started-with-github-enterprise-server)"
-* "[AUTOTITLE](/support/learning-about-github-support/about-github-support)"
-* [ {% data variables.product.prodname_roadmap %} ]( {% data variables.product.prodname_roadmap_link %} ) in the `github/roadmap` repository
+If you're ready to get started with a production instance, see "[AUTOTITLE](/get-started/onboarding/getting-started-with-github-enterprise-server)."
diff --git a/content/admin/overview/about-github-for-enterprises.md b/content/admin/overview/about-github-for-enterprises.md
index 8425bd948046..3bcf3803b4df 100644
--- a/content/admin/overview/about-github-for-enterprises.md
+++ b/content/admin/overview/about-github-for-enterprises.md
@@ -10,22 +10,58 @@ topics:
- Fundamentals
---
+## Why should my business choose {% data variables.product.prodname_dotcom %}?
+
+* **Provide a platform developers already know.** Adopting {% data variables.product.prodname_dotcom %} can help you reduce onboarding time, attract talent, and leverage a large open source community by using tools already familiar to more than 100 million developers.
+* **Consolidate tools in the cloud.** {% data variables.product.prodname_dotcom %} is a complete developer platform to build, scale, and deliver secure software. Adopting {% data variables.product.prodname_dotcom %} can help companies consolidate their DevOps tools or move away from on-premises solutions that can be difficult to maintain.
+* **Benefit from modern features.** {% data variables.product.company_short %} consistently releases new features and updates. Our platform includes well-known tools like {% data variables.product.prodname_copilot %} and {% data variables.product.prodname_actions %}.
+
## How enterprises use {% data variables.product.prodname_dotcom %}
-{% data variables.product.prodname_dotcom %} is a complete developer platform to build, scale, and deliver secure software. Businesses use our products to support the entire software development lifecycle, increasing development velocity and improving code quality.
+Businesses use {% data variables.product.prodname_dotcom %} products to support the entire software development lifecycle, increasing development velocity and improving code quality.
+
+With {% data variables.product.prodname_dotcom %}, your business can plan work, increase productivity, automate processes, and keep code secure.
+
+### Collaboration
+
+Your developers can:
+
+* Track work and communicate in issues and discussions
+* Plan and review work cycles with projects
+* Review each other's work in pull requests
+
+### Productivity
+
+Your developers can:
-* **Track**: Developers can store and version control your source code in repositories, using issues and projects to plan their work.
-* **Code**: Developers can code in {% data variables.product.prodname_github_codespaces %}, a cloud-hosted development environment, review each other's code with pull requests, and use code security features to keep secrets and vulnerabilities out of your codebase.
-* **Deploy**: You can automate your build, test, and deployment pipeline with {% data variables.product.prodname_actions %} and host software packages with {% data variables.product.prodname_registry %}.
+* Benefit from AI-powered code suggestions with {% data variables.product.prodname_copilot %}, the most widely adopted AI developer tool
+* Get started with new projects quickly with {% data variables.product.prodname_github_codespaces %}, a cloud-hosted development environment
+* Integrate with {% data variables.product.prodname_dotcom %} from their local development environment using {% data variables.product.prodname_cli %} and {% data variables.product.prodname_desktop %}
-## Benefits of {% data variables.product.prodname_enterprise %}
+### Automation
+
+Your business can:
+
+* Automate your build, test, and deployment pipeline with {% data variables.product.prodname_actions %}
+* Host software packages with {% data variables.product.prodname_registry %}
+* Build tooling with REST and GraphQL APIs, {% data variables.product.prodname_github_apps %}, and webhooks
+
+### Security
+
+Your business can:
+
+* Be alerted to leaked secrets or vulnerable code patterns using {% data variables.product.prodname_GH_advanced_security %} tools
+* Keep software dependencies up to date with {% data variables.product.prodname_dependabot %}
+* Monitor the security landscape across your repositories with security overview
+
+## Benefits of the {% data variables.product.prodname_enterprise %} plan
{% data variables.product.prodname_enterprise %} is our most comprehensive plan. In addition to the features included with a {% data variables.product.prodname_free_team %} or {% data variables.product.prodname_team %} plan for organizations, the plan includes:
* Additional features such as SAML authentication and internal repositories. For a detailed list, see {% data variables.product.pricing_link %}.
* Extra allowances for usage-based products such as {% data variables.product.prodname_actions %}.
* An enterprise account, which provides a single place to manage billing and settings, enforce policies, and audit the people with access to your enterprise.
-* The option to add {% data variables.product.prodname_GH_advanced_security %} and {% data variables.contact.premium_support %}.
+* The option to add {% data variables.product.prodname_GH_advanced_security %}, {% data variables.contact.premium_support %}, and {% data variables.product.prodname_copilot_enterprise %}.
When businesses adopt {% data variables.product.prodname_enterprise %}, their return on investment (ROI) is high. For example, their developers **save 45 minutes per day**, and onboarding and **training time is reduced by 40%**. See [The Total Economic Impact of {% data variables.product.prodname_enterprise %}](https://resources.github.com/forrester/).
@@ -50,7 +86,6 @@ When businesses adopt {% data variables.product.prodname_enterprise %}, their re
* "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud)"{% ifversion not ghec %} in the {% data variables.product.prodname_ghe_cloud%} documentation{% endif %}
* "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/overview/about-github-enterprise-server){% ifversion not ghes %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% else %}."{% endif %}
-
1. Set up a trial.
* "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)"
diff --git a/content/admin/overview/about-upgrades-to-new-releases.md b/content/admin/overview/about-upgrades-to-new-releases.md
index 5b949060917e..d4d58727e317 100644
--- a/content/admin/overview/about-upgrades-to-new-releases.md
+++ b/content/admin/overview/about-upgrades-to-new-releases.md
@@ -45,7 +45,7 @@ Between feature releases, you can benefit from patch releases, which:
There are two ways to upgrade {% data variables.product.prodname_ghe_server %}:
* To set up a **completely new {% data variables.product.product_name %} instance** and configure the instance however you like, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise)."
-* To upgrade your **existing instance** to a new release, see "[AUTOTITLE](/enterprise-server@latest/admin/release-notes)" and "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+* To upgrade your **existing instance** to a new release, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
## Further reading
diff --git a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md
index 61da312a54ba..c267e4dc8bbd 100644
--- a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md
+++ b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md
@@ -24,35 +24,28 @@ To set up a trial, you must be signed in to a personal account. If you don't hav
You do not need to provide a payment method during the trial.
-## Is the trial right for me?
-
-The self-serve trial **is not** right for you if your company:
-
-* Wants to try {% data variables.product.prodname_emus %}
-* Wants to try {% data variables.product.prodname_ghe_server %} alongside {% data variables.product.prodname_ghe_cloud %}
-* Has a Microsoft Enterprise Agreement
-* Needs to connect an Azure subscription to the enterprise during the trial
-
-If any of these apply and you want to set up a trial, **contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact)**.
+{% data reusables.enterprise.enterprise-types %}
## What is included in the trial?
The trial lasts for **{% data reusables.enterprise.ghec-trial-length %} days** and includes the following features.
-* Access to **most** {% data variables.product.prodname_ghe_cloud %} features.
+* Access to **most** {% data variables.product.prodname_ghe_cloud %} features.{% ifversion metered-ghe-ghas%}
+* Access to the **enhanced billing platform**. See "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises)."{% endif %}
* An **enterprise account**, which allows you to manage multiple organizations. See "[AUTOTITLE](/enterprise-cloud@latest/get-started/learning-about-github/types-of-github-accounts)."
* Up to **50 seats** to grant access to users.
* The option to set up a free trial of **{% data variables.product.prodname_GH_advanced_security %}** to test features such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}. See "[AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security)."
## Features not included in the trial
-* {% data variables.product.prodname_emus %}
+* {% data variables.product.prodname_ghe_server %}
* {% data variables.product.prodname_github_codespaces %}
* {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}
* {% data variables.product.prodname_sponsors %}
* Paid {% data variables.product.prodname_marketplace %} apps
* {% data variables.product.prodname_github_connect %}
-* For {% data variables.product.prodname_actions %}, increased minutes, job concurrency, and {% data variables.actions.hosted_runner %}s
+* {% data variables.large_files.product_name_long %}
+* For {% data variables.product.prodname_actions %}, increased minutes, job concurrency, and {% data variables.actions.hosted_runners %}
If you invite an existing organization into your trial enterprise, **all of these features will be disabled**. If you remove the organization from the enterprise, the features will be re-enabled.
@@ -72,8 +65,12 @@ You can end your trial at any time by purchasing {% data variables.product.prodn
If you **purchase {% data variables.product.prodname_enterprise %}**:
-* You'll now be charged for each unique user in your enterprise.
-* You can add more seats to your subscription, up to 1,000.
+{% ifversion metered-ghe-ghas%}
+* You can use usage-based billing for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GH_advanced_security %}, which means you pay monthly for the number of licenses you use. You will not need to buy a predefined number of licenses in advance. See, "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses)."
+
+ If you did not set up a free trial and you want to use usage-based billing to pay for {% data variables.product.prodname_GH_advanced_security %} after the {% data variables.product.prodname_ghe_cloud %} trial ends, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).{% endif %}
+
+* You can generate a {% data variables.product.prodname_ghe_server %} license file for the same quantity of users who are consuming a {% data variables.product.prodname_ghe_cloud %} license.
If you **cancel your trial**:
@@ -92,13 +89,23 @@ For more information about the effects of downgrading an organization, see "[AUT
You can end a trial by purchasing {% data variables.product.prodname_enterprise %} or by canceling the trial. If a trial has expired, you can delete the trial.
+### Purchasing {% data variables.product.prodname_enterprise %}
+
+You can purchase {% data variables.product.prodname_enterprise %} at any time during the trial.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. To end the trial period and purchase {% data variables.product.prodname_enterprise %}, click **Activate Enterprise** in the blue banner at the top of the page.
+
+### Canceling or deleting a trial
+
+You can cancel a trial at any time. Once the trial has expired, you can delete the trial.
+
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.billing-tab %}
-1. Click **Buy Enterprise**, **Cancel trial**, or **Delete trial**.
+1. Under {% octicon "gear" aria-hidden="true" %} **Settings**, click **Profile**.
+1. At the bottom of the page, in the "Danger zone" section, click **Cancel trial** or **Delete trial**.
## Further reading
-* "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)"
* "[AUTOTITLE](/admin/overview/best-practices-for-enterprises)"
* [{% data variables.product.prodname_roadmap %}]({% data variables.product.prodname_roadmap_link %})
diff --git a/content/admin/overview/system-overview.md b/content/admin/overview/system-overview.md
index 0eeb34a39df2..3214cecf4625 100644
--- a/content/admin/overview/system-overview.md
+++ b/content/admin/overview/system-overview.md
@@ -27,6 +27,8 @@ The root filesystem is included in the distributed machine image. It contains th
The root storage volume is split into two equally-sized partitions. One of the partitions will be mounted as the root filesystem (`/`). The other partition is only mounted during upgrades and rollbacks of upgrades as `/mnt/upgrade`, to facilitate easier rollbacks if necessary. For example, if a 200GB root volume is allocated, there will be 100GB allocated to the root filesystem and 100GB reserved for the upgrades and rollbacks.
+{% ifversion ghes > 3.13 %}In new installations of 3.14 and later, the root storage volume is split into four partitions. Two small partitions are for the supported boot modes (BIOS and UEFI), and the other two equally large partitions are for the {% data variables.product.product_name %} primary, and upgrades and rollbacks.{% endif %}
+
The root filesystem contains files that store the following information. This list is not exhaustive.
* Custom certificate authority (CA) certificates (in `/usr/local/share/ca-certificates*`)
@@ -45,7 +47,11 @@ The user filesystem contains files that store following configuration and data.
## Deployment topologies
-You can deploy {% data variables.product.product_name %} in a variety of topologies, such as a high availability pair. For more information, see "[AUTOTITLE](/admin/overview/about-github-enterprise-server#about-deployment-topologies)."
+By default, {% data variables.product.product_name %} runs as a standalone instance. You can increase the reliability and performance of {% data variables.product.product_name %} by using a different topology for your deployment.
+
+* To mitigate the impact of system or network failures, you can deploy a passive replica instance. During an outage that affects your primary instance, you can manually fail over to the replica instance. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)."
+* You can configure multiple active replicas to improve performance for developers who are geographically distant from your primary instance. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-geo-replication)."
+* Some enterprises with tens of thousands of developers may benefit from a cluster configuration that scales horizontally instead of vertically. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-clustering)."
## Data retention and datacenter redundancy
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
deleted file mode 100644
index 7b7f742fee12..000000000000
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
+++ /dev/null
@@ -1,194 +0,0 @@
----
-title: Enforcing policies for GitHub Actions in your enterprise
-intro: 'You can enforce policies for {% data variables.product.prodname_actions %} within your enterprise''s organizations, or allow policies to be set in each organization.'
-permissions: 'Enterprise owners{% ifversion custom-org-roles %} and users with the "Manage organization Actions policies" permission{% endif %} can enforce policies for {% data variables.product.prodname_actions %} in an enterprise.'
-redirect_from:
- - /enterprise/admin/github-actions/enforcing-github-actions-policies-for-your-enterprise
- - /admin/github-actions/enforcing-github-actions-policies-for-your-enterprise
- - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enforcing-github-actions-policies-for-your-enterprise
- - /github/setting-up-and-managing-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account
- - /github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account
- - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account
- - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-github-actions-policies-for-your-enterprise
- - /github/setting-up-and-managing-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
- - /github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
- - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
-versions:
- ghec: '*'
- ghes: '*'
-type: how_to
-topics:
- - Actions
- - Enterprise
- - Policies
-shortTitle: GitHub Actions policies
----
-
-
-## About policies for {% data variables.product.prodname_actions %} in your enterprise
-
-{% data variables.product.prodname_actions %} helps members of your enterprise automate software development workflows on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)."
-
-{% ifversion ghes %}If you enable {% data variables.product.prodname_actions %}, any{% else %}Any{% endif %} organization on {% data variables.location.product_location %} can use {% data variables.product.prodname_actions %}. You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} use {% data variables.product.prodname_actions %}. By default, organization owners{% ifversion custom-org-roles %} and users with the "Manage organization Actions policies" permission{% endif %} can manage how members use {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)."
-
-{% ifversion custom-org-roles %}For more information about custom organization roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %}
-
-## Enforcing a policy to restrict the use of {% data variables.product.prodname_actions %} in your enterprise
-
-You can choose to disable {% data variables.product.prodname_actions %} for all organizations in your enterprise, or only allow specific organizations. You can also limit the use of public actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}, so that people can only use local actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} that exist in your enterprise.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-1. Under "Policies", select your options.
-
- {% data reusables.actions.actions-use-policy-settings %}
-
- {%- ifversion ghes %}
- {% note %}
-
- **Note:** To enable access to public actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %}, you must first configure {% data variables.location.product_location %} to connect to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
-
- {% endnote %}
- {%- endif %}
-1. Click **Save**.
-
-{% data reusables.actions.allow-specific-actions-intro %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-1. Under "Policies", select {% data reusables.actions.policy-label-for-select-actions-workflows %} and add your required actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} to the list.
-
-{% ifversion actions-disable-repo-runners %}
-
-## Disabling repository-level self-hosted runners
-
-{% data reusables.actions.disable-selfhosted-runners-overview %} For more information on creating self-hosted runners at the repository level, see "[AUTOTITLE](/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)."
-
-By default anyone with admin access to a repository can add a self-hosted runner for the repository. The enterprise settings allow you to disable the use of repository-level self-hosted runners across all repositories in your enterprise. If you allow repository-level self-hosted runners for your enterprise, organization owners{% ifversion custom-org-roles %} and users with the "Manage organization runners and runner groups" permission{% endif %} can choose to allow or prevent creation of repository-level self-hosted runners for some or all repositories in their organization. For more information see, "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)."
-
-{% ifversion custom-org-roles %}For more information about custom organization roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %}
-
-{% data reusables.actions.disable-selfhosted-runners-note %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-1. In the "Runners" section, select **Disable for all organizations**.{% ifversion ghec %}
-
- {% note %}
-
- **Note**: Owners of an {% data variables.enterprise.prodname_emu_enterprise %} can also choose to select **Disable in all Enterprise Managed User (EMU) repositories** to restrict runner creation for repositories that are owned by managed user accounts.
-
- {% endnote %}
-
- {% endif %}
-1. Click **Save** to apply the change.
-
-{% endif %}
-
-## Enforcing a policy for artifact and log retention in your enterprise
-
-{% data variables.product.prodname_actions %} can store artifact and log files. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts)."
-
-{% data reusables.actions.about-artifact-log-retention %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-{% data reusables.actions.change-retention-period-for-artifacts-logs %}
-
-## Enforcing a policy for fork pull requests in your enterprise
-
-You can enforce policies to control how {% data variables.product.prodname_actions %} behaves for {% data variables.location.product_location %} when members of your enterprise{% ifversion ghec %} or outside collaborators{% endif %} run workflows from forks.
-
-{% ifversion ghec %}
-
-### Enforcing a policy for approval of pull requests from outside collaborators
-
-{% data reusables.actions.workflow-run-approve-public-fork %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-{% data reusables.actions.workflows-from-public-fork-setting %}
-
-{% data reusables.actions.workflow-run-approve-link %}
-
-{% endif %}
-
-### Enforcing a policy for fork pull requests in private repositories
-
-{% data reusables.actions.private-repository-forks-overview %}
-
-If a policy is enabled for an enterprise, the policy can be selectively disabled in individual organizations or repositories. If a policy is disabled for an enterprise, individual organizations or repositories cannot enable it.
-
-{% data reusables.actions.private-repository-forks-options %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-{% data reusables.actions.private-repository-forks-configure %}
-
-{% ifversion ghec or ghes %}
-
-## Enforcing a policy for workflow permissions in your enterprise
-
-{% data reusables.actions.workflow-permissions-intro %}
-
-You can set the default permissions for the `GITHUB_TOKEN` in the settings for your enterprise, organizations, or repositories. If you choose a restricted option as the default in your enterprise settings, this prevents the more permissive setting being chosen in the organization or repository settings.
-
-{% data reusables.actions.workflow-permissions-modifying %}
-
-### Configuring the default `GITHUB_TOKEN` permissions
-
-{% ifversion actions-default-workflow-permissions-restrictive %}
-By default, when you create a new enterprise, `GITHUB_TOKEN` only has read access for the `contents` and `packages` scopes.
-{% endif %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-{% data reusables.actions.workflows.github-token-access %}
-1. Click **Save** to apply the settings.
-
-{% ifversion allow-actions-to-approve-pr-with-ent-repo %}
-
-### Preventing {% data variables.product.prodname_actions %} from creating or approving pull requests
-
-{% data reusables.actions.workflow-pr-approval-permissions-intro %}
-
-{% ifversion actions-default-workflow-permissions-restrictive %}
-By default, when you create a new enterprise, workflows are not allowed to create or approve pull requests.
-{% endif %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-1. Under "Workflow permissions", use the **Allow GitHub Actions to create and approve pull requests** setting to configure whether `GITHUB_TOKEN` can create and approve pull requests.
-1. Click **Save** to apply the settings.
-
-{% endif %}
-{% endif %}
-
-{% ifversion actions-cache-policy-apis %}
-
-## Enforcing a policy for cache storage in your enterprise
-
-{% data reusables.actions.cache-default-size %} {% data reusables.actions.cache-eviction-process %}
-
-However, you can set an enterprise policy to customize both the default total cache size for each repository, as well as the maximum total cache size allowed for a repository. For example, you might want the default total cache size for each repository to be 5 GB, but also allow {% ifversion actions-cache-admin-ui %}organization owners and{% endif %} repository administrators to configure a total cache size up to 15 GB if necessary.
-
-{% ifversion actions-cache-admin-ui %}Organization owners can set a lower total cache size that applies to each repository in their organization. {% endif %}People with admin access to a repository can set a total cache size for their repository up to the maximum cache size allowed by the enterprise {% ifversion actions-cache-admin-ui %}or organization{% endif %} policy setting.
-
-{% ifversion actions-cache-admin-ui %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.actions-tab %}
-1. In the "Artifact, log, and cache settings" section, under **Maximum cache size limit**, enter a value, then click **Save** to apply the setting.
-1. In the "Artifact, log, and cache settings" section, under **Default cache size limit**, enter a value, then click **Save** to apply the setting.
-
-{% endif %}
-{% endif %}
diff --git a/content/admin/upgrading-your-instance/index.md b/content/admin/upgrading-your-instance/index.md
new file mode 100644
index 000000000000..9816cda79113
--- /dev/null
+++ b/content/admin/upgrading-your-instance/index.md
@@ -0,0 +1,14 @@
+---
+ title: Upgrading your instance
+ intro: 'Administrators can upgrade {% data variables.product.product_name %} to get the latest features and security updates.'
+ versions:
+ ghes: '*'
+ topics:
+ - Enterprise
+ - Upgrades
+ children:
+ - /preparing-to-upgrade
+ - /performing-an-upgrade
+ - /troubleshooting-upgrades
+ shortTitle: Upgrade your instance
+---
diff --git a/content/admin/upgrading-your-instance/performing-an-upgrade/index.md b/content/admin/upgrading-your-instance/performing-an-upgrade/index.md
new file mode 100644
index 000000000000..4731e8a5eb6f
--- /dev/null
+++ b/content/admin/upgrading-your-instance/performing-an-upgrade/index.md
@@ -0,0 +1,15 @@
+---
+title: Performing an upgrade
+intro: Administrators can upgrade {% data variables.product.product_name %} using an appropriate upgrade package.
+versions:
+ ghes: '*'
+topics:
+ - Enterprise
+ - Upgrades
+children:
+ - /upgrading-with-a-hotpatch
+ - /upgrading-with-an-upgrade-package
+ - /migrating-from-github-enterprise-1110x-to-2123
+ - /preparing-for-the-elasticsearch-upgrade
+shortTitle: Perform an upgrade
+---
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123.md b/content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md
similarity index 94%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123.md
rename to content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md
index 3f8539d06386..0c91198fe3b5 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123.md
+++ b/content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md
@@ -11,6 +11,8 @@ redirect_from:
- /enterprise/admin/enterprise-management/migrating-from-github-enterprise-1110x-to-2123
- /admin/enterprise-management/migrating-from-github-enterprise-1110x-to-2123
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123
+ - /admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123
intro: 'To migrate from {% data variables.product.prodname_enterprise %} 11.10.x to 2.1.23, you''ll need to set up a new appliance instance and migrate data from the previous instance.'
versions:
ghes: '*'
@@ -29,7 +31,7 @@ shortTitle: Migrate from 11.10.x to 2.1.23
Migrations from {% data variables.product.prodname_enterprise %} 11.10.348 and later are supported. Migrating from {% data variables.product.prodname_enterprise %} 11.10.348 and earlier is not supported. You must first upgrade to 11.10.348 in several upgrades. For more information, see the 11.10.348 upgrading procedure, "[Upgrading to the latest release](/enterprise/11.10.340/admin/articles/upgrading-to-the-latest-release/)."
-To upgrade to the latest version of {% data variables.product.prodname_enterprise %}, you must first migrate to {% data variables.product.prodname_ghe_server %} 2.1, then you can follow the normal upgrade process. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)".
+To upgrade to the latest version of {% data variables.product.prodname_enterprise %}, you must first migrate to {% data variables.product.prodname_ghe_server %} 2.1, then you can follow the normal upgrade process. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)".
## Prepare for the migration
@@ -102,4 +104,4 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris
{% endnote %}
1. Switch user network traffic from the old instance to the new instance using either DNS or IP address assignment.
-1. Upgrade to the latest patch release of {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+1. Upgrade to the latest patch release of {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade.md b/content/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade.md
similarity index 85%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade.md
rename to content/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade.md
index d0ebce3f532f..0ff611088789 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade.md
+++ b/content/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade.md
@@ -1,5 +1,5 @@
---
-title: Preparing for the Elasticsearch upgrade in {% data variables.product.prodname_ghe_server %} 3.13
+title: 'Preparing for the Elasticsearch upgrade in {% data variables.product.prodname_ghe_server %} 3.13'
intro: 'As part of upgrading {% data variables.product.prodname_ghe_server %} to version 3.13 or later, the Elasticsearch service will be upgraded.'
versions:
ghes: '>3.10 <3.15'
@@ -9,6 +9,9 @@ topics:
- Upgrades
shortTitle: Elasticsearch upgrade in 3.13
allowTitleToDifferFromFilename: true
+redirect_from:
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade
+ - /admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade
---
## Overview
@@ -18,7 +21,7 @@ Elasticsearch (ES) powers the search functionality on your {% data variables.pro
The following sections help administrators prepare for and monitor the Elasticsearch upgrade. The key points are:
* The upgrade will temporarily degrade the experience of the search and audit log features.
-* If you're upgrading an instance in a cluster configuration, you must run a script to prepare your cluster for the ES upgrade. See "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/upgrading-a-cluster#upgrading-the-cluster-nodes)."
+* If you're upgrading an instance in a cluster configuration, you must run a script to prepare your cluster for the ES upgrade. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/upgrading-a-cluster#upgrading-the-cluster-nodes)."
* For backups, all customers should take a snapshot of their instance when the upgrade is complete.
## Impact on search and audit logs
diff --git a/content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch.md b/content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch.md
new file mode 100644
index 000000000000..b76bcfde7752
--- /dev/null
+++ b/content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch.md
@@ -0,0 +1,76 @@
+---
+ title: Upgrading with a hotpatch
+ intro: 'You can use a hotpatch package to upgrade {% data variables.product.product_name %} to a newer patch release within a feature series.'
+ redirect_from:
+ - /admin/guides/installation/upgrading-github-enterprise-server#upgrading-with-a-hotpatch
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-a-hotpatch
+ versions:
+ ghes: '*'
+ type: how_to
+ topics:
+ - Enterprise
+ - Upgrades
+ shortTitle: Upgrade with a hotpatch
+---
+
+{% data reusables.enterprise_installation.hotpatching-explanation %}
+
+Using the {% data variables.enterprise.management_console %}, you can install a hotpatch immediately or schedule it for later installation. You can use the administrative shell to install a hotpatch with the `ghe-upgrade` utility. See "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)" and "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements)."
+
+## Upgrading a standalone instance using a hotpatch
+
+If you're upgrading an instance with one node using a hotpatch, and your target is a patch release, you can upgrade using {% data variables.enterprise.management_console %}. To upgrade to a feature release, you must use the administrative shell.
+
+* [Installing a hotpatch using the {% data variables.enterprise.management_console %}](#installing-a-hotpatch-using-the-management-console)
+* [Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)
+
+### Installing a hotpatch using the {% data variables.enterprise.management_console %}
+
+You can use the {% data variables.enterprise.management_console %} to upgrade with a hotpatch by enabling automatic updates. You will then be presented with the latest available version of {% data variables.product.prodname_ghe_server %} that you can upgrade to.
+
+If the upgrade target you're presented with is a feature release instead of a patch release, you cannot use the {% data variables.enterprise.management_console %} to install a hotpatch. You must install the hotpatch using the administrative shell instead.
+
+1. Enable automatic updates. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks)."
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.updates-tab %}
+1. When a new hotpatch has been downloaded, select the **Install package** dropdown menu.
+ * To install immediately, click **Now**.
+ * To install later, select a later date.
+1. Click **Install**.
+
+### Installing a hotpatch using the administrative shell
+
+{% data reusables.enterprise_installation.download-note %}
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %} Copy the URL for the upgrade hotpackage (_.hpkg_ file).
+{% data reusables.enterprise_installation.download-package %}
+1. Run the `ghe-upgrade` command using the package file name:
+
+ ```shell
+ admin@HOSTNAME:~$ ghe-upgrade GITHUB-UPGRADE.hpkg
+ *** verifying upgrade package signature...
+ ```
+
+1. If at least one service or system component requires a reboot, the hotpatch upgrade script notifies you. For example, updates to the kernel, MySQL, or Elasticsearch may require a reboot.
+
+## Upgrading an instance with multiple nodes using a hotpatch
+
+If you are installing a hotpatch, you do not need to enter maintenance mode or stop replication.
+
+* [Upgrading the primary node using a hotpatch](#upgrading-the-primary-node-using-a-hotpatch)
+* [Upgrading additional nodes using a hotpatch](#upgrading-additional-nodes-using-a-hotpatch)
+
+### Upgrading the primary node using a hotpatch
+
+For instructions to upgrade the primary node, see "[Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)."
+
+### Upgrading additional nodes using a hotpatch
+
+{% data reusables.enterprise_installation.multiple-node-upgrade-admonishment %}
+
+1. To upgrade the node, follow the instructions in "[Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)."
+{% data reusables.enterprise_installation.replica-ssh %}
+{% data reusables.enterprise_installation.replica-verify %}
+{% data reusables.enterprise_installation.multiple-node-repeat-upgrade-process %}
diff --git a/content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package.md b/content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package.md
new file mode 100644
index 000000000000..d6b390644451
--- /dev/null
+++ b/content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package.md
@@ -0,0 +1,97 @@
+---
+ title: Upgrading with an upgrade package
+ intro: 'Learn how to use an upgrade package to upgrade {% data variables.product.product_name %} to a newer feature release.'
+ redirect_from:
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-a-standalone-instance-using-an-upgrade-package
+ - /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-an-upgrade-package
+ versions:
+ ghes: '*'
+ type: how_to
+ topics:
+ - Enterprise
+ - Upgrades
+ shortTitle: Upgrade with an upgrade package
+---
+
+Using the administrative shell, you can install an upgrade package with the `ghe-upgrade` utility.
+
+If you're running back-to-back feature version upgrades, you must ensure background jobs are complete before proceeding with the following upgrade to a feature release. {% data variables.product.prodname_dotcom %} recommends waiting 24 hours between upgrades to allow any background upgrade tasks to complete before upgrading a second time. See "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)" and "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements)."
+
+While you can use a hotpatch to upgrade to the latest patch release within a feature series, you must use an upgrade package to upgrade to a newer feature release. For example, to upgrade from 2.11.10 to 2.12.4 you must use an upgrade package since these are in different feature series.
+
+## Upgrading a standalone instance using an upgrade package
+
+{% data reusables.enterprise_installation.download-note %}
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %} Select the appropriate platform and copy the URL for the upgrade package (_.pkg_ file).
+{% data reusables.enterprise_installation.download-package %}
+1. Enable maintenance mode and wait for all active processes to complete on the {% data variables.product.prodname_ghe_server %} instance. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+
+ > [!NOTE] When upgrading the primary node in a high availability configuration, the instance should already be in maintenance mode if you are following the instructions in "[Upgrading the primary node with an upgrade package](#upgrading-the-primary-node-with-an-upgrade-package)."
+
+1. Run the `ghe-upgrade` command using the package file name:
+
+ ```shell
+ admin@HOSTNAME:~$ ghe-upgrade GITHUB-UPGRADE.pkg
+ *** verifying upgrade package signature...
+ ```
+
+1. Confirm that you'd like to continue with the upgrade and restart after the package signature verifies. The new root filesystem writes to the secondary partition and the instance automatically restarts in maintenance mode:
+
+ ```shell
+ *** applying update...
+ This package will upgrade your installation to version VERSION-NUMBER
+ Current root partition: /dev/xvda1 [VERSION-NUMBER]
+ Target root partition: /dev/xvda2
+ Proceed with installation? [y/N]
+ ```
+
+{%- ifversion ghe-migrations-cli-utility %}
+1. Optionally, during an upgrade to a feature release, you can monitor the status of database migrations using the `ghe-migrations` utility. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
+{%- endif %}
+1. After the instance restarts, the upgrade will continue in the background. You cannot unset maintenance mode until the process completes.
+
+ {% ifversion ghes-upgrade-complete-indicator %}
+ To check the status of background jobs, use the `ghe-check-background-upgrade-jobs` utility. If you're running back-to-back upgrades, you must ensure background jobs are complete before proceeding with the following upgrade to a feature release.
+
+ {%- ifversion ghes < 3.12 %} To use this utility with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.{% endif %}{%- endif %} See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-check-background-upgrade-jobs)."
+
+ To monitor progress of the configuration run, read the output in `/data/user/common/ghe-config.log`. For example, you can tail the log by running the following command:
+
+ ```shell
+ tail -f /data/user/common/ghe-config.log
+ ```
+
+{% ifversion ip-exception-list %}
+1. Optionally, after the upgrade, validate the upgrade by configuring an IP exception list to allow access to a specified list of IP addresses. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)."
+{% endif %}
+1. For single node upgrades, perform any post-upgrade tasks including disabling maintenance mode so users can use {% data variables.location.product_location %}.
+
+ > [!NOTE] After you upgrade an instance in a high availability configuration, you should remain in maintenance mode until you have upgraded all of the replica nodes and replication is current. See "[Upgrading additional nodes with an upgrade package](#upgrading-additional-nodes-with-an-upgrade-package)."
+
+## Upgrading an instance with multiple nodes using an upgrade package
+
+To upgrade an instance that comprises multiple nodes using an upgrade package, you must upgrade the primary node, then upgrade any additional nodes.
+
+* [Upgrading the primary node with an upgrade package](#upgrading-the-primary-node-with-an-upgrade-package)
+* [Upgrading additional nodes with an upgrade package](#upgrading-additional-nodes-with-an-upgrade-package)
+
+### Upgrading the primary node with an upgrade package
+
+> [!WARNING] When replication is stopped, if the primary fails, any work from before the replica is upgraded and the replication begins again will be lost.
+
+1. On the primary node, enable maintenance mode and wait for all active processes to complete. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+{% data reusables.enterprise_installation.replica-ssh %}
+1. To stop replication on all nodes, run `ghe-repl-stop` on each node.{% ifversion ghes > 3.13 %} Alternatively, if there are multiple replicas, run `ghe-repl-stop-all` on the primary node instead, which will stop replication in a single run.{% endif %}
+1. To upgrade the primary node, follow the instructions in "[Upgrading a standalone instance using an upgrade package](#upgrading-a-standalone-instance-using-an-upgrade-package)."
+
+### Upgrading additional nodes with an upgrade package
+
+1. Upgrade the node by following the instructions in "[Upgrading a standalone instance using an upgrade package](#upgrading-a-standalone-instance-using-an-upgrade-package)."
+{% data reusables.enterprise_installation.replica-ssh %}
+{% data reusables.enterprise_installation.replica-verify %}
+{% data reusables.enterprise_installation.start-replication %}{% ifversion ghes > 3.13 %} Alternatively, if there are mutliple replicas, run `ghe-repl-start-all` on the primary node instead, which will start replications in a single run.{% endif %}
+{% data reusables.enterprise_installation.replication-status %} {% data reusables.enterprise_installation.replication-status-upgrade %}
+{% data reusables.enterprise_installation.multiple-node-repeat-upgrade-process %}
+{% data reusables.enterprise_installation.disable-maintenance-mode-after-replica-upgrade %}
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md
similarity index 80%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks.md
rename to content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md
index 458fd118de4d..6ae4bf91d3b3 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks.md
+++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md
@@ -6,6 +6,8 @@ redirect_from:
- /enterprise/admin/enterprise-management/enabling-automatic-update-checks
- /admin/enterprise-management/enabling-automatic-update-checks
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks
+ - /admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks
versions:
ghes: '*'
type: how_to
@@ -17,9 +19,9 @@ shortTitle: Enable automatic update checks
## About automatic update checks
-When an upgrade package is automatically downloaded for {% data variables.location.product_location %}, you'll receive a message letting you know you can upgrade {% data variables.product.prodname_ghe_server %}. Packages download to the `/var/lib/ghe-updates` directory on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+When an upgrade package is automatically downloaded for {% data variables.location.product_location %}, you'll receive a message letting you know you can upgrade {% data variables.product.prodname_ghe_server %}. Packages download to the `/var/lib/ghe-updates` directory on {% data variables.location.product_location %}. For more information about the recommendations and requirements for upgrades, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
-If a hotpatch is available for an upgrade, the `.hpkg` will download automatically. In the management console you can choose to install the hotpatch immediately or schedule installation for a later time. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-a-hotpatch)."
+If a hotpatch is available for an upgrade, the `.hpkg` will download automatically. In the management console you can choose to install the hotpatch immediately or schedule installation for a later time. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch)."
## Enabling automatic update checks
diff --git a/content/admin/upgrading-your-instance/preparing-to-upgrade/index.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/index.md
new file mode 100644
index 000000000000..ad2aaaf4cda6
--- /dev/null
+++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/index.md
@@ -0,0 +1,15 @@
+---
+title: Preparing to upgrade
+intro: Learn how to prepare and plan for an upgrade of your {% data variables.product.product_name %} instance.
+versions:
+ ghes: '*'
+topics:
+ - Enterprise
+ - Upgrades
+children:
+ - /overview-of-the-upgrade-process
+ - /upgrade-requirements
+ - /enabling-automatic-update-checks
+ - /taking-a-snapshot
+shortTitle: Prepare to upgrade
+---
diff --git a/content/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process.md
new file mode 100644
index 000000000000..ee651c508e7b
--- /dev/null
+++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process.md
@@ -0,0 +1,122 @@
+---
+ title: Overview of the upgrade process
+ intro: 'Learn the recommendations and requirements for upgrading {% data variables.product.product_name %}, so you can plan and test your upgrade strategy.'
+ redirect_from:
+ - /enterprise/admin/installation/upgrading-github-enterprise-server
+ - /enterprise/admin/articles/upgrading-to-the-latest-release
+ - /enterprise/admin/articles/migrations-and-upgrades
+ - /enterprise/admin/guides/installation/upgrading-the-github-enterprise-virtual-machine
+ - /enterprise/admin/guides/installation/upgrade-packages-for-older-releases
+ - /enterprise/admin/articles/upgrading-older-installations
+ - /enterprise/admin/hidden/upgrading-older-installations
+ - /enterprise/admin/hidden/upgrading-github-enterprise-using-a-hotpatch-early-access-program
+ - /enterprise/admin/hidden/upgrading-github-enterprise-using-a-hotpatch
+ - /enterprise/admin/guides/installation/upgrading-github-enterprise
+ - /enterprise/admin/enterprise-management/upgrading-github-enterprise-server
+ - /admin/enterprise-management/upgrading-github-enterprise-server
+ - /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server
+ versions:
+ ghes: '*'
+ type: overview
+ topics:
+ - Enterprise
+ - Upgrades
+ shortTitle: Upgrading overview
+---
+
+{% data reusables.enterprise.constantly-improving %} You are responsible for upgrades to your instance. See "[AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)."
+
+To upgrade an instance, you must:
+1. **Plan your upgrade strategy** by choosing your upgrade version and the appropriate upgrade package, and scheduling a maintenance window.
+1. **Communicate the upgrade** before and during the upgrade process.
+1. **Prepare your backup strategy** by creating a backup and taking a virtual machine snapshot.
+1. **Install the upgrade package** using the appropriate package and method.
+1. **Complete post-upgrade tasks**.
+
+The process you must follow to apply an upgrade package depends on how many nodes are in your deployment topology. This article provides general information for upgrading instances in a standalone or high availability configuration only.
+
+## Planning your upgrade strategy
+
+### Plan your upgrade
+
+* Review the release notes and documented known issues before performing an upgrade. See "[AUTOTITLE](/admin/release-notes)" and "[AUTOTITLE](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance)."
+* Review "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements)" to ensure you understand the requirements and recommendations for upgrading.
+* Check that {% data variables.location.product_location %}'s data disk is at least 15% free. {% data variables.product.company_short %} recommends ensuring there is additional free storage on the disk. In some rare cases, for customers with large data volumes, this threshold may differ. See "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity)."
+* Check that you have sufficient hardware resources for {% data variables.product.product_name %}. {% data reusables.enterprise_installation.preflight-checks %}
+* Ensure you have a copy of all custom firewall rules for {% data variables.location.product_location %}, as customized rules will not persist post-upgrade. You must reapply any custom rules following the upgrade. See "[AUTOTITLE](/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules)."
+* For instances in a high availability configuration, check that the status of replication reports `OK` before upgrading. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration)."
+* Consider configuring the IP exception list for maintenance mode, so you can temporarily limit access to {% data variables.location.product_location %} to validate your server health after an upgrade. See "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode)."
+
+### Choose your upgrade version and package
+
+* Determine an upgrade strategy and choose a version to upgrade to.
+ * You can upgrade a {% data variables.product.product_name %} instance to a new patch release or to a new feature release.
+ * Refer to the [{% data variables.enterprise.upgrade_assistant %}](https://support.github.com/enterprise/server-upgrade) to find the upgrade path from your current release version, to a new patch or feature release version.
+* Choose an upgrade package (hotpatch or upgrade package).
+ * To upgrade to a patch release, you can use a hotpatch or an upgrade package. To upgrade to a feature release, you must use an upgrade package.
+ * If you use an upgrade package, schedule a maintenance window for {% data variables.product.prodname_ghe_server %} end users. If you are using a hotpatch, maintenance mode is not required.
+ * If you have enabled automatic update checks, site administrators will be notified that an upgrade package has been downloaded and is available. See "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks)".
+ * Release candidate builds are intended solely for use in a test environment. Do not install a release candidate build in a production environment. Do not upgrade from the release candidate to later versions, including generally available releases.
+
+### Consider if other application updates are required
+
+Check if you need to upgrade the following applications:
+
+* {% data variables.product.prodname_actions %} runners must be updated if {% data variables.location.product_location %} uses ephemeral self-hosted runners for {% data variables.product.prodname_actions %} and automatic updates are disabled. Upgrade runners to the minimum version of application required by your upgraded instance, before performing your upgrade. To find the minimum required version for your release, see "[AUTOTITLE](/admin/all-releases#minimum-github-actions-runner-application-versions)."
+* {% data variables.product.prodname_enterprise_backup_utilities %}. Your {% data variables.product.prodname_enterprise_backup_utilities %} version needs to be the same version as, or at most two versions ahead of {% data variables.location.product_location %}.
+ * You may need to upgrade {% data variables.product.prodname_enterprise_backup_utilities %} to a newer version, prior to upgrading your instance.
+ * You may also want to plan to upgrade {% data variables.product.prodname_enterprise_backup_utilities %} to a newer version after upgrading your instance.
+
+ See "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)" and the [README](https://github.com/github/backup-utils#readme) in the {% data variables.product.prodname_enterprise_backup_utilities %} project documentation.
+
+### Plan a maintenance window
+
+* Depending on your upgrade strategy, significant downtime may be required.
+* The best way to determine the expected duration of downtime is to test your upgrade in a staging environment first. See "[AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
+* The maintenance window for your upgrade depends on the type of upgrade you perform.
+ * Upgrades using a hotpatch usually don't require a maintenance window. Sometimes a reboot is required, which you can perform at a later time.
+
+ > [!NOTE]
+ > Hotpatches require a configuration run, which can cause a brief period of errors or unresponsiveness for some or all services on {% data variables.location.product_location %}. You are not required to enable maintenance mode during installation of a hotpatch, but doing so will guarantee that users see a maintenance page instead of errors or timeouts. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+ * Patch releases using an upgrade package typically require less than five minutes of downtime.
+ * Upgrading to a new feature release that include data migrations may cause a few hours of downtime, depending on storage performance and the amount of data that is migrated. During this time none of your users will be able to use the enterprise.
+
+## Communicating your upgrade
+
+* Prior to your upgrade, you can publish a global announcement banner to highlight important information to your users, such as incoming changes or possible downtime. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner)."
+* At the time of the upgrade, you can enable maintenance mode and set a custom message to inform users that the instance is temporarily unavailable. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+
+## Preparing your backup strategy
+
+### Create a backup snapshot
+
+Ensure you have a recent, successful backup snapshot of your instance's primary node before you start the upgrade process. See "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)" and the [README](https://github.com/github/backup-utils#readme) in the {% data variables.product.prodname_enterprise_backup_utilities %} project documentation.
+
+### Create a VM snapshot
+
+If you're upgrading to a new feature release, a virtual machine (VM) snapshot is required. If you're ugprading to a patch release, you can attach the existing data disk.
+
+Create a virtual machine (VM) snapshot of your instance's primary node immediately before upgrading, and only when maintenance mode has been enabled or the instance has been powered down. See "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot)".
+
+## Installing an upgrade package
+
+Review the considerations for upgrades, and complete any preparation steps as described above, before you start installing an upgrade package.
+
+The instructions for upgrading your {% data variables.product.product_name %} instance differ depending on the type of upgrade you're performing and the number of nodes your instance has.
+
+* [Upgrading with a hotpatch](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch#upgrading-with-a-hotpatch)
+ * [Upgrading a standalone instance using a hotpatch](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch#upgrading-a-standalone-instance-using-a-hotpatch)
+ * [Upgrading an instance with multiple nodes using a hotpatch](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch#upgrading-an-instance-with-multiple-nodes-using-a-hotpatch)
+* [Upgrading with an upgrade package](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-with-an-upgrade-package)
+ * [Upgrading a standalone instance using an upgrade package](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)
+ * [Upgrading an instance with multiple nodes using an upgrade package](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-an-instance-with-multiple-nodes-using-an-upgrade-package)
+
+## Completing post-upgrade tasks
+
+* Check the status of background jobs, and review the upgrade log for errors.
+* Check basic {% data variables.product.product_name %} functionality. For example, ensure you can sign in via the user interface, and verify that several of your organizations, repositories and issues can be reached as expected. It's also a good idea to manually run several Git fetches, clones, and pushes using SSH and/or HTTPS, and check that API requests and webhook deliveries complete successfully.
+* Reapply any custom firewall rules. See "[AUTOTITLE](/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules)."
+* Delete any VM snapshots taken prior to upgrading. See "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot)."
+* Disable maintenance mode, and update any pre-upgrade communications such as announcement banners. See "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+* Monitor all queued background jobs on your instance to ensure they complete successfully. See "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities)."
diff --git a/content/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot.md
new file mode 100644
index 000000000000..63137dd7ebe7
--- /dev/null
+++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot.md
@@ -0,0 +1,42 @@
+---
+ title: Taking a snapshot
+ intro: 'To save your {% data variables.product.product_name %} data before upgrading, take a virtual machine snapshot.'
+ redirect_from:
+ - /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#taking-a-snapshot
+ - /enterprise/admin/installation/upgrading-github-enterprise-server#taking-a-snapshot
+ versions:
+ ghes: '*'
+ type: how_to
+ topics:
+ - Enterprise
+ - Upgrades
+ shortTitle: Take a snapshot
+---
+
+## About snapshots
+
+A snapshot stores the state of a virtual machine (VM) at a point in time. {% data variables.product.company_short %} highly recommends taking a hypervisor level snapshot before upgrading your VM so that if an upgrade fails, you can revert your VM back to the snapshot.
+
+## Types of snapshots
+
+There are two types of snapshots:
+
+* **VM snapshots** save your entire VM state, including user data and configuration data. This snapshot method requires a large amount of disk space and is time consuming.
+* **Data disk snapshots** only save your user data.
+
+## Creating a snapshot
+
+{% data variables.product.company_short %} only recommends taking a VM snapshot when the instance's VM is powered down, or when the instance is in maintenance mode and all background jobs have finished.
+
+The type of snapshot you can take depends on the platform you use.
+
+* Some platforms don't allow you to take a snapshot of just your data disk. For these platforms, you'll need to take a snapshot of the entire VM.
+* If your hypervisor does not support full VM snapshots, you should take a snapshot of the root disk and data disk in quick succession.
+
+| Platform | Snapshot method | Documentation |
+|---|---|---|
+| Amazon AWS | Disk | [Create Amazon EBS snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html) in the AWS documentation
+| Azure | VM | [Create a snapshot of a virtual hard disk on an Azure VM](https://learn.microsoft.com/azure/virtual-machines/snapshot-copy-managed-disk) in Microsoft Learn
+| Hyper-V | VM | [Enable or disable checkpoints in Hyper-V](https://docs.microsoft.com/windows-server/virtualization/hyper-v/manage/enable-or-disable-checkpoints-in-hyper-v) in Microsoft Learn
+| Google Compute Engine | Disk | [Create and manage disk snapshots](https://cloud.google.com/compute/docs/disks/create-snapshots) in the Google Cloud documentation
+| VMware | VM | [Taking Snapshots of a Virtual Machine](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.hostclient.doc/GUID-64B866EF-7636-401C-A8FF-2B4584D9CA72.html) in VMware Docs
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md
similarity index 87%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md
rename to content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md
index e77ae063529c..52125afeddff 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md
+++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md
@@ -8,6 +8,8 @@ redirect_from:
- /admin/enterprise-management/upgrade-requirements
- /enterprise/admin/guides/installation/about-upgrade-requirements
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements
+ - /admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements
versions:
ghes: '*'
type: reference
@@ -30,8 +32,8 @@ topics:
* If you’re several versions behind, upgrade {% data variables.location.product_location %} as far forward as possible with each step of your upgrade process. Using the latest version possible on each upgrade allows you to take advantage of performance improvements and bug fixes. For example, you could upgrade from {% data variables.product.prodname_enterprise %} 2.7 to 2.8 to 2.10, but upgrading from {% data variables.product.prodname_enterprise %} 2.7 to 2.9 to 2.10 uses a later version in the second step.
* Use the latest patch release when upgrading. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %}
* Use a staging instance to test the upgrade steps. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
-* When running multiple upgrades, {% ifversion ghes-upgrade-complete-indicator %}ensure data migrations and upgrade tasks running in the background are fully complete before proceeding to the next feature upgrade. To check the status of these processes, you can use the `ghe-migrations` and `ghe-check-background-upgrade-jobs` command-line utilities. {% ifversion ghes < 3.12 %} To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. {% endif %}For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#upgrading-github-enterprise-server)."{% else %}wait at least 24 hours between feature upgrades to allow data migrations and upgrade tasks running in the background to fully complete.{% endif %}
-* Take a snapshot before upgrading your virtual machine. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#taking-a-snapshot)."
+* When running multiple upgrades, {% ifversion ghes-upgrade-complete-indicator %}ensure data migrations and upgrade tasks running in the background are fully complete before proceeding to the next feature upgrade. To check the status of these processes, you can use the `ghe-migrations` and `ghe-check-background-upgrade-jobs` command-line utilities. {% ifversion ghes < 3.12 %} To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. {% endif %}For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#upgrading-github-enterprise-server)."{% else %}wait at least 24 hours between feature upgrades to allow data migrations and upgrade tasks running in the background to fully complete.{% endif %}
+* Take a snapshot before upgrading your virtual machine. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot)."
* Ensure you have a recent, successful backup of your instance. For more information, see the [{% data variables.product.prodname_enterprise_backup_utilities %} README.md file](https://github.com/github/backup-utils#readme).
## Requirements
@@ -62,4 +64,4 @@ Review known issues that may apply to your upgrade. For more information, see "[
## Next steps
-After reviewing these recommendations and requirements, you can upgrade {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+After reviewing these recommendations and requirements, you can upgrade {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
diff --git a/content/admin/upgrading-your-instance/troubleshooting-upgrades/index.md b/content/admin/upgrading-your-instance/troubleshooting-upgrades/index.md
new file mode 100644
index 000000000000..67e6c37873a1
--- /dev/null
+++ b/content/admin/upgrading-your-instance/troubleshooting-upgrades/index.md
@@ -0,0 +1,13 @@
+---
+title: Troubleshooting upgrades
+intro: 'Review common issues and solutions for issues that may impact the upgrade process, or may occur after an upgrade.'
+versions:
+ ghes: '*'
+topics:
+ - Enterprise
+ - Upgrades
+children:
+ - /restoring-from-a-failed-upgrade
+ - /known-issues-with-upgrades-to-your-instance
+shortTitle: Troubleshoot an upgrade
+---
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance.md b/content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md
similarity index 94%
rename from content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance.md
rename to content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md
index 7922749e39a2..3e7892fef4dc 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance.md
+++ b/content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md
@@ -11,6 +11,8 @@ topics:
shortTitle: Known issues with upgrades
redirect_from:
- /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance
+ - /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance
+ - /admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance
---
## About known issues with {% data variables.product.prodname_ghe_server %} upgrades
@@ -194,7 +196,7 @@ Now that the nomad timeout for MySQL has been updated you can upgrade your {% da
If you're affected by this problem, restore your {% data variables.product.prodname_ghe_server %} instance to the state it was in prior to the upgrade attempt, and then follow the steps from the previous section.
-For more information about restoring from a failed upgrade, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#restoring-from-a-failed-upgrade)."
+For more information about restoring from a failed upgrade, see "[AUTOTITLE](/admin/upgrading-your-instance/troubleshooting-upgrades/restoring-from-a-failed-upgrade)."
{% endif %}
{% ifversion ghes > 3.10 and ghes < 3.13 %}
@@ -203,3 +205,10 @@ For more information about restoring from a failed upgrade, see "[AUTOTITLE](/ad
If your appliance averages more than 70% CPU utilization, {% data variables.product.company_short %} strongly recommends scaling up your server resources before upgrading to 3.11 or above. The new hardware or instance type should have more vCPUs to accommodate the additional load from new features and improvements included with the latest releases.
{% endif %}
+
+{% ifversion ghes > 3.12 and ghes < 3.15 %}
+
+## Elasticsearch Upgrade
+
+As part of upgrading GitHub Enterprise Server to version 3.13 or later, the Elasticsearch service will be upgraded. {% data variables.product.company_short %} strongly recommends following the guidance in "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade)."
+{% endif %}
diff --git a/content/admin/upgrading-your-instance/troubleshooting-upgrades/restoring-from-a-failed-upgrade.md b/content/admin/upgrading-your-instance/troubleshooting-upgrades/restoring-from-a-failed-upgrade.md
new file mode 100644
index 000000000000..681142ef44b4
--- /dev/null
+++ b/content/admin/upgrading-your-instance/troubleshooting-upgrades/restoring-from-a-failed-upgrade.md
@@ -0,0 +1,28 @@
+---
+ title: Restoring from a failed upgrade
+ intro: 'Learn how to roll back from a failed upgrade.'
+ redirect_from:
+ - /admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#restoring-from-a-failed-upgrade
+ versions:
+ ghes: '*'
+ type: how_to
+ topics:
+ - Enterprise
+ - Upgrades
+ - Troubleshooting
+ shortTitle: Restore from a failed upgrade
+---
+
+If an upgrade fails or is interrupted, you should revert your instance back to its previous state. The process for completing this depends on the type of upgrade.
+
+If your instance is configured for high availability and your primary node upgrade fails, you can promote the (not upgraded) replica to be the primary. You will also need to update your DNS to point to the new primary node. Once you have a working primary node, you can then consider creating a new replica node. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration#network-traffic-failover-strategies)" and "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration)."
+
+## Rolling back a patch release
+
+To roll back a patch release, use the `ghe-upgrade` command with the `--allow-patch-rollback` switch. Before rolling back, replication must be temporarily stopped by running `ghe-repl-stop` on all replica nodes{% ifversion ghes > 3.13 %}, or `ghe-repl-stop-all` on the primary node{% endif %}. {% data reusables.enterprise_installation.command-line-utilities-ghe-upgrade-rollback %}
+
+After the rollback is complete, restart replication by running `ghe-repl-start` on all nodes{% ifversion ghes > 3.13 %}, or `ghe-repl-start-all` on the primary node{% endif %}. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-upgrade)."
+
+## Rolling back a feature release
+
+To roll back from a feature release, restore from a virtual machine snapshot to ensure that root and data partitions are in a consistent state. See "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot)."
diff --git a/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md b/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md
index 7977bfbd8bb8..73ae1a332929 100644
--- a/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md
+++ b/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md
@@ -74,9 +74,21 @@ An installation access token is restricted based on the {% data variables.produc
Your app should never use a {% data variables.product.pat_generic %} or {% data variables.product.company_short %} password to authenticate.
-## Validate organization access for every new authentication
+## Authorize thoroughly and durably
-When you use a user access token, you should track which organizations the token is authorized for. If an organization uses SAML SSO and a user has not performed SAML SSO, the user access token should not have access to that organization. You can use the `GET /user/installations` REST API endpoint to verify which organizations a user access token has access to. If the user is not authorized to access an organization, you should reject their access until they perform SAML SSO. For more information, see "[AUTOTITLE](/rest/apps/installations#list-app-installations-accessible-to-the-user-access-token)."
+After signing in a user, app developers must take additional steps to ensure that the user is meant to have access to the data in your system. Each sign in requires fresh checks around their memberships, access, and their current SSO status.
+
+### Use the durable, unique `id` to store the user
+
+{% data reusables.apps.best-practice-use-durable-id %}
+
+### Validate organization access for every new authentication
+
+{% data reusables.apps.best-practice-validate-org-access %}
+
+### Store user data with organizational and enterprise contexts
+
+{% data reusables.apps.best-practice-store-data-with-context %}
## Expire tokens
diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md
index e95f596da0ca..ccf8ed0d5b10 100644
--- a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md
+++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md
@@ -26,7 +26,7 @@ You can also use an installation access token to authenticate for HTTP-based Git
Requests made with an installation access token are sometimes called "server-to-server" requests.
-For more information about authenticating as an app on behalf of a user instead of as an app installation, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)".
+For more information about authenticating as an app on behalf of a user instead of as an app installation, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)."
## Using an installation access token to authenticate as an app installation
diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md
index 8211074a5189..3b1f6859dff2 100644
--- a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md
+++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md
@@ -31,6 +31,8 @@ Once a user has authorized your app, you can generate a user access token, which
Requests made with a user access token are sometimes called "user-to-server" requests.
+{% data reusables.user-settings.token_access_capabilities %}
+
If you want to attribute app activity to the app instead of to a user, you should authenticate as an app installation instead. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)."
{% note %}
diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
index dddef4e3850c..09318dcb36fd 100644
--- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
+++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
@@ -84,15 +84,16 @@ puts jwt
{% note %}
-**Note:** You must run `pip install jwt` to install the `jwt` package in order to use this script.
+**Note:** You must run `pip install PyJWT` to install the `PyJWT` package in order to use this script.
{% endnote %}
```python copy
#!/usr/bin/env python3
-from jwt import JWT, jwk_from_pem
-import time
import sys
+import time
+
+import jwt
# Get PEM file path
@@ -117,7 +118,7 @@ else:
# Open PEM
with open(pem, 'rb') as pem_file:
- signing_key = jwk_from_pem(pem_file.read())
+ signing_key = pem_file.read()
payload = {
# Issued at time
@@ -132,8 +133,7 @@ payload = {
}
# Create JWT
-jwt_instance = JWT()
-encoded_jwt = jwt_instance.encode(payload, signing_key, alg='RS256')
+encoded_jwt = jwt.encode(payload, signing_key, algorithm='RS256')
print(f"JWT: {encoded_jwt}")
```
@@ -172,11 +172,11 @@ header_json='{
# Header encode
header=$( echo -n "${header_json}" | b64enc )
-payload_json='{
- "iat":'"${iat}"',
- "exp":'"${exp}"',
- {% ifversion client-id-for-app %}"iss":'"${client_id}"'{% else %}"iss":'"${app_id}"'{% endif %}
-}'
+payload_json="{
+ \"iat\":${iat},
+ \"exp\":${exp},
+ {% ifversion client-id-for-app %}\"iss\":\"${client_id}\"{% else %}\"iss\":\"${app_id}\"{% endif %}
+}"
# Payload encode
payload=$( echo -n "${payload_json}" | b64enc )
diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md
index 97efdf037366..f7a38df91aac 100644
--- a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md
+++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md
@@ -861,7 +861,7 @@ To clone a repository, the code will use your {% data variables.product.prodname
git clone https://x-access-token:TOKEN@github.com/OWNER/REPO.git
```
-The command above clones a repository over HTTP. It requires the full repository name, which includes the repository owner (user or organization) and the repository name. For example, the [octocat Hello-World](https://github.com/octocat/Hello-World) repository has a full name of `octocat/hello-world`.
+The command above clones a repository over HTTPS. It requires the full repository name, which includes the repository owner (user or organization) and the repository name. For example, the [octocat Hello-World](https://github.com/octocat/Hello-World) repository has a full name of `octocat/hello-world`.
Open your `server.rb` file. In the code block that starts with `helpers do`, where it says `# ADD CLONE_REPOSITORY HELPER METHOD HERE #`, add the following code:
diff --git a/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md b/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md
index f44d5cc24b9d..869c7bcef840 100644
--- a/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md
+++ b/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md
@@ -46,7 +46,7 @@ If you're interested in creating an app for {% data variables.product.prodname_m
{% data reusables.copilot.copilot-extensions.copilot-extensions-intro %}
-To learn more about {% data variables.product.prodname_copilot_extensions_short %}, see "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/about-github-copilot-extensions)."
+To learn more about {% data variables.product.prodname_copilot_extensions_short %}, see "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions)."
## Publishing an app to {% data variables.product.prodname_marketplace %} overview
diff --git a/content/apps/github-marketplace/github-marketplace-overview/about-marketplace-badges.md b/content/apps/github-marketplace/github-marketplace-overview/about-marketplace-badges.md
index 1ba1050516b6..8be02a77e52c 100644
--- a/content/apps/github-marketplace/github-marketplace-overview/about-marketplace-badges.md
+++ b/content/apps/github-marketplace/github-marketplace-overview/about-marketplace-badges.md
@@ -21,9 +21,8 @@ Certain apps on the {% data variables.product.prodname_marketplace %} have the {
-{% note %}
-{% data variables.product.prodname_dotcom %} does not analyze the app. The marketplace badge {% octicon "verified" aria-label="The verified badge" %} only confirms that the publisher meets the requirements listed above.
-{% endnote %}
+> [!WARNING]
+> {% data variables.product.prodname_dotcom %} does not analyze or inspect third party code. {% data variables.product.prodname_marketplace %} publishers are responsible for the upkeep and maintenance of any third-party apps. The marketplace badge {% octicon "verified" aria-label="The verified badge" %} only confirms that the publisher meets the requirements listed above.
To learn how you can add this badge to your app, see "[AUTOTITLE](/apps/github-marketplace/github-marketplace-overview/applying-for-publisher-verification-for-your-organization)."
diff --git a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md
index 5f8765e31ea1..3496f134d7c8 100644
--- a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md
+++ b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md
@@ -57,15 +57,17 @@ The web application flow to authorize users for your app is:
This endpoint takes the following input parameters.
-Query parameter | Type | Required? |Description
------|------|---------|-----
-`client_id`|`string` | Required | The client ID you received from GitHub when you {% ifversion fpt or ghec %}[registered](https://github.com/settings/applications/new){% else %}registered{% endif %}.
-`redirect_uri`|`string` |Strongly recommended| The URL in your application where users will be sent after authorization. See details below about [redirect urls](#redirect-urls).
-`login` | `string` | Optional| Suggests a specific account to use for signing in and authorizing the app.
-`scope`|`string` |Context dependent| A space-delimited list of [scopes](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps). If not provided, `scope` defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with `user` scope and another token with `repo` scope, a third web flow that does not provide a `scope` will receive a token with `user` and `repo` scope.
-`state` | `string` |Strongly recommended| {% data reusables.apps.state_description %}
-`allow_signup`|`string` | Optional | Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. The default is `true`. Use `false` when a policy prohibits signups.
-{% ifversion oauth_account_picker %}`prompt` | `string` | Optional | Forces the account picker to appear if set to `select_account`. The account picker will also appear if the application has a non-HTTP redirect URI or if the user has multiple accounts signed in. {% endif %}
+| Query parameter | Type | Required? | Description |
+| --------------- | ---- | --------- | ----------- |
+| `client_id`|`string` | Required | The client ID you received from GitHub when you {% ifversion fpt or ghec %}[registered](https://github.com/settings/applications/new){% else %}registered{% endif %}. |
+| `redirect_uri`|`string` |Strongly recommended| The URL in your application where users will be sent after authorization. See details below about [redirect urls](#redirect-urls). |
+| `login` | `string` | Optional| Suggests a specific account to use for signing in and authorizing the app. |
+| `scope`|`string` |Context dependent| A space-delimited list of [scopes](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps). If not provided, `scope` defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with `user` scope and another token with `repo` scope, a third web flow that does not provide a `scope` will receive a token with `user` and `repo` scope. |
+| `state` | `string` |Strongly recommended| {% data reusables.apps.state_description %} |
+| `allow_signup`|`string` | Optional | Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. The default is `true`. Use `false` when a policy prohibits signups. |
+| {% ifversion oauth_account_picker %} |
+| `prompt` | `string` | Optional | Forces the account picker to appear if set to `select_account`. The account picker will also appear if the application has a non-HTTP redirect URI or if the user has multiple accounts signed in. |
+| {% endif %} |
The PKCE (Proof Key for Code Exchange) parameters `code_challenge` and `code_challenge_method` are not supported at this time. CORS pre-flight requests (OPTIONS) are not supported at this time.
diff --git a/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md
index 53e7d3fa8546..d3bc5391b57f 100644
--- a/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md
+++ b/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md
@@ -24,6 +24,30 @@ For more information about migrating an existing {% data variables.product.prodn
Your {% data variables.product.prodname_oauth_app %} should only request the scopes that the app needs to perform its intended functionality. If any tokens for your app become compromised, this will limit the amount of damage that can occur. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps)."
+## Authorize thoroughly and durably
+
+After signing in a user, app developers must take additional steps to ensure that the user is meant to have access to the data in your system. Each sign in requires fresh checks around their memberships, access, and their current SSO status.
+
+### Use the durable, unique `id` to store the user
+
+{% data reusables.apps.best-practice-use-durable-id %}
+
+### Validate organization access for every new authentication
+
+{% data reusables.apps.best-practice-validate-org-access %}
+
+### Store user data with organizational and enterprise contexts
+
+{% data reusables.apps.best-practice-store-data-with-context %}
+
+### Verify a user's access to your app
+
+Your OAuth app can be accessed by users outside your organization or enterprise. If you intend an app to be used only by members of your organization or enterprise, you should check the user's membership status when the user signs in to your app.
+
+To find the list of organizations a user is a member of, you can use the "List organizations for the authenticated user" endpoint. Then you can validate this list against a list of approved organizations for your app. For more information, see "[AUTOTITLE](/rest/orgs/orgs#list-organizations-for-the-authenticated-user)."
+
+{% data reusables.emus.oauth-app-note %}
+
## Secure your app's credentials
With a client secret, your app can authorize a user and generate user access tokens. These tokens can be used to make API requests on behalf of a user.
@@ -54,14 +78,6 @@ In the event that your app's client secret is compromised, you will need to gene
In the event that user access tokens are compromised, you should immediately revoke these tokens. For more information, see "[AUTOTITLE](/rest/apps/oauth-applications#delete-an-app-token)."
-## Verify a user's access to your organizations
-
-Your OAuth app can be accessed by users outside your organization or enterprise. If you intend an app to be used only by members of your organization or enterprise, you should check the user's membership status when the user signs in to your app.
-
-To find the list of organizations a user is a member of, you can use the "List organizations for the authenticated user" endpoint. Then you can validate this list against a list of approved organizations for your app. For more information, see "[AUTOTITLE](/rest/orgs/orgs#list-organizations-for-the-authenticated-user)."
-
-{% data reusables.emus.oauth-app-note %}
-
## Conduct regular vulnerability scans
{% data reusables.apps.app-scans %}
diff --git a/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md
index 42cb34ec0325..343af94d9b93 100644
--- a/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md
+++ b/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md
@@ -59,7 +59,7 @@ Name | Description
`write:repo_hook` | Grants read, write, and ping access to hooks in {% ifversion fpt %}public or private{% elsif ghec or ghes %}public, private, or internal{% endif %} repositories.
`read:repo_hook`| Grants read and ping access to hooks in {% ifversion fpt %}public or private{% elsif ghec or ghes %}public, private, or internal{% endif %} repositories.
**`admin:org`** | Fully manage the organization and its teams, projects, and memberships.
- `write:org`| Read and write access to organization membership, organization projects, and team membership.
+ `write:org`| Read and write access to organization membership and organization projects.
`read:org`| Read-only access to organization membership, organization projects, and team membership.
**`admin:public_key`** | Fully manage public keys.
`write:public_key`| Create, list, and view details for public keys.
diff --git a/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md
index 0ef9d216e129..2fc769074620 100644
--- a/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md
+++ b/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md
@@ -51,6 +51,8 @@ When you want to use an {% data variables.product.prodname_oauth_app %} that int
{% endtip %}
+{% data reusables.user-settings.token_access_capabilities %} For example, an application can create an access token that is configured with an `admin:org` scope, but if the user of the application is not an organization owner, the application will not be granted administrative access to the organization.
+
{% data reusables.apps.oauth-token-limit %}
### Types of requested data
diff --git a/content/apps/oauth-apps/using-oauth-apps/internal-oauth-apps.md b/content/apps/oauth-apps/using-oauth-apps/internal-oauth-apps.md
index a7c60c4a63f7..18d74fc9c944 100644
--- a/content/apps/oauth-apps/using-oauth-apps/internal-oauth-apps.md
+++ b/content/apps/oauth-apps/using-oauth-apps/internal-oauth-apps.md
@@ -16,13 +16,16 @@ These internal apps will appear in the user security log, but will not appear in
These {% data variables.product.prodname_oauth_apps %} are :
-* Git Credentials Manager
+* Gist
+* Git Credential Manager
* GitHub Android
-* {% data variables.product.prodname_cli %}
-* {% data variables.product.prodname_desktop %}
-* GitHub for Unity
-* GitHub for VSCode
+* GitHub CLI
+* GitHub Codespaces for JetBrains
+* GitHub Desktop
+* GitHub Education
+* github-importer-production
* GitHub iOS
-* GitHub Mac
-* GitHub Windows
+* GitHub Support
+* JetBrains IDE Integration
* Visual Studio
+* Visual Studio Code
diff --git a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md
index 720394d69839..661221fd9b3e 100644
--- a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md
+++ b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md
@@ -48,6 +48,12 @@ Admins of repositories that are owned by an organization can also install {% dat
The "app manager" role in an organization does not give a person the ability to install a {% data variables.product.prodname_github_app %} in the organization. For more information, see "[AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers)."
+{% ifversion ghec %}
+
+For enterprise managed user accounts, only enterprise owners can purchase and install a paid {% data variables.product.prodname_github_app %} for an organization in the enterprise. Enterprise members cannot purchase a paid {% data variables.product.prodname_github_app %}. Organization owners with an enterprise managed user account can still install a free {% data variables.product.prodname_github_app %}.
+
+{% endif %}
+
## Installing a {% data variables.product.prodname_github_app %} in your organization
{% data reusables.marketplace.visit-marketplace %}
diff --git a/content/apps/using-github-apps/internal-github-apps.md b/content/apps/using-github-apps/internal-github-apps.md
index d803b606b42f..209eef54590a 100644
--- a/content/apps/using-github-apps/internal-github-apps.md
+++ b/content/apps/using-github-apps/internal-github-apps.md
@@ -16,10 +16,17 @@ These internal apps will appear in the user security log, but will not appear in
These {% data variables.product.prodname_github_apps %} are:
-* {% data variables.product.prodname_classroom %}
-* VSCode Auth Provider
+* Actions
+* Dependabot
* Git Src Migrator
-* MS Teams
+* GitHub Advanced Security
+* GitHub Classroom
+* GitHub Codespaces
+* GitHub Copilot Plugin
+* GitHub Merge Queue
+* GitHub Pages
+* GitHub Project Automation
+* GitHub Team Synchronization
+* Microsoft Teams for GitHub
+* OpenGraph (`custom-og-image`)
* Slack
-* {% data variables.product.prodname_codespaces %}
-* {% data variables.product.prodname_copilot_short %} plugin
diff --git a/content/authentication/authenticating-with-a-passkey/about-passkeys.md b/content/authentication/authenticating-with-a-passkey/about-passkeys.md
index f4d5879fed5a..3334ec4cfca9 100644
--- a/content/authentication/authenticating-with-a-passkey/about-passkeys.md
+++ b/content/authentication/authenticating-with-a-passkey/about-passkeys.md
@@ -1,19 +1,21 @@
---
title: About passkeys
intro: 'Passkeys allow you to sign in safely and easily, without requiring a password and two-factor authentication.'
-permissions: 'Personal account owners who manage their own credentials can authenticate to {% data variables.product.prodname_dotcom_the_website %} using passkeys.'
+permissions: '{% ifversion fpt or ghec %}Personal account owners who manage their own credentials{% endif %}'
versions:
feature: passkeys
shortTitle: About passkeys
---
+{% data reusables.passkeys.ghes-disable %}
+
## About passkeys
{% data reusables.passkeys.about-passkeys %}
Passkeys are pairs of cryptographic keys (a public key and a private key) that are stored by an authenticator you control. The authenticator can prove that a user is present and is authorized to use the passkey. Authenticators prove authorization with a PIN, passcode, biometric, or device password, depending on the authenticator's capabilities and configuration. Authenticators come in many forms, such as an iPhone or Android device, Windows Hello, a FIDO2 hardware security key, or a password manager.
-When you sign in to {% data variables.product.prodname_dotcom_the_website %} using a passkey, your authenticator uses public key cryptography to prove your identity to {% data variables.product.company_short %} without ever sending the passkey. Passkeys are bound to a website domain, like `{% data variables.product.prodname_dotcom_the_website %}`, and require a secure connection, meaning that the web browser will refuse to authenticate to a lookalike phishing website. These properties make passkeys highly phishing-resistant, and much harder to attack than SMS or TOTP 2FA, which can be phished.
+When you sign in to {% data variables.product.prodname_dotcom %} using a passkey, your authenticator uses public key cryptography to prove your identity to {% data variables.product.company_short %} without ever sending the passkey. Passkeys are bound to a website domain, like `{% data variables.product.prodname_dotcom_the_website %}`, and require a secure connection, meaning that the web browser will refuse to authenticate to a lookalike phishing website. These properties make passkeys highly phishing-resistant, and much harder to attack than SMS or TOTP 2FA, which can be phished.
Cloud-backed passkey services allow passkeys to be synced across devices (such as Apple devices, Android devices, or password managers) so they can be used from more places and are less easily lost. Once you have set up a synced passkey on one device, that passkey is available to use across multiple devices using the same service. For example, if you register a passkey with your iCloud account using your MacBook's Touch ID, you can then use that passkey with your face, fingerprint, PIN, or device password interchangeably across multiple devices tied to the same iCloud account.
@@ -23,7 +25,7 @@ For 2FA users, if you already have passkey-eligible security keys registered to
## About authenticators
-Some authenticators allow passkeys to be used with nearby devices. For example, perhaps you want to sign in to {% data variables.product.prodname_dotcom_the_website %} using a bluetooth-enabled laptop that's not set up with a passkey. If you have registered a passkey on your phone, you might opt to scan a QR code, or trigger a push notification to your phone, in order to complete the sign in securely. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey#signing-in-with-a-passkey-using-a-nearby-device)."
+Some authenticators allow passkeys to be used with nearby devices. For example, perhaps you want to sign in to {% data variables.product.prodname_dotcom %} using a bluetooth-enabled laptop that's not set up with a passkey. If you have registered a passkey on your phone, you might opt to scan a QR code, or trigger a push notification to your phone, in order to complete the sign in securely. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey#signing-in-with-a-passkey-using-a-nearby-device)."
Other authenticators create device-bound passkeys, meaning they can only be used on a single authenticator. These passkeys cannot be backed up or moved to another authenticator. Some passkey providers may offer device-bound passkeys as an option during passkey creation, while other providers may not offer the choice between device-bound and synced passkeys.
diff --git a/content/authentication/authenticating-with-a-passkey/index.md b/content/authentication/authenticating-with-a-passkey/index.md
index 50822db84e8f..c80effa3ce28 100644
--- a/content/authentication/authenticating-with-a-passkey/index.md
+++ b/content/authentication/authenticating-with-a-passkey/index.md
@@ -8,4 +8,6 @@ children:
- /managing-your-passkeys
- /signing-in-with-a-passkey
shortTitle: Authenticate with a passkey
----
\ No newline at end of file
+---
+
+{% data reusables.passkeys.ghes-disable %}
diff --git a/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md b/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md
index bcbb39aa0732..39b597a6ed1d 100644
--- a/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md
+++ b/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md
@@ -1,18 +1,20 @@
---
title: Managing your passkeys
intro: 'You may be prompted to register a passkey during sign-in, or you can choose to register a new passkey in your account settings. For 2FA users, you can upgrade existing eligible security keys into passkeys.'
-permissions: 'Personal account owners who manage their own credentials can authenticate to {% data variables.product.prodname_dotcom_the_website %} using passkeys.'
+permissions: '{% ifversion fpt or ghec%}Personal account owners who manage their own credentials{% endif %}'
versions:
feature: passkeys
type: how_to
shortTitle: Manage your passkeys
---
+{% data reusables.passkeys.ghes-disable %}
+
## About managing your passkeys
-If you are connecting to {% data variables.product.prodname_dotcom_the_website %} from an eligible device and browser, {% data variables.product.company_short %} may prompt you to register the device as a passkey during sign-in. You can also add passkeys to your account from your account settings. For more information, see "[Adding a passkey to your account](#adding-a-passkey-to-your-account)."
+If you are connecting to {% data variables.product.prodname_dotcom %} from an eligible device and browser, {% data variables.product.company_short %} may prompt you to register the device as a passkey during sign-in. You can also add passkeys to your account from your account settings. For more information, see "[Adding a passkey to your account](#adding-a-passkey-to-your-account)."
-If you use two-factor authentication (2FA), {% data variables.product.company_short %} may prompt you to upgrade existing eligible security keys (such as Mac TouchID, or Windows Hello) into passkeys after authenticating to {% data variables.product.prodname_dotcom_the_website %}. You can also upgrade eligible security keys from your account settings. For more information, see "[Upgrading an existing security key to a passkey](#upgrading-an-existing-security-key-to-a-passkey)."
+If you use two-factor authentication (2FA), {% data variables.product.company_short %} may prompt you to upgrade existing eligible security keys (such as Mac TouchID, or Windows Hello) into passkeys after authenticating to {% data variables.product.prodname_dotcom %}. You can also upgrade eligible security keys from your account settings. For more information, see "[Upgrading an existing security key to a passkey](#upgrading-an-existing-security-key-to-a-passkey)."
For information on how to remove a passkey from your account, see "[Removing a passkey from your account](#removing-a-passkey-from-your-account)."
diff --git a/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md b/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md
index b100153b5a3a..ce4375ce16a7 100644
--- a/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md
+++ b/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md
@@ -1,36 +1,38 @@
---
title: Signing in with a passkey
-intro: 'You can use a passkey to sign in safely and easily to {% data variables.product.prodname_dotcom_the_website %}, without requiring a password and two-factor authentication. You can also sign in using a passkey on a nearby device.'
-permissions: 'Personal account owners who manage their own credentials can authenticate to {% data variables.product.prodname_dotcom_the_website %} using passkeys.'
+intro: 'You can use a passkey to sign in safely and easily to {% data variables.product.prodname_dotcom %} in your browser, without requiring a password and two-factor authentication. You can also sign in using a passkey on a nearby device.'
+permissions: '{% ifversion fpt or ghec%}Personal account owners who manage their own credentials{% endif %}'
versions:
feature: passkeys
type: how_to
shortTitle: Sign in with a passkey
---
+{% data reusables.passkeys.ghes-disable %}
+
## About signing in with a passkey
-You must first add a passkey to your account before you can use the passkey to sign in to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."
+You must first add a passkey to your account before you can use the passkey to sign in to {% data variables.product.prodname_dotcom %} in the browser. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."
-Once you have added a passkey to your account, you can use the passkey to sign in safely and securely to {% data variables.product.prodname_dotcom_the_website %} without having to enter your password or perform two-factor authentication (2FA). Once you have added a synced passkey on one device, the passkey is available to use across multiple devices. These devices must use the same passkey provider (such as iCloud).
+Once you have added a passkey to your account, you can use the passkey to sign in safely and securely to {% data variables.product.prodname_dotcom %} without having to enter your password, perform two-factor authentication (2FA), or verify a new device. Once you have added a synced passkey on one device, the passkey is available to use across multiple devices. These devices must use the same passkey provider (such as iCloud).
-Some authenticators allow passkeys to be used with nearby devices. For example, perhaps you want to sign in to {% data variables.product.prodname_dotcom_the_website %} using a bluetooth-enabled laptop that's not set up with a passkey. If you have registered a passkey on your phone, you might opt to scan a QR code, or trigger a push notification to your phone, in order to complete the sign in securely. For more information, see "[Signing in with a passkey using a nearby device](#signing-in-with-a-passkey-using-a-nearby-device)."
+Some authenticators allow passkeys to be used with nearby devices. For example, perhaps you want to sign in to {% data variables.product.prodname_dotcom %} using a Bluetooth-enabled laptop that's not set up with a passkey. If you have registered a passkey on your phone, you might opt to scan a QR code, or trigger a push notification to your phone, in order to complete the sign in securely. For more information, see "[Signing in with a passkey using a nearby device](#signing-in-with-a-passkey-using-a-nearby-device)."
## Signing in with a passkey linked to your primary device
-1. Navigate to the login page for {% data variables.product.prodname_dotcom_the_website %} at [https://github.com/login?passkey=true](https://github.com/login?passkey=true).
+1. Navigate to the login page for {% data variables.product.prodname_dotcom %} at {% ifversion fpt or ghec%}[https://github.com/login?passkey=true](https://github.com/login?passkey=true){% else %}`https://HOSTNAME/login?passkey=true`{% endif %}.
1. Click **{% octicon "passkey-fill" aria-hidden="true" %} Sign in with a passkey**.
1. Follow the prompts on your browser or platform to select a passkey that is accessible from the device you are using, and complete the authentication process. For example, when prompted, you might touch a fingerprint sensor or enter your PIN.
## Signing in with a passkey using a nearby device
-1. Navigate to the login page for {% data variables.product.prodname_dotcom_the_website %} at [https://github.com/login?passkey=true](https://github.com/login?passkey=true).
+1. Navigate to the login page for {% data variables.product.prodname_dotcom_the_website %} at {% ifversion fpt or ghec%}[https://github.com/login?passkey=true](https://github.com/login?passkey=true){% else %}`https://HOSTNAME/login?passkey=true`{% endif %}.
1. Click **{% octicon "passkey-fill" aria-hidden="true" %} Sign in with a passkey**.
-1. Follow the prompts on your browser or platform to select a passkey that's accessible as a nearby device (such as a phone or a tablet).
+1. Follow the prompts on your browser or platform to select a passkey that is accessible as a nearby device (such as a phone or a tablet).
1. Continue to follow the prompts to start the authentication process. For example, you might choose to scan a QR code, or trigger a push notification to the nearby device.
-1. On your nearby device, follow the prompts to complete the authentication process. For example, if you are using an iPhone, you might perform FaceID or enter your passcode.
+1. On your nearby device, follow the prompts to complete the authentication process. For example, if you are using an iPhone, you might perform Face ID or enter your passcode.
## Further reading
-* [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)
-* [AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)
+* "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)"
+* "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)"
diff --git a/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md b/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md
index 22348d2f903b..1dbd51dff41c 100644
--- a/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md
+++ b/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md
@@ -16,7 +16,7 @@ shortTitle: Check for existing SSH key
## About SSH keys
-You can use SSH to perform Git operations in repositories on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/about-ssh)."
+You can use SSH to perform Git operations in repositories. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/about-ssh)."
If you have an existing SSH key, you can use the key to authenticate Git operations over SSH.
diff --git a/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md b/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md
index e47abecfc768..4acead2314aa 100644
--- a/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md
+++ b/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md
@@ -32,7 +32,7 @@ You can generate a new SSH key on your local machine. After you generate the key
{% ifversion ghes %}
-If you are a site administrator for {% data variables.location.product_location %}, you can use the same key to grant yourself administrative SSH access to the instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+If you are a site administrator for {% data variables.location.product_location_enterprise %}, you can use the same key to grant yourself administrative SSH access to the instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
{% endif %}
diff --git a/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md b/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
index 9803e79a8f11..2417f8d5e3c3 100644
--- a/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
+++ b/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
@@ -50,9 +50,7 @@ If you need to use multiple accounts on {% data variables.location.product_locat
* **Username and password only**
* You'll create a password when you create your account on {% data variables.product.product_name %}. We recommend that you use a password manager to generate a random and unique password. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-strong-password)."{% ifversion fpt or ghec %}
- * If you have not enabled 2FA, {% data variables.product.product_name %} will ask for additional verification when you first sign in from an unrecognized device, such as a new browser profile, a browser where the cookies have been deleted, or a new computer.
-
- After providing your username and password, you will be asked to provide a verification code that we will send to you via email. If you have the {% data variables.product.prodname_mobile %} application installed, you'll receive a notification there instead. For more information, see "[AUTOTITLE](/get-started/using-github/github-mobile)."{% endif %}
+ * If you have not enabled 2FA, {% data variables.product.product_name %} may ask for additional verification when you first sign in from a new or unrecognized device, such as a new browser profile, a browser where the cookies have been deleted, or a new computer. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in)."{% endif %}
* **Two-factor authentication (2FA)** (recommended)
* If you enable 2FA, after you successfully enter your username and password, we'll also prompt you to provide a code that's generated by a time-based one time password (TOTP) application on your mobile device{% ifversion fpt or ghec %} or sent as a text message (SMS).{% endif %}{% ifversion 2fa-check-up-period %}
* After you configure 2FA, your account enters a check up period for 28 days. You can leave the check up period by successfully performing 2FA within those 28 days. If you don't perform 2FA in that timespan, you'll then be asked to perform 2FA inside one of your existing {% data variables.product.prodname_dotcom_the_website %} sessions.
@@ -66,12 +64,12 @@ If you need to use multiple accounts on {% data variables.location.product_locat
{% endnote %}
{% endif %}{% ifversion passkeys %}
-* **Passkey** (opt-in beta)
- * You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."{% endif %}
+* **Passkey**
+ * You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."{% endif %}
{% ifversion ghes %}
* **External authentication**
- * Your site administrator may configure {% data variables.location.product_location %} to use external authentication instead of a username and password. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#external-authentication)."{% endif %}{% ifversion fpt or ghec %}
+ * Your site administrator may configure {% data variables.location.product_location_enterprise %} to use external authentication instead of a username and password. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#external-authentication)."{% endif %}{% ifversion fpt or ghec %}
* **SAML single sign-on**
* Before you can access resources owned by an organization or enterprise account that uses SAML single sign-on, you may need to also authenticate through an IdP. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %}
@@ -141,8 +139,10 @@ To use a {% data variables.product.pat_generic %} or SSH key to access resources
| Token type | Prefix | More information |
| :- | :- | :- |
-| {% data variables.product.pat_v1_caps %} | `ghp_` | {% ifversion pat-v2 %}"[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic)"{% else %}"[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)"{% endif %} |{% ifversion pat-v2 %}
-| {% data variables.product.pat_v2_caps %} | `github_pat_` | "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token)" |{% endif %}
+| {% data variables.product.pat_v1_caps %} | `ghp_` | {% ifversion pat-v2 %}"[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic)"{% else %}"[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)"{% endif %} |
+| {% ifversion pat-v2 %} |
+| {% data variables.product.pat_v2_caps %} | `github_pat_` | "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token)" |
+| {% endif %} |
| OAuth access token | `gho_` | "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps)" |
| User access token for a {% data variables.product.prodname_github_app %} | `ghu_` | "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)" |
| Installation access token for a {% data variables.product.prodname_github_app %} | `ghs_` | "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)" |
diff --git a/content/authentication/keeping-your-account-and-data-secure/creating-a-strong-password.md b/content/authentication/keeping-your-account-and-data-secure/creating-a-strong-password.md
index 8cabd399b370..23fc608ad639 100644
--- a/content/authentication/keeping-your-account-and-data-secure/creating-a-strong-password.md
+++ b/content/authentication/keeping-your-account-and-data-secure/creating-a-strong-password.md
@@ -1,6 +1,6 @@
---
title: Creating a strong password
-intro: 'Secure your account on {% data variables.location.product_location %} with a strong and unique password using a password manager.'
+intro: 'Secure your account on {% data variables.product.prodname_dotcom %} with a strong and unique password using a password manager.'
redirect_from:
- /articles/what-is-a-strong-password
- /articles/creating-a-strong-password
@@ -15,13 +15,13 @@ topics:
- Access management
shortTitle: Create a strong password
---
-You must choose or generate a password for your account on {% data variables.location.product_location %} that is at least:
+You must choose or generate a password for your account on {% data variables.product.prodname_dotcom %} that is at least:
* {% ifversion ghes %}Seven{% else %}Eight{% endif %} characters long, if it includes a number and a lowercase letter, or
* 15 characters long with any combination of characters
To keep your account secure, we recommend you follow these best practices:
* Use a password manager to generate a password of at least 15 characters.
-* Generate a unique password for {% data variables.product.product_name %}. If you use your {% data variables.product.product_name %} password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your account on {% data variables.location.product_location %}.
+* Generate a unique password for {% data variables.product.product_name %}. If you use your {% data variables.product.product_name %} password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your account.
* Configure two-factor authentication for your personal account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication)."{% ifversion passkeys %}
* {% data reusables.passkeys.add-passkey-option %}{% endif %}
* Never share your password, even with a potential collaborator. Each person should use their own personal account on {% data variables.product.product_name %}. For more information on ways to collaborate, see: "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository)," "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models)," or "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations)."
diff --git a/content/authentication/keeping-your-account-and-data-secure/index.md b/content/authentication/keeping-your-account-and-data-secure/index.md
index af4242d89595..49551fc10589 100644
--- a/content/authentication/keeping-your-account-and-data-secure/index.md
+++ b/content/authentication/keeping-your-account-and-data-secure/index.md
@@ -1,6 +1,6 @@
---
title: Keeping your account and data secure
-intro: 'To protect your personal information, you should keep both your account on {% data variables.location.product_location %} and any associated data secure.'
+intro: 'To protect your personal information, you should keep both your account on {% data variables.product.prodname_dotcom %} and any associated data secure.'
redirect_from:
- /articles/keeping-your-account-and-data-secure
- /github/authenticating-to-github/keeping-your-account-and-data-secure
@@ -15,6 +15,7 @@ children:
- /about-authentication-to-github
- /creating-a-strong-password
- /switching-between-accounts
+ - /verifying-new-devices-when-signing-in
- /updating-your-github-access-credentials
- /managing-your-personal-access-tokens
- /reviewing-your-ssh-keys
diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
index 7e92b8222463..bcb828b3b7ad 100644
--- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
+++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
@@ -33,6 +33,8 @@ For more information, see "[Keeping your {% data variables.product.pat_generic %
{% data variables.product.pat_generic_caps %}s are intended to access {% data variables.product.company_short %} resources on behalf of yourself. To access resources on behalf of an organization, or for long-lived integrations, you should use a {% data variables.product.prodname_github_app %}. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)."
+{% data reusables.user-settings.token_access_capabilities %} For example, a {% data variables.product.pat_generic %} can be configured with an `admin:org` scope, but if the owner of the token is not an organization owner, the token will not give administrative access to the organization.
+
{% ifversion pat-v2 %}
### Types of {% data variables.product.pat_generic %}s
@@ -147,7 +149,7 @@ If you selected an organization as the resource owner and the organization requi
1. Click **Generate token**.
1. Optionally, to copy the new token to your clipboard, click {% octicon "copy" aria-label="Copy token" %}.
- {% ifversion fpt or ghec %}
+ {% ifversion ghes %}{% else %}{% endif %}{% ifversion fpt or ghec %}
1. To use your token to access resources owned by an organization that uses SAML single sign-on, authorize the token. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %}
## Deleting a {% data variables.product.pat_generic %}
diff --git a/content/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access.md b/content/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access.md
index 5684f33ac8b7..8341d8b38700 100644
--- a/content/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access.md
+++ b/content/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access.md
@@ -1,6 +1,6 @@
---
title: Preventing unauthorized access
-intro: 'You may be alerted to a security incident in the media, such as the discovery of the [Heartbleed bug](http://heartbleed.com/), or your computer could be stolen while you''re signed in to {% data variables.location.product_location %}. In such cases, changing your password prevents any unintended future access to your account and projects.'
+intro: 'You may be alerted to a security incident in the media, such as the discovery of the [Heartbleed bug](http://heartbleed.com/), or your computer could be stolen while you''re signed in to {% data variables.product.prodname_dotcom %}. In such cases, changing your password prevents any unintended future access to your account and projects.'
redirect_from:
- /articles/preventing-unauthorized-access
- /github/authenticating-to-github/preventing-unauthorized-access
@@ -20,7 +20,7 @@ After changing your password, you should perform these actions to make sure that
* Enable two-factor authentication on your account so that access requires more than just a password. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication)."
{%- ifversion passkeys %}
-* Add a passkey to your account to enable a secure, passwordless login. Passkeys are phishing-resistant, and they don't require memorization or active management. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."{% endif %}
+* Add a passkey to your account to enable a secure, passwordless login. Passkeys are phishing-resistant, and they don't require memorization or active management. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."{% endif %}
* Review your SSH keys, deploy keys, and authorized integrations and revoke unauthorized or unfamiliar access in your SSH and Applications settings. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys)," "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys)," and "[AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations)."
{% ifversion fpt or ghec %}
* Verify all your email addresses. If an attacker added their email address to your account, it could allow them to force an unintended password reset. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."
diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
index 901a400ce88b..241c1ce56ce4 100644
--- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
+++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
@@ -32,7 +32,7 @@ This article tells you how to make commits with sensitive data unreachable from
* In any clones or forks of your repository
* Directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %}
-* Through any pull requests that reference them.
+* Through any pull requests that reference them
You cannot remove sensitive data from other users' clones of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}.
@@ -188,10 +188,11 @@ After using either the BFG tool or `git filter-repo` to remove the sensitive dat
1. Tell your collaborators to [rebase](https://git-scm.com/book/en/Git-Branching-Rebasing), _not_ merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging.
-1. After some time has passed and you're confident that the BFG tool / `git filter-repo` had no unintended side effects, you can force all objects in your local repository to be dereferenced and garbage collected with the following commands (using Git 1.8.5 or newer):
+1. If you used `git filter-repo`, you can skip this step.
+
+ If you used the BFG tool, after rewriting, you can clean up references in your local repository to the old history to be dereferenced and garbage collected with the following commands (using Git 1.8.5 or newer):
```shell
- $ git for-each-ref --format="delete %(refname)" refs/original | git update-ref --stdin
$ git reflog expire --expire=now --all
$ git gc --prune=now
> Counting objects: 2437, done.
@@ -213,10 +214,10 @@ There are a few simple tricks to avoid committing things you don't want committe
* Avoid the catch-all commands `git add .` and `git commit -a` on the command line—use `git add filename` and `git rm filename` to individually stage files, instead.
* Use `git add --interactive` to individually review and stage changes within each file.
* Use `git diff --cached` to review the changes that you have staged for commit. This is the exact diff that `git commit` will produce as long as you don't use the `-a` flag.
-* Enable push protection for your repository to detect and prevent pushes which contain hardcoded secrets from being committed to your codebase. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#about-push-protection-for-repositories-and-organizations)."
+* Enable push protection for your repository to detect and prevent pushes which contain hardcoded secrets from being committed to your codebase. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
## Further reading
* [`git filter-repo` man page](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html)
* [Pro Git: Git Tools - Rewriting History](https://git-scm.com/book/en/Git-Tools-Rewriting-History)
-* "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)"
+* "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)"
diff --git a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md
index df34cb77bdec..d505d2682b46 100644
--- a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md
+++ b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md
@@ -30,26 +30,40 @@ The security log lists all actions performed within the last 90 days.
The events listed in your security log are triggered by your actions. Actions are grouped into different categories. For the full list of events in each category, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)."
-| Category name | Description
-|------------------|-------------------{% ifversion fpt or ghec %}
-| `billing` | Contains all activities related to your billing information.
-| `codespaces` | Contains all activities related to {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/overview)."
-| `copilot` | Contains all activities related to {% data variables.product.prodname_copilot_business_short %}. For more information, see "[AUTOTITLE](/copilot/about-github-copilot)."
-| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement.
-| `marketplace_listing`| Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% ifversion security-log-oauth-access-tokens %}
-| `oauth_access` | Contains all activities related to OAuth access tokens.{% endif %}
-| `oauth_authorization` | Contains all activities related to authorizing {% data variables.product.prodname_oauth_apps %}. For more information, see "[AUTOTITLE](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps)."{% ifversion passkeys %}
-| `passkey` | Contains activities related to your passkeys. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."{% endif %}{% ifversion fpt or ghec %}
-| `payment_method` | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.{% endif %}{% ifversion pat-v2%}
-| `personal_access_token` | Contains activities related to {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% endif %}
-| `profile_picture`| Contains all activities related to your profile picture.
-| `project` | Contains all activities related to {% data variables.projects.projects_v1_boards %}.
-| `public_key` | Contains all activities related to [your public SSH keys](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account).
-| `repo`| Contains all activities related to the repositories you own.{% ifversion fpt or ghec %}
-| `sponsors` | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[AUTOTITLE](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% ifversion ghes %}
-| `team` | Contains all activities related to teams you are a part of.{% endif %}
-| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa).
-| `user` | Contains all activities related to your account.
+| Category name | Description |
+| ------------- | ----------- |
+| {% ifversion fpt or ghec %} |
+| `billing` | Contains all activities related to your billing information. |
+| `codespaces` | Contains all activities related to {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/overview)." |
+| `copilot` | Contains all activities related to {% data variables.product.prodname_copilot_business_short %}. For more information, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)." |
+| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. |
+| `marketplace_listing`| Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}. |
+| {% endif %} |
+| {% ifversion security-log-oauth-access-tokens %} |
+| `oauth_access` | Contains all activities related to OAuth access tokens. |
+| {% endif %} |
+| `oauth_authorization` | Contains all activities related to authorizing {% data variables.product.prodname_oauth_apps %}. For more information, see "[AUTOTITLE](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps)." |
+| {% ifversion passkeys %} |
+| `passkey` | Contains activities related to your passkeys. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)." |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `payment_method` | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.
+| {% endif %} |
+| {% ifversion pat-v2%} |
+| `personal_access_token` | Contains activities related to {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." |
+| {% endif %} |
+| `profile_picture`| Contains all activities related to your profile picture. |
+| `project` | Contains all activities related to {% data variables.projects.projects_v1_boards %}. |
+| `public_key` | Contains all activities related to [your public SSH keys](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). |
+| `repo`| Contains all activities related to the repositories you own. |
+| {% ifversion fpt or ghec %} |
+| `sponsors` | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[AUTOTITLE](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `team` | Contains all activities related to teams you are a part of. |
+| {% endif %} |
+| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa). |
+| `user` | Contains all activities related to your account. |
{% ifversion fpt or ghec %}
diff --git a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md
index 23ae476a6b96..952a864efa6e 100644
--- a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md
+++ b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md
@@ -1,6 +1,6 @@
---
title: Reviewing your SSH keys
-intro: 'To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your account on {% data variables.location.product_location %}.'
+intro: 'To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your account.'
redirect_from:
- /articles/keeping-your-application-access-tokens-safe
- /articles/keeping-your-ssh-keys-and-application-access-tokens-safe
diff --git a/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md b/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md
index 99ff37e834df..3a91d89edece 100644
--- a/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md
+++ b/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md
@@ -29,7 +29,7 @@ After you authenticate to perform a sensitive action, your session is temporaril
{% note %}
-**Note**: If {% data variables.location.product_location %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator.
+**Note**: If {% data variables.location.product_location_enterprise %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator.
{% endnote %}
@@ -66,7 +66,7 @@ To confirm access for sudo mode, you {% ifversion totp-and-mobile-sudo-challenge
## Confirming access using a passkey
-You must have a passkey registered to your account to confirm access to your account for sudo mode using a passkey. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."
+You must have a passkey registered to your account to confirm access to your account for sudo mode using a passkey. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
{% endif %}
{% ifversion totp-and-mobile-sudo-challenge %}
@@ -83,7 +83,7 @@ When prompted to authenticate for sudo mode, click **Use security key**, then fo
You must install and sign into {% data variables.product.prodname_mobile %} to confirm access to your account for sudo mode using the app. For more information, see "[AUTOTITLE](/get-started/using-github/github-mobile)."
-1. When prompted to authenticate for sudo mode, click **Use GitHub Mobile**.
+1. When prompted to authenticate for sudo mode, click **Use {% data variables.product.prodname_mobile %}**.
1. Open {% data variables.product.prodname_mobile %}. {% data variables.product.prodname_dotcom %} will display numbers that you must enter in {% data variables.product.prodname_mobile %} to approve the request.
1. In {% data variables.product.prodname_mobile %}, type the numbers displayed.
diff --git a/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md b/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md
index ec3bbdfb1f07..083b35869579 100644
--- a/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md
+++ b/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md
@@ -1,6 +1,6 @@
---
title: 'Switching between accounts'
-intro: 'You can stay signed in to multiple {% data variables.product.prodname_dotcom_the_website %} accounts and {% data variables.enterprise.prodname_managed_users %} and quickly jump between sessions.'
+intro: 'Learn how to switch between multiple {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom_the_website %} accounts and {% data variables.enterprise.prodname_managed_users %}{% else %}accounts{% endif %}.'
allowTitleToDifferFromFilename: true
versions:
feature: account-switcher
@@ -10,15 +10,13 @@ topics:
- Access management
---
-## About switching between your accounts
+If you need to use multiple accounts on {% data variables.product.prodname_dotcom %}, you can sign in to your accounts and switch between them without always being required to reauthenticate. You can use the account switcher if you have a personal account and service accounts (sometimes called machine users){% ifversion fpt or ghec %} or if you need to switch between your personal account and {% data variables.enterprise.prodname_managed_users %} in an enterprise that uses {% data variables.product.prodname_emus %}{% endif %}.
-If you need to use multiple accounts on {% data variables.product.prodname_dotcom_the_website %}, you can sign in to your accounts and switch between them without always being required to reauthenticate. You can use the account switcher if you have a personal account and service accounts (sometimes called machine users) or if you need to switch between your personal account and {% data variables.enterprise.prodname_managed_users %} in an enterprise that uses {% data variables.product.prodname_emus %}.
-
-When you are signed in to multiple accounts and using the account switcher, those sessions remain on your computer or browser. If you access {% data variables.product.prodname_dotcom_the_website %} on another computer or browser, the same accounts will not be available until you add them.
+When you are signed in to multiple accounts and using the account switcher, those sessions remain on your computer or browser. If you access {% data variables.product.prodname_dotcom %} on another computer or browser, the same accounts will not be available until you add them.
If you are signed in to multiple accounts and follow a link to {% data variables.product.product_name %} from an external source, such as a request to install or approve a {% data variables.product.prodname_github_app %}, you will first be prompted to choose which account you want to use.
-Your SSO sessions will persist when you switch away from an account and return, this means you will not always need to authenticate with your identity provider (IdP) each time you want to use your SSO-linked account. If you're a member of an enterprise that uses {% data variables.product.prodname_emus %} and add your {% data variables.enterprise.prodname_managed_user %} to the account switcher, the {% data variables.enterprise.prodname_managed_user %} will appear grayed out if your session has expired. Selecting the expired account will send you to reauthenticate with your IdP.
+Your SSO sessions will persist when you switch away from an account and return. This means you will not always need to authenticate with your identity provider (IdP) each time you want to use your SSO-linked account. {% ifversion fpt or ghec %}If you're a member of an enterprise that uses {% data variables.product.prodname_emus %} and add your {% data variables.enterprise.prodname_managed_user %} to the account switcher, the {% data variables.enterprise.prodname_managed_user %} will appear grayed out if your session has expired. Selecting the expired account will send you to reauthenticate with your IdP.{% endif %}
## Adding an account to the account switcher
diff --git a/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md b/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md
index c2e2f53d07ae..2b63dee86781 100644
--- a/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md
+++ b/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md
@@ -46,13 +46,13 @@ If a valid OAuth token, {% data variables.product.prodname_github_app %} token,
You can revoke your authorization of a {% data variables.product.prodname_github_app %} or {% data variables.product.prodname_oauth_app %} from your account settings which will revoke any tokens associated with the app. For more information, see "[AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations)" and "[AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-applications-oauth)."
-Once an authorization is revoked, any tokens associated with the authorization will be revoked as well. To reauthorize an application, follow the instructions from the third-party application or website to connect your account on {% data variables.location.product_location %} again.
+Once an authorization is revoked, any tokens associated with the authorization will be revoked as well. To reauthorize an application, follow the instructions from the third-party application or website to connect your account on {% data variables.product.prodname_dotcom %} again.
## Token revoked by the {% data variables.product.prodname_oauth_app %}
The owner of an {% data variables.product.prodname_oauth_app %} can revoke an account's authorization of their app, this will also revoke any tokens associated with the authorization. For more information about revoking authorizations of your {% data variables.product.prodname_oauth_app %}, see "[AUTOTITLE](/rest/apps/oauth-applications#delete-an-app-authorization)."
-{% data variables.product.prodname_oauth_app %} owners can also revoke individual tokens associated with an authorization. For more information about revoking individual tokens for your {% data variables.product.prodname_oauth_app %}, see "[AUTOTITLE](/rest/apps/oauth-applications#delete-an-app-token)".
+{% data variables.product.prodname_oauth_app %} owners can also revoke individual tokens associated with an authorization. For more information about revoking individual tokens for your {% data variables.product.prodname_oauth_app %}, see "[AUTOTITLE](/rest/apps/oauth-applications#delete-an-app-token)."
## Token revoked due to excess of tokens for an {% data variables.product.prodname_oauth_app %} with the same scope
diff --git a/content/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials.md b/content/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials.md
index 06015da38e6a..f166da977231 100644
--- a/content/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials.md
+++ b/content/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials.md
@@ -19,7 +19,7 @@ shortTitle: Update access credentials
## Requesting a new password
1. To request a new password, visit {% ifversion fpt or ghec %}https://{% data variables.product.product_url %}/password_reset{% else %}`https://{% data variables.product.product_url %}/password_reset`{% endif %}.
-1. Enter the email address associated with your account on {% data variables.location.product_location %}, then click **Send password reset email.** The email will be sent to the backup email address if you have one configured.
+1. Enter the email address associated with your account, then click **Send password reset email.** The email will be sent to the backup email address if you have one configured.
1. We'll email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.
1. If you have enabled two-factor authentication, you will be prompted for your 2FA credentials:
{% ifversion fpt or ghec %}
@@ -50,7 +50,7 @@ To avoid losing your password in the future, we suggest using a secure password
1. Sign in to {% data variables.product.product_name %}.
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security %}
-1. Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-strong-password)"
+1. Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-strong-password)."
1. Click **Update password**.
{% tip %}
diff --git a/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md b/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md
new file mode 100644
index 000000000000..5266f0c19af5
--- /dev/null
+++ b/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md
@@ -0,0 +1,44 @@
+---
+title: Verifying new devices when signing in
+intro: 'When you sign in for the first time from a new or unrecognized device without two-factor authentication enabled, {% data variables.product.prodname_dotcom %} may ask for additional verification to confirm that it is you.'
+versions:
+ fpt: '*'
+ ghec: '*'
+topics:
+ - Identity
+ - Access management
+shortTitle: Verifying devices on sign in
+---
+
+## About device verification
+
+To keep your account secure when two-factor authentication (2FA) is not enabled, {% data variables.product.prodname_dotcom %} may ask you to verify your sign-in attempt when you access your account from an unrecognized device for the first time. This is called device verification. An unrecognized device requiring verification may include a new computer or phone, a new browser, or new browser profile.
+
+You will only need to verify a new device once. If you clear your cookies, or use a different browser on the same device, {% data variables.product.prodname_dotcom %} may ask you to verify your device again.
+
+{% data variables.product.prodname_dotcom %} will not ask you to perform device verification when you have 2FA enabled, or when you sign in using a passkey. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey)."
+
+## Verifying your sign-in attempt
+
+1. Sign in to {% data variables.product.product_name %}, using your username and password.
+1. If you are signing in from an unrecognized device, {% data variables.product.prodname_dotcom %} may ask to you pass a "Device verification" prompt. The verification code is sent to all primary and backup email addresses associated with your account. The code is valid for one hour.
+ * If you have the {% data variables.product.prodname_mobile %} application installed, {% data variables.product.product_name %} sends a verification request to your mobile device, instead of sending an email. Enter the code displayed in your browser into the {% data variables.product.prodname_mobile %} app to verify your sign-in. You can request an email code if your mobile device is unavailable.
+1. Enter the verification code into your browser to verify your sign-in.
+
+## Troubleshooting device verification
+
+If you do not receive the verification code, make sure that you are checking the right email address. We only send the verification code to the primary and backup email addresses associated with your account. {% data variables.product.prodname_dotcom %} will provide you with a hint of the email(s) that the verification code was sent to. If you are certain that you are accessing the correct address, ensure your email account can receive emails from {% data variables.product.prodname_dotcom %}, or try waiting a few minutes in case there are temporary deliverability delays.
+
+If you cannot provide the verification code because you don’t have access to your email address, you will not be able to verify your new device. You can access your {% data variables.product.prodname_dotcom %} account by using a device you’ve used before and, from there, you should add an email address that you can access to your account. See "[AUTOTITLE](/get-started/signing-up-for-github/verifying-your-email-address)."
+
+If you cannot provide the verification code and do not have another active session on a device you’ve used before, you may be able to contact the provider of your email address account to determine your account recovery options. If your email address is completely inaccessible, you can create a new {% data variables.product.prodname_dotcom %} account with a different username and email address. See "[AUTOTITLE](/get-started/signing-up-for-github/signing-up-for-a-new-github-account)."
+
+## Receiving an unexpected device verification email
+
+If you receive a verification code from {% data variables.product.prodname_dotcom %} that you did not request, your {% data variables.product.prodname_dotcom %} password may have been compromised. You should immediately change your password and take steps to make sure that your account is secure. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access)."
+
+## Disabling device verification
+
+You can disable the requirement to verify new devices via email by enabling 2FA. It is not possible to opt-out of device verification entirely without enabling 2FA. See "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
+
+You can sign in using a passkey to skip the device verification prompt. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey)."
diff --git a/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md b/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md
index e15ee8193268..23ba4dca0fa6 100644
--- a/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md
+++ b/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md
@@ -1,6 +1,6 @@
---
title: Adding a GPG key to your GitHub account
-intro: 'To configure your account on {% data variables.location.product_location %} to use your new (or existing) GPG key, you''ll also need to add the key to your account.'
+intro: 'To configure your account on {% data variables.product.product_name %} to use your new (or existing) GPG key, you''ll also need to add the key to your account.'
redirect_from:
- /articles/adding-a-gpg-key-to-your-github-account
- /github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
@@ -44,7 +44,7 @@ When verifying a signature, {% data variables.product.product_name %} extracts t
1. In the "Title" field, type a name for your GPG key.
1. In the "Key" field, paste the GPG key you copied when you [generated your GPG key](/authentication/managing-commit-signature-verification/generating-a-new-gpg-key).
1. Click **Add GPG key**.
-1. To confirm the action, authenticate to your {% data variables.product.prodname_dotcom %} account.
+1. If prompted, authenticate to your {% data variables.product.prodname_dotcom %} account to confirm the action.
{% ifversion upload-expired-or-revoked-gpg-key %}
{% else %}
diff --git a/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md b/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
index 41307ffc27e2..4776929be53f 100644
--- a/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
+++ b/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
@@ -14,12 +14,9 @@ topics:
- Access management
shortTitle: Associate email with GPG key
---
-{% note %}
If you're using a GPG key that matches your committer identity and your verified email address associated with your account on {% data variables.location.product_location %}, then you can begin signing commits and signing tags.
-{% endnote %}
-
{% data reusables.command_line.open_the_multi_os_terminal %}
{% data reusables.gpg.list-keys-with-note %}
{% data reusables.gpg.copy-gpg-key-id %}
diff --git a/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md b/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md
index 2b7aa5beadac..5a9fc3a12b4b 100644
--- a/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md
+++ b/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md
@@ -55,7 +55,7 @@ topics:
{% data reusables.gpg.copy-gpg-key-id %}
1. Paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is `3AA5C34371567BD2`:
- ```shell
+ ```shell copy
gpg --armor --export 3AA5C34371567BD2
# Prints the GPG key ID, in ASCII armor format
```
diff --git a/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md b/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md
index ce2c12b22372..f2c903f6f0d1 100644
--- a/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md
+++ b/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md
@@ -22,12 +22,8 @@ shortTitle: Tell Git about your signing key
If you're using a GPG key that matches your committer identity and your verified email address associated with your account on {% data variables.location.product_location %}, then you can begin signing commits and signing tags.
-{% note %}
-
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[AUTOTITLE](/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key)".
-{% endnote %}
-
If you have multiple GPG keys, you need to tell Git which one to use.
{% data reusables.command_line.open_the_multi_os_terminal %}
diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md
index 66b9a481c730..b3b52fb9ec61 100644
--- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md
+++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md
@@ -18,12 +18,12 @@ shortTitle: About 2FA
{% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
{% endif %}
-For {% data variables.product.product_name %}, the second form of authentication is a code that's generated by an application on your mobile device{% ifversion fpt or ghec %} or sent as a text message (SMS){% endif %}. After you enable 2FA, {% data variables.product.product_name %} generates an authentication code any time someone attempts to sign into your account on {% data variables.location.product_location %}. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
+For {% data variables.product.product_name %}, the second form of authentication is a code that's generated by an application on your mobile device{% ifversion fpt or ghec %} or sent as a text message (SMS){% endif %}. After you enable 2FA, {% data variables.product.product_name %} generates an authentication code any time someone attempts to sign into your account. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
{% data reusables.two_fa.after-2fa-add-security-key %}
{% ifversion passkeys %}
-{% data reusables.passkeys.after-2fa-optional-add-passkey %} For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."
+{% data reusables.passkeys.after-2fa-optional-add-passkey %} See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
{% endif %}
{% ifversion fpt or ghec %}
@@ -42,6 +42,10 @@ You can also configure additional recovery methods in case you lose access to yo
We **strongly** urge you to enable 2FA for the safety of your account, not only on {% data variables.product.product_name %}, but on other websites and apps that support 2FA. You can enable 2FA to access {% data variables.product.product_name %} and {% data variables.product.prodname_desktop %}.
+{% ifversion fpt or ghec %}
+If you don't enable 2FA, {% data variables.product.product_name %} may ask for additional verification to confirm that it is you when you sign in for the first time from a new or unrecognized device. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in)."
+{% endif %}
+
For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication)."
## Two-factor authentication recovery codes
diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md
index c521b7e481f3..d8ac757b8b53 100644
--- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md
+++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md
@@ -47,14 +47,14 @@ If you've set up a security key on your account, and your browser supports secur
1. Using your username and password, sign in to {% data variables.product.product_name %} through your browser.
1. If you use a physical security key, ensure it's connected to your device.
-1. To trigger the security key prompt from your operating system, select "Use security key".
+1. To trigger the security key prompt from your operating system, select "Use security key."
1. Select the appropriate option in the prompt. Depending on your security key configuration, you may type a PIN, complete a biometric prompt, or use a physical security key.
{% ifversion passkeys %}
### Using a passkey
-If you have enabled 2FA, and you have added a passkey to your account, you can use the passkey to sign in. Since passkeys satisfy both password and 2FA requirements, you can complete your sign in with a single step. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey)."
+If you have enabled 2FA, and you have added a passkey to your account, you can use the passkey to sign in. Since passkeys satisfy both password and 2FA requirements, you can complete your sign in with a single step. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
{% endif %}
diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md
index 72ce44474936..c66d1b7a13be 100644
--- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md
+++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md
@@ -39,7 +39,7 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}
{% warning %}
**Warning:**
-* If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA on {% data variables.location.product_location %}.
+* If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA.
* If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner.
{% endwarning %}
@@ -95,7 +95,7 @@ If you're unable to configure a TOTP app, you can also register your phone numbe
## Configuring two-factor authentication using a passkey
-{% data reusables.passkeys.about-passkeys %}
+{% data reusables.passkeys.about-passkeys %} See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
{% note %}
@@ -103,8 +103,6 @@ If you're unable to configure a TOTP app, you can also register your phone numbe
{% endnote %}
-For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
-
1. You must have already configured 2FA via a TOTP mobile app{% ifversion fpt or ghec %} or via SMS{% endif %}.
{% data reusables.passkeys.adding-a-passkey %}
@@ -148,8 +146,9 @@ Once you have configured a TOTP application, or SMS, you can also use {% data va
1. You must have already configured 2FA via a TOTP mobile app or via SMS.
1. Install [{% data variables.product.prodname_mobile %}](https://github.com/mobile).
1. Sign in to your {% data variables.product.product_name %} account from {% data variables.product.prodname_mobile %}.
+1. Ensure {% data variables.product.prodname_mobile %} can send push notifications. If you have not opted in to push notifications, you can turn them on within notification settings in {% data variables.product.prodname_mobile %}.
-After signing in, you can now use your device for 2FA.
+After signing in and turning on push notifications, you can now use your device for 2FA.
{% endif %}
## Further reading
diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/index.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/index.md
index b99652e3ed75..6fc5ecbf6599 100644
--- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/index.md
+++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/index.md
@@ -1,6 +1,6 @@
---
title: Securing your account with two-factor authentication (2FA)
-intro: 'You can set up your account on {% data variables.location.product_location %} to require an authentication code in addition to your password when you sign in.'
+intro: 'You can set up your account on {% data variables.product.prodname_dotcom %} to require an authentication code in addition to your password when you sign in.'
redirect_from:
- /categories/84/articles
- /categories/two-factor-authentication-2fa
diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md
index a5afde607e73..c35e7d06d179 100644
--- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md
+++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md
@@ -52,7 +52,7 @@ Use one of your recovery codes to automatically regain entry into your account.
## Authenticating with a passkey
-If you have added a passkey to your account, you can use your passkey to automatically regain access to your account. Passkeys satisfy both password and 2FA requirements, so you don't need to know your password in order to recover your account. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
+If you have added a passkey to your account, you can use your passkey to automatically regain access to your account. Passkeys satisfy both password and 2FA requirements, so you don't need to know your password in order to recover your account. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
{% endif %}
@@ -74,7 +74,7 @@ If you lose access to your preferred TOTP app or phone number, you can provide a
## Authenticating with a verified device, SSH token, or {% data variables.product.pat_generic %}
-If you know your password for {% data variables.location.product_location %} but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.
+If you know your password for {% data variables.product.prodname_dotcom %} but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.
{% note %}
@@ -113,7 +113,7 @@ You can use your two-factor authentication credentials or two-factor authenticat
If you have forgotten your password and you've lost access to your two-factor authentication credentials, you can start account recovery to regain access to your account. You'll need to verify your identity using a recovery authentication factor, such as an SSH key or previously verified device. If no recovery methods are available, you can choose to unlink your email address from your account.
1. Click **Forgot password?**.
-1. Enter a primary or backup email address associated with your account on {% data variables.location.product_location %}, then click **Send password reset email.**
+1. Enter a primary or backup email address associated with your account, then click **Send password reset email.**
1. Check your email for a link to reset your password. You must click on this link within three hours of receiving the email. If you don't see an email from us, make sure to check your spam folder.
1. Click on the link in the email, then under "Having problems?", click **Start a 2FA recovery request**.
1. To complete your recovery request, you'll need to verify an alternative authentication factor. {% data reusables.accounts.alternative-authentication %}
diff --git a/content/billing/managing-billing-for-github-actions/about-billing-for-github-actions.md b/content/billing/managing-billing-for-github-actions/about-billing-for-github-actions.md
index 75d184a28e9b..9874d3b4a59a 100644
--- a/content/billing/managing-billing-for-github-actions/about-billing-for-github-actions.md
+++ b/content/billing/managing-billing-for-github-actions/about-billing-for-github-actions.md
@@ -38,14 +38,9 @@ Minutes reset every month, while storage usage does not.
### Included storage and minutes
-{% note %}
-
-**Notes**:
-
-* Included minutes cannot be used for larger runners. These runners will always be charged for, including in public repositories. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
-* Logs and job summaries do not count towards storage usage.
-
-{% endnote %}
+> [!NOTE]
+> * Included minutes cannot be used for larger runners. These runners will always be charged for, including in public repositories. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
+> * Logs and job summaries do not count towards storage usage.
|Plan | Storage | Minutes (per month)|
|------- | ------- | ---------|
@@ -64,44 +59,41 @@ If your account's usage surpasses these limits and you have set a spending limit
Jobs that run on Windows and macOS runners that {% data variables.product.prodname_dotcom %} hosts consume minutes at 2 and 10 times the rate that jobs on Linux runners consume. For example, using 1,000 Windows minutes would consume 2,000 of the minutes included in your account. Using 1,000 macOS minutes, would consume 10,000 minutes included in your account.
| Operating system | Minute multiplier |
-|------- | ---------|
-| Linux | 1 |
-| Windows | 2 |
-| macOS| 10 |
-
-{% note %}
-
-**Note:** Minute multipliers do not apply to the per-minute rates shown below.
+|----------------- | ------------------|
+| Linux | 1 |
+| Windows | 2 |
+| macOS | 10 |
-{% endnote %}
+> [!NOTE]
+> Minute multipliers do not apply to the per-minute rates shown below.
### Per-minute rates
#### Per-minute rates for standard runners
-| Operating system | Per-minute rate (USD) |
-|-----------------------------| ----------------------|
-| Linux 2-core | $0.008 |
-| Windows 2-core | $0.016 |
-| macOS 3 or 4 (M1 or Intel) | $0.08 |
+| Operating system | Per-minute rate (USD) |
+|---------------------------------------| ----------------------|
+| Linux 2-core | $0.008 |
+| Windows 2-core | $0.016 |
+| macOS 3-core or 4-core (M1 or Intel) | $0.08 |
#### Per-minute rates for x64-powered {% data variables.actions.hosted_runners %}
-| Operating system | Per-minute rate (USD) |
-|---------------------| -----------|
-| Linux 2-core | $0.008 |
-| Linux 4-core | $0.016 |
-| Linux 8-core | $0.032 |
-| Linux 16-core | $0.064 |
-| Linux 32-core | $0.128 |
-| Linux 64-core | $0.256 |
-| Windows 4-core | $0.032 |
-| Windows 8-core | $0.064 |
-| Windows 16-core | $0.128 |
-| Windows 32-core | $0.256 |
-| Windows 64-core | $0.512 |
-| Windows 4-core GPU | $0.14 |
-| macOS 12-core | $0.12 |
+| Operating system | Per-minute rate (USD) |
+|------------------------| ----------------------|
+| Linux Advanced 2-core | $0.008 |
+| Linux 4-core | $0.016 |
+| Linux 8-core | $0.032 |
+| Linux 16-core | $0.064 |
+| Linux 32-core | $0.128 |
+| Linux 64-core | $0.256 |
+| Windows 4-core | $0.032 |
+| Windows 8-core | $0.064 |
+| Windows 16-core | $0.128 |
+| Windows 32-core | $0.256 |
+| Windows 64-core | $0.512 |
+| Windows 4-core GPU | $0.14 |
+| macOS 12-core | $0.12 |
#### Per-minute rates for arm64-powered {% data variables.actions.hosted_runners %}
@@ -126,7 +118,7 @@ Jobs that run on Windows and macOS runners that {% data variables.product.prodna
| Operating system | Per-minute rate (USD) |
|---------------------| -----------|
| Linux 4-core | $0.07 |
-| Windows 4-core | $0.14 |
+| Windows 4-core | $0.14 |
#### Points to note about rates for runners
@@ -134,7 +126,7 @@ Jobs that run on Windows and macOS runners that {% data variables.product.prodna
* {% data reusables.user-settings.context_switcher %}
* {% data reusables.actions.larger-runner-permissions %}
* {% data reusables.actions.about-larger-runners-billing %}
-* For {% data variables.actions.hosted_runner %}s, there is no additional cost for configurations that assign public static IP addresses to a {% data variables.actions.hosted_runner %}. For more information on {% data variables.actions.hosted_runner %}s, see "[AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners)."
+* For {% data variables.actions.hosted_runner %}s, there is no additional cost for configurations that assign public static IP addresses to a {% data variables.actions.hosted_runner %}. For more information on {% data variables.actions.hosted_runner %}s, see "[AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners)."
* Included minutes cannot be used for {% data variables.actions.hosted_runner %}s.
* The {% data variables.actions.hosted_runner %}s are not free for public repositories.
@@ -156,11 +148,8 @@ For example, if your organization uses {% data variables.product.prodname_team %
### Sample storage cost calculation
-{% note %}
-
-**Note:** {% data variables.product.company_short %} updates your storage space within a 6 to 12-hour window. If you delete artifacts, the available space will be reflected in your account during the next scheduled update.
-
-{% endnote %}
+> [!NOTE]
+> {% data variables.product.company_short %} updates your storage space within a 6 to 12-hour window. If you delete artifacts, the available space will be reflected in your account during the next scheduled update.
For example, if you use 3 GB of storage for 10 days of March and 12 GB for 21 days of March, your storage usage would be:
diff --git a/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md b/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md
index 55179d9392cf..1872d18e9db9 100644
--- a/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md
+++ b/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md
@@ -19,8 +19,28 @@ topics:
shortTitle: Advanced Security billing
---
+{% ifversion metered-ghe-ghas %}
+
+## Usage-based billing for {% data variables.product.prodname_GH_advanced_security %}
+
+If you started a free trial of {% data variables.product.prodname_GH_advanced_security %} during your {% data variables.product.prodname_ghe_cloud %} trial on or after August 1, 2024, your billing for {% data variables.product.prodname_GH_advanced_security %} will be usage-based.
+
+This means that you can use usage-based billing to pay for your licenses for both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GH_advanced_security %}. With usage-based billing, you pay for the number of licenses you use each month. You cannot access a trial of {% data variables.product.prodname_GH_advanced_security %} usage-based billing outside of a {% data variables.product.prodname_ghe_cloud %} trial.
+
+If you have further questions about using {% data variables.product.prodname_GH_advanced_security %}, you can contact your account manager in {% data variables.contact.contact_enterprise_sales %}.
+
+{% data reusables.billing.actions-usage-delay %}
+
+{% endif %}
+
## About licenses for {% data variables.product.prodname_GH_advanced_security %}
+{% ifversion billing-auth-and-capture %}
+
+{% data reusables.billing.authorization-charge %}
+
+{% endif %}
+
{% ifversion fpt %}
{% data reusables.advanced-security.ghas-license-info-for-fpt %}
@@ -31,7 +51,7 @@ shortTitle: Advanced Security billing
{% endnote %}
-For information about billing for {% data variables.product.prodname_GH_advanced_security %}, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+For pricing details for {% data variables.product.prodname_GH_advanced_security %}, see our [pricing information](https://github.com/enterprise/advanced-security#pricing).
{% elsif ghec %}
@@ -40,11 +60,7 @@ If you want to use {% data variables.product.prodname_GH_advanced_security %} fe
{% ifversion security-configurations %}
{% data reusables.security-configurations.managing-GHAS-licenses %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
{% endif %}
@@ -61,11 +77,7 @@ You can make extra features for code security available to users by buying and u
{% ifversion security-configurations %}
{% data reusables.security-configurations.managing-GHAS-licenses %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
{% endif %}
@@ -75,19 +87,25 @@ You can make extra features for code security available to users by buying and u
## License size
+{% ifversion metered-ghe-ghas %}
+
+> [!IMPORTANT] If you have access to usage-based billing for {% data variables.product.prodname_GH_advanced_security %}, you will pay for the licenses you use each month and will not have a license limit. See "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses)."
+
+{% endif %}
+
Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of accounts that can use these features. Each active committer to at least one repository with the feature enabled uses one {% ifversion ghas-billing-UI-update %}license{% else %}seat{% endif %}. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.
When you remove a user from your enterprise account, the user's license is freed within 24 hours.
{% ifversion ghes %}
-You can determine how many licenses you'll need for {% data variables.product.prodname_GH_advanced_security %} by generating a count of your instance's active committers in the site admin dashboard. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/site-admin-dashboard#advanced-security-committers)."
+You can determine how many licenses you'll need for {% data variables.product.prodname_GH_advanced_security %} by generating a count of your instance's active committers in the site admin dashboard. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/site-admin-dashboard#advanced-security-committers)."
{% endif %}
If you are over your license limit, {% data variables.product.prodname_GH_advanced_security %} continues to work on all repositories where it is already enabled. However, in organizations where {% data variables.product.prodname_GH_advanced_security %} is enabled for new repositories, repositories will be created with the feature deactivated. In addition, the option to enable {% data variables.product.prodname_GH_advanced_security %} for existing repositories will not be available.
As soon as you free up some {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %}, by deactivating {% data variables.product.prodname_GH_advanced_security %} for some repositories or by increasing your license size, the options for activating {% data variables.product.prodname_GH_advanced_security %} will work again as normal.
-You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise)."
+You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. See "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise)."
For more information on viewing license usage, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)."
@@ -100,11 +118,7 @@ We record and display two numbers of {% ifversion ghas-billing-UI-update %}activ
If there are no unique {% ifversion ghas-billing-UI-update %}active {% endif %}committers, all active committers also contribute to other repositories or organizations that use {% data variables.product.prodname_GH_advanced_security %}. Deactivating the feature for that repository or organization would not free any {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}.
-{% note %}
-
-**Note:** Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise account to ensure that each member uses one {% ifversion ghas-billing-UI-update %}license {% else %}seat {% endif %}regardless of how many repositories or organizations the user contributes to.
-
-{% endnote %}
+> [!NOTE] Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise account to ensure that each member uses one {% ifversion ghas-billing-UI-update %}license {% else %}seat {% endif %}regardless of how many repositories or organizations the user contributes to.
When you activate or deactivate {% data variables.product.prodname_advanced_security %} for repositories, {% data variables.product.prodname_dotcom %} displays an overview of changes to the use of your license. If you deactivate access to {% data variables.product.prodname_GH_advanced_security %}, any {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} used by unique active committers are freed up.
@@ -124,11 +138,7 @@ The following example timeline demonstrates how active committer count for {% da
| August 15 | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 = **59** |
| August 16 | A member of your enterprise disables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 = **20** |
-{% note %}
-
-**Note:** A user will be flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.
-
-{% endnote %}
+> [!NOTE] A user will be flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.
## Getting the most out of {% data variables.product.prodname_GH_advanced_security %}
@@ -140,7 +150,7 @@ When you decide which repositories and organizations to prioritize for {% data v
When you have enabled {% data variables.product.prodname_GH_advanced_security %} for these organizations or repositories, assess which other codebases you could add without incurring billing for unique {% ifversion ghas-billing-UI-update %}active {% endif %}committers. Finally, review the remaining important and busy codebases. If you want to increase the number of {% ifversion ghas-billing-UI-update %}licensed active committers, {% else %}seats in your license, {% endif %}contact {% data variables.contact.contact_enterprise_sales %}.
{% ifversion ghas-in-license-sync %}
-If your enterprise uses {% data variables.product.prodname_GH_advanced_security %} on both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, you can ensure users aren't consuming multiple licenses unnecessarily by synchronizing license usage between environments.{% ifversion ghec %} {% data variables.product.prodname_GH_advanced_security %} is included in license sync in {% data variables.product.prodname_ghe_server %} version 3.12 and later.{% endif %} For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
+If your enterprise uses {% data variables.product.prodname_GH_advanced_security %} on both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, you can ensure users aren't consuming multiple licenses unnecessarily by synchronizing license usage between environments.{% ifversion ghec %} {% data variables.product.prodname_GH_advanced_security %} is included in license sync in {% data variables.product.prodname_ghe_server %} version 3.12 and later.{% endif %} See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
{% endif %}
{% endif %}
diff --git a/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md b/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md
index 003113231078..d3ced521f732 100644
--- a/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md
+++ b/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md
@@ -11,26 +11,23 @@ topics:
- Enterprise
shortTitle: Manage Advanced Security licensing
---
-## About licensing for GitHub Advanced Security
+## About licensing for {% data variables.product.prodname_GH_advanced_security %}
Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of accounts that can use these features. Each active committer to at least one repository with the feature enabled uses one {% ifversion ghas-billing-UI-update %}license{% else %}seat{% endif %}. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored. For more information about committer numbers, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)." For information about purchasing a license, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security)."
## Managing the number of committers in your subscription
{% ifversion security-configurations %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.managing-GHAS-licenses %}
+{% data reusables.security-configurations.managing-GHAS-licenses %}
{% data reusables.security-configurations.security-configurations-beta-note-short %}
-{% endnote %}
{% endif %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.license-tab %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %} GitHub Advanced Security", click **Committers**.
+1. Under "{% data variables.product.prodname_GH_advanced_security %}", click **Committers**.
1. Under "Committers", click **Manage committers**.
@@ -44,7 +41,7 @@ Each license for {% data variables.product.prodname_GH_advanced_security %} spec
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "GitHub Advanced Security", click **Manage**, then click **Cancel Subscription**.
+1. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Manage**, then click **Cancel Subscription**.
1. To confirm your cancellation, click **I understand, cancel Advanced Security**.
diff --git a/content/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md b/content/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md
index 170487a7285b..3223c29e578d 100644
--- a/content/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md
+++ b/content/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md
@@ -11,6 +11,12 @@ topics:
shortTitle: Set up an Advanced Security trial
---
+{% ifversion metered-ghe-ghas %}
+
+{% data reusables.billing.ghas-metered-billing-note-with-link %}
+
+{% endif %}
+
## About {% data variables.product.prodname_GH_advanced_security %}
{% data variables.product.prodname_GH_advanced_security %} provides features that help you improve and maintain the security and quality of code, such as {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and dependency review. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
@@ -39,6 +45,12 @@ To set up a trial of {% data variables.product.prodname_GH_advanced_security %},
You can finish your trial at any time by purchasing {% data variables.product.prodname_GH_advanced_security %}. If you haven't purchased {% data variables.product.prodname_GH_advanced_security %} by the end of the 30 days, your trial will expire.
+{% ifversion metered-ghe-ghas%}
+
+If you pay for {% data variables.product.prodname_ghe_cloud %} with usage-based billing, but did not set up a free trial of {% data variables.product.prodname_GH_advanced_security %}, you can still use usage-based billing to pay for {% data variables.product.prodname_GH_advanced_security %} after the {% data variables.product.prodname_ghe_cloud %} trial ends. For more information, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
+
+{% endif %}
+
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.license-tab %}
@@ -49,4 +61,4 @@ You can finish your trial at any time by purchasing {% data variables.product.pr
* "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)"
* "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale)"
-* "[AUTOTITLE](/code-security/getting-started/securing-your-organization)"
+* "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)"
diff --git a/content/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md b/content/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md
index ebd8fffd32e0..13dd1f7ddbca 100644
--- a/content/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md
+++ b/content/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md
@@ -11,6 +11,12 @@ topics:
- Enterprise
shortTitle: Sign up for Advanced Security
---
+{% ifversion metered-ghe-ghas %}
+
+{% data reusables.billing.ghas-metered-billing-note-with-link %}
+
+{% endif %}
+
## Purchasing {% data variables.product.prodname_GH_advanced_security %}
{% data reusables.enterprise-accounts.access-enterprise %}
@@ -25,4 +31,4 @@ shortTitle: Sign up for Advanced Security
## Further reading
* [Introduction to adopting {% data variables.product.prodname_GH_advanced_security %} at scale](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)
-* [Securing your organization](/code-security/getting-started/securing-your-organization)
+* [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)
diff --git a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
index ddd138675593..3e69b31e70aa 100644
--- a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
+++ b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
@@ -33,6 +33,12 @@ Each license for {% data variables.product.prodname_GH_advanced_security %} spec
You can estimate the number of licenses your enterprise would need to purchase {% data variables.product.prodname_GH_advanced_security %} or to enable {% data variables.product.prodname_GH_advanced_security %} for additional organizations and repositories. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security)."
{% endif %}
+{% ifversion security-configurations-ga %}
+
+{% data reusables.security-configurations.managing-GHAS-licenses %}
+
+{% endif %}
+
## Viewing {% data variables.product.prodname_GH_advanced_security %} license usage for your enterprise account
You can view the enterprise account's current {% ifversion ghas-billing-UI-update %}license{% endif %} limits and usage.
@@ -47,13 +53,8 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat
If you run out of licenses, the section will be red and show "Limit exceeded." You should either reduce your use of {% data variables.product.prodname_GH_advanced_security %} or purchase more licenses. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#getting-the-most-out-of-github-advanced-security)" and "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing)."
{% ifversion security-configurations %}
- {% note %}
-
- **Note:** {% data reusables.security-configurations.managing-GHAS-licenses %}
-
+ {% data reusables.security-configurations.managing-GHAS-licenses %}
{% data reusables.security-configurations.security-configurations-beta-note-short %}
-
- {% endnote %}
{% endif %}
{% elsif ghes %}
@@ -83,13 +84,10 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat
For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
{% ifversion security-configurations %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.managing-GHAS-licenses %}
-{% data reusables.security-configurations.security-configurations-beta-note-short %}
+{% data reusables.security-configurations.managing-GHAS-licenses %}
+> {% data reusables.security-configurations.security-configurations-beta-note-short %}
-{% endnote %}
{% endif %}
{% endif %}
diff --git a/content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md b/content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md
index 404a1b17e64b..ec8944040484 100644
--- a/content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md
+++ b/content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md
@@ -1,111 +1,27 @@
---
title: About billing for GitHub Copilot
-intro: 'If you want to use {% data variables.product.prodname_copilot %}, you either need a subscription for {% data variables.product.prodname_copilot %} in your personal account, or you need to be assigned a seat in a subscription managed by an organization or enterprise.'
-product: '{% data reusables.gated-features.copilot-billing %}'
+shortTitle: Billing for GitHub Copilot
+intro: '{% data variables.product.prodname_dotcom %} offers multiple subscription options for enterprises, organizations, and individuals to use GitHub Copilot.'
versions:
feature: copilot
topics:
- Copilot
-shortTitle: Billing for GitHub Copilot
---
-{% ifversion enhanced-billing-platform %}
-
-{% data reusables.billing.enhanced-billing-platform %}
-
-{% endif %}
-
-## About billing for {% data variables.product.prodname_copilot %}
-
-You can set up a {% data variables.product.prodname_copilot %} subscription for your personal account, or for an organization or enterprise.
-
-* **For your personal account**, you can set up a subscription to {% data variables.product.prodname_copilot_for_individuals %}.
-* **For an organization**, you can set up a subscription to {% data variables.product.prodname_copilot_for_business %}, then grant access to members.
-* **For an enterprise on {% data variables.product.prodname_ghe_cloud %}**, you can set up a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}, then allow organizations to grant access to members.
-
-A free subscription for {% data variables.product.prodname_copilot %} is available to verified students, teachers, and maintainers of popular open-source repositories on {% data variables.product.company_short %}. If you meet the criteria as an open source maintainer, you will be automatically notified when you visit the {% data variables.product.prodname_copilot %} subscription page. As a student, if you receive the {% data variables.product.prodname_student_pack %}, you will also be offered a free subscription when you visit the {% data variables.product.prodname_copilot %} subscription page. For more information about the {% data variables.product.prodname_student_pack %}, see "[AUTOTITLE](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/apply-to-github-global-campus-as-a-student)."
-
-{% data reusables.billing.billing-info %}
-
-## About billing for {% data variables.product.prodname_copilot_for_individuals %}
-
-The {% data variables.product.prodname_copilot_for_individuals %} subscription is available on a monthly or yearly cycle.
-
-* **If you choose a monthly billing cycle**, you will be billed {% data variables.copilot.cfi_price_per_month %} per calendar month.
-* **If you choose a yearly billing cycle**, you will be billed {% data variables.copilot.cfi_price_per_year %} per year.
-
-You can change to a monthly or yearly billing cycle at any time. The change will take effect from the start of your next billing cycle.
-
-{% data reusables.copilot.copilot-one-account %}
-
-### Determining your billing date for {% data variables.product.prodname_copilot_for_individuals %}
-
-Your billing date will depend on whether or not you are already being billed by {% data variables.product.prodname_dotcom %}.
-
-* **If you are not already being billed by {% data variables.product.prodname_dotcom %}**, in most cases your billing cycle will start on the day you sign up for {% data variables.product.prodname_copilot %}. For example, if you sign up on 3 September, with monthly billing, your initial billing cycle will run from 3 September until and including 2 October, and then on the same days of subsequent months. For annual billing, if you sign up on 3 September, your initial cycle will end on 2 September the following year.
-
-* **If you already have a billing cycle**, billing for {% data variables.product.prodname_copilot %} will be included in your next bill, or your first bill after the end of your 30-day trial, and you will be charged on a pro rata basis for that initial period. If you do not already have an established billing date, you will be billed for {% data variables.product.prodname_copilot_for_individuals %} at the end of your 30-day trial, or when you set up a new paid {% data variables.product.prodname_copilot %} subscription.
-
-{% ifversion fpt %}
-
-### About the 30-day trial for {% data variables.product.prodname_copilot_for_individuals %}
-
-Before starting a paid subscription for a personal account, you can set up a one-time {% data reusables.copilot.trial-period %}-day trial to evaluate {% data variables.product.prodname_copilot %}. To begin a trial, you will need to choose a monthly or yearly billing cycle, and provide a payment method. If you do not cancel the trial before the end of the {% data reusables.copilot.trial-period %} days, the trial will automatically convert to a paid subscription.
-
-You can cancel your {% data variables.product.prodname_copilot %} trial at any time during the {% data reusables.copilot.trial-period %} days and you won't be charged. If you cancel before the end of the trial, you will continue to have access to {% data variables.product.prodname_copilot %} until the {% data reusables.copilot.trial-period %}-day trial period ends. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user)."{% endif %}
-
-{% data reusables.copilot.tp-users-trial-eligibility %}
-
-## About billing for {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %}
-
-The {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %} subscriptions for organizations and enterprises are available on a monthly cycle. The subscriptions are billed at the following prices:
-
-* **{% data variables.product.prodname_copilot_for_business %}**: {% data variables.copilot.cfb_price_per_month %} per user per month.
-* **{% data variables.product.prodname_copilot_enterprise %}**: {% data variables.copilot.ce_price_per_month %} per user per month.
-
-Billed users are calculated at the end of each billing cycle, based on the number of {% data variables.product.prodname_copilot %} seats that are assigned.
-
-* **Any seat assigned part way through the billing cycle** will be prorated based on the number of days remaining in the cycle.
-* **Any seat assignment removed during a billing cycle** will take effect from the beginning of the next cycle. The person will still be able to use {% data variables.product.prodname_copilot %} until the end of the cycle. If a user's access to the organization itself is removed, they will lose access immediately.
-
-{% ifversion ghec %}
-For a {% data variables.product.prodname_copilot_enterprise %} subscription, all {% data variables.product.prodname_copilot_short %} usage is billed to the enterprise account. For more general information about billing information for your enterprise account, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
-{% endif %}
-
-{% ifversion ghec %}
-For {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_ghe_cloud %}, policy settings and the usage overview are available at the enterprise level. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)" and "[AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-github-copilot/viewing-your-github-copilot-usage)."
-{% endif %}
-
-{% note %}
-
-**Note:** {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
-
-{% endnote %}
-
-### About seat assignment for {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %}
-
-A {% data variables.product.prodname_copilot %} seat is a license to use {% data variables.product.prodname_copilot %}, which is granted to a unique user account through either an organization or enterprise's {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
-
-Seat assignment is managed by owners of organizations{% ifversion ghec %} that have been granted access to {% data variables.product.prodname_copilot %} at the enterprise level{% endif %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
-
-If you are a member of an organization or enterprise with a {% data variables.product.prodname_copilot %} subscription, to use the subscription, you will need to be assigned a seat by an organization owner.
-
-{% ifversion ghec %}You can be assigned {% data variables.product.prodname_copilot %} by multiple organizations in an enterprise, but your enterprise will only be billed once per billing cycle. One organization that assigned you {% data variables.product.prodname_copilot_short %} will be chosen at random each month to be billed for your seat.{% endif %}
-
-{% data reusables.copilot.copilot-one-account %}
+## {% data variables.product.prodname_copilot %} in your enterprise
-### About billing through Azure
+Enterprises on {% data variables.product.prodname_ghe_cloud %} can subscribe to either {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}. Both subscriptions are available on a monthly cycle, and pricing varies. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise)."
-When you connect an Azure subscription to your organization or enterprise account and enable metered billing via Azure, metered usage will start to be sent to Azure. You will be billed through {% data variables.product.prodname_dotcom %} for usage from the start of the current billing cycle to when you enabled metered billing via Azure, on your next billing date. The period between the date you connected your Azure subscription and enabled metered billing via Azure, and the end of the calendar month will be charged in Azure on the first of the month. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)."
+## {% data variables.product.prodname_copilot %} in your organization
-{% note %}
+Subscriptions to {% data variables.product.prodname_copilot_for_business %} are available on a monthly cycle, for {% data variables.copilot.cfb_price_per_month %} per user per month. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization)."
-**Note:** Usage data is sent to Azure daily, but you are billed at the end of the month based on the number of seats used. This means that although you can track your daily spending (number of seats in this case), actual payments are processed monthly.
+## {% data variables.product.prodname_copilot %} as an individual
-{% endnote %}
+Subscriptions to {% data variables.product.prodname_copilot_for_individuals %} are available on a monthly or yearly cycle, for either {% data variables.copilot.cfi_price_per_month %} per calendar month or {% data variables.copilot.cfi_price_per_year %} per year. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/about-billing-for-github-copilot-individual)."
-### About changes to your {% data variables.product.prodname_copilot_enterprise %} subscription
+> [!NOTE] {% data reusables.copilot.copilot-one-account %}
-If you upgrade from {% data variables.product.prodname_copilot_for_business %} to {% data variables.product.prodname_copilot_enterprise %}, all users who currently have a seat for {% data variables.product.prodname_copilot_for_business %} will immediately receive access to {% data variables.product.prodname_copilot_enterprise %}. You will be charged for each {% data variables.product.prodname_copilot_enterprise %} seat pro rata for the rest of the cycle.
+## Further reading
-If you downgrade your {% data variables.product.prodname_copilot_enterprise %} subscription during a billing cycle, users will have access to {% data variables.product.prodname_copilot_enterprise %} for the rest of the cycle, and the change to your bill will take effect from the following cycle.
+* "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)"
diff --git a/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md b/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md
index 8f856d8b3a10..0bd289050086 100644
--- a/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md
+++ b/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md
@@ -19,7 +19,7 @@ topics:
shortTitle: About
---
-## About {% data variables.visual_studio.prodname_vss_ghe %}
+> [!NOTE] Usage-based billing is not currently supported for {% data variables.visual_studio.prodname_vss_ghe %}.
{% data reusables.enterprise-accounts.vss-ghe-description %} {% data variables.visual_studio.prodname_vss_ghe %} is available from Microsoft under the terms of the Microsoft Enterprise Agreement. For more information, see [{% data variables.visual_studio.prodname_vss_ghe %}](https://visualstudio.microsoft.com/subscriptions/visual-studio-github/) on the {% data variables.product.prodname_vs %} website.
@@ -31,11 +31,7 @@ For more information about the setup of {% data variables.visual_studio.prodname
After you assign a license for {% data variables.visual_studio.prodname_vss_ghec %} to a subscriber, the subscriber will use the {% data variables.product.prodname_enterprise %} portion of the license by joining an organization in your enterprise with a personal account on {% data variables.product.prodname_dotcom_the_website %}. If the verified email address for the personal account of an enterprise member on {% data variables.product.prodname_dotcom_the_website %} matches the User Principal Name (UPN) for a subscriber to your {% data variables.product.prodname_vs %} account, the {% data variables.product.prodname_vs %} subscriber will automatically consume one license for {% data variables.visual_studio.prodname_vss_ghec %}.
-{% note %}
-
-**Note:** For {% data variables.product.prodname_emu %} only, to make sure a user account consumes a {% data variables.product.prodname_vs %} license, ensure the {% data variables.product.prodname_vs %} UPN matches the SCIM `userName` attribute or the email address from the linked identity on the {% data variables.product.prodname_dotcom %} account.
-
-{% endnote %}
+> [!NOTE] For {% data variables.product.prodname_emu %} only, to make sure a user account consumes a {% data variables.product.prodname_vs %} license, ensure the {% data variables.product.prodname_vs %} UPN matches the SCIM `userName` attribute or the email address from the linked identity on the {% data variables.product.prodname_dotcom %} account.
The total quantity of your licenses for your enterprise on {% data variables.product.prodname_dotcom %} is the sum of any standard {% data variables.product.prodname_enterprise %} licenses and the number of {% data variables.product.prodname_vs %} subscription licenses that include access to {% data variables.product.prodname_dotcom %}. If the personal account for an enterprise member does not correspond with the email address for a {% data variables.product.prodname_vs %} subscriber, the license that the personal account consumes is unavailable for a {% data variables.product.prodname_vs %} subscriber.
@@ -43,11 +39,7 @@ For more information about {% data variables.product.prodname_enterprise %}, see
You can view the number of {% data variables.product.prodname_enterprise %} licenses available to your enterprise on {% data variables.location.product_location %}. The list of pending invitations includes subscribers who are not yet members of at least one organization in your enterprise. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account)" and "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-members-and-outside-collaborators)."
-{% tip %}
-
-**Tip**: If you download a CSV file with your enterprise's license usage in step 6 of "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account#viewing-the-subscription-and-usage-for-your-enterprise-account)," any members with a missing value for the "Name" or "Profile" columns have not yet accepted an invitation to join an organization within the enterprise.
-
-{% endtip %}
+> [!TIP] If you download a CSV file with your enterprise's license usage in step 6 of "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account#viewing-the-subscription-and-usage-for-your-enterprise-account)," any members with a missing value for the "Name" or "Profile" columns have not yet accepted an invitation to join an organization within the enterprise.
You can also see pending {% data variables.product.prodname_enterprise %} invitations to subscribers in {% data variables.visual_studio.prodname_vss_admin_portal_with_url %}.
diff --git a/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md b/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md
index 7322f5d317f6..2819003eb288 100644
--- a/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md
+++ b/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md
@@ -1,6 +1,6 @@
---
title: About per-user pricing
-intro: '{% ifversion fpt or ghec %}For organizations{% ifversion ghec %} and enterprises{% endif %}, your {% else %}Your {% endif %}bill begins with the number of licensed seats you choose.'
+intro: 'Learn about per-user pricing for organizations{% ifversion ghec or ghes %} and enterprises{% endif %}.'
redirect_from:
- /github/setting-up-and-managing-billing-and-payments-on-github/about-per-user-pricing
- /articles/about-per-user-pricing
@@ -18,29 +18,33 @@ topics:
- Organizations
---
-## About per-user pricing
-
{% ifversion fpt %}
{% data reusables.billing.about-billing %} For organizations, the "plan" component of the bill is based on the number of licensed seats you choose to purchase.
-New organizations on {% data variables.product.prodname_dotcom_the_website %} can build public and open-source projects with {% data variables.product.prodname_free_team %}, or upgrade to a paid plan. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)" and "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)."
-
-{% note %}
+New organizations on {% data variables.product.prodname_dotcom_the_website %} can build public and open-source projects with {% data variables.product.prodname_free_team %}, or upgrade to a paid plan. See "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)" and "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)."
-**Note:** Organizations who upgraded to a paid plan before May 11, 2016 can choose to stay on their existing per-repository plan or switch to per-user pricing. {% data variables.product.company_short %} will notify you twelve months before any mandated change to your subscription. For more information on switching your subscription, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)."
-
-{% endnote %}
+>[!NOTE] Organizations who upgraded to a paid plan before May 11, 2016 can choose to stay on their existing per-repository plan or switch to per-user pricing. {% data variables.product.company_short %} will notify you twelve months before any mandated change to your subscription. For more information on switching your subscription, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)."
{% else %}
-The foundation of your bill is the number of standard licensed seats that you choose for your{% ifversion ghec %} organization or{% endif %} enterprise.
+The foundation of your bill is the number of user accounts using your{% ifversion ghec %} organization or{% endif %} enterprise.
{% data reusables.enterprise-licensing.unique-user-licensing-model %}
-To ensure the same user isn't consuming more than one license for multiple enterprise deployments, you can synchronize license usage between your {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} environments. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise)."
+To ensure the same user isn't consuming more than one license for multiple enterprise deployments, you can synchronize license usage between your {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} environments. See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise)."
+
+In addition to licensed seats, your bill may include other charges, such as {% data variables.product.prodname_GH_advanced_security %}. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
+{% endif %}
+
+{% ifversion metered-ghe-ghas %}
+
+## Two billing models for {% data variables.product.prodname_enterprise %} licenses
+
+If you created a trial of {% data variables.product.prodname_ghe_cloud %} on or after August 1, 2024, you use usage-based billing to pay for your licenses. With usage-based billing, you pay for the number of licenses you use each month. You do not need to buy a predefined number of licenses in advance. See, "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses)."
+
+If you currently pay for your {% data variables.product.prodname_enterprise %} licenses by invoice with a volume, subscription, or prepaid agreement, you will continue to be billed in this way until your agreement expires. At renewal, you have the option to switch to the metered billing model.
-In addition to licensed seats, your bill may include other charges, such as {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
{% endif %}
## People that consume a license
@@ -130,7 +134,9 @@ You can change your {% data variables.product.prodname_dotcom %} subscription at
{% endif %}
-You can add more licensed seats to your {% ifversion fpt or ghec %} organization{% endif %}{% ifversion ghec %} or{% endif %}{% ifversion ghec or ghes %} enterprise{% endif %} at any time. If you pay for more seats than are being used, you can also reduce the number of seats.{% ifversion fpt %} For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)" and "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan)."
+{% ifversion ghec %}If you use usage-based billing, you can reduce the number of licenses you use, by removing users from your enterprise account. See, "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise)."
+
+{% else %}You can add more licensed seats to your {% ifversion fpt or ghec %} organization{% endif %}{% ifversion ghec %} or{% endif %}{% ifversion ghec or ghes %} enterprise{% endif %} at any time. If you pay for more seats than are being used, you can also reduce the number of seats. This only applies if you currently pay for your {% data variables.product.prodname_enterprise %} licenses through a volume, subscription, or prepaid agreement.{% endif %}{% ifversion fpt %} See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)" and "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan)."
If you have questions about your subscription, you can contact {% data variables.contact.contact_support %}.
@@ -143,9 +149,10 @@ For more information about per-user pricing for {% data variables.product.prodna
If you use an enterprise account on {% data variables.product.prodname_dotcom_the_website %} and have questions about changes to your subscription, contact {% data variables.contact.contact_enterprise_sales %}.
{% endif %}
+
{% ifversion ghec %}
-If you use an individual organization on {% data variables.product.prodname_ghe_cloud %}, you can upgrade or downgrade your subscription. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)" or "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan)." If you have questions about your subscription, you can contact {% data variables.contact.contact_support %}.
+If you use an individual organization on {% data variables.product.prodname_ghe_cloud %}, you can upgrade or downgrade your subscription. See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)" or "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan)." If you have questions about your subscription, you can contact {% data variables.contact.contact_support %}.
{% endif %}
diff --git a/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md b/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md
index 03d903d1e96f..ac3581934b7b 100644
--- a/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md
+++ b/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md
@@ -8,11 +8,18 @@ redirect_from:
- /billing/managing-billing-for-your-github-account/connecting-an-azure-subscription-to-your-enterprise
- /billing/managing-billing-for-your-github-account/connecting-an-azure-subscription
versions:
- fpt: "*"
- ghec: "*"
+ fpt: '*'
+ ghec: '*'
+ ghes: '>= 3.12'
shortTitle: Connect an Azure subscription
---
+{% ifversion metered-ghe-ghas %}
+
+{% data reusables.billing.usage-based-billing %}
+
+{% endif %}
+
## About connection of an Azure subscription
You can pay for usage of {% data variables.product.product_name %} features through Azure by connecting an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account on {% data variables.location.product_location %}. {% ifversion fpt %}For more information about organization accounts, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."{% elsif ghec %}
@@ -25,6 +32,8 @@ If you use {% data variables.product.product_name %} through a Microsoft Enterpr
{% endif %}
+{% ifversion fpt or ghec %}
+
## About usage-based billing on {% data variables.product.prodname_dotcom_the_website %}
{% data variables.product.company_short %} provides usage-based billing for the following features and situations. You can learn more about billing and spending limits.
@@ -36,6 +45,8 @@ If you use {% data variables.product.product_name %} through a Microsoft Enterpr
| {% data variables.product.prodname_registry %} usage beyond the amounts included with your plan | "[AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages)" | "[AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages#about-spending-limits)" |
| {% data variables.product.prodname_copilot_business_short %} usage | "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#about-billing-for-github-copilot-business-and-github-copilot-enterprise)" | N/A |
+{% endif %}
+
## About billing through Azure
If you link your {% data variables.product.company_short %} account to Azure, any usage-based costs starting from that point will be billed through Azure and charged on the 1st of each month. However, remaining {% data variables.product.company_short %} charges, for example charges for your {% data variables.product.prodname_dotcom %} plan, will still be billed on your usual billing date.
@@ -66,12 +77,6 @@ For example, you link your Azure subscription to your organization {% ifversion
* You must know your Azure subscription ID. For more information, see [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) in the Microsoft Docs or [contact Azure support](https://azure.microsoft.com/support/).
-## Video demonstration of connecting a subscription
-
-To connect an Azure subscription, you'll need appropriate access permissions on both {% data variables.product.product_name %} and the Azure billing portal. This may require coordination between two different people.
-
-To see a demo of the process from beginning to end, see [Billing GitHub consumption through an Azure subscription](https://www.youtube.com/watch?v=DAiIhJKCt8s&ab_channel=GitHub) on {% data variables.product.company_short %}'s YouTube channel. This video demonstrates the process for an enterprise account. If you're connecting a subscription to an organization account, see "[Connecting your Azure subscription to your organization account](/free-pro-team@latest/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-organization-account)."
-
{% ifversion fpt %}
## Connecting your Azure subscription to your organization account
diff --git a/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md b/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md
index 6b5c2a1f03c0..c82cdba49a62 100644
--- a/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md
+++ b/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md
@@ -1,6 +1,6 @@
---
title: Downgrading your account's plan
-intro: 'You can downgrade the plan for any type of account on {% data variables.location.product_location %} at any time.'
+intro: 'You can downgrade the plan for any type of account on {% data variables.product.prodname_dotcom %} at any time.'
redirect_from:
- /github/setting-up-and-managing-billing-and-payments-on-github/downgrading-your-github-subscription
- /articles/downgrading-your-personal-account-s-billing-plan
diff --git a/content/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan.md b/content/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan.md
index dabe8e43b257..30d11880eb16 100644
--- a/content/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan.md
+++ b/content/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan.md
@@ -1,6 +1,6 @@
---
title: Upgrading your account's plan
-intro: 'You can upgrade the plan for any type of account on {% data variables.location.product_location %} at any time.'
+intro: 'You can upgrade the plan for any type of account on {% data variables.product.prodname_dotcom %} at any time.'
redirect_from:
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-your-github-subscription
- /articles/upgrading-your-personal-account-s-billing-plan
@@ -36,7 +36,7 @@ shortTitle: Upgrade your plan
{% data reusables.accounts.accounts-billed-separately %}
-Upgrading your plan does not affect other subscriptions or usage-based billing for your account. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-on-github)."
+Upgrading your plan does not affect other subscriptions or usage-based billing for your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-on-github)."
## Upgrading your personal account's plan
@@ -66,11 +66,7 @@ Upgrading an organization does not affect your personal account or repositories
{% data reusables.dotcom_billing.org-billing-perms %}
-{% note %}
-
-**Note:** {% data reusables.actions.org-to-enterprise-actions-permissions %}
-
-{% endnote %}
+>[!NOTE] {% data reusables.actions.org-to-enterprise-actions-permissions %}
{% data reusables.organizations.billing-settings %}
{% data reusables.dotcom_billing.upgrade_org %}
@@ -83,9 +79,9 @@ Upgrading an organization does not affect your personal account or repositories
### Next steps for organizations using {% data variables.product.prodname_ghe_cloud %}
-As part of your upgrade to {% data variables.product.prodname_ghe_cloud %}, you set up an enterprise account on {% data variables.location.product_location %}. An enterprise account allows you to manage multiple organizations. Optionally, you can set up identity and access management for an individual organization or enterprise account. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-through-githubcom-with-additional-saml-access-restriction){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+As part of your upgrade to {% data variables.product.prodname_ghe_cloud %}, you set up an enterprise account. An enterprise account allows you to manage multiple organizations. Optionally, you can set up identity and access management for an individual organization or enterprise account. See "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-through-githubcom-with-additional-saml-access-restriction){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
-{% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-your-enterprise-account/creating-an-enterprise-account){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+{% data reusables.enterprise.create-an-enterprise-account %} See "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-your-enterprise-account/creating-an-enterprise-account){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
### Adding seats to your organization
@@ -98,7 +94,7 @@ If you'd like additional users to have access to your {% data variables.product.
### Switching your organization from per-repository to per-user pricing
-{% data reusables.dotcom_billing.switch-legacy-billing %} For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)."
+{% data reusables.dotcom_billing.switch-legacy-billing %} See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)."
{% data reusables.organizations.billing-settings %}
1. To the right of your plan name, select the **Edit** dropdown menu, then click **Edit plan**.
@@ -112,18 +108,17 @@ If you'd like additional users to have access to your {% data variables.product.
## Adding seats to your enterprise account
-{% data reusables.enterprise-accounts.billing-perms %}
-
-{% note %}
+If you have access to the enhanced billing platform, you can add seats to your enterprise account through the "Licensing" page. See, "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/adding-seats-to-your-enterprise-account)."
-**Note:** If your enterprise account is invoiced, you cannot add seats on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}.
+{% data reusables.enterprise-accounts.billing-perms %}
-{% endnote %}
+>[!NOTE] If your enterprise account is invoiced, you cannot add seats on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.billing-tab %}
{% data reusables.enterprise-accounts.manage-seats %}
+
{% endif %}
## Troubleshooting a 500 error when upgrading
diff --git a/content/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md b/content/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md
index 5c4d369ebecf..c0bc38c59902 100644
--- a/content/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md
+++ b/content/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md
@@ -42,6 +42,12 @@ If you want to view an overview of your subscription and usage for {% data varia
{% endif %}
+{% ifversion metered-ghe-ghas %}
+
+{% data reusables.billing.usage-based-billing %}
+
+{% endif %}
+
## Viewing the subscription and usage for your enterprise account
You can view the subscription and usage for your enterprise and download a file with license details.
diff --git a/content/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise.md b/content/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise.md
index 1ce12a1b3d59..acf46b35f889 100644
--- a/content/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise.md
+++ b/content/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise.md
@@ -22,11 +22,11 @@ shortTitle: Billing for your enterprise
{% ifversion ghec %}
-When you use an enterprise account on {% data variables.location.product_location %}, the enterprise account is the central point for all billing within your enterprise, including the organizations that your enterprise owns.
+When you use an enterprise account on {% data variables.product.prodname_dotcom %}, the enterprise account is the central point for all billing within your enterprise, including the organizations that your enterprise owns.
If you use {% data variables.product.product_name %} with an individual organization and do not yet have an enterprise account, you create an enterprise account and add your organization. For more information, see "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)."
-{% data variables.product.company_short %} bills monthly for the total number of licensed seats for your enterprise account, as well as any additional services you use with {% data variables.product.prodname_ghe_cloud %}, such as {% data variables.product.prodname_actions %} minutes. If you use a standalone organization on {% data variables.product.product_name %}, you'll be billed at the organization level for all usage. For more information your bill's license seats, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)."
+{% data reusables.billing.usage-based-billing %}
{% elsif ghes %}
diff --git a/content/billing/managing-your-github-billing-settings/about-billing-on-github.md b/content/billing/managing-your-github-billing-settings/about-billing-on-github.md
index db202ccd257c..41d7bdb276cb 100644
--- a/content/billing/managing-your-github-billing-settings/about-billing-on-github.md
+++ b/content/billing/managing-your-github-billing-settings/about-billing-on-github.md
@@ -115,9 +115,17 @@ Your plan may come with included amounts of usage-based products. For example, w
You must manage billing settings, payment method, and paid features and products for each of your accounts separately. You can choose to pay monthly or yearly for each account. All subscriptions and usage-based billing associated with an account shares a billing date, payment method, and receipt.
-{% data reusables.dotcom_billing.payment-methods %} {% data reusables.dotcom_billing.same-payment-method %}
+{% ifversion fpt %}{% data reusables.dotcom_billing.payment-methods %} {% data reusables.dotcom_billing.same-payment-method %}
-{% ifversion fpt or ghec %}For qualifying usage-based services, you may choose to pay for the services from your {% data variables.product.prodname_dotcom %} account or from an Azure subscription. The terms of the billing method you choose will apply to services billed in this manner.{% endif %}
+For qualifying usage-based services, you may choose to pay for the services from your {% data variables.product.prodname_dotcom %} account or from an Azure subscription. The terms of the billing method you choose will apply to services billed in this manner.{% endif %}
+
+{% ifversion ghec %}
+
+{% data reusables.billing.usage-based-billing %}
+
+Payments can be made via credit card, PayPal, or Azure subscription. When you update the payment method for your account's plan, your new payment method is automatically added to your other subscriptions and usage-based billing.
+
+{% endif %}
For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings)."
diff --git a/content/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle.md b/content/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle.md
index ed57e4b958a7..8347c001c28c 100644
--- a/content/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle.md
+++ b/content/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle.md
@@ -53,6 +53,8 @@ When you change your billing cycle's duration, your {% data variables.product.pr
## Changing the duration of your enterprise account's billing cycle
+>[!IMPORTANT] If you are on the new billing platform, this procedure does not apply to you. For more information about the billing cycle for your enterprise account, see "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-billing-cycle)."
+
{% data reusables.enterprise-accounts.billing-perms %}
{% note %}
diff --git a/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md
index 79dd49a41d0f..46f35ba93c34 100644
--- a/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md
+++ b/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md
@@ -11,17 +11,17 @@ topics:
shortTitle: About licenses
---
-## About licensing for {% data variables.product.prodname_enterprise %}
+{% ifversion metered-ghe-ghas %}
-{% data reusables.enterprise.about-deployment-methods %}
+{% data reusables.billing.usage-based-billing %}
-{% ifversion ghec %}
+{% endif %}
-{% data reusables.enterprise.invoiced-customer-to-access-ghes %}
+## About licensing for {% data variables.product.prodname_enterprise %}
-{% endif %}
+{% data reusables.enterprise.about-deployment-methods %}
-{% data reusables.enterprise-licensing.unique-user-licensing-model %} For more information about per-user pricing, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)." For more about the price of {% data variables.product.prodname_enterprise %} licenses, see [Pricing](https://github.com/pricing) on the {% data variables.product.prodname_dotcom %} website.
+{% data reusables.enterprise-licensing.unique-user-licensing-model %} To understand how {% data variables.product.company_short %} bills you for consumed licensed seats, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)." For more about the price of {% data variables.product.prodname_enterprise %} licenses, see [Pricing](https://github.com/pricing) on the {% data variables.product.prodname_dotcom %} website.
To ensure the same user isn't consuming more than one license for multiple enterprise deployments, you can synchronize license usage between your {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} deployments.
diff --git a/content/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise.md
index 612f9a970f91..9540ce226562 100644
--- a/content/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise.md
+++ b/content/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise.md
@@ -12,15 +12,15 @@ topics:
shortTitle: Download your license
---
-## About license files for {% data variables.product.prodname_enterprise %}
+{% ifversion metered-ghe-ghas %}
-After you purchase or upgrade a license for {% data variables.product.prodname_enterprise %} from {% data variables.contact.contact_enterprise_sales %}, you must download your new license file. For more information about licenses for {% data variables.product.prodname_enterprise %}, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise)."
+{% data reusables.billing.usage-based-billing %}
-{% ifversion ghec %}
+{% endif %}
-{% data reusables.enterprise.invoiced-customer-to-access-ghes %}
+## About license files for {% data variables.product.prodname_enterprise %}
-{% endif %}
+After you purchase or upgrade a license for {% data variables.product.prodname_enterprise %} from {% data variables.contact.contact_enterprise_sales %}, you must download your new license file. For more information about licenses for {% data variables.product.prodname_enterprise %}, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise)."
{% data reusables.enterprise-licensing.contact-sales-for-renewals-or-seats %}
diff --git a/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md
index 83136640311b..112022d83b1c 100644
--- a/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md
+++ b/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md
@@ -63,16 +63,16 @@ The license usage report for your enterprise is a CSV file that contains the fol
| github_com_verified_domain_emails | All email addresses associated with the user's GHEC account that match your enterprise's verified domains |
| github_com_saml_name_id | The SAML username |
| github_com_orgs_with_pending_invites | All pending invitations for the user's GHEC account to join organizations within your enterprise |
-{%- ifversion ghas-in-license-sync %}
+| {% ifversion ghas-in-license-sync %} |
| github_com_advanced_security_license_user | Whether or not the user consumes a {% data variables.product.prodname_GH_advanced_security %} license on GHEC |
-{%- endif %}
+| {% endif %} |
| license_type | Can be one of: `Visual Studio subscription` or `Enterprise`
| enterprise_server_user| Whether or not the user has at least one account on GHES |
| enterprise_server_primary_emails | The primary email addresses associated with each of the user's GHES accounts |
| enterprise_server_user_ids | For each of the user's GHES accounts, the account's user ID
-{%- ifversion ghas-in-license-sync %}
+| {% ifversion ghas-in-license-sync %} |
| enterprise_server_advanced_security_user_ids | The GHES instances where the user is using {% data variables.product.prodname_GH_advanced_security %} {% ifversion ghec %}(only present if you are using GHES version 3.12 or later, and have enabled license sync){% endif %} |
-{%- endif %}
+| {% endif %} |
| total_user_accounts | The total number of accounts the person has across both GHEC and GHES
| visual_studio_subscription_user | Whether or not the user is a {% data variables.visual_studio.prodname_vs_subscriber %} |
| visual_studio_subscription_email | The email address associated with the user's VSS |
diff --git a/content/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise.md
index 4604b204d40f..104ee3acecbf 100644
--- a/content/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise.md
+++ b/content/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise.md
@@ -1,7 +1,7 @@
---
title: Viewing license usage for GitHub Enterprise
intro: 'You can view license usage for your enterprise on {% ifversion ghec %}{% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}{% data variables.location.product_location %}{% endif %}.'
-permissions: 'Enterprise owners can view license usage for {% data variables.product.prodname_enterprise %}.'
+permissions: 'Enterprise owners{% ifversion ghec %} and billing managers{% endif %}'
versions:
ghec: '*'
ghes: '*'
@@ -44,9 +44,10 @@ You can view the license usage for your enterprise and download a file with lice
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.license-tab %}
1. Review your current {% data variables.product.prodname_enterprise %} license, as well as consumed and available user licenses.
- * To download the consumed license report as a CSV file, to the right of "User licenses," click {% octicon "download" aria-hidden="true" %} **CSV report**. For more information about reviewing the data in this report, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise)."
- * If you purchased {% data variables.product.prodname_GH_advanced_security %}, you can review your total {% ifversion ghas-billing-UI-update %}license{% else %}seat{% endif %} usage. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)."
- * To view an overview of the consumed licenses without downloading a report, click **View details**, then look under "User licenses consumed". For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#user-licenses-consumed)."
+
+ * If you purchased {% data variables.product.prodname_GH_advanced_security %}, you can review your total {% ifversion ghas-billing-UI-update %}license{% else %}seat{% endif %} usage. To learn about the information displayed, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)."
+
+1. To download a CSV report of the license usage, click {% octicon "kebab-horizontal" aria-label="Licensing dropdown" %} to the right of the usage you want to download, then click {% octicon "download" aria-hidden="true" %} **CSV report**.
{% elsif ghes %}
diff --git a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-an-enterprise-account-as-a-microsoft-csp-partner.md b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-an-enterprise-account-as-a-microsoft-csp-partner.md
new file mode 100644
index 000000000000..a6d0c528c8b4
--- /dev/null
+++ b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-an-enterprise-account-as-a-microsoft-csp-partner.md
@@ -0,0 +1,67 @@
+---
+title: Creating an enterprise account as a Microsoft CSP partner
+intro: 'Learn how to set up an enterprise account for your customer as a Microsoft Cloud Solution Provider partner.'
+versions:
+ fpt: '*'
+ ghec: '*'
+type: quick_start
+topics:
+ - User account
+ - Enterprise
+ - Upgrades
+shortTitle: As a Microsoft CSP partner
+---
+
+As a Microsoft Cloud Solution Provider (CSP) partner, you can create an enterprise account on {% data variables.product.prodname_dotcom %} on behalf of your customer. You can also invite your customer to become an enterprise owner.
+
+## Requirements
+
+Before you start, make sure you know:
+* The {% data variables.product.prodname_dotcom %} username of the client who will become the owner of the enterprise account you create
+* The name your client would like to use for the enterprise account
+* The email address where you would like receipts to be sent
+
+## Step 1: Create the enterprise account
+
+As a Microsoft CSP partner, you can get started with {% data variables.product.prodname_enterprise %} from the Microsoft Azure portal.
+
+1. Sign in to the Microsoft Azure portal.
+1. In the search bar, type "{% data variables.product.prodname_dotcom %}" and select **{% data variables.product.prodname_dotcom %}** to go the landing page.
+1. Select **Get started with {% data variables.product.prodname_enterprise %}**.
+1. Choose an enterprise type. To help you decide which choice is best for the enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud)."
+1. Complete the form with your client's information.
+1. Click **Create your enterprise**.
+
+## Step 2: Purchase {% data variables.product.prodname_enterprise %}
+
+At any time during the trial, you can purchase {% data variables.product.prodname_enterprise %} for your client by linking it to their Azure subscription. If the account is later transferred to the customer, ensure the Azure subscription is fully managed by them.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. At the top of the page, in the blue banner, click **Activate Enterprise**.
+1. Click **Add Azure subscription**.
+1. To sign in to your Microsoft account, follow the prompts.
+1. Review the "Permissions requested" prompt. If you agree with the terms, click **Accept**.
+
+ If you don't see a "Permissions requested" prompt, and instead see a message indicating that you need admin approval, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#message-need-admin-approval)."
+
+1. Under "Select a subscription", select the Azure Subscription ID that you want to connect to your organization. {% data reusables.enterprise-accounts.tenant-app-permissions %}
+ {% data reusables.enterprise-accounts.connect-azure %}
+
+1. Click **Activate Enterprise**.
+
+## Step 3: Invite your client as an enterprise owner
+
+Invite your client to become an enterprise owner. See "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#inviting-an-enterprise-administrator-to-your-enterprise-account)."
+
+## Step 4: Change your role to billing manager
+
+Optionally, you can change your role to billing manager to manage the billing for the enterprise account, without having full administrative access.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.people-tab %}
+{% data reusables.enterprise-accounts.administrators-tab %}
+{% data reusables.enterprise-accounts.change-role-to-billing-manager %}
+
+## Contacting support
+
+As a Microsoft CSP partner, you can use the [{% data variables.contact.github_support %} for Microsoft CSP](https://support.github.com/contact?tags=partner-microsoft-csp) landing page to speak to {% data variables.contact.github_support %}. For more information about creating a support ticket, see "[AUTOTITLE](/support/contacting-github-support/creating-a-support-ticket)."
diff --git a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-and-paying-for-an-enterprise-account-on-behalf-of-a-client.md b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-and-paying-for-an-enterprise-account-on-behalf-of-a-client.md
index ef72feb4807d..e4019439c076 100644
--- a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-and-paying-for-an-enterprise-account-on-behalf-of-a-client.md
+++ b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-and-paying-for-an-enterprise-account-on-behalf-of-a-client.md
@@ -12,6 +12,8 @@ topics:
shortTitle: On behalf of a client
---
+>[!NOTE] If you are a Microsoft Cloud Solution Provider (CSP) partner and want to create an enterprise account for your customer, see "[AUTOTITLE](/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/creating-an-enterprise-account-as-a-microsoft-csp-partner)."
+
## Requirements
Before you start, make sure you know:
@@ -54,13 +56,9 @@ Invite your client to become an enterprise owner. For more information, see "[AU
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.people-tab %}
{% data reusables.enterprise-accounts.administrators-tab %}
-1. Confirm that your client is listed as an enterprise owner.
-1. To the right of your username, select the {% octicon "kebab-horizontal" aria-label="Administrator settings" %} dropdown menu, then click **Change role**.
-
- 
-1. Select **Billing manager**, then click **Change role**.
+{% data reusables.enterprise-accounts.change-role-to-billing-manager %}
## Next steps
-1. If you would like your credit card to be removed from the enterprise account so that it's not charged again, contact {% data variables.contact.contact_support %}.
-1. When it's time to renew your client's paid subscription, see "[AUTOTITLE](/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/renewing-your-clients-enterprise-account)."
+{% ifversion fpt %}1. If you would like your credit card to be removed from the enterprise account so that it's not charged again, contact {% data variables.contact.contact_support %}.
+1. {% endif %}When it's time to renew your client's paid subscription, see "[AUTOTITLE](/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/renewing-your-clients-enterprise-account)."
diff --git a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/index.md b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/index.md
index bdf28d7ef283..c755ae27d277 100644
--- a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/index.md
+++ b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-enterprise-accounts-for-procurement-companies/index.md
@@ -9,5 +9,5 @@ children:
- /about-enterprise-accounts-for-procurement-companies
- /creating-and-paying-for-an-enterprise-account-on-behalf-of-a-client
- /renewing-your-clients-enterprise-account
+ - /creating-an-enterprise-account-as-a-microsoft-csp-partner
---
-
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-enhanced-billing-for-git-large-file-storage.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-enhanced-billing-for-git-large-file-storage.md
index 8ce872fde667..865c96a9d043 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-enhanced-billing-for-git-large-file-storage.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-enhanced-billing-for-git-large-file-storage.md
@@ -14,11 +14,7 @@ permissions: The enhanced billing platform is available to all enterprise accoun
## About billing for {% data variables.large_files.product_name_long %}
-{% note %}
-
-**Note:** {% data reusables.user-settings.context_switcher %}
-
-{% endnote %}
+> [!NOTE] {% data reusables.user-settings.context_switcher %}
Each {% data variables.product.prodname_dotcom %} account receives a certain amount of free bandwidth and storage for {% data variables.large_files.product_name_short %}, depending on the account's plan.
Bandwidth is billed for each GiB of data downloaded. Storage is billed by calculating an hourly usage rate. To estimate costs for paid {% data variables.large_files.product_name_short %} usage, you can use the {% data variables.product.prodname_dotcom %} [pricing calculator](https://github.com/pricing/calculator?feature=lfs).
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-billing-cycle.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-billing-cycle.md
new file mode 100644
index 000000000000..f162b76c5076
--- /dev/null
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-billing-cycle.md
@@ -0,0 +1,16 @@
+---
+title: About the billing cycle
+intro: Learn about the billing cycle for the enhanced billing platform.
+versions:
+ feature: enhanced-billing-platform
+type: overview
+topics:
+ - Enterprise
+permissions: The enhanced billing platform is available to all enterprise accounts, and organizations owned by enterprise accounts, created after June 2, 2024. Enterprises that participated in the beta program also have access to the enhanced billing platform.
+---
+
+>[!IMPORTANT] If you are on not on the new billing platform, this article does not apply to you. To check if you are on the new billing platform, see "[How do I know if I can access the enhanced billing platform?](/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises#how-do-i-know-if-i-can-access-the-enhanced-billing-platform)." For more information about the billing cycle for your enterprise account, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle#changing-the-duration-of-your-enterprise-accounts-billing-cycle)."
+
+If your enterprise is on the enhanced billing platform, you have a fixed billing period for metered usage which runs from the first day of the month to the last day of the month. When the month ends, the usage is scheduled to be billed on your bill cycle day. Your bill cycle day is dictated by the moment you converted from a trial to a paid enterprise account. For example, if you converted on the fifteenth of the month, you will be billed on the fifteenth of each subsequent month.
+
+This applies to all products available through the enhanced billing platform.
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises.md
index c93f76ead6b6..e34e5a253562 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises.md
@@ -17,11 +17,19 @@ The enhanced billing platform provides better spending control and detailed usag
The following products are available in the enhanced billing platform:
* {% data variables.product.prodname_actions %}
+* {% data variables.product.prodname_GH_advanced_security %} (only available with a trial of {% data variables.product.prodname_ghe_cloud %})
* {% data variables.product.prodname_github_codespaces %}
* {% data variables.product.prodname_copilot %}
+* {% data variables.product.prodname_enterprise %}
* {% data variables.product.prodname_registry %}
* {% data variables.large_files.product_name_long %}
+{% ifversion metered-ghe-ghas%}
+
+{% data reusables.billing.actions-usage-delay %}
+
+{% endif %}
+
## Key functionalities
With the enhanced billing platform, you can:
@@ -39,3 +47,7 @@ You have access to the enhanced billing platform if you have an enterprise accou
{% data reusables.enterprise-accounts.access-enterprise %}
If you have access, there will be a {% octicon "credit-card" aria-hidden="true" %} **Billing & Licensing** option in the enterprise account sidebar.
+
+## Next steps
+
+* To **get started with the enhanced billing plaform**, see "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/getting-started-with-the-enhanced-billing-platform)."
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses.md
new file mode 100644
index 000000000000..85d37f56f55a
--- /dev/null
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses.md
@@ -0,0 +1,33 @@
+---
+title: About usage-based billing for licenses
+intro: Learn about usage-based billing for your enterprise licenses, whether you pay through {% data variables.product.company_short %} or Azure.
+redirect_from:
+ - /early-access/billing/managing-usage-based-billing-for-github-licenses-through-github
+ - /early-access/billing/managing-usage-based-billing-for-github-licenses-through-azure
+ - /early-access/billing/managing-usage-based-billing-for-githubs-products-on-azure
+ - /early-access/billing/managing-billing-for-githubs-products-through-azure
+ - /early-access/billing/managing-usage-based-billing-for-github-licenses
+versions:
+ feature: enhanced-billing-platform
+type: overview
+topics:
+ - Enterprise
+permissions: Enterprise administrators
+shortTitle: Usage-based billing for licenses
+---
+
+With the enhanced billing platform, you pay monthly for the number of {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GH_advanced_security %} licenses you use. You will not need to buy a predefined number of licenses in advance.
+
+If a user starts consuming a license seat during the month, you will pay pro rata for the user's license usage that month. If a user stops consuming a license seat during the month, your bill for the following month will reflect the change.
+
+Pending invitations to join an organization that belongs to your enterprise on {% data variables.product.prodname_dotcom_the_website %} do not consume a license.
+
+{% data variables.visual_studio.prodname_vss_ghe %} is currently not supported for usage-based billing.
+
+## Which payment methods can I use?
+
+You can use the following payment methods for usage-based billing for licenses:
+
+* Invoiced and self-serve {% data variables.product.prodname_enterprise %} customers can pay using a **credit card** or **PayPal**
+* You can connect an **Azure** subscription to your enterprise
+* For **purchase orders**, you can contact your account manager in {% data variables.contact.contact_enterprise_sales %}
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/adding-seats-to-your-enterprise-account.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/adding-seats-to-your-enterprise-account.md
new file mode 100644
index 000000000000..152f76d5f35b
--- /dev/null
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/adding-seats-to-your-enterprise-account.md
@@ -0,0 +1,23 @@
+---
+title: Adding seats to your enterprise account
+intro: Learn how to add seats to your enterprise account using the enhanced billing platform.
+versions:
+ feature: enhanced-billing-platform
+type: overview
+topics:
+ - Enterprise
+permissions: The enhanced billing platform is available to all enterprise accounts, and organizations owned by enterprise accounts, created after June 2, 2024. Enterprises that participated in the beta program also have access to the enhanced billing platform.
+shortTitle: Add seats to your enterprise
+---
+
+>[!IMPORTANT] If you pay by invoice, you need to contact your account manager in {% data variables.contact.contact_enterprise_sales %} to add seats to your enterprise account.
+
+If you have access to the enhanced billing platform, you can add seats to your enterprise account through the "Licensing" page. To check if you have access, see "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-the-enhanced-billing-platform-for-enterprises#how-do-i-know-if-i-can-access-the-enhanced-billing-platform)."
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.billing.enterprise-billing-menu %}
+1. Click **Licensing**.
+1. Click {% octicon "kebab-horizontal" aria-label="Licensing dropdown" %} and then click **Manage seats**.
+1. Under "Total Seats", enter a number of seats.
+1. Click **Update seats**.
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/charging-business-units.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/charging-business-units.md
index 5b1ad8667277..800cc271260f 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/charging-business-units.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/charging-business-units.md
@@ -14,6 +14,19 @@ To drive accountability and control costs, the enhanced billing platform lets yo
If your account is billed to Azure, you will have the option to add an Azure subscription ID. Cost centers allows for multiple Azure subscription IDs so that different business units, within an enterprise, can directly pay for their usage.
+{% ifversion metered-ghe-ghas %}
+
+## Cost center billing for seat-based products
+
+For seat-based products like {% data variables.product.prodname_enterprise %}, {% data variables.product.prodname_GH_advanced_security %}, and {% data variables.product.prodname_copilot %}, cost centers are based on **users**. Changes to users (additions or deletions) will affect billing as follows:
+
+* Any new usage after the change will be billed to the cost center immediately.
+* Seats added before a user is added to a cost center are only reflected at the start of the next month.
+* Deletion of a user from a cost center is reflected at the start of the next month.
+
+For example, if you add a user to a cost center, any new usage for that user will be billed to the cost center right away. However, if the usage (seat) for the user was added _before_ the user was added to the cost center, then the user’s seat will only start being billed to the cost center at the start of the next billing cycle.
+{% endif %}
+
## Creating a cost center
Create cost centers to monitor and manage expenses for specific organizations or repositories. Multiple organizations and repositories can be assigned to one cost center.
@@ -25,7 +38,7 @@ This method can be used to track only non-seat based products usage such as:
* {% data variables.product.prodname_registry %}
* {% data variables.large_files.product_name_short %}
-For seat-based products like {% data variables.product.prodname_copilot %}, assign users to the cost center via the API.
+For seat-based products like usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GH_advanced_security %}, and {% data variables.product.prodname_copilot %}, assign users to the cost center via the API.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.billing.enterprise-billing-menu %}
@@ -51,7 +64,9 @@ You can view the usage of your cost centers and download the usage data for furt
You can view, edit, and delete cost centers to manage your business units effectively.
->[!NOTE] To add or remove members from a cost center, you can use the API. See "[AUTOTITLE](/rest/enterprise-admin/billing)."
+To add or remove members from a cost center, you can use the API. See "[AUTOTITLE](/rest/enterprise-admin/billing)."
+
+>[!NOTE] For {% data variables.product.prodname_copilot_short %} seats, {% data variables.product.company_short %} checks if a user is part of a cost center. If they are, their usage is shown under that cost center. If not, their usage is displayed under their organization. In this case, costs are assumed to belong to the first organization the user was assigned to.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.billing.enterprise-billing-menu %}
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/estimating-spending-for-your-enterprise.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/estimating-spending-for-your-enterprise.md
index 13c4c1ce138e..b3a9cd7472ca 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/estimating-spending-for-your-enterprise.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/estimating-spending-for-your-enterprise.md
@@ -29,7 +29,11 @@ On this page, you can view your usage in the following categories:
* **By organization** and **by repository:** The two cards under the graph show the top five organizations and repositories that generate the most usage. You can click {% octicon "kebab-horizontal" aria-label="Open column options" %} in the upper-right corner of each card to view all usage.
* **By products:** You can use the product tabs to view usage and discounts for different products. Only products with usage are shown.
- 
+ {% ifversion metered-ghe-ghas%}
+
+ {% data reusables.billing.actions-usage-delay %}
+
+ {% endif %}
## Viewing promotion and discounts
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/gathering-insights-on-your-spending.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/gathering-insights-on-your-spending.md
index 33ffd143faad..c28c94300a21 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/gathering-insights-on-your-spending.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/gathering-insights-on-your-spending.md
@@ -49,7 +49,7 @@ You can also view your active {% data variables.product.prodname_enterprise %} i
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.billing.enterprise-billing-menu %}
1. Click **Licensing**.
-1. To download a CSV report of the license usage, click {% octicon "download" aria-hidden="true" %} **CSV report** to the right of the usage you want to download.
+1. To download a CSV report of the license usage, click {% octicon "kebab-horizontal" aria-label="Licensing dropdown" %} to the right of the usage you want to download, then click {% octicon "download" aria-hidden="true" %} **CSV report**.
## Further reading
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/getting-started-with-the-enhanced-billing-platform.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/getting-started-with-the-enhanced-billing-platform.md
new file mode 100644
index 000000000000..7969b1c9c02b
--- /dev/null
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/getting-started-with-the-enhanced-billing-platform.md
@@ -0,0 +1,17 @@
+---
+title: Getting started with the enhanced billing platform
+intro: 'Learn how to start using the enhanced billing platform for your enterprise account.'
+versions:
+ feature: enhanced-billing-platform
+type: overview
+topics:
+ - Enterprise
+permissions: Enterprise administrators
+shortTitle: Get started
+---
+
+If you don't already have access to the enhanced billing platform, there are three ways to get started.
+
+* If you are **new** to {% data variables.product.prodname_ghe_cloud %}, set up a trial of {% data variables.product.prodname_ghe_cloud %}. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
+* If you have an **existing** enterprise account and pay by **invoice**, contact your account manager in {% data variables.contact.contact_enterprise_sales %} to discuss switching when your contract renews.
+* If you have an **existing** enterprise account and pay via **credit card or PayPal**, wait for an in-product prompt to transition.
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/index.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/index.md
index 712333aaeaa9..599d106b684c 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/index.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/index.md
@@ -9,6 +9,10 @@ versions:
feature: enhanced-billing-platform
children:
- /about-the-enhanced-billing-platform-for-enterprises
+ - /getting-started-with-the-enhanced-billing-platform
+ - /about-the-billing-cycle
+ - /about-usage-based-billing-for-licenses
+ - /adding-seats-to-your-enterprise-account
- /roles-for-the-enhanced-billing-platform
- /estimating-spending-for-your-enterprise
- /gathering-insights-on-your-spending
diff --git a/content/billing/using-the-enhanced-billing-platform-for-enterprises/managing-your-payment-and-billing-information.md b/content/billing/using-the-enhanced-billing-platform-for-enterprises/managing-your-payment-and-billing-information.md
index 91e5e268b930..6181bb3e987a 100644
--- a/content/billing/using-the-enhanced-billing-platform-for-enterprises/managing-your-payment-and-billing-information.md
+++ b/content/billing/using-the-enhanced-billing-platform-for-enterprises/managing-your-payment-and-billing-information.md
@@ -1,6 +1,6 @@
---
title: Managing your payment and billing information
-intro: 'You can view your payment information and history, and update your billing contacts.'
+intro: 'Learn how to manage your payment information and history, and update your billing contacts.'
versions:
feature: enhanced-billing-platform
type: how_to
@@ -16,6 +16,36 @@ You can view your payment information and history, and update your billing conta
* PayPal
* Azure Subscription ID
+## Prerequisites for paying through Azure
+
+* You must be new to {% data variables.product.prodname_ghe_cloud %} to begin with usage-based billing through an Azure subscription. If your company already uses {% data variables.product.prodname_dotcom %}, you can use {% data variables.product.prodname_importer_proper_name %} to migrate your resources to a new subscription that bills through Azure. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer)."
+* Prepaid usage is not currently available for usage-based billing through Azure.
+* You must know your Azure subscription ID. For more information, see the following documentation or [contact Azure support](https://azure.microsoft.com/support/).
+
+ * "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)"
+ * [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) in the Microsoft Docs
+
+## Connecting your Azure subscription
+
+After creation of your new enterprise on {% data variables.product.prodname_dotcom_the_website %}, to begin usage-based billing through Azure, you must connect your Azure subscription.
+
+> [!IMPORTANT] If you don't use {% data variables.product.prodname_emus %}, connection of an Azure subscription will immediately end your trial and begin paid usage.
+
+For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-enterprise-account)."
+
+## What does my Azure invoice look like?
+
+After you connect your Azure subscription, usage for {% data variables.product.company_short %}'s products will appear on your Azure invoice, summarized by product family. For example, if you use this billing arrangement for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GH_advanced_security %}, usage and price excluding tax for each line item will appear as follows.
+
+| Product Family Usage Charges | Total (excluding Tax) |
+| :- | :- |
+| GH ENTERPRISE | AMOUNT |
+| GH ADVANCED SECURITY | AMOUNT |
+
+For more information about your Azure invoice, see [Understand terms on your Microsoft Azure invoice](https://learn.microsoft.com/azure/cost-management-billing/understand/understand-invoice) in the Microsoft Docs.
+
+The {% data variables.product.company_short %} products on your Azure invoice are also MACC-eligible. For more information, see [Track your Microsoft Azure Consumption Commitment (MACC)](https://learn.microsoft.com/azure/cost-management-billing/manage/track-consumption-commitment) in the Microsoft Docs.
+
## Viewing payment information
You can view and edit your billing information, update your payment method, and view active coupons.
diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
index a2ca0eec3f70..03fd0cb5b302 100644
--- a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
+++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
@@ -22,7 +22,7 @@ This article is part of a series on adopting {% data variables.product.prodname_
Rolling {% data variables.product.prodname_code_scanning %} out across hundreds of repositories can be difficult, especially when done inefficiently. Following these steps will ensure your rollout is both efficient and successful.{% ifversion default-setup-ghas-enablement %}{% else %} As part of your preparation, you will work with your teams, use automation to collect data about your repositories, and enable {% data variables.product.prodname_code_scanning %}.{% endif %}
{% ifversion ghec %}
-{% data variables.product.prodname_code_scanning_caps %} is also available for all public repositories on {% data variables.product.prodname_dotcom_the_website %} without a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
+{% data variables.product.prodname_code_scanning_caps %} is also available for all public repositories on {% data variables.product.prodname_dotcom %} without a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
### Preparing teams for {% data variables.product.prodname_code_scanning %}
@@ -132,13 +132,13 @@ Before you can proceed with pilot programs and rolling out {% data variables.pro
**Note:** When a secret is detected in a repository that has enabled {% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dotcom %} alerts all users with access to security alerts for the repository. {% ifversion ghec %}
-Secrets found in public repositories using {% data variables.secret-scanning.partner_alerts %} are reported directly to the partner, without creating an alert on {% data variables.product.product_name %}. For details about the supported partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."{% endif %}
+Secrets found in public repositories using {% data variables.secret-scanning.partner_alerts %} are reported directly to the partner, without creating an alert on {% data variables.product.product_name %}. For details about the supported partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."{% endif %}
{% endnote %}
-If a project communicates with an external service, it might use a token or private key for authentication. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. {% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repositories for secrets and alert you or block the push containing the secret. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+If a project communicates with an external service, it might use a token or private key for authentication. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. {% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repositories for secrets and alert you or block the push containing the secret. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
-{% ifversion ghec %}{% data variables.secret-scanning.partner_alerts_caps %} runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on {% data variables.product.prodname_dotcom_the_website %}.
+{% ifversion ghec %}{% data variables.secret-scanning.partner_alerts_caps %} runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on {% data variables.product.prodname_dotcom %}.
{% data variables.secret-scanning.user_alerts_caps %} are available for free on all public repositories.{% endif %}
@@ -154,17 +154,17 @@ Enabling {% data variables.product.prodname_secret_scanning %} for all repositor
If you are enabling {% data variables.product.prodname_secret_scanning %} on a large organization, be prepared to see a high number of secrets found. Sometimes this comes as a shock to organizations and the alarm is raised. If you would like to turn on {% data variables.product.prodname_secret_scanning %} across all repositories at once, plan for how you will respond to multiple alerts across the organization.
-{% data variables.product.prodname_secret_scanning_caps %} can be enabled for individual repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories)." {% data variables.product.prodname_secret_scanning_caps %} can also be enabled for all repositories in your organization, as described above. For more information on enabling for all repositories, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+{% data variables.product.prodname_secret_scanning_caps %} can be enabled for individual repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)." {% data variables.product.prodname_secret_scanning_caps %} can also be enabled for all repositories in your organization, as described above. For more information on enabling for all repositories, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
### Custom patterns for {% data variables.product.prodname_secret_scanning %}
-{% data variables.product.prodname_secret_scanning_caps %} detects a large number of default patterns but can also be configured to detect custom patterns, such as secret formats unique to your infrastructure or used by integrators that {% data variables.product.product_name %}'s {% data variables.product.prodname_secret_scanning %} does not currently detect. For more information about supported secrets for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
+{% data variables.product.prodname_secret_scanning_caps %} detects a large number of default patterns but can also be configured to detect custom patterns, such as secret formats unique to your infrastructure or used by integrators that {% data variables.product.product_name %}'s {% data variables.product.prodname_secret_scanning %} does not currently detect. For more information about supported secrets for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)."
-As you audit your repositories and speak to security and developer teams, build a list of the secret types that you will later use to configure custom patterns for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+As you audit your repositories and speak to security and developer teams, build a list of the secret types that you will later use to configure custom patterns for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
### Push protection for {% data variables.product.prodname_secret_scanning %}
-Push protection for organizations and repositories instructs {% data variables.product.prodname_secret_scanning %} to check pushes for supported secrets _before_ secrets are committed to the codebase. For information on which secrets are supported, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+Push protection for organizations and repositories instructs {% data variables.product.prodname_secret_scanning %} to check pushes for supported secrets _before_ secrets are committed to the codebase. For information on which secrets are supported, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
If a secret is detected in a push, that push is blocked. {% data variables.product.prodname_secret_scanning_caps %} lists any secrets it detects so the author can review the secrets and remove them or, if needed, allow those secrets to be pushed. {% data reusables.secret-scanning.push-protection-custom-pattern %}
@@ -176,7 +176,7 @@ Before enabling push protection, consider whether you need to create guidance fo
Next, familiarize yourself with the different options for managing and monitoring alerts that are the result of a contributor bypassing push protection.
-For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."
+For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
{% note %}
diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md
index 2268f0cad047..2762d9a094e3 100644
--- a/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md
+++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md
@@ -33,15 +33,11 @@ You need to enable GHAS for each pilot project, either by enabling the GHAS feat
{% ifversion security-configurations %}
-## Piloting all {% data variables.product.prodname_GH_advanced_security %} features (beta)
+## Piloting all {% data variables.product.prodname_GH_advanced_security %} features {% ifversion security-configurations-beta-and-pre-beta %}(beta){% endif %}
{% data reusables.security-configurations.enable-security-features-with-gh-config %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
{% endif %}
@@ -86,7 +82,15 @@ To enable secret scanning for your {% data variables.product.prodname_ghe_server
{% endif %}
-You need to enable secret scanning for each pilot project, either by enabling the feature for each repository or for all repositories in any organizations taking part in the project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+{% ifversion security-configurations-ga %}
+
+You need to enable {% data variables.product.prodname_secret_scanning %} for each pilot project. You can do this with the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
+
+{% else %}
+
+You need to enable {% data variables.product.prodname_secret_scanning %} for each pilot project, either by enabling the feature for each repository or for all repositories in any organizations taking part in the project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+
+{% endif %}
Next, enable push protection for each pilot project.
@@ -94,11 +98,11 @@ If you plan to configure a link to a resource in the message that's displayed wh
{%- ifversion security-overview-push-protection-metrics-page %}
-Start to review activity using the push protection metrics page in security overview. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization)."
+Start to review activity using the push protection metrics page in security overview. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection)."
{%- endif %}
-If you have collated any custom patterns specific to your enterprise, especially any related to the projects piloting {% data variables.product.prodname_secret_scanning %}, you can configure those. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+If you have collated any custom patterns specific to your enterprise, especially any related to the projects piloting {% data variables.product.prodname_secret_scanning %}, you can configure those. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
To learn how to view and close alerts for secrets checked into your repository, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
index ab7002fd1072..3bf496b0565a 100644
--- a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
+++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
@@ -16,13 +16,11 @@ This article is part of a series on adopting {% data variables.product.prodname_
{% endnote %}
{% ifversion security-configurations %}
-{% note %}
-**Note:** {% data reusables.security-configurations.enable-security-features-with-gh-config %}
+{% data reusables.security-configurations.enable-security-features-with-gh-config %}
{% data reusables.security-configurations.security-configurations-beta-note-short %}
-{% endnote %}
{% endif %}
## Enabling code scanning
@@ -72,6 +70,12 @@ It’s a good idea to run regular company meetings on specific topics to educate
You can use the data you have collected about the distribution of different languages among repositories to create targeted meetings.
{% endif %}
+{% ifversion security-overview-org-codeql-pr-alerts %}
+
+For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
+
+{% endif %}
+
{% note %}
For the next article in this series, see "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning)."
diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md
index 73d737fbb715..e91d27f773b4 100644
--- a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md
+++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md
@@ -18,13 +18,11 @@ This article is part of a series on adopting {% data variables.product.prodname_
You can enable secret scanning for individual repositories or for all repositories in an organization or enterprise. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)", "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)", or "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
{% ifversion security-configurations %}
-{% note %}
-**Note:** {% data reusables.security-configurations.enable-security-features-with-gh-config %}
+{% data reusables.security-configurations.enable-security-features-with-gh-config %}
{% data reusables.security-configurations.security-configurations-beta-note-short %}
-{% endnote %}
{% endif %}
This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
@@ -55,17 +53,17 @@ Repeat the last two steps for any new secrets leaked. This process encourages de
## 2. Enable push protection
-Once you have enabled {% data variables.product.prodname_secret_scanning %}, you should also enable push protection. With push protection, {% data variables.product.prodname_secret_scanning %} checks pushes for supported secrets and blocks pushes to {% data variables.product.prodname_dotcom %} _before_ the secrets are exposed to other users. For information on how to enable push protection, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-secret-scanning-as-a-push-protection)."
+Once you have enabled {% data variables.product.prodname_secret_scanning %}, you should also enable push protection. With push protection, {% data variables.product.prodname_secret_scanning %} checks pushes for supported secrets and blocks pushes to {% data variables.product.prodname_dotcom %} _before_ the secrets are exposed to other users. For information on how to enable push protection, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)."
Once enabled, you can do the following:
-1. **Provide guidance**: Configure a custom link in the message that contributors will see if their push is blocked by {% data variables.product.prodname_secret_scanning %}. The linked resource can provide guidance for contributors on how to resolve the blocked push. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-secret-scanning-as-a-push-protection)."
+1. **Provide guidance**: Configure a custom link in the message that contributors will see if their push is blocked by {% data variables.product.prodname_secret_scanning %}. The linked resource can provide guidance for contributors on how to resolve the blocked push. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)."
1. **Notify**: Define a webhook that specifically tracks {% data variables.secret-scanning.alerts %} created when someone bypasses push protection by using the alert property `"push_protection_bypassed": true`. Or, use the API to get updates on which {% data variables.secret-scanning.alerts %} were the result of a push protection bypass by filtering the list of results for `"push_protection_bypassed": true`. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)."
{%- ifversion security-overview-push-protection-metrics-page %}
-1. **Monitor**: Use security overview to view metrics on how push protection is performing in repositories across your organization, so you can quickly identify any repositories where you might need to take action. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization)."
+1. **Monitor**: Use security overview to view metrics on how push protection is performing in repositories across your organization, so you can quickly identify any repositories where you might need to take action. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection)."
{%- endif %}
@@ -109,7 +107,7 @@ Once you have decided on the secret types, you can do the following:
You can now expand beyond the five most critical secret types into a more comprehensive list, with an additional focus on education. You can repeat the previous step, remediating previously committed secrets, for the different secret types you have targeted.
-You can also include more of the custom patterns collated in the earlier phases and invite security teams and developer teams to submit more patterns, establishing a process for submitting new patterns as new secret types are created. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+You can also include more of the custom patterns collated in the earlier phases and invite security teams and developer teams to submit more patterns, establishing a process for submitting new patterns as new secret types are created. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
As you continue to build your remediation processes for other secret types, start to create proactive training material that can be shared with all developers of GitHub in your organization. Until this point, a lot of the focus has been reactive. It is an excellent idea to shift focus to being proactive and encourage developers not to push credentials to GitHub in the first place. This can be achieved in multiple ways but creating a short document explaining the risks and reasons would be a great place to start.
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
index 3f41c5ae8999..3d8fc7376361 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
@@ -40,7 +40,7 @@ topics:
When you enable {% data variables.product.prodname_code_scanning %}, both default and advanced setup generate a {% data variables.product.prodname_codeql %} database for analysis using the simplest method available. For {% data variables.code-scanning.no_build_support %}, the {% data variables.product.prodname_codeql %} database is generated directly from the codebase without requiring a build (`none` build mode). For other compiled languages, {% data variables.product.prodname_codeql %} builds the codebase using the `autobuild` build mode. Alternatively, you can use the `manual` build mode to specify explicit build commands to analyze only the files that are built by these custom commands.
-{% elsif ghes > 3.9 %}
+{% elsif ghes %}
If you enable default setup, the `autobuild` action will be used to build your code, as part of your automatically configured {% data variables.code-scanning.codeql_workflow %}. If you enable advanced setup, the basic {% data variables.code-scanning.codeql_workflow %} uses `autobuild`. Alternatively, you can disable `autobuild` and instead specify explicit build commands to analyze only the files that are built by these custom commands.
@@ -50,21 +50,13 @@ The basic {% data variables.code-scanning.codeql_workflow %} uses the `autobuild
{% endif %}
-{% ifversion ghes < 3.10 %}
-
-In {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, default setup does not support any compiled languages, so you must use advanced setup. Advanced setup generates a workflow file you can edit. The starter workflow files use `autobuild` to analyze compiled languages. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql)."
-
-{% endif %}
-
{% ifversion codeql-no-build %}
## {% data variables.product.prodname_codeql %} build modes
-{% data reusables.code-scanning.beta-no-build %}
-
The {% data variables.product.prodname_codeql %} action supports three different build modes for compiled languages:
-* `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported in beta for {% data variables.code-scanning.no_build_support %}).
+* `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported for {% data variables.code-scanning.no_build_support %}).
* `autobuild` - {% data variables.product.prodname_codeql %} detects the most likely build method and uses this to attempt to build the codebase and create a database for analysis (supported for all compiled languages).
* `manual` - you define the build steps to use for the codebase in the workflow (supported for all compiled languages).
@@ -139,7 +131,7 @@ Creating a {% data variables.product.prodname_codeql %} database without a build
To use `autobuild` or manual build steps, you can use advanced setup.
->[!NOTE] For Java analysis, if `build-mode` is set to `none` and Kotlin code is found in the repository, the Kotlin code will not be analyzed and a warning will be produced. See {% ifversion codeql-kotlin-beta %}"[Building Java and Kotlin](#building-java--and-kotlin)"{% else %}"[Building Java](#building-java)"{% endif %}.
+>[!NOTE] For Java analysis, if `build-mode` is set to `none` and Kotlin code is found in the repository, the Kotlin code will not be analyzed and a warning will be produced. See "[Building Java and Kotlin](#building-java-and-kotlin)."
{% endif %}
@@ -149,7 +141,7 @@ To use `autobuild` or manual build steps, you can use advanced setup.
The {% data variables.product.prodname_codeql %} action uses `autobuild` to analyze compiled languages in the following cases.
-* Default setup is enabled{% ifversion codeql-no-build %} and the language does not support `none` build (beta release supported for {% data variables.code-scanning.no_build_support %}).
+* Default setup is enabled{% ifversion codeql-no-build %} and the language does not support `none` build (supported for {% data variables.code-scanning.no_build_support %}).
* Advanced setup is enabled and the workflow specifies `build-mode: autobuild`{% endif %}.
* Advanced setup is enabled and the workflow has an Autobuild step for the language using the `autobuild` action (`{% data reusables.actions.action-codeql-action-autobuild %}`).
@@ -275,10 +267,9 @@ If you added manual build steps for compiled languages and {% data variables.pro
* [Building C/C++](#building-cc)
* [Building C#](#building-c){% ifversion codeql-go-autobuild %}
-* [Building Go](#building-go){% endif %}{% ifversion codeql-kotlin-beta %}
-* [Building Java and Kotlin](#building-java--and-kotlin){% else %}
-* [Building Java](#building-java){% endif %}{% ifversion codeql-swift-beta %}
-* [Building Swift](#building-swift){% endif %}
+* [Building Go](#building-go){% endif %}
+* [Building Java and Kotlin](#building-java-and-kotlin)
+* [Building Swift](#building-swift)
{% note %}
@@ -439,7 +430,7 @@ The `autobuild` process attempts to autodetect a suitable way to install the dep
{% endif %}
-## Building Java {% ifversion codeql-kotlin-beta %} and Kotlin {% endif %}
+## Building Java and Kotlin
{% ifversion codeql-no-build %}{% data variables.product.prodname_codeql %} supports the following build modes.
@@ -461,6 +452,13 @@ Creating a {% data variables.product.prodname_codeql %} Java database without a
* Gradle or Maven build scripts cannot be queried for dependency information, and dependency guesses (based on Java package names) are inaccurate.
* The repository normally generates code during the build process. This would be analyzed if you created the {% data variables.product.prodname_codeql %} database using a different mode.
+You can ensure a more accurate analysis by taking the following steps:
+
+* Provide access to the public internet or ensure that access to a private artifact repository is available.
+* Check whether the repository requires multiple versions of the same dependency. {% data variables.product.prodname_codeql %} can use only one version and usually chooses the newer version where there are multiple versions. This approach may not work for all repositories.
+* Check whether more than one version of the JDK API is required by different source Java files. When multiple versions are seen, {% data variables.product.prodname_codeql %} will use the highest version required by any build script. This may mean that some files that require a lower version of the JDK will be partially analyzed. For example, if some files require JDK 8 but a JDK 17 requirement is found in one or more build scripts, {% data variables.product.prodname_codeql %} will use JDK 17. Any files that require JDK 8 and could not be built using JDK 17 will be partially analyzed.
+* Avoid colliding class names (for example, multiple files defining `org.myproject.Test`), otherwise this may cause missing method call targets, which has an impact on dataflow analysis.
+
### Autobuild summary for Java{% endif %}
| Supported system type | System name |
@@ -494,8 +492,6 @@ You will also need to install the build system (for example `make`, `cmake`, `ba
Windows runners require `powershell.exe` to be on the `PATH`.
-{% ifversion codeql-swift-beta %}
-
## Building Swift
{% ifversion codeql-no-build %}{% data variables.product.prodname_codeql %} supports build modes `autobuild` or `manual` for Swift code.
@@ -509,12 +505,6 @@ Windows runners require `powershell.exe` to be on the `PATH`.
The `autobuild` process tries to build the biggest target from an Xcode project or workspace.
-{% endif %}
-
-{% ifversion codeql-swift-beta %}
-
-{% data reusables.code-scanning.beta-swift-support %}
-
Code scanning of Swift code uses macOS runners by default. {% ifversion fpt or ghec %}Since {% data variables.product.company_short %}-hosted macOS runners are more expensive than Linux and Windows runners, we recommend that you build only the code that you want to analyze. For more information about pricing for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."{% endif %}
{% data reusables.code-scanning.default-setup-swift-self-hosted-runners %}
@@ -526,5 +516,3 @@ Code scanning of Swift code uses macOS runners by default. {% ifversion fpt or g
You can pass the `archive` and `test` options to `xcodebuild`. However, the standard `xcodebuild` command is recommended as it should be the fastest, and should be all that {% data variables.product.prodname_codeql %} requires for a successful scan.
For Swift analysis, you must always explicitly install dependencies managed via CocoaPods or Carthage before generating the {% data variables.product.prodname_codeql %} database.
-
-{% endif %}
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
index b0d97945169a..9990322f83c6 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
@@ -33,7 +33,6 @@ For repositories that are not eligible for default setup, you can use a bulk con
1. Use one of the example scripts or create a custom script to add the workflow to each repository in the group.
* PowerShell example: [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs) repository
* NodeJS example: [`nickliffen/ghas-enablement`](https://github.com/NickLiffen/ghas-enablement) repository
- * Python example: [`Malwarebytes/ghas-cli`](https://github.com/Malwarebytes/ghas-cli) repository
{% ifversion codeql-model-packs-org %}
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
index 32eeebf49e3b..c6ae6db09cb3 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
@@ -101,23 +101,23 @@ For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scannin
## Configuring {% data variables.product.prodname_code_scanning %} using third-party actions
-{% data variables.product.product_name %} includes starter workflows for third-party actions, as well as the {% data variables.product.prodname_codeql %} action. Using a starter workflow is much easier than writing a workflow unaided.
+{% data variables.product.product_name %} includes workflow templates for third-party actions, as well as the {% data variables.product.prodname_codeql %} action. Using a workflow template is much easier than writing a workflow unaided.
{% data reusables.code-scanning.billing %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.actions-tab %}
-1. If the repository has already at least one workflow configured and running, click **New workflow** to display starter workflows. If there are currently no workflows configured for the repository, go to the next step.
+1. If the repository has already at least one workflow configured and running, click **New workflow** to display workflow templates. If there are currently no workflows configured for the repository, go to the next step.
1. In the "Choose a workflow" or "Get started with {% data variables.product.prodname_actions %}" view, scroll down to the "Security" category and click **Configure** under the workflow you want to configure. You may need to click **View all** to find the security workflow you want to configure.
- 
+ 
1. Follow any instructions in the workflow to customize it to your needs. For more general assistance about workflows, click **Documentation** on the right pane of the workflow page.
- 
+ 
For more information, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows#choosing-and-using-a-starter-workflow)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
index 467764625794..5700c280e211 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
@@ -143,7 +143,6 @@ This workflow scans:
## Specifying an operating system
-{% ifversion codeql-swift-beta %}
{% note %}
**Notes**:
@@ -154,8 +153,6 @@ This workflow scans:
{% endnote %}
-{% endif %}
-
If your code requires a specific operating system to compile, you can configure the operating system in your {% data variables.code-scanning.codeql_workflow %}. Edit the value of `jobs.analyze.runs-on` to specify the operating system for the machine that runs your {% data variables.product.prodname_code_scanning %} actions. {% ifversion ghes %}You specify the operating system by using an appropriate label as the second element in a two-element array, after `self-hosted`.{% else %}
``` yaml copy
diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
index 69964affb114..6092445f6b9a 100644
--- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
+++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
@@ -20,7 +20,8 @@ versions:
With default setup for {% data variables.product.prodname_code_scanning %}, you can quickly secure code in repositories across your organization.
-You can use the organization settings page labeled "Code security and analysis" to enable {% data variables.product.prodname_code_scanning %} for all repositories in your organization that are eligible for default setup. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in repositories in the organization will be scanned:
+You can enable {% data variables.product.prodname_code_scanning %} for all repositories in your organization that are eligible for default setup. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in repositories in the organization will be scanned:
+
* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."
* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.{% ifversion default-setup-scan-on-schedule %}
* On a weekly schedule.{% endif %}
@@ -73,6 +74,8 @@ If the code in a repository changes to include {% ifversion code-scanning-defaul
## Configuring default setup for all eligible repositories in an organization
+{% ifversion security-configurations-ga %} You can enable default setup for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
+{% elsif security-configurations-beta-and-pre-beta %}
Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)."
{% data reusables.code-scanning.beta-org-enable-all %}
@@ -100,6 +103,8 @@ Through the "Code security and analysis" page of your organization's settings, y
{% endnote %}
+{% endif %}
+
{% ifversion codeql-model-packs-org %}
### Extending {% data variables.product.prodname_codeql %} coverage in default setup
@@ -111,6 +116,12 @@ Through the "Code security and analysis" page of your organization's settings, y
## Configuring default setup for a subset of repositories in an organization
+{% ifversion security-configurations-ga %}
+
+You can filter for specific repositories you would like to configure default setup for. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration)."
+
+{% endif %}
+
Through security overview for your organization, you can find eligible repositories for default setup, then enable default setup across each of those repositories simultaneously. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)."
### Finding repositories that are eligible for default setup
@@ -140,6 +151,8 @@ Through security overview for your organization, you can find eligible repositor
- The repositories do not have {% data variables.product.prodname_GH_advanced_security %} enabled.
{%- endif %}
+{% ifversion security-configurations-beta-and-pre-beta %}
+
You can select all of the displayed repositories, or a subset of them, and enable or disable default setup for {% data variables.product.prodname_code_scanning %} for them all at the same time. For more information, see step 5 of "[Configuring default setup at scale for multiple repositories in an organization](#configuring-default-setup-at-scale-for-multiple-repositories-in-an-organization)."
### Configuring default setup at scale for multiple repositories in an organization
@@ -178,6 +191,8 @@ You can select all of the displayed repositories, or a subset of them, and enabl
{% endif %}
+{% endif %}
+
{% ifversion code-scanning-merge-protection-rulesets %}
{% ifversion ghes or ghec %}
diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
index 56b980f8d135..9764a23a836f 100644
--- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
+++ b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
@@ -27,6 +27,12 @@ You can use {% data variables.product.prodname_code_scanning %} to find, triage,
If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+{% ifversion code-scanning-autofix %}
+
+{% data variables.product.prodname_copilot_autofix %} will suggest fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories, allowing developers to prevent and reduce vulnerabilities with less effort. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+
+{% endif %}
+
To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see
"[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert)." For information about API endpoints, see "[AUTOTITLE](/rest/code-scanning)."
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md
index 60588163b989..82a35e2c0bc0 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md
@@ -1,7 +1,8 @@
---
-title: About autofix for CodeQL code scanning
-shortTitle: Autofix for code scanning
-intro: Learn how GitHub uses AI to suggest potential fixes for {% data variables.product.prodname_code_scanning %} alerts found by {% data variables.product.prodname_codeql %} in your pull request.
+title: About Copilot Autofix for CodeQL code scanning
+shortTitle: Copilot Autofix for code scanning
+intro: Learn how GitHub uses AI to suggest potential fixes for {% data variables.product.prodname_code_scanning %} alerts found by {% data variables.product.prodname_codeql %}.
+allowTitleToDifferFromFilename: true
product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
versions:
feature: code-scanning-autofix
@@ -15,60 +16,60 @@ topics:
---
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
-## About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}
+## About {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}
-{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts in pull requests so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
+{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase and from {% data variables.product.prodname_codeql %} analysis.
> [!NOTE]
-> While {% data variables.product.prodname_code_scanning %} autofix is powered by {% data variables.product.prodname_copilot %}, your enterprise does not need a subscription to {% data variables.product.prodname_copilot %} to use autofix. As long as your enterprise has {% data variables.product.prodname_GH_advanced_security %}, you will have access to autofix.
+> While {% data variables.product.prodname_copilot_autofix_short %} is powered by {% data variables.product.prodname_copilot %}, your enterprise does not need a subscription to {% data variables.product.prodname_copilot %} to use {% data variables.product.prodname_copilot_autofix_short %}. As long as your enterprise has {% data variables.product.prodname_GH_advanced_security %}, you will have access to {% data variables.product.prodname_copilot_autofix_short %}.
-{% data variables.product.prodname_code_scanning_caps %} autofix generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. Autofix uses internal {% data variables.product.prodname_copilot %} APIs and private instances of OpenAI large language models such as GPT-4, which have sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
+{% data variables.product.prodname_copilot_autofix_short %} generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. {% data variables.product.prodname_copilot_autofix_short %} uses internal {% data variables.product.prodname_copilot %} APIs interfacing with the large language model GPT-4o from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
-{% ifversion code-scanning-autofix %}While {% data variables.product.prodname_code_scanning %} autofix is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable autofix. To learn how to disable autofix at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %}
+{% ifversion code-scanning-autofix %}While {% data variables.product.prodname_copilot_autofix_short %} is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}. To learn how to disable {% data variables.product.prodname_copilot_autofix_short %} at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %}
-In an organization's security overview dashboard, you can view the total number of autofix suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
## Developer experience
{% data variables.product.prodname_GH_advanced_security %} users can already see any security alerts detected by {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} to analyze their pull requests. However, developers often have little training in code security so fixing these alerts requires substantial effort. They must first read and understand the alert location and description, and then use that understanding to edit the source code to fix the vulnerability.
-{% data variables.product.prodname_code_scanning_caps %} autofix lowers the barrier of entry to developers by combining information on best practices with details of the codebase and alert to suggest a potential fix to the developer. Instead of starting with a search for information about the vulnerability, the developer starts with a code suggestion that demonstrates a potential solution for their codebase. The developer evaluates the potential fix to determine whether it is the best solution for their codebase and to ensure that it maintains the intended behavior.
+{% data variables.product.prodname_copilot_autofix_short %} lowers the barrier of entry to developers by combining information on best practices with details of the codebase and alert to suggest a potential fix to the developer. Instead of starting with a search for information about the vulnerability, the developer starts with a code suggestion that demonstrates a potential solution for their codebase. The developer evaluates the potential fix to determine whether it is the best solution for their codebase and to ensure that it maintains the intended behavior.
After committing a suggested fix or modified fix, the developer should always verify that continuous integration testing (CI) for the codebase continues to pass and that the alert is shown as resolved before they merge their pull request.
## Supported languages
-{% data variables.product.prodname_code_scanning_caps %} autofix supports fix generation for a subset of queries included in the default query suite for C#, Go, Java, JavaScript/TypeScript, Python, and Ruby. For more information on the default query suite, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."
+{% data variables.product.prodname_copilot_autofix_short %} supports fix generation for a subset of queries included in the default and security-extended query suites for {% data variables.code-scanning.code_scanning_autofix_languages %}. For more information on these query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#built-in-codeql-query-suites)."
-## Autofix generation process
+## Suggestion generation process
-When autofix is enabled for a repository, {% data variables.product.prodname_code_scanning %} alerts that are identified in a pull request by supported {% data variables.product.prodname_codeql %} queries send input to the LLM. If the LLM can generate a potential fix, the fix is shown in the pull request as a suggestion comment.
+When {% data variables.product.prodname_copilot_autofix_short %} is enabled for a repository, {% data variables.product.prodname_code_scanning %} alerts that are identified by supported {% data variables.product.prodname_codeql %} queries send input to the LLM. If the LLM can generate a potential fix, the fix is shown as a suggestion.
-{% data variables.product.prodname_dotcom %} sends the LLM a variety of data from the pull request and from {% data variables.product.prodname_codeql %} analysis.
+{% data variables.product.prodname_dotcom %} sends the LLM a variety of data from the {% data variables.product.prodname_codeql %} analysis.
* {% data variables.product.prodname_codeql %} alert data in SARIF format. For more information, see “[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning).”
-* Code from the current version of the pull request branch.
+* Code from the current version of the branch.
* Short snippets of code around each source location, sink location, and any location referenced in the alert message or included on the flow path.
* First ~10 lines from each file involved in any of those locations.
* Help text for the {% data variables.product.prodname_codeql %} query that identified the problem. For examples, see “[{% data variables.product.prodname_codeql %} query help](https://codeql.github.com/codeql-query-help/).”
-Any autofix suggestions are generated and stored within the {% data variables.product.prodname_code_scanning %} backend. They are displayed as suggestion comments in the pull request. No user interaction is needed beyond enabling {% data variables.product.prodname_code_scanning %} on the codebase and creating the pull request.
+Any {% data variables.product.prodname_copilot_autofix_short %} suggestions are generated and stored within the {% data variables.product.prodname_code_scanning %} backend. They are displayed as suggestions. No user interaction is needed beyond enabling {% data variables.product.prodname_code_scanning %} on the codebase and creating a pull request.
-The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_GH_advanced_security %}. Moreover, data handled by {% data variables.product.prodname_code_scanning %} autofix is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_GH_advanced_security %} terms and conditions, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}."{% else %} in the Free, Pro, & Team documentation.{% endif %}
+The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_GH_advanced_security %}. Moreover, data handled by {% data variables.product.prodname_copilot_autofix_short %} is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_GH_advanced_security %} terms and conditions, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}."{% else %} in the Free, Pro, & Team documentation.{% endif %}
-## Quality of autofix suggestions
+## Quality of suggestions
-{% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of autofix suggestions. This allows us to understand how the autofix suggestions generated by the LLM change as the model develops.
+{% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of suggestions from {% data variables.product.prodname_copilot_autofix_short %}. This allows us to understand how the suggestions generated by the LLM change as the model develops.
-The test harness includes a set of over 2,300 alerts from a diverse set of public repositories where the highlighted code has test coverage. Autofix suggestions for these alerts are tested to see how good they are, that is, how much a developer would need to edit them before committing them to the codebase. For many of the test alerts, autofixes generated by the LLM could be committed as-is to fix the alert while continuing to successfully pass all the existing CI tests.
+The test harness includes a set of over 2,300 alerts from a diverse set of public repositories where the highlighted code has test coverage. Suggestions for these alerts are tested to see how good they are, that is, how much a developer would need to edit them before committing them to the codebase. For many of the test alerts, suggestions generated by the LLM could be committed as-is to fix the alert while continuing to successfully pass all the existing CI tests.
In addition, the system is stress-tested to check for any potential harm (often referred to as red teaming), and a filtering system on the LLM helps prevent potentially harmful suggestions being displayed to users.
-### How GitHub tests autofix suggestions
+### How GitHub tests suggestions
-We test the effectiveness of autofix suggestions by merging all suggested changes, unedited, before running {% data variables.product.prodname_code_scanning %} and the repository's unit tests on the resulting code.
+We test the effectiveness of suggestions by merging all suggested changes, unedited, before running {% data variables.product.prodname_code_scanning %} and the repository's unit tests on the resulting code.
1. Was the {% data variables.product.prodname_code_scanning %} alert fixed by the suggestion?
1. Did the fix introduce any new {% data variables.product.prodname_code_scanning %} alerts?
@@ -79,24 +80,23 @@ In addition, we spot check many of the successful suggestions and verify that th
### Effectiveness on other projects
-The test set contains a broad range of different types of projects and alerts. We predict that autofixes for other projects using languages supported by autofix should follow a similar pattern.
+The test set contains a broad range of different types of projects and alerts. We predict that suggestions for other projects using languages supported by {% data variables.product.prodname_copilot_autofix_short %} should follow a similar pattern.
-* Autofix is likely to add a code suggestion to the majority of alerts.
-* When developers evaluate the autofix suggestions we expect that the majority of fixes can be committed without editing or with minor updates to reflect the wider context of the code.
+* {% data variables.product.prodname_copilot_autofix_short %} is likely to add a code suggestion to the majority of alerts.
+* When developers evaluate the suggestions we expect that the majority of fixes can be committed without editing or with minor updates to reflect the wider context of the code.
* A small percentage of suggested fixes will reflect a significant misunderstanding of the codebase or the vulnerability.
-However, each project and codebase is unique, so developers may need to edit a larger percentage of suggested fixes before committing them. Autofix provides valuable information to help you resolve {% data variables.product.prodname_code_scanning %} alerts, but ultimately it remains your responsibility to evaluate the proposed change and ensure the security and accuracy of your code.
+However, each project and codebase is unique, so developers may need to edit a larger percentage of suggested fixes before committing them. {% data variables.product.prodname_copilot_autofix_short %} provides valuable information to help you resolve {% data variables.product.prodname_code_scanning %} alerts, but ultimately it remains your responsibility to evaluate the proposed change and ensure the security and accuracy of your code.
> [!NOTE]
-> Fix generation for supported languages is subject to LLM operational capacity. In addition, each suggested fix is tested before it is added to a pull request. If no suggestion is available, or if the suggested fix fails internal testing, then no autofix suggestion is displayed.
+> Fix generation for supported languages is subject to LLM operational capacity. In addition, each suggested fix is tested before it is added to a pull request. If no suggestion is available, or if the suggested fix fails internal testing, then no suggestion is displayed.
-## Limitations of autofix suggestions
+## Limitations of suggestions
-When you review an autofix suggestion, you must always consider the limitations of AI and edit the changes as needed before you accept the changes. You should also consider updating the CI testing and dependency management for a repository before enabling autofix for {% data variables.product.prodname_code_scanning %}. For more information, see "[Mitigating the limitations of autofix suggestions](#mitigating-the-limitations-of-autofix-suggestions)."
+When you review a suggestion from {% data variables.product.prodname_copilot_autofix_short %}, you must always consider the limitations of AI and edit the changes as needed before you accept the changes. You should also consider updating the CI testing and dependency management for a repository before enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}. For more information, see "[Mitigating the limitations of suggestions](#mitigating-the-limitations-of-suggestions)."
-### Limitations of autofix code suggestions
+### Limitations of code suggestions
-* _Programming languages:_ A subset of programming languages is supported. Support for additional languages will be added, but there is no intention to provide support for all {% data variables.product.prodname_codeql %} languages.
* _Human languages:_ The system primarily uses English data, including the prompts sent to the system, the code seen by the LLMs in their datasets, and the test cases used for internal evaluation. Suggestions generated by the LLM may have a lower success rate for source code and comments written in other languages and using other character sets.
* _Syntax errors:_ The system may suggest fixes that are not syntactically correct code changes, so it is important to run syntax checks on pull requests.
* _Location errors:_ The system may suggest fixes that are syntactically correct code but are suggested at the incorrect location, which means that if a user accepts a fix without editing the location they will introduce a syntax error.
@@ -104,7 +104,7 @@ When you review an autofix suggestion, you must always consider the limitations
* _Security vulnerabilities and misleading fixes:_ The system may suggest fixes that fail to remediate the underlying security vulnerability and/or introduce new security vulnerabilities.
* _Partial fixes:_ The system may suggest fixes that only partially address the security vulnerability, or only partially preserve the intended code functionality. The system sees only a small subset of the code in the codebase and does not always produce globally optimal or correct solutions.
-### Limitations of autofix dependency suggestions
+### Limitations of dependency suggestions
Sometimes a suggested fix includes a change in the dependencies of the codebase. If you use a dependency management system, any changes will be highlighted automatically for the developer to review. Before merging a pull request always verify that any dependency changes are secure and maintain the intended behavior of the codebase.
@@ -112,9 +112,9 @@ Sometimes a suggested fix includes a change in the dependencies of the codebase.
* _Unsupported or insecure dependencies:_ The system does not know which versions of an existing dependency are supported or secure.
* _Fabricated dependencies:_ The system has incomplete knowledge of the dependencies published in the wider ecosystem. This can lead to suggestions that add a new dependency on malicious software that attackers have published under a statistically probable dependency name.
-## Mitigating the limitations of autofix suggestions
+## Mitigating the limitations of suggestions
-The best way to mitigate the limitations of autofix suggestions is to follow best practices. For example, using CI testing of pull requests to verify functional requirements are unaffected and using dependency management solutions, such as the dependency review API and action. For more information, see “[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).”
+The best way to mitigate the limitations of suggestions from {% data variables.product.prodname_copilot_autofix_short %} is to follow best practices. For example, using CI testing of pull requests to verify functional requirements are unaffected and using dependency management solutions, such as the dependency review API and action. For more information, see “[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).”
It is important to remember that the author of a pull request retains responsibility for how they respond to review comments and suggested code changes, whether proposed by colleagues or automated tools. Developers should always look at suggestions for code changes critically. If needed, they should edit the suggested changes to ensure that the resulting code and application are correct, secure, meet performance criteria, and satisfy all other functional and non-functional requirements for the application.
@@ -123,12 +123,13 @@ It is important to remember that the author of a pull request retains responsibi
{% ifversion code-scanning-autofix %}
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
-* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts)"
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts-on-a-pull-request)"
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)"
{% elsif fpt %}
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
-* [AUTOTITLE](/enterprise-cloud@latest/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts) in the {% data variables.product.prodname_ghe_cloud %} documentation
+* [AUTOTITLE](/enterprise-cloud@latest/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts-on-a-pull-request) in the {% data variables.product.prodname_ghe_cloud %} documentation
{% endif %}
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
index 79689d42d84d..a1abf1577086 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
@@ -23,6 +23,18 @@ You can configure {% data variables.product.prodname_code_scanning %} to check t
By default, {% data variables.product.prodname_code_scanning %} analyzes your code periodically on the default branch and during pull requests. For information about managing alerts on a pull request, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
+{% ifversion code-scanning-autofix %}
+
+You can use {% data variables.product.prodname_copilot_autofix %} to generate fixes automatically for {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)."
+
+{% endif %}
+
+{% ifversion security-overview-org-codeql-pr-alerts %}
+
+For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
+
+{% endif %}
+
{% data reusables.code-scanning.audit-code-scanning-events %}
## About alert details
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
index de935c14d64a..50a49a8846ed 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
@@ -1,7 +1,8 @@
---
-title: Disabling autofix for code scanning
-shortTitle: Disable autofix
-intro: You can choose to disallow {% data variables.product.prodname_code_scanning %} autofix for an enterprise or disable autofix at the organization and repository level.
+title: Disabling Copilot Autofix for code scanning
+shortTitle: Disable Copilot Autofix
+allowTitleToDifferFromFilename: true
+intro: You can choose to disallow {% data variables.product.prodname_copilot_autofix %} for an enterprise or disable {% data variables.product.prodname_copilot_autofix %} at the organization and repository level.
product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
versions:
feature: code-scanning-autofix
@@ -13,50 +14,47 @@ topics:
- AI
---
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
-## About disabling autofix for {% data variables.product.prodname_code_scanning %}
+## About disabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}
-{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts in pull requests so they can avoid introducing new security vulnerabilities. To learn more about autofix for code scanning, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+{% data variables.product.prodname_copilot_autofix %} is a {% data variables.product.prodname_copilot %}-powered is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. To learn more about {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
-{% data variables.product.prodname_code_scanning_caps %} autofix is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable autofix.
+{% data variables.product.prodname_copilot_autofix_short %} is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable {% data variables.product.prodname_copilot_autofix_short %}.
-Note that disabling autofix at any level will close all open autofix comments from all open pull requests at the level that was disabled. If autofix is disabled and then subsequently enabled, autofix won't automatically suggest any fixes for pull requests that are already open. The suggestions will only be generated for pull requests that are opened after autofix is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.
+Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at any level will close all open {% data variables.product.prodname_copilot_autofix_short %} comments. If {% data variables.product.prodname_copilot_autofix_short %} is disabled and then subsequently enabled, {% data variables.product.prodname_copilot_autofix_short %} won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after {% data variables.product.prodname_copilot_autofix_short %} is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.
-## Blocking use of autofix for an enterprise
+## Blocking use of {% data variables.product.prodname_copilot_autofix_short %} for an enterprise
-Enterprise administrators can disallow autofix for their enterprise. If you disallow autofix for an enterprise, autofix cannot be enabled for any organizations or repositories within the enterprise.
+Enterprise administrators can disallow {% data variables.product.prodname_copilot_autofix_short %} for their enterprise. If you disallow {% data variables.product.prodname_copilot_autofix_short %} for an enterprise, {% data variables.product.prodname_copilot_autofix_short %} cannot be enabled for any organizations or repositories within the enterprise.
-Note that allowing autofix for an enterprise does not enforce enablement of autofix, but means that organization and repository administrators will have the option to enable or disable autofix.
+Note that allowing {% data variables.product.prodname_copilot_autofix_short %} for an enterprise does not enforce enablement of {% data variables.product.prodname_copilot_autofix_short %}, but means that organization and repository administrators will have the option to enable or disable {% data variables.product.prodname_copilot_autofix_short %}.
-Disallowing autofix at the enterprise level will remove all open autofix comments from open pull requests across all repositories of all organizations within the enterprise.
+Disallowing {% data variables.product.prodname_copilot_autofix_short %} at the enterprise level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across all repositories of all organizations within the enterprise.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. Under "Autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}", use the dropdown menu to choose "Not allowed."
+1. Under "{% data variables.product.prodname_copilot_autofix_short %}", use the dropdown menu to choose "Not allowed."
-## Disabling autofix for an organization
+## Disabling {% data variables.product.prodname_copilot_autofix_short %} for an organization
-If autofix is allowed at the enterprise level, organization administrators have the option to disable autofix for an organization. If you disable autofix for an organization, autofix cannot be enabled for any repositories within the organization.
+If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the enterprise level, organization administrators have the option to disable {% data variables.product.prodname_copilot_autofix_short %} for an organization. If you disable {% data variables.product.prodname_copilot_autofix_short %} for an organization, {% data variables.product.prodname_copilot_autofix_short %} cannot be enabled for any repositories within the organization.
-Note that disabling autofix at the organization level will remove all open autofix comments from open pull requests across all repositories in the organization.
+Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at the organization level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across all repositories in the organization.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
+1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}**.
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For more information on {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)."
-{% endif %}
+For more information about configuring global {% data variables.product.prodname_code_scanning %} settings, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#configuring-global-code-scanning-settings)."
-1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**.
+## Disabling {% data variables.product.prodname_copilot_autofix_short %} for a repository
-## Disabling autofix for a repository
-
-If autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable autofix for a repository. Disabling autofix at the repository level will remove all open autofix comments from all open pull requests across the repository.
+If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable {% data variables.product.prodname_copilot_autofix_short %} for a repository. Disabling {% data variables.product.prodname_copilot_autofix_short %} at the repository level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across the repository.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**.
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}**.
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md b/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md
index baad3da6e950..fa766d2d819d 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md
@@ -55,6 +55,14 @@ For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-cod
{% endnote %}
+{% ifversion security-overview-org-codeql-pr-alerts %}
+
+## Viewing metrics for {% data variables.product.prodname_codeql %} pull request alerts for an organization
+
+For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
+
+{% endif %}
+
## Filtering {% data variables.product.prodname_code_scanning %} alerts
You can filter the alerts shown in the {% data variables.product.prodname_code_scanning %} alerts view. This is useful if there are many alerts as you can focus on a particular type of alert. There are some predefined filters and a range of keywords that you can use to refine the list of alerts displayed.
@@ -116,7 +124,24 @@ Alternatively, to track a {% data variables.product.prodname_code_scanning %} al
{% endif %}
-## Fixing an alert
+{% ifversion code-scanning-autofix %}
+
+## Generating suggested fixes for {% data variables.product.prodname_code_scanning %} alerts
+
+{% data reusables.rai.code-scanning.autofix-note %}
+
+{% data variables.product.prodname_copilot_autofix %} can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. Click the name of an alert.
+1. If {% data variables.product.prodname_copilot_autofix_short %} can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix"%} Generate fix**.
+1. Once the suggested fix has been generated, at the bottom of the page, you can click **Create PR with fix** to automatically generate a pull request with the suggested fix.
+
+{% endif %}
+
+## Fixing an alert {% ifversion code-scanning-autofix %}manually{% endif %}
Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
index 0171278b2695..48e02010b81d 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
@@ -42,6 +42,12 @@ In repositories where {% data variables.product.prodname_code_scanning %} is con
{% endnote %}
{% endif %}
+{% ifversion code-scanning-autofix %}
+
+{% data variables.product.prodname_copilot_autofix %} will suggest fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information on working with suggestions from {% data variables.product.prodname_copilot_autofix_short %} in pull requests, see "[Working with {% data variables.product.prodname_copilot_autofix_short %} suggestions for alerts on a pull request](#working-with-copilot-autofix-suggestions-for-alerts-on-a-pull-request)."
+
+{% endif %}
+
If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
In repositories where {% data variables.product.prodname_code_scanning %} is configured to scan each time code is pushed, {% data variables.product.prodname_code_scanning %} will also map the results to any open pull requests and add the alerts as annotations in the same places as other pull request checks. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push)."
@@ -118,44 +124,48 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr
{% ifversion code-scanning-autofix %}
-## Working with autofix suggestions for alerts
+## Working with {% data variables.product.prodname_copilot_autofix_short %} suggestions for alerts on a pull request
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
-Autofix, powered by {% data variables.product.prodname_copilot %}, is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
+{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
-### Generating autofix suggestions and publishing to a pull request
+### Generating {% data variables.product.prodname_copilot_autofix_short %} suggestions and publishing to a pull request
-When autofix is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_codeql %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+When {% data variables.product.prodname_copilot_autofix_short %} is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_codeql %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
{% note %}
**Notes:**
-* Autofix supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of autofix, see the query tables linked from "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites)."
-* When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an autofix suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
+* {% data variables.product.prodname_copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.product.prodname_copilot_autofix_short %}, see the query tables linked from "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites)."
+* When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.product.prodname_copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
+* On alerts generated from queries that are not supported by {% data variables.product.prodname_copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support.
{% endnote %}
-Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an autofix comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.
+Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an {% data variables.product.prodname_copilot_autofix_short %} comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.
-
+
-### Assessing and committing an autofix suggestion
+### Assessing and committing an {% data variables.product.prodname_copilot_autofix_short %} suggestion
-Each autofix suggestion demonstrates a potential solution for a {% data variables.product.prodname_code_scanning %} alert in your codebase. You must assess the suggested changes to determine whether they are a good solution for your codebase and to ensure that they maintain the intended behavior. For information about the limitations of autofix suggestions, see "[Limitations of autofix suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning/#limitations-of-autofix-suggestions)" and "[Mitigating the limitations of autofix suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#mitigating-the-limitations-of-autofix-suggestions)" in "About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}."
+Each {% data variables.product.prodname_copilot_autofix_short %} suggestion demonstrates a potential solution for a {% data variables.product.prodname_code_scanning %} alert in your codebase. You must assess the suggested changes to determine whether they are a good solution for your codebase and to ensure that they maintain the intended behavior. For information about the limitations of {% data variables.product.prodname_copilot_autofix_short %} suggestions, see "[Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions)" and "[Mitigating the limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#mitigating-the-limitations-of-suggestions)" in "About {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}."
1. Click **Edit** to display the editing options and select your preferred method.
- * Select **Edit with codespaces** to open a codespace showing your branch with the suggested fix applied.
- * Select **Edit locally with {% data variables.product.prodname_cli %}** to display instructions for applying the suggested fix to any local repository or branch.
+ * Under **Edit with {% data variables.product.prodname_cli %}**, follow the instructions for checking out the pull request locally and applying the suggested fix.
+ * Select **Edit FILENAME** to edit the file directly on {% data variables.product.prodname_dotcom %} with the suggested fix applied.
+1. Optionally, if you prefer to apply the fix on a local repository or branch, select the {% octicon "copy" aria-hidden="true" %} dropdown menu on the suggestion.
+ * Select **View autofix patch** to display instructions for applying the suggested fix to any local repository or branch.
+ * Select **Copy modified line LINE_NUMBER** to copy a specific line of the suggestion.
1. Test and modify the suggested fix as needed.
1. When you have finished testing your changes, commit the changes, and push them to your branch.
1. Pushing the changes to your branch will trigger all the usual tests for your pull request. Confirm that your unit tests still pass and that the {% data variables.product.prodname_code_scanning %} alert is now fixed.
-### Dismissing an autofix suggestion
+### Dismissing a {% data variables.product.prodname_copilot_autofix_short %} suggestion
-If you decide to reject an autofix suggestion, click **Dismiss suggestion** in the comment to dismiss the suggested fix.
+If you decide to reject a {% data variables.product.prodname_copilot_autofix_short %} suggestion, click **Dismiss suggestion** in the comment to dismiss the suggested fix.
{% endif %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md
index 58589372916d..629d33dee704 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md
@@ -20,6 +20,6 @@ topics:
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.cpp %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
index ccbcc9411624..7a32743b2a1c 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
@@ -45,7 +45,7 @@ The built-in {% data variables.product.prodname_codeql %} query suites, `default
## Query lists for the default query suites
-For each language, the following article lists which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where autofix is available for a language, details of which queries are supported are also included.{% endif %}
+For each language, the following article lists which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where {% data variables.product.prodname_copilot_autofix_short %} is available for a language, details of which queries are supported are also included.{% endif %}
{% data reusables.code-scanning.codeql-query-tables.links-to-all-tables %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md
index 943ba335f7a1..fb4c41f28a3b 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md
@@ -20,6 +20,6 @@ topics:
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.csharp %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
index df4c88697ba6..bec28dd0fa59 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
@@ -108,17 +108,20 @@ For more information about {% data variables.product.prodname_codeql %} model pa
1. The model packs will be automatically detected and used in your {% data variables.product.prodname_code_scanning %} analysis.
1. If you later change your configuration to use advanced setup, any model packs in the `.github/codeql/extensions` directory will still be recognized and used.
-### Extending coverage for all repositories in an organization
-
-{% note %}
+{% ifversion codeql-model-packs-org %}
-**Note:** If you extend coverage with {% data variables.product.prodname_codeql %} model packs for all repositories in an organization, the model packs that you specify must be published to the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %} and be accessible to the repositories that run code scanning. For more information, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)."
+### Extending coverage for all repositories in an organization
-{% endnote %}
+>[!NOTE]
+> If you extend coverage with {% data variables.product.prodname_codeql %} model packs for all repositories in an organization, the model packs that you specify must be published to the {% ifversion ghes %}container registry associated with the {% data variables.product.prodname_ghe_server %} instance (`https://containers.HOSTNAME`){% else %}{% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}{% endif %} and be accessible to the repositories that run {% data variables.product.prodname_code_scanning %}. For more information, see "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)."
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
+{% ifversion security-configurations-beta-and-pre-beta %}
1. Click **Code security and analysis**.
+{% else %}
+1. Click **Code security** then **Global settings**.
+{% endif %}
1. Find the "{% data variables.product.prodname_code_scanning_caps %}" section.
1. Next to "Expand {% data variables.product.prodname_codeql %} analysis", click **Configure**.
1. Enter references to the published model packs you want to use, one per line, then click **Save**.
@@ -128,3 +131,4 @@ For more information about {% data variables.product.prodname_codeql %} model pa
1. The model packs will be automatically detected and used when {% data variables.product.prodname_code_scanning %} runs on any repository in the organization with default setup enabled.
{% endif %}
+{% endif %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md
index 929076284305..2fca7e5a513a 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md
@@ -20,6 +20,6 @@ topics:
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.go %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md
index 7de28cf3096d..a5bfd969a846 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md
@@ -16,12 +16,10 @@ topics:
{% data variables.product.prodname_codeql %} includes many queries for analyzing Java and Kotlin code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
-{% data reusables.code-scanning.beta-kotlin-support %}
-
## Built-in queries for Java and Kotlin analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.java %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md
index 04dbc0c597dd..df5ef7e9caaf 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md
@@ -20,6 +20,6 @@ topics:
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.javascript %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md
index 4729b85c930c..e4296ede73a5 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md
@@ -20,6 +20,6 @@ topics:
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.python %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md
index 992dd1131402..b2697b2ea278 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md
@@ -20,6 +20,6 @@ topics:
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.ruby %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md
index 5762a013552b..cae02ea131b2 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md
@@ -16,12 +16,10 @@ topics:
{% data variables.product.prodname_codeql %} includes many queries for analyzing Swift code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
-{% data reusables.code-scanning.beta-swift-support %}
-
## Built-in queries for Swift analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
{% data reusables.code-scanning.codeql-query-tables.swift %}
diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md b/content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md
index d803e3d04463..cc8ac3566194 100644
--- a/content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md
+++ b/content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md
@@ -2,13 +2,11 @@
title: 'Warning: Detected X Kotlin files in your project that could not be processed without a build'
shortTitle: Kotlin detected in no build
allowTitleToDifferFromFilename: true
-intro: '{% data variables.product.prodname_codeql %} databases can be created for {% data variables.code-scanning.no_build_support %} without building the code, but Kotlin files are excluded unless the code is built.'
+intro: '{% data variables.product.prodname_codeql %} databases can be created for Java without building the code, but Kotlin files are excluded unless the code is built.'
versions:
feature: codeql-no-build
---
-{% data reusables.code-scanning.beta-no-build %}
-
## About this warning
```text
@@ -21,7 +19,7 @@ This warning is reported when Kotlin files are detected in a repository that ran
This warning is only displayed when the build mode of `none` is used for a repository with both Java and Kotlin files.
-The {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} support a build mode of `none` for {% data variables.code-scanning.no_build_support %}. This provides an easy way to enable analysis for Java code without building the codebase. However, Kotlin files are not included in the resulting {% data variables.product.prodname_codeql %} database.
+The {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} support a build mode of `none` for Java. This provides an easy way to enable analysis for Java code without building the codebase. However, Kotlin files are not included in the resulting {% data variables.product.prodname_codeql %} database.
You can verify the presence of Kotlin files by looking at the repository or pull request that triggered the warning. The `none` build mode is used only in the following circumstances:
@@ -40,13 +38,13 @@ If you want to update the analysis to also include Kotlin files, then {% data va
1. Wait until the Kotlin code is merged into the default branch for the repository.
1. Disable and then re-enable default setup on the "Settings" page for your repository.
-This will trigger a new analysis using automatic build detection. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java--and-kotlin)."
+This will trigger a new analysis using automatic build detection. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java-and-kotlin)."
If the automatic build detection fails, you will need to use advanced setup with the correct build commands for the project to analyze both languages.
### {% data variables.product.prodname_code_scanning_caps %} advanced setup
-If you already use advanced setup, you can edit the {% data variables.product.prodname_codeql %} workflow and change the build mode for `java-kotlin` from `none` to either `autobuild` to automatically build your project, or `manual` to specify your own build steps. "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java--and-kotlin)."
+If you already use advanced setup, you can edit the {% data variables.product.prodname_codeql %} workflow and change the build mode for `java-kotlin` from `none` to either `autobuild` to automatically build your project, or `manual` to specify your own build steps. "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java-and-kotlin)."
If you need to convert from default setup to advanced setup, you need enable advanced setup on the on the "Settings" page for your repository and create a {% data variables.product.prodname_codeql %} workflow. Then you can define a `manual` build mode for `java-kotlin` and define the build commands for the project.
@@ -57,6 +55,6 @@ Update your calls to run the {% data variables.product.prodname_codeql_cli %} fo
## Further reading
* "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning)"
-* "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java--and-kotlin){% ifversion codeql-no-build %}
+* "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java-and-kotlin){% ifversion codeql-no-build %}
* "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)"{% elsif ghes %}
* "[Adding build steps for a compiled language](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)"{% endif %}
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md b/content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md
index 0c93135268f2..68de0062e9cf 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md
@@ -121,6 +121,13 @@ This option has no effect when passed to [codeql bqrs interpret](/code-security/
Available since `v2.15.2`.
+#### `--no-sarif-include-alert-provenance`
+
+\[Advanced] \[SARIF formats only] Do not include alert provenance
+information in the SARIF output.
+
+Available since `v2.18.1`.
+
#### `--[no-]sarif-group-rules-by-pack`
\[SARIF formats only] Place the rule object for each query under its
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md b/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md
index dce9be7fbca7..41983a12459f 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md
@@ -167,6 +167,13 @@ This option has no effect when passed to [codeql bqrs interpret](/code-security/
Available since `v2.15.2`.
+#### `--no-sarif-include-alert-provenance`
+
+\[Advanced] \[SARIF formats only] Do not include alert provenance
+information in the SARIF output.
+
+Available since `v2.18.1`.
+
#### `--[no-]sarif-group-rules-by-pack`
\[SARIF formats only] Place the rule object for each query under its
@@ -244,6 +251,14 @@ during database creation from a Code Scanning configuration file.
Download any missing queries before analyzing.
+### Options to control the model packs to be used
+
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
### Options to control the threat models to be used
#### `--threat-model=...`
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md b/content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md
index d44005eecb98..6ff34e8a5087 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md
@@ -47,24 +47,30 @@ that results, logs, TRAP, or similar should be included.
\[Mandatory] The output file, typically with the extension ".zip".
-#### `--include-diagnostics`
+#### `--[no-]include-diagnostics`
Include diagnostics in the bundle.
Available since `v2.16.0`.
-#### `--include-results`
+#### `--[no-]include-results`
Include any precomputed query results in the bundle.
-#### `--include-temp`
+#### `--[no-]include-logs`
+
+Include the logs directory in the bundle.
+
+Available since `v2.17.6`.
+
+#### `--[no-]include-temp`
Includes the "temp" directory, where any generated packs, queries, and
suites are located.
Available since `v2.13.3`.
-#### `--include-uncompressed-source`
+#### `--[no-]include-uncompressed-source`
Include an uncompressed version of the source archive directory. This is
necessary for legacy CodeQL plugins (like CodeQL for Eclipse).
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-create.md b/content/code-security/codeql-cli/codeql-cli-manual/database-create.md
index 82b43a87a7f6..5ae01ed0ef8b 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/database-create.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/database-create.md
@@ -54,8 +54,15 @@ Maven project would not be a suitable choice.
#### `--[no-]overwrite`
\[Advanced] If the database already exists, delete it and proceed with
-this command instead of failing. This option should be used with caution
-as it may recursively delete the entire database directory.
+this command instead of failing. If the directory exists, but it does
+not look like a database, an error will be thrown.
+
+#### `--[no-]force-overwrite`
+
+\[Advanced] If the database already exists, delete it even if it does
+not look like a database and proceed with this command instead of
+failing. This option should be used with caution as it may recursively
+delete the entire database directory.
#### `--codescanning-config=`
@@ -95,7 +102,7 @@ Choose your build mode based on the language you are analyzing:
`none`: The database will be created without building the source root.
Available for JavaScript/TypeScript, Python, and Ruby. Also available in
-beta for Java.
+beta for C# and Java.
`autobuild`: The database will be created by attempting to automatically
build the source root. Available for C/C++, C#, Go, Java/Kotlin, and
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-init.md b/content/code-security/codeql-cli/codeql-cli-manual/database-init.md
index 0655ebd6b158..628b65a9f897 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/database-init.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/database-init.md
@@ -67,8 +67,15 @@ referred to by their relative path from this directory.
#### `--[no-]overwrite`
\[Advanced] If the database already exists, delete it and proceed with
-this command instead of failing. This option should be used with caution
-as it may recursively delete the entire database directory.
+this command instead of failing. If the directory exists, but it does
+not look like a database, an error will be thrown.
+
+#### `--[no-]force-overwrite`
+
+\[Advanced] If the database already exists, delete it even if it does
+not look like a database and proceed with this command instead of
+failing. This option should be used with caution as it may recursively
+delete the entire database directory.
#### `--codescanning-config=`
@@ -108,7 +115,7 @@ Choose your build mode based on the language you are analyzing:
`none`: The database will be created without building the source root.
Available for JavaScript/TypeScript, Python, and Ruby. Also available in
-beta for Java.
+beta for C# and Java.
`autobuild`: The database will be created by attempting to automatically
build the source root. Available for C/C++, C#, Go, Java/Kotlin, and
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md b/content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md
index dd00a30ac901..7375039caae3 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md
@@ -129,6 +129,13 @@ This option has no effect when passed to [codeql bqrs interpret](/code-security/
Available since `v2.15.2`.
+#### `--no-sarif-include-alert-provenance`
+
+\[Advanced] \[SARIF formats only] Do not include alert provenance
+information in the SARIF output.
+
+Available since `v2.18.1`.
+
#### `--[no-]sarif-group-rules-by-pack`
\[SARIF formats only] Place the rule object for each query under its
@@ -245,6 +252,14 @@ variable.
This overrides the GITHUB\_TOKEN environment variable.
+### Options to specify which extensions to use when interpreting the results
+
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
### Options for finding QL packs (which may be necessary to interpret query suites)
#### `--search-path=[:...]`
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md b/content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md
index ae770bbfdb0a..a93ec00f1b51 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md
@@ -98,6 +98,14 @@ codebase.
\[Advanced] Omit threat model configuration stored in the database
during database creation from a Code Scanning configuration file.
+### Options to control the model packs to be used
+
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
### Options to control the threat models to be used
#### `--threat-model=...`
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md b/content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md
index 447c64817d0b..d125d7541f5d 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md
@@ -81,6 +81,14 @@ human-readable representation of the results to standard output.
Omit evaluation of queries that already seem to have a BQRS result
stored in the output location.
+### Options to control the model packs to be used
+
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
### Options to control the threat models to be used
#### `--threat-model=...`
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md b/content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md
index df5dfe9ce501..ba8d288d259f 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md
@@ -11,7 +11,7 @@ topics:
type: reference
product: '{% data reusables.gated-features.codeql %}'
autogenerated: codeql-cli
-intro: 'Publishes a QL library pack to a package registry.'
+intro: Publishes a QL library pack to a package registry.
redirect_from:
- /code-security/codeql-cli/manual/pack-publish
---
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/query-run.md b/content/code-security/codeql-cli/codeql-cli-manual/query-run.md
index f1a65016895c..67906cf9266a 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/query-run.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/query-run.md
@@ -357,6 +357,14 @@ variable.
This overrides the GITHUB\_TOKEN environment variable.
+### Options to control the extension packs
+
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
### Common options
#### `-h, --help`
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md b/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md
index 2d30a26279a2..146c27cf5f8f 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md
@@ -85,6 +85,12 @@ value.
(Note: On Windows the path separator is `;`).
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
#### `--threat-model=...`
A list of threat models to enable or disable.
diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md b/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md
index e60b5cbdb5d9..a6affc2004b4 100644
--- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md
+++ b/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md
@@ -105,6 +105,12 @@ value.
(Note: On Windows the path separator is `;`).
+#### `--model-packs=<`>...
+
+A list of CodeQL pack names, each with an optional version range, to be
+used as model packs to customize the queries that are about to be
+evaluated.
+
#### `--threat-model=...`
A list of threat models to enable or disable.
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md
index 4a9b699e8ca5..2800f6ec9545 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md
@@ -64,16 +64,18 @@ You must specify ``, `--format`, and `--output`. You can specify addit
| Option | Required | Usage |
|--------|:--------:|-----|
| `` | {% octicon "check" aria-label="Required" %} | Specify the path for the directory that contains the {% data variables.product.prodname_codeql %} database to analyze. |
-| `` | {% octicon "x" aria-label="Optional" %} | Specify {% data variables.product.prodname_codeql %} packs or queries to run. To run the standard queries used for {% data variables.product.prodname_code_scanning %}, omit this parameter. To see the other query suites included in the {% data variables.product.prodname_codeql_cli %} bundle, look in `//qlpacks/codeql/-queries/codeql-suites`. For information about creating your own query suite, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-| --format | {% octicon "check" aria-label="Required" %} | Specify the format for the results file generated during analysis. A number of different formats are supported, including CSV, [SARIF](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#sarif-file), and graph formats. For upload to {% data variables.product.company_short %} this should be: {% ifversion fpt or ghec %}`sarif-latest`{% else %}`sarifv2.1.0`{% endif %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)."
-| --output | {% octicon "check" aria-label="Required" %} | Specify the location where you want to save the SARIF results file, including the desired filename with the `.sarif` extension.
-| --sarif-category | {% octicon "question" aria-label="Required with multiple results sets" %} | Optional for single database analysis. Required to define the language when you analyze multiple databases for a single commit in a repository.
Specify a category to include in the SARIF results file for this analysis. A category is used to distinguish multiple analyses for the same tool and commit, but performed on different languages or different parts of the code.|
+| `` | {% octicon "x" aria-label="Optional" %} | Specify {% data variables.product.prodname_codeql %} packs or queries to run. To run the standard queries used for {% data variables.product.prodname_code_scanning %}, omit this parameter. To see the other query suites included in the {% data variables.product.prodname_codeql_cli %} bundle, look in `//qlpacks/codeql/-queries/codeql-suites`. For information about creating your own query suite, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites) in the documentation for the {% data variables.product.prodname_codeql_cli %}. |
+| --format | {% octicon "check" aria-label="Required" %} | Specify the format for the results file generated during analysis. A number of different formats are supported, including CSV, [SARIF](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#sarif-file), and graph formats. For upload to {% data variables.product.company_short %} this should be: {% ifversion fpt or ghec %}`sarif-latest`{% else %}`sarifv2.1.0`{% endif %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)." |
+| --output | {% octicon "check" aria-label="Required" %} | Specify the location where you want to save the SARIF results file, including the desired filename with the `.sarif` extension. |
+| --sarif-category | {% octicon "question" aria-label="Required with multiple results sets" %} | Optional for single database analysis. Required to define the language when you analyze multiple databases for a single commit in a repository.
Specify a category to include in the SARIF results file for this analysis. A category is used to distinguish multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. |
| --sarif-add-baseline-file-info | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to submit file coverage information to the {% data variables.code-scanning.tool_status_page %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page#how-codeql-defines-scanned-files)." |
-| --sarif-include-query-help | {% octicon "x" aria-label="Optional" %} | Specify whether to include query help in the SARIF output. One of: `always`: Include query help for all queries. `custom_queries_only` (default): Include query help only for custom queries, that is, queries in query packs which are not of the form `codeql/-queries`. `never`: Do not include query help for any queries. Any query help for custom queries included in the SARIF output will be displayed in any code scanning alerts for the query. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli#including-query-help-for-custom-codeql-queries-in-sarif-files)."{% ifversion codeql-packs %}
-| `` | {% octicon "x" aria-label="Optional" %} | Use if you want to include {% data variables.product.prodname_codeql %} query packs in your analysis. For more information, see "[Downloading and using {% data variables.product.prodname_codeql %} packs](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs#downloading-and-using-codeql-query-packs)."
-| --download | {% octicon "x" aria-label="Optional" %} | Use if some of your {% data variables.product.prodname_codeql %} query packs are not yet on disk and need to be downloaded before running queries.{% endif %}
-| --threads | {% octicon "x" aria-label="Optional" %} | Use if you want to use more than one thread to run queries. The default value is `1`. You can specify more threads to speed up query execution. To set the number of threads to the number of logical processors, specify `0`.
-| --verbose | {% octicon "x" aria-label="Optional" %} | Use to get more detailed information about the analysis process and diagnostic data from the database creation process.
+| --sarif-include-query-help | {% octicon "x" aria-label="Optional" %} | Specify whether to include query help in the SARIF output. One of: `always`: Include query help for all queries. `custom_queries_only` (default): Include query help only for custom queries, that is, queries in query packs which are not of the form `codeql/-queries`. `never`: Do not include query help for any queries. Any query help for custom queries included in the SARIF output will be displayed in any code scanning alerts for the query. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli#including-query-help-for-custom-codeql-queries-in-sarif-files)." |
+| {% ifversion codeql-packs %} |
+| `` | {% octicon "x" aria-label="Optional" %} | Use if you want to include {% data variables.product.prodname_codeql %} query packs in your analysis. For more information, see "[Downloading and using {% data variables.product.prodname_codeql %} packs](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs#downloading-and-using-codeql-query-packs)." |
+| --download | {% octicon "x" aria-label="Optional" %} | Use if some of your {% data variables.product.prodname_codeql %} query packs are not yet on disk and need to be downloaded before running queries. |
+| {% endif %} |
+| --threads | {% octicon "x" aria-label="Optional" %} | Use if you want to use more than one thread to run queries. The default value is `1`. You can specify more threads to speed up query execution. To set the number of threads to the number of logical processors, specify `0`. |
+| --verbose | {% octicon "x" aria-label="Optional" %} | Use to get more detailed information about the analysis process and diagnostic data from the database creation process. |
| --threat-model | {% octicon "x" aria-label="Optional" %} | (Beta) Use to add threat models to configure additional sources in your {% data variables.product.prodname_codeql %} analysis. During the beta, threat models are supported only by Java analysis. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/database-analyze#--threat-modelname)." |
{% note %}
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
index 488cf09e4687..7e023b4a7e65 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
@@ -26,7 +26,7 @@ There are{% ifversion codeql-model-packs %} three{% else %} two{% endif %} types
* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled {% ifversion query-pack-compatibility %}separately{% else %}and there is no compilation cache included when the pack is published{% endif %}.{% ifversion codeql-model-packs %}
-* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs are currently in beta and subject to change. {% data reusables.code-scanning.codeql-model-packs-availability %} For more information about creating your own model packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack)."
+* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs are currently in beta and subject to change. During the beta, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack)."
{% endif %}
@@ -38,8 +38,8 @@ The standard {% data variables.product.prodname_codeql %} packs for all supporte
* `codeql/java-queries`
* `codeql/javascript-queries`
* `codeql/python-queries`
- * `codeql/ruby-queries` {% ifversion codeql-swift-beta %}
- * `codeql/swift-queries` {% endif %}
+ * `codeql/ruby-queries`
+ * `codeql/swift-queries`
You can also use the {% data variables.product.prodname_codeql_cli %} to create your own {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-and-working-with-codeql-packs)."
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
index 1e5af97b34f6..f5a831060547 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
@@ -56,8 +56,6 @@ You must specify:
{% data reusables.code-scanning.codeql-language-identifiers-table %}
- {% data reusables.code-scanning.beta-kotlin-or-swift-support %}
-
If your codebase has a build command or script that invokes the build process, we recommend that you specify it as well:
```shell
@@ -71,11 +69,16 @@ You can specify additional options depending on the location of your source file
| Option | Required | Usage |
|--------|:--------:|-----|
-| `` | {% octicon "check" aria-label="Required" %} | Specify the name and location of a directory to create for the {% data variables.product.prodname_codeql %} database. The command will fail if you try to overwrite an existing directory. If you also specify `--db-cluster`, this is the parent directory and a subdirectory is created for each language analyzed. | {% ifversion codeql-language-identifiers-311 %}
-| --language | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %}. When used with --db-cluster, the option accepts a comma-separated list, or can be specified more than once. | {% else %}
-| --language | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %} (use `javascript` to analyze TypeScript code {% ifversion codeql-kotlin-beta %} and `java` to analyze Kotlin code{% endif %}). When used with --db-cluster, the option accepts a comma-separated list, or can be specified more than once. | {% endif %}
-| --command | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from --source-root. Not needed for Python and JavaScript/TypeScript analysis. |{% ifversion codeql-no-build %}
-| --build-mode | {% octicon "x" aria-label="Optional" %} | **Beta.** Use for {% data variables.code-scanning.no_build_support %} when not providing a `--command` to specify whether to create a CodeQL database without a build (`none`) or by attempting to automatically detect a build command (`autobuild`). By default, autobuild detection is used. For a comparison of build modes, see "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)." |{% endif %}
+| `` | {% octicon "check" aria-label="Required" %} | Specify the name and location of a directory to create for the {% data variables.product.prodname_codeql %} database. The command will fail if you try to overwrite an existing directory. If you also specify `--db-cluster`, this is the parent directory and a subdirectory is created for each language analyzed. |
+| {% ifversion codeql-language-identifiers-311 %} |
+| --language | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %}. When used with --db-cluster, the option accepts a comma-separated list, or can be specified more than once. |
+| {% else %} |
+| --language | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %} (use `javascript` to analyze TypeScript code and `java` to analyze Kotlin code). When used with --db-cluster, the option accepts a comma-separated list, or can be specified more than once. |
+| {% endif %} |
+| --command | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from --source-root. Not needed for Python and JavaScript/TypeScript analysis. |
+| {% ifversion codeql-no-build %} |
+| --build-mode | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use for {% data variables.code-scanning.no_build_support %} when not providing a `--command` to specify whether to create a CodeQL database without a build (`none`) or by attempting to automatically detect a build command (`autobuild`). By default, autobuild detection is used. For a comparison of build modes, see "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)." |
+| {% endif %} |
| --db-cluster | {% octicon "x" aria-label="Optional" %} | Use in multi-language codebases to generate one database for each language specified by --language. |
| --no-run-unnecessary-builds | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript). |
| --source-root | {% octicon "x" aria-label="Optional" %} | Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |
@@ -192,8 +195,6 @@ Here, we have specified a `--source-root` path, which is the location where data
## Creating databases for compiled languages
-{% data reusables.code-scanning.beta-no-build-cli %}
-
For {% ifversion codeql-no-build %}most{% endif %} compiled languages, {% data variables.product.prodname_codeql %} needs to invoke the required build system to generate a database, therefore the build method must be available to the CLI. This approach creates databases that include generated code. {% data variables.product.prodname_codeql %} has two methods for building codebases:
* "[Automatic build detection (autobuild)](#automatically-detecting-the-build-system)"
@@ -281,7 +282,6 @@ The following examples are designed to give you an idea of some of the build com
codeql database create java-database --language={% ifversion codeql-language-identifiers-311 %}java-kotlin{% else %}java{% endif %} --command='ant -f build.xml'
```
-{% ifversion codeql-swift-beta %}
* Swift project built from an Xcode project or workspace. By default, the largest Swift target is built:
It's a good idea to ensure that the project is in a clean state and that there are no build artefacts available.
@@ -311,8 +311,6 @@ The following examples are designed to give you an idea of some of the build com
codeql database create -l swift -c "./scripts/build.sh" swift-database
```
-{% endif %}
-
* Project built using Bazel:
```shell
@@ -326,8 +324,9 @@ The following examples are designed to give you an idea of some of the build com
# `--spawn_strategy=local`: build locally, instead of using a distributed build
# `--nouse_action_cache`: turn off build caching, which might prevent recompilation of source code
# `--noremote_accept_cached`, `--noremote_upload_local_results`: avoid using a remote cache
+ # `--disk_cache=`: avoid using a disk cache. Note that a disk cache is no longer considered a remote cache as of Bazel 6.
codeql database create new-database --language= \
- --command='bazel build --spawn_strategy=local --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results //path/to/package:target'
+ --command='bazel build --spawn_strategy=local --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results --disk_cache= //path/to/package:target'
# After building, stop all running Bazel server processes.
# This ensures future build commands start in a clean Bazel server process
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
index 455b9f53e179..98b92eaf4356 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
@@ -58,13 +58,15 @@ codeql github upload-results \
```
| Option | Required | Usage |
-|--------|:--------:|-----|
-| --repository | {% octicon "check" aria-label="Required" %} | Specify the _OWNER/NAME_ of the repository to upload data to. The owner must be an organization within an enterprise that has a license for {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_GH_advanced_security %} must be enabled for the repository{% ifversion fpt or ghec %}, unless the repository is public{% endif %}. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."
-| --ref | {% octicon "check" aria-label="Required" %} | Specify the name of the `ref` you checked out and analyzed so that the results can be matched to the correct code. For a branch use: `refs/heads/BRANCH-NAME`, for the head commit of a pull request use `refs/pull/NUMBER/head`, or for the {% data variables.product.prodname_dotcom %}-generated merge commit of a pull request use `refs/pull/NUMBER/merge`.
-| --commit | {% octicon "check" aria-label="Required" %} | Specify the full SHA of the commit you analyzed.
-| --sarif | {% octicon "check" aria-label="Required" %} | Specify the SARIF file to load.{% ifversion ghes %}
-| --github-url | {% octicon "check" aria-label="Required" %} | Specify the URL for {% data variables.product.product_name %}.{% endif %}
-| --github-auth-stdin | {% octicon "x" aria-label="Optional" %} | Pass the CLI the {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} created for authentication with {% data variables.product.company_short %}'s REST API from your secret store via standard input. This is not needed if the command has access to a `GITHUB_TOKEN` environment variable set with this token.
+| ------ | :------: | ----- |
+| --repository | {% octicon "check" aria-label="Required" %} | Specify the _OWNER/NAME_ of the repository to upload data to. The owner must be an organization within an enterprise that has a license for {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_GH_advanced_security %} must be enabled for the repository{% ifversion fpt or ghec %}, unless the repository is public{% endif %}. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." |
+| --ref | {% octicon "check" aria-label="Required" %} | Specify the name of the `ref` you checked out and analyzed so that the results can be matched to the correct code. For a branch use: `refs/heads/BRANCH-NAME`, for the head commit of a pull request use `refs/pull/NUMBER/head`, or for the {% data variables.product.prodname_dotcom %}-generated merge commit of a pull request use `refs/pull/NUMBER/merge`. |
+| --commit | {% octicon "check" aria-label="Required" %} | Specify the full SHA of the commit you analyzed. |
+| --sarif | {% octicon "check" aria-label="Required" %} | Specify the SARIF file to load. |
+| {% ifversion ghes %} |
+| --github-url | {% octicon "check" aria-label="Required" %} | Specify the URL for {% data variables.product.product_name %}. |
+| {% endif %} |
+| --github-auth-stdin | {% octicon "x" aria-label="Optional" %} | Pass the CLI the {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} created for authentication with {% data variables.product.company_short %}'s REST API from your secret store via standard input. This is not needed if the command has access to a `GITHUB_TOKEN` environment variable set with this token. |
For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/github-upload-results)."
diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md
index c5e5c82805b2..bfbb0a2c70fc 100644
--- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md
+++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md
@@ -25,7 +25,7 @@ There are{% ifversion codeql-model-packs %} three{% else %} two{% endif %} types
* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled {% ifversion query-pack-compatibility %}separately{% else %}and there is no compilation cache included when the pack is published{% endif %}.{% ifversion codeql-model-packs %}
-* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to include dependencies that are not supported by default. Model packs are currently in beta and subject to change. {% data reusables.code-scanning.codeql-model-packs-availability %} For more information about creating your own model packs, see "[Creating a {% data variables.product.prodname_codeql %} model pack](#creating-a-codeql-model-pack)."{% endif %}
+* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to include dependencies that are not supported by default. Model packs are currently in beta and subject to change. During the beta, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see "[Creating a {% data variables.product.prodname_codeql %} model pack](#creating-a-codeql-model-pack)."{% endif %}
You can use the `pack` command in the {% data variables.product.prodname_codeql_cli %} to create {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. You can also publish and download {% data variables.product.prodname_codeql %} packs using the `pack` command. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs)."
diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md
index 62ce86f73c02..f0b8caf6e7de 100644
--- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md
+++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md
@@ -112,8 +112,6 @@ It can generally be assumed that if a pack is published with one release of {% d
It can also be assumed that a pack published by the _latest_ public release of {% data variables.product.prodname_codeql %} will be useable by the version of {% data variables.product.prodname_codeql %} that is used by {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_actions %}, even though that is often a slightly older release.
-As an exception to the above, packs published with versions of {% data variables.product.prodname_codeql %} _earlier than 2.12.0_ are not compatible with any earlier or later versions. These old versions did not write pre-compiled queries in a format that supported compatibility between releases. Packs published by these versions can still be _used_ by newer versions, but the analysis will be slower because the queries have to be recompiled first.
-
As a user of a published query pack, you can check that the {% data variables.product.prodname_codeql %} makes use of the precompiled queries in it by inspecting the terminal output from an analysis runs that uses the query pack. If it contains lines looking like the following, then the precompiled queries were used successfully:
```shell
@@ -383,7 +381,7 @@ The following properties are supported in `qlpack.yml` files.
#### `warnOnImplicitThis`
* Optional. Defaults to `false` if the `warnOnImplicitThis` property is not defined.
-* Defines a boolean that specifies whether or not the compiler should emit warnings about member predicate calls with implicit `this` call receivers, that is, without an explicit receiver. Supported from {% data variables.product.prodname_codeql_cli %} version 2.13.2 and onwards. For example:
+* Defines a boolean that specifies whether or not the compiler should emit warnings about member predicate calls with implicit `this` call receivers, that is, without an explicit receiver. Available since {% data variables.product.prodname_codeql_cli %} v2.13.2. For example:
```yaml
warnOnImplicitThis: true
diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md
index 3e8adb0566f8..82f42be5b3e0 100644
--- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md
+++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md
@@ -29,7 +29,7 @@ The model editor has two different modes:
* **Dependency mode**: The editor identifies all of the publicly accessible APIs in the selected {% data variables.product.prodname_codeql %} database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the {% data variables.product.prodname_codeql %} analysis for all codebases that use the dependency.
-The rest of this article covers the practical aspects of modelling dependencies using the {% data variables.product.prodname_codeql %} model editor. For technical information, see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/){% ifversion fpt or ghec or ghes > 3.12 %}, [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% endif %} in the {% data variables.product.prodname_codeql %} language documentation.
+The rest of this article covers the practical aspects of modelling dependencies using the {% data variables.product.prodname_codeql %} model editor. For technical information, see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/){% ifversion fpt or ghec or ghes > 3.14 %}, [Customizing Library Models for Python](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/), [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% elsif ghes > 3.12 %}, [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% endif %} in the {% data variables.product.prodname_codeql %} language documentation.
## Displaying the {% data variables.product.prodname_codeql %} model editor
diff --git a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
index 117b2a113ff1..6d5f7691b1d3 100644
--- a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
@@ -37,7 +37,9 @@ If your code depends on a package with a security vulnerability, this can cause
{% ifversion fpt or ghec %}
* A new advisory is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database)."{% else %}
-* New advisory data is synchronized to {% data variables.location.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
+
+* New advisory data is synchronized to {% data variables.product.prodname_dotcom %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
+
{% note %}
**Note:** Only advisories that have been reviewed by {% data variables.product.company_short %} will trigger {% data variables.product.prodname_dependabot_alerts %}.
diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
index 0c8943f2152e..5296c803f9e6 100644
--- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
@@ -83,6 +83,10 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa
## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization
+{% ifversion security-configurations-ga %} You can enable {% data variables.product.prodname_dependabot_alerts %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
+
+{% elsif security-configurations-beta-and-pre-beta %}
+
You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for some or all repositories owned by your organization. {% data reusables.security.note-securing-your-org %}
{% ifversion dependabot-alerts-ghes-enablement %}
@@ -102,7 +106,7 @@ You can use the organization settings page for "Code security and analysis" to e
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
+{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_dependabot_alerts %} and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
{% endif %}
@@ -110,6 +114,8 @@ You can use the organization settings page for "Code security and analysis" to e
1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories".
1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization.
+{% endif %}
+
{% ifversion dependabot-alerts-enterprise-enablement or ghes %}
## Managing {% data variables.product.prodname_dependabot_alerts %} for your enterprise
diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
index 39bba4a19e92..326ffa24fa75 100644
--- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
@@ -24,7 +24,7 @@ topics:
{% data reusables.dependabot.enterprise-enable-dependabot %}
-Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}. You can filter alerts by package, ecosystem, or manifest. You can sort the list of alerts, and you can click into specific alerts for more details. {% ifversion dependabot-bulk-alerts %}You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once.{% else %}You can also dismiss or reopen alerts. {% endif %} For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
+Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}. You can filter alerts by package, ecosystem, or manifest. You can sort the list of alerts, and you can click into specific alerts for more details. You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
@@ -55,9 +55,7 @@ The search bar also allows for full text searching of alerts and related securit
{% endif %}
-{% ifversion dependabot-bulk-alerts %}
-{% endif %}
{% ifversion dependabot-alerts-development-label %}
@@ -117,8 +115,7 @@ For more information, see "[Reviewing and fixing alerts](#reviewing-and-fixing-a
{% data reusables.repositories.sidebar-dependabot-alerts %}
1. Optionally, to filter alerts, select a filter in a dropdown menu then click the filter that you would like to apply. You can also type filters into the search bar. {% ifversion dependabot-filter-label-security-advisory %}Alternatively, to filter by label, click a label assigned to an alert to automatically apply that filter to the alert list.{% endif %} For more information about filtering and sorting alerts, see "[Prioritizing {% data variables.product.prodname_dependabot_alerts %}](#prioritizing-dependabot-alerts)."
-{%- ifversion dependabot-bulk-alerts %}
- {% endif %}
+ 
1. Click the alert that you would like to view.
{% ifversion dependabot-filter-label-security-advisory %}
1. Optionally, to suggest an improvement to the related security advisory, on the right-hand side of the alert details page, click **Suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %}**. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database)."
@@ -171,7 +168,6 @@ If you schedule extensive work to upgrade a dependency, or decide that an alert
{% else %}
{% endif %}
-{% ifversion dependabot-bulk-alerts %}
### Dismissing multiple alerts at once
@@ -184,8 +180,6 @@ If you schedule extensive work to upgrade a dependency, or decide that an alert
1. Select the "Dismiss alerts" dropdown, and click a reason for dismissing the alerts.
-{% endif %}
-
{% ifversion reopen-dependabot-alerts %}
## Viewing and updating closed alerts
@@ -197,9 +191,7 @@ You can view all open alerts, and you can reopen alerts that have been previousl
{% data reusables.repositories.sidebar-dependabot-alerts %}
1. To just view closed alerts, click **Closed**.
- {%- ifversion dependabot-bulk-alerts %}
- {%- endif %}
1. Click the alert that you would like to view or update.
1. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. Alerts that have already been fixed cannot be reopened.
@@ -208,8 +200,6 @@ You can view all open alerts, and you can reopen alerts that have been previousl
{% endif %}
-{% ifversion dependabot-bulk-alerts %}
-
### Reopening multiple alerts at once
1. View the closed {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-and-updating-closed-alerts)" (above).
@@ -218,8 +208,6 @@ You can view all open alerts, and you can reopen alerts that have been previousl
1. Click **Reopen** to reopen the alerts. Alerts that have already been fixed cannot be reopened.
-{% endif %}
-
## Reviewing the audit logs for {% data variables.product.prodname_dependabot_alerts %}
When a member of your organization {% ifversion not fpt %}or enterprise {% endif %}performs an action related to {% data variables.product.prodname_dependabot_alerts %}, you can review the actions in the audit log. For more information about accessing the log, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#accessing-the-audit-log){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)."{% else %}."{% endif %}
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md b/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
index 62c7a04e5d4c..6b241f70095d 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
@@ -17,8 +17,6 @@ redirect_from:
- /code-security/dependabot/dependabot-alert-rules/about-dependabot-alert-rules
---
-{% data reusables.dependabot.dependabot-auto-triage-rules-beta %}
-
## About {% data variables.dependabot.auto_triage_rules %}
{% data variables.dependabot.auto_triage_rules %} allow you to instruct {% data variables.product.prodname_dependabot %} to automatically triage {% data variables.product.prodname_dependabot_alerts %}. You can use {% data variables.dependabot.auto_triage_rules_short %} to automatically dismiss or snooze certain alerts, or specify the alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for.
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md
index beaafd292fb3..1e168c644b05 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md
@@ -17,8 +17,6 @@ redirect_from:
- /code-security/dependabot/dependabot-alert-rules/customizing-alert-rules-to-prioritize-dependabot-alerts
---
-{% data reusables.dependabot.dependabot-auto-triage-rules-beta %}
-
## About {% data variables.dependabot.custom_rules %}
You can create your own {% data variables.dependabot.auto_triage_rules %} based on alert metadata. You can choose to auto-dismiss alerts indefinitely, or snooze alerts until a patch becomes available, and you can specify which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for.
@@ -81,6 +79,10 @@ For more information about enabling or disabling {% data variables.product.prodn
## Adding {% data variables.dependabot.custom_rules %} to your organization
+{% ifversion security-configurations-ga %} You can add {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
+
+{% elsif security-configurations-beta-and-pre-beta %}
+
{% note %}
**Note:** During the public beta, you can create up to 25 {% data variables.dependabot.custom_rules %} for your organization.
@@ -91,7 +93,7 @@ For more information about enabling or disabling {% data variables.product.prodn
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
+{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on adding {% data variables.dependabot.auto_triage_rules %} to your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
{% endif %}
@@ -108,6 +110,8 @@ For more information about enabling or disabling {% data variables.product.prodn
* Select **Open a pull request to resolve this alert** if you want {% data variables.product.prodname_dependabot %} to suggest changes to resolve alerts that match the metadata. Note that this option is unavailable if you have selected the option to dismiss the alerts indefinitely.
{% data reusables.dependabot.dependabot-alert-rules-click-create-rule %}
+{% endif %}
+
## Editing or deleting {% data variables.dependabot.custom_rules %} for your repository
{% data reusables.repositories.navigate-to-repo %}
@@ -120,11 +124,15 @@ For more information about enabling or disabling {% data variables.product.prodn
## Editing or deleting {% data variables.dependabot.custom_rules %} for your organization
+{% ifversion security-configurations-ga %} You can edit or delete {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
+
+{% elsif security-configurations-beta-and-pre-beta %}
+
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
+{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on editing or deleting {% data variables.dependabot.auto_triage_rules %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
{% endif %}
@@ -132,3 +140,5 @@ For more information about enabling or disabling {% data variables.product.prodn
1. Under "Organization rules", to the right of the rule that you want to edit or delete, click {% octicon "pencil" aria-label="Edit custom rule" %}.
{% data reusables.dependabot.custom-alert-rules-edit-rule %}
{% data reusables.dependabot.custom-alert-rules-delete-rule %}
+
+{% endif %}
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/index.md b/content/code-security/dependabot/dependabot-auto-triage-rules/index.md
index 76ac8b6cf8b5..8a7200672013 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/index.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/index.md
@@ -19,5 +19,3 @@ children:
redirect_from:
- /code-security/dependabot/dependabot-alert-rules
---
-
-{% data reusables.dependabot.dependabot-auto-triage-rules-beta %}
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md
index 5bfbc09bc131..32228694551f 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md
@@ -16,8 +16,6 @@ redirect_from:
- /code-security/dependabot/dependabot-alert-rules/managing-automatically-dismissed-alerts
---
-{% data reusables.dependabot.dependabot-auto-triage-rules-beta %}
-
## Managing automatically dismissed alerts
{% note %}
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md
index dcc1b03e7c15..07ea451ee67e 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md
@@ -17,8 +17,6 @@ redirect_from:
- /code-security/dependabot/dependabot-auto-triage-rules/using-github-curated-default-rules-to-prioritize-dependabot-alerts
---
-{% data reusables.dependabot.dependabot-auto-triage-rules-beta %}
-
## About {% data variables.dependabot.github_presets %}
The `Dismiss low impact issues for development-scoped dependencies` rule is a {% data variables.product.company_short %} preset that auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities:
diff --git a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
index f5b3f17ed32d..bedf9adaa84a 100644
--- a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
+++ b/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
@@ -30,6 +30,8 @@ topics:
{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. You typically add a `dependabot.yml` file to your repository to enable {% data variables.product.prodname_dependabot_security_updates %}. You then configure options in this file to tell {% data variables.product.prodname_dependabot %} how to maintain your repository.
+{% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %}
+
If you enable {% data variables.product.prodname_dependabot_security_updates %}, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
> [!NOTE]
diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
index 7a0b3ba7078d..1d6c28fce54d 100644
--- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
+++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
@@ -31,7 +31,7 @@ topics:
You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
-You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository{% ifversion code-security-multi-repo-enablement %}, for a selection of repositories in an organization,{% endif %} or for all repositories owned by your personal account or organization. For more information about enabling security features in an organization, see "[AUTOTITLE](/code-security/getting-started/securing-your-organization)."
+You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository{% ifversion code-security-multi-repo-enablement %}, for a selection of repositories in an organization,{% endif %} or for all repositories owned by your personal account or organization. For more information about enabling security features in an organization, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %}
{% data reusables.dependabot.dependabot-security-updates-disable-for-alert-rules %}
@@ -88,19 +88,24 @@ Repository administrators can enable or disable grouped security updates for the
### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization
+{% ifversion security-configurations-ga %} You can enable grouped {% data variables.product.prodname_dependabot_security_updates %} into a single pull request. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#grouping-dependabot-security-updates)."
+
+{% elsif security-configurations-beta-and-pre-beta %}
+
Organization owners can enable or disable grouped security updates for all repositories in their organization. However, repository administrators within the organization can update the settings for their repositories to override the default organization settings. {% data reusables.dependabot.dependabot-grouped-security-updates-yaml-override %}
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
+{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#grouping-dependabot-security-updates)."
{% endif %}
1. Under "Code security and analysis", to the right of "Grouped security updates", click **Disable all** or **Enable all**.
1. Optionally, to enable grouped {% data variables.product.prodname_dependabot_security_updates %} for new repositories in your organization, select **Automatically enable for new repositories**.
+{% endif %}
{% endif %}
## Overriding the default behavior with a configuration file
diff --git a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
index a15aed26a83a..ade2ad779c1b 100644
--- a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
+++ b/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
@@ -30,6 +30,8 @@ shortTitle: Dependabot version updates
{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on.
+{% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %}
+
You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a `dependabot.yml` configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary.
When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)."
@@ -56,33 +58,6 @@ If you've enabled security updates, you'll sometimes see extra pull requests for
{% data reusables.dependabot.version-updates-skip-scheduled-runs %}
-## Supported repositories and ecosystems
-
-
-You can configure version updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see [`vendor`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#vendor).
-{% data variables.product.prodname_dependabot %} also supports dependencies in private registries. For more information, see [`registries`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#registries).
-{% ifversion ghes %}
-
-{% note %}
-
-**Note**: To ensure that {% data variables.product.product_name %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). {% data reusables.actions.action-bundled-actions %}
-
-{% endnote %}
-
-{% endif %}
-
-{% note %}
-
-**Note**: {% data reusables.dependabot.private-dependencies-note %}
-
-{% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below.
-
-{% endnote %}
-
-{% data reusables.dependabot.supported-package-managers %}
-
-If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-integrations)."{% endif %}
-
{% ifversion dependabot-updates-paused %}
## About automatic deactivation of {% data variables.product.prodname_dependabot_updates %}
diff --git a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
index 1f8c505c39ea..8849fc45d832 100644
--- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
+++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
@@ -46,10 +46,14 @@ For a real-world example of `dependabot.yml` file, see [{% data variables.produ
The top-level `updates` key is mandatory. You use it to configure how {% data variables.product.prodname_dependabot %} updates the versions or your project's dependencies. Each entry configures the update settings for a particular package manager. You can use the following options.
{% data reusables.dependabot.configuration-options %}
+{% ifversion dependabot-updates-multidirectory-support %}
+{% data reusables.dependabot.directory-directories-required %}
+
+{% endif %}
These options fit broadly into the following categories.
-* Essential set up options that you must include in all configurations: [`package-ecosystem`](#package-ecosystem), [`directory`](#directory),[`schedule.interval`](#scheduleinterval).
+* Essential set up options that you must include in all configurations: [`package-ecosystem`](#package-ecosystem), [`directory`](#directory){% ifversion dependabot-updates-multidirectory-support %} or [`directories`](#directories){% endif %},[`schedule.interval`](#scheduleinterval).
* Options to customize the update schedule: [`schedule.time`](#scheduletime), [`schedule.timezone`](#scheduletimezone), [`schedule.day`](#scheduleday).
* Options to control which dependencies are updated: [`allow`](#allow), {% ifversion dependabot-version-updates-groups %}[`groups`](#groups),{% endif %} [`ignore`](#ignore), [`vendor`](#vendor).
* Options to add metadata to pull requests: [`reviewers`](#reviewers), [`assignees`](#assignees), [`labels`](#labels), [`milestone`](#milestone).
@@ -117,6 +121,14 @@ updates:
**Required**. You must define the location of the package manifests for each package manager (for example, the _package.json_ or _Gemfile_). You define the directory relative to the root of the repository for all ecosystems except {% data variables.product.prodname_actions %}.
+{% ifversion dependabot-updates-multidirectory-support %}
+
+{% data reusables.dependabot.directories-option-overview %} For more information, see [`directories`](#directories).
+
+{% data reusables.dependabot.directory-directories-required %}
+
+{% endif %}
+
For {% data variables.product.prodname_actions %}, you do not need to set the directory to `/.github/workflows`. Configuring the key to `/` automatically instructs {% data variables.product.prodname_dependabot %} to search the `/.github/workflows` directory, as well as the _action.yml_ / _action.yaml_ file from the root directory.
```yaml
@@ -143,6 +155,94 @@ updates:
interval: "weekly"
```
+{% ifversion dependabot-updates-multidirectory-support %}
+
+### `directories`
+
+**Required**. You must define the locations of the package manifests for each package manager. You define directories relative to the root of the repository for all ecosystems except {% data variables.product.prodname_actions %}. The `directories` option contains a list of strings representing directories.
+
+{% data reusables.dependabot.directory-directories-required %}
+
+```yaml
+# Specify locations of manifest files for each package manager using `directories`
+
+version: 2
+updates:
+ - package-ecosystem: "bundler"
+ directories:
+ - "/frontend"
+ - "/backend"
+ - "/admin"
+ schedule:
+ interval: "weekly"
+```
+
+{% data reusables.dependabot.directories-option-overview %}
+
+{% data reusables.dependabot.directory-vs-directories-guidance %}
+
+```yaml
+# Specify locations of manifest files for each package manager using both `directories` and `directory`
+
+version: 2
+updates:
+ - package-ecosystem: "bundler"
+ directories:
+ - "/frontend"
+ - "/backend"
+ - "/admin"
+ schedule:
+ interval: "weekly"
+ - package-ecosystem: "bundler"
+ directory: "/"
+ schedule:
+ interval: "daily"
+```
+
+>[!TIP]
+> The `directories` key supports globbing and the wildcard character `*`. These features are not supported by the `directory` key.
+
+```yaml
+# Specify the root directory and directories that start with "lib-", using globbing, for locations of manifest files
+
+version: 2
+updates:
+ - package-ecosystem: "composer"
+ directories:
+ - "/"
+ - "/lib-*"
+ schedule:
+ interval: "weekly"
+```
+
+```yaml
+# Specify the root directory and directories in the root directory as the location of manifest files using the wildcard character
+
+version: 2
+updates:
+ - package-ecosystem: "composer"
+ directories:
+ - "*"
+ schedule:
+ interval: "weekly"
+```
+
+```yaml
+# Specify all directories from the current layer and below recursively, using globstar, for locations of manifest files
+
+version: 2
+updates:
+ - package-ecosystem: "composer"
+ directories:
+ - "**/*"
+ schedule:
+ interval: "weekly"
+```
+
+{% data reusables.dependabot.multidirectory-vs-pr-grouping %} For more information about grouping, see "[`groups`](#groups)."
+
+{% endif %}
+
### `schedule.interval`
**Required**. You must define how often to check for new versions for each package manager. By default, {% data variables.product.prodname_dependabot %} randomly assigns a time to apply all the updates in the configuration file. To set a specific time, you can use [`schedule.time`](#scheduletime) and [`schedule.timezone`](#scheduletimezone).
@@ -204,8 +304,8 @@ Use the `allow` option to customize which dependencies are updated. This applies
| `direct` | All | All explicitly defined dependencies. |
| `indirect` | `bundler`, `pip`, `composer`, `cargo`{% ifversion dependabot-updates-gomod-indirect %}, `gomod`{% endif %} | Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies).|
| `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`,{% ifversion dependabot-updates-gomod-indirect %} `gomod`,{% endif %} also the dependencies of direct dependencies.|
- | `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Production dependency group". |
- | `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Development dependency group". |
+ | `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` (not all managers) | Only dependencies in the "Production dependency group". |
+ | `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` (not all managers) | Only dependencies in the "Development dependency group". |
```yaml
# Use `allow` to specify which dependencies to maintain
@@ -266,7 +366,9 @@ updates:
### `commit-message`
-By default, {% data variables.product.prodname_dependabot %} attempts to detect your commit message preferences and use similar patterns. Use the `commit-message` option to specify your preferences explicitly.
+By default, {% data variables.product.prodname_dependabot %} attempts to detect your commit message preferences and use similar patterns. Use the `commit-message` option to specify your preferences explicitly. This setting also impacts the titles of pull requests.
+
+We populate the titles of pull requests based on the commit messages, whether explicitly set or auto-detected from the repository history.
Supported options
@@ -276,12 +378,12 @@ Supported options
{% endnote %}
-* `prefix` specifies a prefix for all commit messages.
+* `prefix` specifies a prefix for all commit messages and it will also be added to the start of the PR title.
When you specify a prefix for commit messages, {% data variables.product.prodname_dotcom %} will automatically add a colon between the defined prefix and the commit message provided the defined prefix ends with a letter, number, closing parenthesis, or closing bracket. This means that, for example, if you end the prefix with a whitespace, there will be no colon added between the prefix and the commit message.
The code snippet below provides examples of both in the same configuration file.
* `prefix-development` specifies a separate prefix for all commit messages that update dependencies in the Development dependency group. When you specify a value for this option, the `prefix` is used only for updates to dependencies in the Production dependency group. This is supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, and `pip`.
-* `include: "scope"` specifies that any prefix is followed by a list of the dependencies updated in the commit.
+* `include: "scope"` specifies that any prefix is followed by the type of the dependencies (`deps` or `deps-dev`) updated in the commit.
{% data reusables.dependabot.option-affects-security-updates %}
@@ -325,7 +427,6 @@ updates:
commit-message:
prefix: "pip prod"
prefix-development: "pip dev"
- include: "scope"
```
If you use the same configuration as in the example above, bumping the `requests` library in the `pip` development dependency group will generate a commit message of:
@@ -361,6 +462,12 @@ You can also manage pull requests for grouped version updates and security updat
{% data reusables.dependabot.dependabot-version-updates-groups-yaml-example %}
+{% ifversion dependabot-grouped-security-updates-config %}
+
+{% data reusables.dependabot.multidirectory-vs-pr-grouping %} For more information about multidirectory support, see "[`directories`](#directories)."
+
+{% endif %}
+
{% endif %}
### `ignore`
@@ -942,9 +1049,9 @@ You can give {% data variables.product.prodname_dependabot %} access to private
* Docker
* Gradle
* Maven
-* npm
+* Npm
* Nuget{% ifversion dependabot-updates-pub-private-registry %}
-* pub{% endif %}
+* Pub{% endif %}
* Python
* Yarn
diff --git a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
index 7e02c7273a0e..183303fe9ece 100644
--- a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
+++ b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
@@ -33,7 +33,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c
By default only direct dependencies that are explicitly defined in a manifest are kept up to date by {% data variables.product.prodname_dependabot_version_updates %}. You can choose to receive updates for indirect dependencies defined in lock files. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow)."
-{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)" and "[AUTOTITLE](/get-started/learning-about-github/github-language-support)."
+{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)" and "[AUTOTITLE](/get-started/learning-about-github/github-language-support)."
## Enabling {% data variables.product.prodname_dependabot_version_updates %}
@@ -64,9 +64,12 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c
1. Optionally, if you have dependencies in a private registry, add a `registries` section containing authentication details. For more information, see [`registries`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#registries) in "Configuration options for the `dependabot.yml` file."
1. Add an `updates` section, with an entry for each package manager you want {% data variables.product.prodname_dependabot %} to monitor. This key is mandatory. You use it to configure how {% data variables.product.prodname_dependabot %} updates the versions or your project's dependencies. Each entry configures the update settings for a particular package manager.
1. For each package manager, use:
+
* `package-ecosystem` to specify the package manager. For more information about the supported package managers, see [`package-ecosystem`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) in "Configuration options for the `dependabot.yml` file."
* `directory` to specify the location of the manifest or other definition files. For more information, see [`directory`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directory) in "Configuration options for the `dependabot.yml` file."
+ {% ifversion dependabot-updates-multidirectory-support %}- `directories` to specify the location of multiple manifest or other definition files. For more information, see [`directories`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories) in "Configuration options for the `dependabot.yml` file."{% endif %}
* `schedule.interval` to specify how often to check for new versions. For more information, see [`schedule.interval`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval) in "Configuration options for the `dependabot.yml` file."
+
{% data reusables.dependabot.check-in-dependabot-yml %}
### Example `dependabot.yml` file
@@ -104,23 +107,11 @@ If you want to enable version updates on forks, there's an extra step. Version u
On a fork, you also need to explicitly enable {% data variables.product.prodname_dependabot %}.
-{% ifversion dependabot-version-updates-for-forks %}
-
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-code-security-and-analysis %}
1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates.
-{% else %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.accessing-repository-graphs %}
-{% data reusables.repositories.click-dependency-graph %}
-{% data reusables.dependabot.click-dependabot-tab %}
-1. Under "Enable Dependabot", click **Enable Dependabot**.
-
-{% endif %}
-
## Checking the status of version updates
After you enable version updates, the **Dependabot** tab in the dependency graph for the repository is populated. This tab shows which package managers {% data variables.product.prodname_dependabot %} is configured to monitor and when {% data variables.product.prodname_dependabot %} last checked for new versions.
diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md
new file mode 100644
index 000000000000..fa4bb2803ee2
--- /dev/null
+++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md
@@ -0,0 +1,18 @@
+---
+title: Ecosystems supported by Dependabot
+intro: '{% data variables.product.prodname_dependabot %} supports a wide range of ecosystems to help keep your code secure'
+allowTitleToDifferFromFilename: true
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '*'
+topics:
+ - Dependabot
+ - Dependencies
+ - Alerts
+ - Vulnerabilities
+ - Repositories
+shortTitle: Dependabot ecosystems
+children:
+ - /supported-ecosystems-and-repositories
+---
diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
new file mode 100644
index 000000000000..e28484af7434
--- /dev/null
+++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
@@ -0,0 +1,46 @@
+---
+title: Dependabot supported ecosystems and repositories
+shortTitle: Dependabot ecosystem support # Max 31 characters
+intro: '{% data variables.product.prodname_dependabot %} supports a variety of ecosystems and repositories'
+allowTitleToDifferFromFilename: true
+type: reference
+topics:
+ - Dependabot
+ - Dependencies
+ - Alerts
+ - Vulnerabilities
+ - Repositories
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '*'
+---
+
+## About {% data variables.product.prodname_dependabot %}
+
+{% data variables.product.prodname_dependabot %} helps you stay on top of your dependency ecosystems. With {% data variables.product.prodname_dependabot %}, you can keep the dependencies you rely on up-to-date, addressing any potential security issues in your supply chain.
+
+{% data reusables.dependabot.dependabot-overview %}
+
+For more information about {% data variables.product.prodname_dependabot %}, see "[AUTOTITLE](/code-security/getting-started/dependabot-quickstart-guide)."
+
+In this article, you can see what the supported ecosystems and repositories are.
+
+## Supported ecosystems and repositories
+
+
+You can configure updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see [`vendor`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#vendor).
+{% data variables.product.prodname_dependabot %} also supports dependencies in private registries. For more information, see [`registries`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#registries).
+{% ifversion ghes %}
+
+> [!NOTE]
+> To ensure that {% data variables.product.product_name %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). {% data reusables.actions.action-bundled-actions %}
+{% endif %}
+
+> [!NOTE]
+> * {% data reusables.dependabot.private-dependencies-note %}
+> * {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below.
+
+If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-integrations)."{% endif %}
+
+{% data reusables.dependabot.supported-package-managers %}
diff --git a/content/code-security/dependabot/index.md b/content/code-security/dependabot/index.md
index 1adfda26479e..54b1d60dc439 100644
--- a/content/code-security/dependabot/index.md
+++ b/content/code-security/dependabot/index.md
@@ -14,6 +14,7 @@ topics:
- Repositories
- Dependencies
children:
+ - /ecosystems-supported-by-dependabot
- /dependabot-alerts
- /dependabot-auto-triage-rules
- /dependabot-security-updates
diff --git a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md
index 419f32eccdcc..d6e96c5994ba 100644
--- a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md
+++ b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md
@@ -67,7 +67,9 @@ You can manage {% data variables.product.prodname_dependabot %} on {% data varia
### Enabling or disabling for your organization
-You can use the organization settings page for "Code security and analysis" to enable {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} for all existing repositories in an organization. Only repositories with the following configuration will be updated to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} the next time a {% data variables.product.prodname_dependabot %} job is triggered.
+You can enable {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} for all existing repositories in an organization.
+
+Only repositories with the following configuration will be updated to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} the next time a {% data variables.product.prodname_dependabot %} job is triggered.
* {% data variables.product.prodname_dependabot %} is enabled in the repository.
* {% data variables.product.prodname_actions %} is enabled in the repository.
@@ -76,23 +78,19 @@ If a repository in your organization has {% data variables.product.prodname_depe
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
-{% endif %}
-1. Under "Code security", select "Global settings".
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on Actions runners" to enable the feature or deselect to disable it.
+For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#enabling-dependency-updates-on-github-actions-runners)."
+
## Enabling or disabling {% data variables.product.prodname_dependabot %} on {% data variables.actions.hosted_runners %}
If you run into {% data variables.product.prodname_dependabot %} timeouts and out-of-memory errors, you may want to use {% data variables.actions.hosted_runners %}, as you can configure these runners to have more resources.
> [!NOTE] You can only enable {% data variables.actions.hosted_runners %} for {% data variables.product.prodname_dependabot %} _at the organization level_. {% data variables.product.prodname_dotcom %} will bill your organization at the regular Actions runner pricing. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
-1. Add a {% data variables.actions.hosted_runner %} to your organization. For more informaton, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-organization)."
-1. Add the `dependabot` label to the {% data variables.actions.hosted_runner %}.
-1. Optionally, call the {% data variables.actions.hosted_runner %} `dependabot`.
-1. Opt in the organization to self-hosted runners. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners#enabling-or-disabling-for-your-organization)." This step is required, as it ensures that future {% data variables.product.prodname_dependabot %} jobs will run on the larger {% data variables.product.prodname_dotcom %}-hosted runner that has the `dependabot` label.
+1. Add a {% data variables.actions.hosted_runner %} to your organization and ensure the name specified is `dependabot`. For more informaton, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-organization)."
+1. Opt in the organization to self-hosted runners. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners#enabling-or-disabling-for-your-organization)." This step is required, as it ensures that future {% data variables.product.prodname_dependabot %} jobs will run on the larger {% data variables.product.prodname_dotcom %}-hosted runner that has the `dependabot` name.
## Managing {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners
diff --git a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
index 7c89f6c62443..db52a3b92beb 100644
--- a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
+++ b/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
@@ -39,7 +39,7 @@ For workflows initiated by {% data variables.product.prodname_dependabot %} (`gi
* `GITHUB_TOKEN` has read-only permissions by default.
* Secrets are populated from {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available.
-For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`), the `GITHUB_TOKEN` will be read-only and secrets are not available.
+For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.event.pull_request.user.login == 'dependabot[bot]'`), the `GITHUB_TOKEN` will be read-only and secrets are not available.
{% ifversion actions-stable-actor-ids %}These restrictions apply even if the workflow is re-run by a different actor.{% endif %}
@@ -140,7 +140,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
- if: github.actor == 'dependabot[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
steps:
- name: Dependabot metadata
id: metadata
@@ -177,7 +177,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
- if: github.actor == 'dependabot[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
steps:
- name: Dependabot metadata
id: metadata
@@ -209,7 +209,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
- if: github.actor == 'dependabot[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
steps:
- name: Dependabot metadata
id: metadata
@@ -252,7 +252,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
- if: github.actor == 'dependabot[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
steps:
- name: Dependabot metadata
id: metadata
diff --git a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
index 980dbea60cf2..13a7d31a9420 100644
--- a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
+++ b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
@@ -630,7 +630,7 @@ For information about {% data variables.product.prodname_registry %} registries,
* {% data variables.product.prodname_actions %}
* Gradle
* Maven
-* npm
+* Npm
* NuGet
* Yarn
diff --git a/content/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners.md b/content/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners.md
index 626b3ab6b225..386ca2d92a27 100644
--- a/content/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners.md
+++ b/content/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners.md
@@ -86,15 +86,13 @@ You can manage {% data variables.product.prodname_dependabot %} on self-hosted r
### Enabling or disabling for your organization
-You can use the organization settings page for "Code security and analysis" to enable {% data variables.product.prodname_dependabot %} on self-hosted runners for all existing {% ifversion ghec %}private or internal{% else %}private{% endif %} repositories in an organization. Only repositories already configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} will be updated to run {% data variables.product.prodname_dependabot %} on self-hosted runners the next time a {% data variables.product.prodname_dependabot %} job is triggered.
+You can enable {% data variables.product.prodname_dependabot %} on self-hosted runners for all existing {% ifversion ghec %}private or internal{% else %}private{% endif %} repositories in an organization. Only repositories already configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} will be updated to run {% data variables.product.prodname_dependabot %} on self-hosted runners the next time a {% data variables.product.prodname_dependabot %} job is triggered.
> [!NOTE] You need to enable self-hosted runners for your organization if you use {% data variables.actions.hosted_runners %}. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#enabling-or-disabling-dependabot-on-larger-runners)."
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_dependabot %} on self-hosted runners and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
-{% endif %}
-1. Under "Code security", select "Global settings".
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on self-hosted runners" to enable the feature or deselect to disable it. This action enables or disables the feature for all new repositories in the organization.
+
+For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)."
diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md
index a5015adc7c39..8831d314224b 100644
--- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md
+++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md
@@ -170,7 +170,7 @@ Similarly, if {% data variables.product.prodname_dependabot %} can't access a pr
To allow {% data variables.product.prodname_dependabot %} to update the dependency references successfully, make sure that all of the referenced dependencies are hosted at accessible locations.
-**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
+**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)."
{% ifversion dependabot-version-updates-groups %}
@@ -214,7 +214,7 @@ The [`groups`](/code-security/dependabot/dependabot-version-updates/configuratio
For grouped security updates, {% data variables.product.prodname_dependabot %} uses the following guidelines to create grouped pull requests.
-* {% data variables.product.prodname_dependabot %} **will** group dependencies from the same package ecosystem that are located in different directories. Grouping across directories only occurs for directories not configured in the `dependabot.yml` file.
+* {% data variables.product.prodname_dependabot %} **will** group dependencies from the same package ecosystem that are located in different directories when grouping rules are specified for configurations that use the `directories` key.
* {% data variables.product.prodname_dependabot %} **will** apply other relevant customization options from the `dependabot.yml` file to pull requests for grouped security updates. {% data reusables.dependabot.dependabot-grouped-security-updates-yaml-override %}
* {% data variables.product.prodname_dependabot %} **will not** group dependencies from different package ecosystems together.
* {% data variables.product.prodname_dependabot %} **will not** group security updates with version updates.
diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md
index 182a73b4eb3d..63b7b2cf8250 100644
--- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md
+++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md
@@ -34,7 +34,7 @@ topics:
* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new advisory is added, it scans all existing repositories and generates an alert for each repository that is affected. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per advisory. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
* {% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors)."
- {% data variables.product.prodname_dependabot %} doesn't scan repositories on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new advisory is added to the database{% ifversion ghes %} and synchronized to {% data variables.location.product_location %}{% endif %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#detection-of-insecure-dependencies)."
+ {% data variables.product.prodname_dependabot %} doesn't scan repositories on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new advisory is added to the database{% ifversion ghes %} and synchronized to {% data variables.product.prodname_dotcom %}{% endif %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#detection-of-insecure-dependencies)."
## Do {% data variables.product.prodname_dependabot_alerts %} only relate to insecure dependencies in manifests and lockfiles?
diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
index ef129e252fa1..1643f56e4f97 100644
--- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
+++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
@@ -36,7 +36,7 @@ Protect your organization's repositories and settings by implementing security b
* Encouraging your users to create strong passwords and secure them appropriately, by following {% data variables.product.prodname_dotcom %}’s recommended password guidelines. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-strong-password)."{% ifversion secret-scanning-push-protection-for-users %}
-* Encouraging your users to keep push protection for users enabled in their personal account settings, so that no matter which public repository they push to, they are protected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)."{% endif %}
+* Encouraging your users to keep push protection for users enabled in their personal account settings, so that no matter which public repository they push to, they are protected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."{% endif %}
* Establishing an internal security policy in {% data variables.product.prodname_dotcom %}, so users know the appropriate steps to take and who to contact if an incident is suspected. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
@@ -80,11 +80,11 @@ There are two forms of {% data variables.product.prodname_secret_scanning %} ava
* Private and internal repositories when you have a license for {% data variables.product.prodname_GH_advanced_security %}{% endif %}
{% endif %}
-{% ifversion ghes %}Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for {% data variables.location.product_location %} before you can use this feature. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)."{% endif %}
+{% ifversion ghes %}Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for your instance before you can use this feature. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)."{% endif %}
-For more information about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+For more information about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
-{% data reusables.secret-scanning.push-protection-high-level %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% ifversion ghec or ghes %} Finally, you can also extend the detection to include custom secret string structures. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."{% endif %}
+{% data reusables.secret-scanning.push-protection-high-level %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% ifversion ghec or ghes %} Finally, you can also extend the detection to include custom secret string structures. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."{% endif %}
### Review the audit log for your organization
diff --git a/content/code-security/getting-started/github-security-features.md b/content/code-security/getting-started/github-security-features.md
index 55fbc5a9f543..141c8fc987f3 100644
--- a/content/code-security/getting-started/github-security-features.md
+++ b/content/code-security/getting-started/github-security-features.md
@@ -77,29 +77,29 @@ Privately discuss and fix security vulnerabilities in your repository's code. Yo
### {% data variables.secret-scanning.user_alerts_caps %}
-Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
+Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts)."
{% ifversion secret-scanning-push-protection-for-users %}
### Push protection for users
-Push protection for users automatically protects you from accidentally committing secrets to public repositories, regardless of whether the repository itself has {% data variables.product.prodname_secret_scanning %} enabled. Push protection for users is on by default, but you can disable the feature at any time through your personal account settings. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)."
+Push protection for users automatically protects you from accidentally committing secrets to public repositories, regardless of whether the repository itself has {% data variables.product.prodname_secret_scanning %} enabled. Push protection for users is on by default, but you can disable the feature at any time through your personal account settings. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."
{% endif %}
### {% data variables.secret-scanning.partner_alerts_caps %}
-Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
{% endif %}
## Available with {% data variables.product.prodname_GH_advanced_security %}
{% ifversion fpt %}
-The following {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom_the_website %}. Organizations that use {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can use the full set of features in any of their repositories. For a list of the features available with {% data variables.product.prodname_ghe_cloud %}, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/github-security-features#available-with-github-advanced-security).
+The following {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom %}. Organizations that use {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can use the full set of features in any of their repositories. For a list of the features available with {% data variables.product.prodname_ghe_cloud %}, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/github-security-features#available-with-github-advanced-security).
{% elsif ghec %}
-Many {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom_the_website %}. Organizations within an enterprise that have a {% data variables.product.prodname_GH_advanced_security %} license can use the following features on all their repositories. {% data reusables.advanced-security.more-info-ghas %}
+Many {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom %}. Organizations within an enterprise that have a {% data variables.product.prodname_GH_advanced_security %} license can use the following features on all their repositories. {% data reusables.advanced-security.more-info-ghas %}
{% elsif ghes %}
{% data variables.product.prodname_GH_advanced_security %} features are available for enterprises with a license for {% data variables.product.prodname_GH_advanced_security %}. The features are restricted to repositories owned by an organization. {% data reusables.advanced-security.more-info-ghas %}
@@ -114,7 +114,7 @@ Automatically detect security vulnerabilities and coding errors in new or modifi
### {% data variables.secret-scanning.user_alerts_caps %}
-Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users){% elsif ghes %}"[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-enterprise-server){% endif %}."
+Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. {% data reusables.secret-scanning.alert-type-links %}
{% ifversion dependabot-auto-triage-rules %}
diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md
index 1d4cee647ce4..9d88cc6c1e1b 100644
--- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md
+++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md
@@ -5,9 +5,7 @@ permissions: Organization owners and security managers can manage security featu
redirect_from:
- /code-security/getting-started/securing-your-organization
versions:
- fpt: "*"
- ghes: "*"
- ghec: "*"
+ ghes: '<3.15'
type: how_to
topics:
- Organizations
@@ -34,40 +32,31 @@ As an organization owner, you can give certain users permission to enable or dis
Some security features have prerequisites. For example, {% data variables.product.prodname_dependabot_alerts %} use information from the dependency graph, so enabling {% data variables.product.prodname_dependabot_alerts %} automatically enables the dependency graph.
-Some features are {% ifversion fpt or ghec %}enabled by default in public repositories. In private repositories, some features are {% endif %}only available to enterprises that use {% data variables.product.prodname_GH_advanced_security %} and have enabled {% data variables.product.prodname_advanced_security %} as a feature for repositories. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security#about-advanced-security-features)."
+Some features are only available to enterprises that use {% data variables.product.prodname_GH_advanced_security %} and have enabled {% data variables.product.prodname_advanced_security %} as a feature for repositories. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security#about-advanced-security-features)."
-{% ifversion ghec or ghes %}
-
-{% note %}
-
-**Note:** Enterprises can set a policy to manage which organizations can enable {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
-
-{% endnote %}
-{% endif %}
+>[!NOTE]
+> Enterprises can set a policy to manage which organizations can enable {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
There are some features you must configure for each repository individually. For example, to enable {% data variables.product.prodname_dependabot_version_updates %} in a repository, you must add a `dependabot.yml` file specifying where to find information about the project's dependencies. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)."
## Enabling security features in your organization
+{% ifversion security-configurations-beta-and-pre-beta %}
+
When you have decided to enable a security feature, the next step is to decide how to roll out that feature across your organization.
{% ifversion security-configurations %}
* If you want to enable multiple security features at scale, you can use the {% data variables.product.prodname_github_security_configuration %}, a collection of security enablement settings you can apply to repositories in your organization. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)."
- {% note %}
+ {% data reusables.security-configurations.security-configurations-beta-note-short %}
- **Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
- {% endnote %}
{% endif %}
* If you want to roll out a {% ifversion security-configurations %}single {% endif %}feature as quickly as possible, you can enable it for all eligible repositories at once. For more information, see "[Enabling a feature for all repositories](#enabling-a-feature-for-all-repositories)."
* If you want control over how quickly you roll out a feature, and which features are enabled in which repositories, you can enable a feature for a selection of repositories. For more information, see "[Enabling a feature for a selection of repositories](#enabling-a-feature-for-a-selection-of-repositories)."
When you have decided how to enable a feature for your organization's existing repositories, you must also decide how to handle any new repositories that are created in your organization in the future. For more information, see "[Enabling a feature for new repositories](#enabling-a-feature-for-new-repositories)."
-{% ifversion ghec or ghes %}
For more information about creating a strategy for rolling out security features across a large organization or enterprise, see "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)."
-{% endif %}
### Enabling a feature for all repositories
@@ -76,7 +65,7 @@ The quickest way to roll out a security feature is to enable it for all reposito
Before you enable a feature for all repositories, you should consider the impact this action will have. If you're not sure about the effects a feature will have, it is safest to start by enabling the feature for a limited selection of repositories. Enabling a feature for all repositories at once is likely to be a suitable option in the following situations.
* You have an overview of all the repositories in your organization, and you're confident that they'll all benefit from a certain feature.
-* If a feature requires resources such as {% data variables.product.prodname_GH_advanced_security %} licenses or {% data variables.product.prodname_actions %} minutes, you have assessed the resources that will be required and are happy to proceed.{% ifversion ghec %} You can take part in a free trial of {% data variables.product.prodname_GH_advanced_security %} to test a {% data variables.product.prodname_GH_advanced_security %} feature across your repositories. For more information about setting up a free trial, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security)."{% endif %}
+* If a feature requires resources such as {% data variables.product.prodname_GH_advanced_security %} licenses or {% data variables.product.prodname_actions %} minutes, you have assessed the resources that will be required and are happy to proceed.
* If the feature generates notifications or pull requests, you're confident that these will be targeted and relevant for the members who receive them or have to review them.
When you're ready to proceed, follow these steps to enable a feature for all repositories.
@@ -107,13 +96,9 @@ On this view, you can use checkboxes to select specific repositories, or you can
{% else %}When you have identified the repositories that require a feature, you can enable the feature for each repository individually. As an organization owner or security manager, you can configure the security settings for each repository in your organization. For more information, see "[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-repository)."
-{% ifversion fpt %}For organizations on {% data variables.product.prodname_ghe_cloud %}, you can use the "Security coverage" view to identify repositories that require a feature, then enable that feature for those repositories. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/enabling-security-features-for-multiple-repositories)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
-
{% endif %}
-{% ifversion ghec or ghes %}
-If you have a limited number of licenses for {% data variables.product.prodname_GH_advanced_security %}, you may want to prioritize repositories that contain critical projects, or that have the highest commit frequencies. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)." {% ifversion ghec %}When you use the "Security coverage" view, you can see the number of active committers for the repositories you select, and therefore the number of {% data variables.product.prodname_GH_advanced_security %} licenses that enabling a feature will consume.{% endif %}
-{% endif %}
+If you have a limited number of licenses for {% data variables.product.prodname_GH_advanced_security %}, you may want to prioritize repositories that contain critical projects, or that have the highest commit frequencies. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
{% data reusables.security-overview.settings-limitations %}
@@ -129,14 +114,16 @@ You can choose to enable a security feature automatically in all new repositorie
+{% endif %}
+
## Monitoring the impact of security features
When you have enabled a feature, you should communicate with repository administrators and contributors in your organization to assess the impact of the feature. You may need to adjust the configuration of some features at the repository level, or reassess the distribution of security features across your organization. You should also monitor the security alerts that a feature generates, and your members' responses to these alerts.
-{% ifversion ghes or ghec %}You{% elsif fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% endif %} can use security overview to see which teams and repositories are affected by security alerts, with a breakdown of alerts by severity. For more information, see{% ifversion ghes or ghec %} "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."{% elsif fpt %} "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/assessing-code-security-risk)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
+You can use security overview to see which teams and repositories are affected by security alerts, with a breakdown of alerts by severity. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
{% ifversion security-overview-dashboard %}
-Security overview also has a dashboard (beta) where you can explore high-level trends and metrics to gain insight into your organization's security landscape. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
+Security overview also has a dashboard where you can explore high-level trends and metrics to gain insight into your organization's security landscape. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
{% endif %}
You can use various tools to monitor the actions that your organization's members are taking in response to security alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)".
@@ -145,16 +132,6 @@ You can use various tools to monitor the actions that your organization's member
To help users report security vulnerabilities, you can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)."
-{% ifversion ghec or ghes %}
Once your organization's security setup is in place, you may want to prevent users from changing the security settings in a repository. An enterprise owner can prevent repository administrators from enabling or disabling features in a repository. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
-{% endif %}
{% data reusables.security-overview.security-information-about-actions %}
-
-{% ifversion ghec or fpt %}
-
-## Further reading
-
-"[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/accessing-compliance-reports-for-your-organization)"
-
-{% endif %}
diff --git a/content/code-security/index.md b/content/code-security/index.md
index da0ce01abaef..b49b9c8c8af4 100644
--- a/content/code-security/index.md
+++ b/content/code-security/index.md
@@ -10,7 +10,6 @@ introLinks:
featuredLinks:
startHere:
- /code-security/getting-started/quickstart-for-securing-your-repository
- - /code-security/getting-started/quickstart-for-securing-your-organization
- '{% ifversion fpt or ghec %}/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory{% endif %}'
- '/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning'
guideCards:
diff --git a/content/code-security/secret-scanning/about-secret-scanning.md b/content/code-security/secret-scanning/about-secret-scanning.md
deleted file mode 100644
index e16760f2f972..000000000000
--- a/content/code-security/secret-scanning/about-secret-scanning.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: About secret scanning
-intro: '{% data variables.product.product_name %} scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.'
-product: '{% data reusables.gated-features.secret-scanning %}'
-redirect_from:
- - /github/administering-a-repository/about-token-scanning
- - /articles/about-token-scanning
- - /articles/about-token-scanning-for-private-repositories
- - /github/administering-a-repository/about-secret-scanning
- - /code-security/secret-security/about-secret-scanning
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: overview
-topics:
- - Secret scanning
- - Advanced Security
----
-
-{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
-
-
-
-If your project communicates with an external service, you might use a token or private key for authentication. Tokens and private keys are examples of secrets that a service provider can issue. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. We recommend that you store secrets in a dedicated, secure location outside of the repository for your project.
-
-{% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets{% ifversion ghec or ghes %}, even if the repository is archived{% endif %}.{% ifversion ghes < 3.11 %} {% data variables.product.prodname_secret_scanning_caps %} does not scan issues.{% endif %}
-
-{% data reusables.secret-scanning.what-is-scanned %}
-
-{% ifversion fpt or ghec %}
-{% data variables.product.prodname_secret_scanning_caps %} is available on {% data variables.product.prodname_dotcom_the_website %} in two forms:
-
-1. **{% data variables.secret-scanning.partner_alerts_caps %}.** Runs automatically on all public repositories and public npm packages. Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning, hence the term "partners." {% data reusables.secret-scanning.partner-program-link %} Any strings that match patterns that were provided by secret scanning partners are reported directly to the relevant partner. For more information, see the "[About {% data variables.secret-scanning.partner_alerts %}](#about-secret-scanning-alerts-for-partners)" section below.
-
-1. **{% data variables.secret-scanning.user_alerts_caps %}.** These alerts are reported on {% data variables.product.prodname_dotcom_the_website %}{% ifversion secret-scanning-non-provider-patterns %} and can be high confidence alerts or non-provider alerts (such as private keys){% endif %}.
- {% ifversion fpt %}The following users can enable and configure additional scanning:
- * Owners of repositories on {% data variables.product.prodname_dotcom_the_website %}, on any _public_ repositories they own.
- * Organizations owning _public_ repositories, on any of these repositories.
- * Organizations using {% data variables.product.prodname_ghe_cloud %}, on any public repositories (for free), and on any private and internal repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% elsif ghec %}You can enable and configure additional scanning for repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} for any public repositories (for free), and for private and internal repositories when you have a license for {% data variables.product.prodname_GH_advanced_security %}. Enterprise owners can manage the automatic enablement of {% data variables.product.prodname_GH_advanced_security %} for new repositories owned by {% data variables.product.prodname_emus %} with an enterprise level setting.{% endif %}
-
- Any strings that match patterns provided by secret scanning partners, by other service providers, or defined by you or your organization, are reported as alerts in the **Security** tab of repositories. If a string in a public repository matches a partner pattern, it is also reported to the partner. For more information, see the "[About {% data variables.secret-scanning.user_alerts %}](#about-secret-scanning-alerts-for-users)" section below.{% endif %}
-
-{% data reusables.secret-scanning.audit-secret-scanning-events %}
-
-{% data reusables.secret-scanning.push-protection-high-level %} To proceed, contributors must either remove the secret(s) from the push or, if needed, bypass the protection. {% ifversion push-protection-custom-link-orgs %}Admins can also specify a custom link that is displayed to the contributor when a push is blocked; the link can contain resources specific to the organization to aid contributors. {% endif %}For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
-
-{% ifversion secret-scanning-push-protection-for-users %}
-
-{% data reusables.secret-scanning.push-protection-for-users %}
-
-{% endif %}
-
-{% note %}
-
-**Note:** When you fork a repository with {% data variables.product.prodname_secret_scanning %} or push protection enabled, these features are not enabled by default on the fork. You can enable {% data variables.product.prodname_secret_scanning %} or push protection on the fork the same way you enable them on a standalone repository.
-
-{% endnote %}
-
-{% ifversion fpt or ghec %}
-
-## About {% data variables.secret-scanning.partner_alerts %}
-
-When you make a repository public, or push changes to a public repository, {% data variables.product.product_name %} always scans the code for secrets that match partner patterns. Public packages on the npm registry are also scanned. If {% data variables.product.prodname_secret_scanning %} detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
-
-You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} for partner patterns on public repositories.
-
-{% endif %}
-
-## About {% data variables.secret-scanning.user_alerts %}{% ifversion ghes %} on {% data variables.product.product_name %}{% endif %}
-
-{% data variables.secret-scanning.user_alerts_caps %} is available {% ifversion secret-scanning-user-owned-repos %}{% ifversion ghes %}on all repositories with a license for {% data variables.product.prodname_GH_advanced_security %}{% else %}for free on all public repositories, and for private and internal repositories that are owned by organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %}{% endif %}{% elsif fpt %}for free on all public repositories that you own{% else %}on all organization-owned repositories with a license for {% data variables.product.prodname_GH_advanced_security %}. The feature is not available on user-owned repositories{% endif %}. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
-
-When you enable {% data variables.product.prodname_secret_scanning %} for a repository, {% data variables.product.prodname_dotcom %} scans the code for patterns that match secrets used by many service providers. {% ifversion secret-scanning-backfill-email %}When the scan is completed, {% data variables.product.prodname_dotcom %} sends an email alert to the enterprise and organization owners, even if no secrets were found.{% endif %} For more information about the repository content that is scanned, see the [beginning of this article](#about-secret-scanning).
-
-When a supported secret is leaked, {% data variables.product.product_name %} generates a {% data variables.product.prodname_secret_scanning %} alert. {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} will also periodically run a full git history scan of existing content in {% ifversion fpt %}public{% else %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled, and send alert notifications following the {% data variables.product.prodname_secret_scanning %} alert notification settings.{% endif %}{% ifversion secret-scanning-non-provider-patterns %} User alerts can be of two types: high confidence alerts, or non-provider alerts.{% endif %} For more information, see "{% ifversion fpt or ghec %}[About user alerts](/code-security/secret-scanning/secret-scanning-patterns#about-user--alerts){% else %}[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns#about-user-secret-scanning-alerts){% endif %}."
-
-If you're a repository administrator, you can enable {% data variables.secret-scanning.user_alerts %} for any {% ifversion fpt %}public{% endif %} repository{% ifversion ghec or ghes %}, including archived repositories{% endif %}. Organization owners can also enable {% data variables.secret-scanning.user_alerts %} for all {% ifversion fpt %}public {% endif %}repositories or for all new {% ifversion fpt %}public {% endif %}repositories within an organization. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
-
-{% data reusables.secret-scanning.secret-scanning-user-owned-enablement %}
-
-You can also define custom {% data variables.product.prodname_secret_scanning %} patterns for a repository, organization, or enterprise. For more information, see "[AUTOTITLE]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
-
-{% ifversion secret-scanning-store-tokens %}
-{% data variables.product.company_short %} stores detected secrets using symmetric encryption, both in transit and at rest.{% endif %}{% ifversion ghes %} To rotate the encryption keys used for storing the detected secrets, you can contact us by visiting {% data variables.contact.contact_ent_support %}.{% endif %}
-
-### Accessing {% data variables.secret-scanning.alerts %}
-
-{% data reusables.secret-scanning.secret-scanning-about-alerts %}
-
-* {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners. You'll receive an alert if you are watching the repository{% ifversion secret-scanning-notification-settings %}, {% else %}, and {% endif %}if you have enabled notifications either for security alerts or for all the activity on the repository{% ifversion secret-scanning-notification-settings %}, and if, in your notification settings, you have selected to receive email notifications for the repositories that you are watching.{% else %}.{% endif %}
-* If the person who introduced the secret isn't ignoring the repository, {% data variables.product.prodname_dotcom %} will also send them an email alert. The email contains a link to the related {% data variables.product.prodname_secret_scanning %} alert. The person who introduced the secret can then view the alert in the repository, and resolve the alert.
-* {% data reusables.secret-scanning.repository-alert-location %}
-
-For more information about viewing and resolving {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
-
-{% ifversion secret-scanning-notification-settings %}
-For more information on how to configure notifications for {% data variables.secret-scanning.alerts %}, see "[Configuring notifications for secret scanning alerts](/code-security/secret-scanning/managing-alerts-from-secret-scanning#configuring-notifications-for-secret-scanning-alerts)."
-{% endif %}
-
-Repository administrators and organization owners can grant users and teams access to {% data variables.secret-scanning.alerts %}. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
-
-{% ifversion ghec or ghes %}
-You can use security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
-{% endif %}
-
-You can also use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see "[AUTOTITLE](/rest/secret-scanning)."
-
-## Further reading
-
-* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
-* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)"
-* "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)"
-{%- ifversion fpt or ghec %}
-* "[AUTOTITLE](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces)"{% endif %}
-* "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use)"
-* "[AUTOTITLE](/actions/security-guides/encrypted-secrets)"
diff --git a/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md b/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md
deleted file mode 100644
index c7bffca90f39..000000000000
--- a/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-title: Configuring secret scanning for your repositories
-intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for leaked secrets and generates alerts.'
-product: '{% data reusables.gated-features.secret-scanning %}'
-permissions: 'People with admin permissions to a {% ifversion fpt %}public {% endif %}repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
-redirect_from:
- - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
- - /github/administering-a-repository/configuring-secret-scanning-for-your-repositories
- - /code-security/secret-security/configuring-secret-scanning-for-your-repositories
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: how_to
-topics:
- - Secret scanning
- - Advanced Security
- - Repositories
-shortTitle: Configure secret scans
----
-
-{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
-
-## Enabling {% data variables.secret-scanning.user_alerts %}
-
-You can enable {% data variables.secret-scanning.user_alerts %} for any {% ifversion secret-scanning-user-owned-repos %}{% ifversion ghes %}repository{% else %} repository that is owned by an organization, and for repositories owned by user accounts when using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}{% elsif fpt %}free public repository that you own{% else %}repository that is owned by an organization{% endif %}. Once enabled, {% data reusables.secret-scanning.secret-scanning-process %}{% ifversion ghes < 3.11 %} {% data variables.product.prodname_secret_scanning_caps %} does not scan issues.{% endif %} {% data reusables.secret-scanning.what-is-scanned %}
-
-You can also enable {% data variables.product.prodname_secret_scanning %} for multiple repositories in an organization at the same time. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-organization)."
-
-{% ifversion secret-scanning-enterprise-level %}
-{% note %}
-
-**Note:** If your organization is owned by an enterprise account, an enterprise owner can also enable {% data variables.product.prodname_secret_scanning %} at the enterprise level. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-
-{% endnote %}
-{% endif %}
-
-A repository administrator can choose to disable {% data variables.product.prodname_secret_scanning %} for a repository at any time. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghec or ghes %}
-1. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
-1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
-1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
-
- {% endif %}{% ifversion fpt %}
-1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.
-
- {% endif %}
-
-## Enabling additional features for {% data variables.secret-scanning.user_alerts %}
-
-You can enable the following additional {% data variables.product.prodname_secret_scanning %} feature{% ifversion ghec or ghes %}s{% endif %} through your repository's "Code security and analysis" settings:
-* **Push protection**. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-secret-scanning-as-a-push-protection-for-a-repository)."{% ifversion secret-scanning-validity-check-partner-patterns %}
-* **Validity checks for partner patterns**. For more infomation, see "[Enabling validity checks for partner patterns](#enabling-validity-checks-for-partner-patterns)."{% endif %}{% ifversion secret-scanning-non-provider-patterns %}
-* **Scanning for non-provider patterns**. For more information, see "[Enabling scanning for non-provider patterns](#enabling-scanning-for-non-provider-patterns)."{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection%}
-* **AI-powered generic secret detection**. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection)."{% endif %}{% ifversion secret-scanning-push-protection-custom-patterns %}
-* **Scanning for custom patterns**. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."{% endif %}
-
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-
-### Enabling validity checks for partner patterns
-
-{% data reusables.secret-scanning.validity-check-partner-patterns-beta %}
-{% data reusables.gated-features.partner-pattern-validity-check-ghas %}
-
-You can allow {% data variables.product.prodname_secret_scanning %} to automatically check the validity of a secret found in your repository by sending it to the relevant partner. For more information on validity checks, see "Checking a secret's validity" in "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#checking-a-secrets-validity)."
-
-{% note %}
-
-**Note:** When you enable automatic validity checks for a repository, you also allow on-demand validity checks to be performed for patterns detected in that repository.
-
-{% endnote %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.secret-scanning.validity-check-auto-enable %}
-
-You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see "[AUTOTITLE](/rest/repos/repos#update-a-repository)." Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise settings. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)" and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-
-{% endif %}
-
-{% ifversion secret-scanning-non-provider-patterns %}
-
-### Enabling scanning for non-provider patterns
-
-{% data reusables.secret-scanning.non-provider-patterns-beta %}
-
-You can enable scanning for non-provider patterns. Non-provider patterns correspond to secrets such as private keys and they have a higher ratio of false positives.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under {% data variables.product.prodname_secret_scanning_caps %}, select the checkbox next to "Scan for non-provider patterns".
-
-For more information about non-provider patterns, see "{% ifversion fpt or ghec %}[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#about-user--alerts){% else %}[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#about-secret-scanning-alerts){% endif %}."
-
-{% endif %}
-
-{% ifversion secret-scanning-enable-by-default-for-public-repos %}
-
-## Enabling {% data variables.secret-scanning.user_alerts %} for all your {% ifversion ghec %}user-owned {% endif %}public repositories
-
-You can enable {% data variables.product.prodname_secret_scanning %} for all of your existing {% ifversion ghec %}user-owned {% endif %}public repositories through your personal account settings.
-{% note %}
-
-**Note**: As of March 11, 2024, {% data variables.product.prodname_secret_scanning %} and push protection will be enabled by default for all new {% ifversion ghec %}user-owned {% endif %}public repositories that you create. You can still choose to disable these features for an individual repository in the repository's "Code security and analysis" settings page. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-public-repositories)".
-
-{% endnote %}
-
-{% data reusables.user-settings.access_settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Disable all** or **Enable all**.
-{% data reusables.secret-scanning.push-protection-optional-enable %}
-
-{% endif %}
-
-## Excluding directories from {% data variables.secret-scanning.user_alerts %}
-
-You can configure a _secret_scanning.yml_ file to exclude directories from {% data variables.product.prodname_secret_scanning %}, including when you use push protection. For example, you can exclude directories that contain tests or randomly generated content.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.files.add-file %}
-1. In the file name field, type _.github/secret_scanning.yml_.
-1. Under **Edit new file**, type `paths-ignore:` followed by the paths you want to exclude from {% data variables.product.prodname_secret_scanning %}.
-
- ``` yaml
- paths-ignore:
- - "foo/bar/*.js"
- ```
-
- You can use special characters, such as `*` to filter paths. For more information about filter patterns, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
-
- {% note %}
-
- **Notes:**
- * If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans.
- * If `secret_scanning.yml` is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file.
-
- {% endnote %}
-
-You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
-
-{% ifversion not fpt %}
-
-## Further reading
-
-* "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)"
-* "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)"
-{% endif %}
diff --git a/content/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection.md b/content/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection.md
deleted file mode 100644
index a0a2d6489f69..000000000000
--- a/content/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Enabling AI-powered generic secret detection
-shortTitle: Enable generic secret detection
-intro: 'You can enable AI-powered generic secret detection for your repository. Alerts for generic secrets, such as passwords, are displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page.'
-versions:
- feature: secret-scanning-ai-generic-secret-detection
-type: how_to
-topics:
- - Secret scanning
- - Advanced Security
- - AI
----
-
-{% data reusables.secret-scanning.generic-secret-detection-ai %}
-
-## Enabling AI-powered generic secret detection for your repository
-
-To use generic secret detection, your enterprise owner must first set a policy at the enterprise level.
-
-You can then enable the feature in the "Code security and analysis" settings page of your repository.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-1. Under "Secret scanning", select the checkbox next to "Use AI detection to find additional secrets".
-
-For information on how to view alerts for generic secrets that have been detected using AI, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
-
-## Further reading
-
-* [AUTOTITLE](/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning)
-* [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md
new file mode 100644
index 000000000000..98552b0809dd
--- /dev/null
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md
@@ -0,0 +1,50 @@
+---
+title: Enabling push protection for your repository
+shortTitle: Enable push protection
+intro: 'With push protection, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+---
+
+## About enabling push protection
+
+To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's "Code security and analysis" settings page following the steps outlined in this article.
+
+{% ifversion secret-scanning-push-protection-for-users %}
+
+You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to _any_ public repository on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."
+
+{% endif %}
+
+If you're an organization owner, you can enable push protection for multiple repositories at a time{% ifversion security-configurations-ga %} using a security configuration{% endif %}. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration){% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization){% endif %}."
+
+Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see "[AUTOTITLE](/rest/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section.
+
+{% ifversion secret-scanning-enterprise-level %}
+
+If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
+
+{% endif %}
+
+## Enabling push protection for a repository
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-push-protection-repo %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection)"
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning)"
+* "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)"
+* "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)"
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md
new file mode 100644
index 000000000000..cb6f9297d380
--- /dev/null
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md
@@ -0,0 +1,56 @@
+---
+title: Enabling secret scanning for your repository
+shortTitle: Enable secret scanning
+intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for leaked secrets and generates alerts.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+---
+
+## About enabling {% data variables.secret-scanning.user_alerts %}
+
+{% ifversion fpt %}
+
+{% data variables.secret-scanning.user_alerts_caps %} can be enabled on any free public repository that you own.
+
+{% endif %}{% ifversion ghec or ghes %}
+
+{% data variables.secret-scanning.user_alerts_caps %} can be enabled for any repository that is owned by an organization{% ifversion secret-scanning-user-owned-repos %}, and for repositories owned by user accounts when using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}.
+
+{% endif %}
+
+If you're an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for multiple repositories at the same time{% ifversion security-configurations-ga %} using a security configuration{% endif %}. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization){% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization)"{% endif %}."
+
+{% ifversion secret-scanning-enterprise-level %}
+
+If your organization is owned by an enterprise account, an enterprise owner can also enable {% data variables.product.prodname_secret_scanning %} at the enterprise level. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
+
+{% endif %}
+
+## Enabling {% data variables.secret-scanning.user_alerts %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghec or ghes %}
+1. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
+1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
+1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
+
+ {% endif %}{% ifversion fpt %}
+1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.
+
+ {% endif %}
+
+A repository administrator can choose to disable {% data variables.product.prodname_secret_scanning %} for a repository at any time. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."
+
+## Next steps
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)"
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)"
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md
new file mode 100644
index 000000000000..28781292d4f7
--- /dev/null
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md
@@ -0,0 +1,49 @@
+---
+title: Enabling validity checks for your repository
+shortTitle: Enable validity checks
+intro: 'Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive.'
+product: '{% data reusables.gated-features.partner-pattern-validity-check-ghas %}'
+versions:
+ feature: secret-scanning-validity-check-partner-patterns
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+---
+
+## About validity checks
+
+You can enable validity checks for secrets identified as service provider tokens for your repository. Once enabled, {% data variables.product.company_short %} will periodically check the validity of a detected credential by sending the secret directly to the provider, as part of {% data variables.product.company_short %}'s secret scanning partnership program. {% data reusables.secret-scanning.partner-program-link %}
+
+{% data variables.product.company_short %} displays the validation status of the secret in the alert view, so you can see if the secret is `active`, `inactive`, or if the validation status is `unknown`. You can optionally perform an "on-demand" validity check for the secret in the alert view.
+
+{% ifversion secret-scanning-validity-check-partner-patterns %}
+
+You can additionally choose to enable validity checks for partner patterns. Once enabled, {% data variables.product.company_short %} will periodically check the validity of a detected credential by sending the secret directly to the provider, as part of {% data variables.product.company_short %}'s formal secret scanning partnership program. {% data variables.product.company_short %} typically makes GET requests to check the validity of the credential, picks the least intrusive endpoints, and selects endpoints that don't return any personal information.
+
+{% data variables.product.company_short %} displays the validation status of the secret in the alert view.
+
+{% endif %}
+
+You can filter by validation status on the alerts page, to help you prioritize which alerts you need to take action on.
+
+> [!NOTE]
+> {% data variables.product.company_short %} typically makes GET requests to check the validity of the credential, picks the least intrusive endpoints, and selects endpoints that don't return any personal information.
+
+For more information on using validity checks, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)."
+
+## Enabling validity checks
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.secret-scanning.validity-check-auto-enable %}
+
+You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see "[AUTOTITLE](/rest/repos/repos#update-a-repository)."
+
+Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise settings. For more information on enabling at the organization-level, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." For more information on enabling at the enterprise-level, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)" and "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis#update-code-security-and-analysis-features-for-an-enterprise)."
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)"
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md
new file mode 100644
index 000000000000..8041ca6b4529
--- /dev/null
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md
@@ -0,0 +1,23 @@
+---
+title: Enabling secret scanning features
+shortTitle: Enable secret scanning features
+allowTitleToDifferFromFilename: true
+intro: 'Learn how to enable {% data variables.product.prodname_secret_scanning %} to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /enabling-secret-scanning-for-your-repository
+ - /enabling-push-protection-for-your-repository
+ - /enabling-validity-checks-for-your-repository
+redirect_from:
+ - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
+ - /github/administering-a-repository/configuring-secret-scanning-for-your-repositories
+ - /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
+---
diff --git a/content/code-security/secret-scanning/index.md b/content/code-security/secret-scanning/index.md
index 927350e49ab1..28a7b0fd1453 100644
--- a/content/code-security/secret-scanning/index.md
+++ b/content/code-security/secret-scanning/index.md
@@ -15,19 +15,11 @@ topics:
- Advanced Security
- Repositories
children:
- - /about-secret-scanning
- - /secret-scanning-partner-program
- - /configuring-secret-scanning-for-your-repositories
- - /defining-custom-patterns-for-secret-scanning
- - /about-the-regular-expression-generator-for-custom-patterns
- - /generating-regular-expressions-for-custom-patterns-with-ai
+ - /introduction
+ - /enabling-secret-scanning-features
- /managing-alerts-from-secret-scanning
- - /secret-scanning-patterns
- - /about-the-detection-of-generic-secrets-with-secret-scanning
- - /enabling-ai-powered-generic-secret-detection
- - /push-protection-for-repositories-and-organizations
- - /push-protection-for-users
- - /working-with-push-protection
- - /pushing-a-branch-blocked-by-push-protection
- - /troubleshooting-secret-scanning
+ - /working-with-secret-scanning-and-push-protection
+ - /using-advanced-secret-scanning-and-push-protection-features
+ - /troubleshooting-secret-scanning-and-push-protection
+ - /secret-scanning-partnership-program
---
diff --git a/content/code-security/secret-scanning/introduction/about-push-protection.md b/content/code-security/secret-scanning/introduction/about-push-protection.md
new file mode 100644
index 000000000000..2f286004a3a9
--- /dev/null
+++ b/content/code-security/secret-scanning/introduction/about-push-protection.md
@@ -0,0 +1,101 @@
+---
+title: About push protection
+intro: 'Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.{% ifversion secret-scanning-push-protection-for-users %} Push protection can be applied at the repository, organization, and user account level{% else %} You can apply push protection at repository or organization level{% endif %}.'
+product: '{% data reusables.gated-features.push-protection-for-repos %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+redirect_from:
+ - /early-access/code-security/secret-scanning/protecting-pushes-with-secret-scanning
+ - /code-security/secret-scanning/protecting-pushes-with-secret-scanning
+ - /code-security/secret-scanning/push-protection-for-repositories-and-organizations
+type: overview
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Push protection
+---
+
+## About push protection
+
+Push protection is a {% data variables.product.prodname_secret_scanning %} feature that is designed to prevent sensitive information, such as secrets or tokens, from being pushed to your repository in the first place. Unlike {% data variables.product.prodname_secret_scanning %}, which detects secrets after they have been committed, push protection proactively scans your code for secrets during the push process and blocks the push if any are detected.
+
+Push protection helps you avoid the risks associated with exposed secrets, like unauthorized access to resources or services. With this feature, developers get immediate feedback and can address potential issues before they become a security concern.
+
+{% ifversion secret-scanning-push-protection-for-users %}
+
+You can enable push protection:
+
+* At repository/organization level, if you are a repository administrator or an organization owner. You will see alerts in the **Security** tab of your repository when a contributor to the repository bypasses push protection.
+* For your account on {% data variables.product.prodname_dotcom %}, as a user. This type of push protection is referred to as "push protection for users". It protects you from pushing secrets to _any_ public repository on {% data variables.product.prodname_dotcom %}, but no alerts are generated.
+
+{% endif %}
+
+For information about the secrets and service providers supported by push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
+
+## How push protection works
+
+Once enabled, if push protection detects a potential secret during a push attempt, it will block the push and provide a detailed message explaining the reason for the block. You will need to review the code in question, remove any sensitive information, and reattempt the push.
+
+By default, anyone with write access to the repository can choose to bypass push protection by specifying one of the bypass reasons outlined in the table. {% data reusables.secret-scanning.push-protection-bypass %}
+
+{% data reusables.secret-scanning.bypass-reasons-and-alerts %}
+
+{% ifversion push-protection-delegated-bypass %} If you want greater control over which contributors can bypass push protection and which pushes containing secrets should be allowed, you can enable delegated bypass for push protection. Delegated bypass lets you configure a designated group of reviewers to oversee and manage requests to bypass push protection from contributors pushing to the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)."{% endif %}
+
+## About the benefits of push protection
+
+* **Preventative security**: Push protection acts as a frontline defense mechanism by scanning code for secrets at the time of the push. This preventative approach helps to catch potential issues before they are merged into your repository.
+
+* **Immediate feedback**: Developers receive instant feedback if a potential secret is detected during a push attempt. This immediate notification allows for quick remediation, reducing the likelihood of sensitive information being exposed.
+
+* **Reduced risk of data leaks**: By blocking commits that contain sensitive information, push protection significantly reduces the risk of accidental data leaks. This helps in safeguarding against unauthorized access to your infrastructure, services, and data.
+
+* **Efficient secret management**: Instead of retrospectively dealing with exposed secrets, developers can address issues at the source. This makes secret management more efficient and less time-consuming.
+
+* **Integration with CI/CD pipelines**: Push Protection can be integrated into your Continuous Integration/Continuous Deployment (CI/CD) pipelines, ensuring that every push is scanned for secrets before it gets deployed. This adds an extra layer of security to your DevOps practices.
+
+{% ifversion secret-scanning-push-protection-custom-patterns %}* **Ability to detect custom patterns**: Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.{% endif %}
+
+{% ifversion push-protection-delegated-bypass %}* **Delegated bypass for flexibility**: For cases where false positives occur or when certain patterns are necessary, the delegated bypass feature allows designated users to approve specific pushes. This provides flexibility without compromising overall security.{% endif %}
+
+{% ifversion secret-scanning-push-protection-for-users %}
+
+Every user across {% data variables.product.prodname_dotcom %} can also enable push protection for themselves within their individual settings. Enabling push protection for your user account means that your pushes are protected whenever you push to a public repository on {% data variables.product.prodname_dotcom %}, without relying on that repository to have push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."
+
+{% endif %}
+
+## Customizing push protection
+
+Once push protection is enabled, you can customize it further:
+
+### Integrate with CI/CD pipelines
+
+Integrate push protection with your Continuous Integration/Continuous Deployment (CI/CD) pipelines to ensure that it runs scans during automated processes. This typically involves adding steps in your pipeline configuration file to call GitHub's APIs or using {% data variables.product.prodname_actions %}.
+
+{% ifversion secret-scanning-push-protection-custom-patterns %}
+
+### Define custom patterns
+
+Define custom patterns that push protection can use to identify secrets and block pushes containing these secrets. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
+
+{% endif %}
+
+{% ifversion push-protection-delegated-bypass %}
+
+### Configure delegated bypass
+
+Define contributors who can bypass push protection and add an approval process for other contributors. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)."
+
+{% endif %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)"
+* "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)"
+* "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)"{% ifversion secret-scanning-push-protection-custom-patterns %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)"{% endif %}{% ifversion push-protection-delegated-bypass %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)"{% endif %}
diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
new file mode 100644
index 000000000000..276124021dcd
--- /dev/null
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
@@ -0,0 +1,32 @@
+---
+title: About secret scanning for partners
+intro: 'When {% data variables.product.prodname_secret_scanning %} detects authentication details for a service provider in a public repository on {% data variables.product.prodname_dotcom %}, an alert is sent directly to the provider. This allows service providers who are {% data variables.product.prodname_dotcom %} partners to promptly take action to secure their systems.'
+versions:
+ fpt: '*'
+ ghec: '*'
+type: overview
+topics:
+ - Secret scanning
+ - Advanced Security
+shortTitle: Secret scanning for partners
+---
+
+## About {% data variables.secret-scanning.partner_alerts %}
+
+{% data variables.product.product_name %} scans public repositories and public npm packages for secrets issued by specific service providers who joined our partnership program, and alerts the relevant service provider whenever a secret is detected in a commit. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. {% data reusables.secret-scanning.partner-program-link %}
+
+> [!NOTE]You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} for partner patterns on public repositories.
+
+The reason partner alerts are directly sent to the secret providers whenever a leak is detected for one of their secrets is that this enables the provider to take immediate action to protect you and protect their resources. The notification process for regular alerts is different. Regular alerts are displayed on the repository's **Security** tab on {% data variables.product.prodname_dotcom %} for you to resolve.
+
+{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
+
+## What are the supported secrets
+
+For information about the secrets and service providers supported by push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)"
+* "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)"
+* "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)"
diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
new file mode 100644
index 000000000000..12276eeeb9a2
--- /dev/null
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
@@ -0,0 +1,140 @@
+---
+title: About secret scanning
+intro: '{% data variables.product.product_name %} scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+redirect_from:
+ - /github/administering-a-repository/about-token-scanning
+ - /articles/about-token-scanning
+ - /articles/about-token-scanning-for-private-repositories
+ - /github/administering-a-repository/about-secret-scanning
+ - /code-security/secret-security/about-secret-scanning
+ - /code-security/secret-scanning/about-secret-scanning
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: overview
+topics:
+ - Secret scanning
+ - Advanced Security
+shortTitle: Secret scanning
+---
+
+## About {% data variables.product.prodname_secret_scanning %}
+
+{% data variables.product.prodname_secret_scanning_caps %} is a security feature that helps detect and prevent the accidental inclusion of sensitive information such as API keys, passwords, tokens, and other secrets in your repository. When enabled, {% data variables.product.prodname_secret_scanning %} scans commits in repositories for known types of secrets and alerts repository administrators upon detection.
+
+{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets{% ifversion ghec or ghes %}, even if the repository is archived{% endif %}.{% ifversion ghes < 3.11 %} {% data variables.product.prodname_secret_scanning_caps %} does not scan issues.{% endif %}{% ifversion secret-scanning-backfills %} {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan of existing content in {% ifversion fpt %}public{% else %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled.{% endif %}
+
+{% data reusables.secret-scanning.what-is-scanned %}
+
+When a supported secret is leaked, {% data variables.product.product_name %} generates a {% data variables.product.prodname_secret_scanning %} alert. Alerts are reported on the **Security** tab of repositories on {% data variables.product.product_name %}, where you can view, evaluate, and resolve them. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
+
+{% ifversion fpt or ghec %}Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. We automatically run {% data variables.product.prodname_secret_scanning %} for partner patterns on all public repositories and public npm packages.{% data reusables.secret-scanning.partner-program-link %}
+
+Any strings that match patterns that were provided by secret scanning partners are reported directly to the relevant partner, and aren't displayed on {% data variables.product.prodname_dotcom %}. For more information about partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)."{% endif %}
+
+For information about the secrets and service providers supported by {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
+
+You can use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see "[AUTOTITLE](/rest/secret-scanning)."
+
+{% ifversion ghec or ghes %}
+You can also use security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
+{% endif %}
+
+{% data reusables.secret-scanning.audit-secret-scanning-events %}
+
+## How {% data variables.product.prodname_secret_scanning %} works
+
+Below is a typical workflow that explains how {% data variables.product.prodname_secret_scanning %} works:
+
+* **Detection**: {% data variables.product.prodname_secret_scanning_caps %} automatically scans your repository's contents for sensitive data, such as API keys, passwords, tokens, and other secrets. It looks for patterns and heuristics that match known types of secrets.
+
+* **Alerts**: When a potential secret is detected, {% data variables.product.prodname_dotcom %} generates an alert and notifies the relevant repository administrators and users. This notification includes details about the detected secret, such as its location in the repository. For more information about alert types and alert details, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)."
+
+* **Review**: When a secret is detected, you'll need to review the alert details provided.
+
+* **Remediation**: You then need take appropriate actions to remediate the exposure. This might include:
+ * Rotating the affected credential to ensure it is no longer usable.
+ * Removing the secret from the repository's history (using tools like BFG Repo-Cleaner or {% data variables.product.prodname_dotcom %}'s built-in features).
+
+* **Monitoring**: It's good practice to regularly audit and monitor your repositories to ensure no other secrets are exposed.
+
+{% ifversion fpt or ghec %}
+
+* **Integration with partners**: {% data variables.product.prodname_dotcom %} works with various service providers to validate secrets. When a partner secret is detected, {% data variables.product.prodname_dotcom %} notifies the provider so they can take appropriate action, such as revoking the credential. For more information about the partnership program, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)."
+
+{% endif %}
+
+## About the benefits of {% data variables.product.prodname_secret_scanning %}
+
+* **Enhanced security**—{% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors.
+
+* **Automated detection**—The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves.
+
+* **Real-time alerts**—When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions.
+
+{% ifversion fpt or ghec %}
+
+* **Integration with service providers**—{% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)."
+
+{% endif %}
+
+{% ifversion ghec or ghes %}
+
+* **Custom pattern support**—Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.
+
+{% endif %}
+
+{% ifversion secret-scanning-non-provider-patterns %}
+
+* **Ability to detect non-provider patterns**—You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.
+
+{% endif %}
+
+## Customizing {% data variables.product.prodname_secret_scanning %}
+
+Once {% data variables.product.prodname_secret_scanning %} is enabled, you can customize it further:
+
+{% ifversion secret-scanning-non-provider-patterns %}
+
+### Detection of non-provider patterns
+
+Scan for and detect secrets that are not specific to a service provider, such as private keys and generic API keys. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns)."
+
+{% endif %}
+
+{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+### Generic secret detection
+
+Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to detect unstructured secrets, such as passwords, in your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning)."
+
+{% endif %}
+
+### Performing validity checks
+
+Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. For more information, see{% ifversion secret-scanning-validity-check-partner-patterns %} "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository)" and{% endif %} "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)."
+
+{% ifversion ghec or ghes %}
+
+### Defining custom patterns
+
+Define your own patterns for secrets used by your organization that {% data variables.product.prodname_secret_scanning %} can scan for and detect. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
+
+{% ifversion secret-scanning-custom-pattern-ai-generated %}
+
+You can also leverage AI to generate regular expressions that will capture all your custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai)."
+
+{% endif %}
+
+{% endif %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)"
+* "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)"
+* "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection)"
+* "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)"
+* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
+* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)"
diff --git a/content/code-security/secret-scanning/introduction/index.md b/content/code-security/secret-scanning/introduction/index.md
new file mode 100644
index 000000000000..5edda345e110
--- /dev/null
+++ b/content/code-security/secret-scanning/introduction/index.md
@@ -0,0 +1,20 @@
+---
+title: Introduction to secret scanning
+shortTitle: Introduction
+allowTitleToDifferFromFilename: true
+intro: 'Learn how {% data variables.product.prodname_secret_scanning %} detects secrets in existing content and new commits, helping you to avoid exposing sensitive data that could be exploited.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: overview
+topics:
+ - Secret scanning
+ - Advanced Security
+children:
+ - /about-secret-scanning
+ - /about-push-protection
+ - /about-secret-scanning-for-partners
+ - /supported-secret-scanning-patterns
+---
diff --git a/content/code-security/secret-scanning/secret-scanning-patterns.md b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
similarity index 54%
rename from content/code-security/secret-scanning/secret-scanning-patterns.md
rename to content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
index 595f8fb25366..ef71f6e4fdb3 100644
--- a/content/code-security/secret-scanning/secret-scanning-patterns.md
+++ b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
@@ -1,5 +1,5 @@
---
-title: Secret scanning patterns
+title: Supported secret scanning patterns
intro: 'Lists of supported secrets and the partners that {% data variables.product.company_short %} works with to prevent fraudulent use of secrets that were committed accidentally.'
product: '{% data reusables.gated-features.secret-scanning %}'
versions:
@@ -12,96 +12,40 @@ topics:
- Advanced Security
redirect_from:
- /code-security/secret-scanning/secret-scanning-partners
+ - /code-security/secret-scanning/secret-scanning-patterns
layout: inline
+shortTitle: Supported patterns
---
-{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
-
-{% ifversion fpt or ghec %}
-
## About {% data variables.product.prodname_secret_scanning %} patterns
-{% data variables.product.product_name %} maintains these different sets of default {% data variables.product.prodname_secret_scanning %} patterns:
-
-1. **Partner patterns.** Used to detect potential secrets in all public repositories as well as public npm packages.{% data reusables.secret-scanning.partner-program-link %}
-1. **User alert patterns.** Used to detect potential secrets in {% ifversion fpt %}public{% endif %} repositories with {% data variables.secret-scanning.user_alerts %} enabled.
-1. **Push protection patterns.** Used to detect potential secrets in repositories with {% data variables.product.prodname_secret_scanning %} as a push protection enabled.
+{% data reusables.secret-scanning.alert-types %}
-{% ifversion fpt %}
-Owners of public repositories, as well as organizations using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %}, can enable {% data variables.secret-scanning.user_alerts %} on their repositories.
-{% endif %}
+For in-depth information about each alert type, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)."
For details about all the supported patterns, see the "[Supported secrets](#supported-secrets)" section below.
-If you believe that {% data variables.product.prodname_secret_scanning %} should have detected a secret committed to your repository, and it has not, you first need to check that {% data variables.product.prodname_dotcom %} supports your secret. For more information, refer to the sections below. For more advanced troubleshooting information, see "[AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning)."
-
-## About partner alerts
-
-Partner alerts are alerts that are sent to the secret providers whenever a secret leak is reported for one of their secrets. {% data variables.product.product_name %} currently scans public repositories and public npm packages for secrets issued by specific service providers and alerts the relevant service provider whenever a secret is detected in a commit. For more information about {% data variables.secret-scanning.partner_alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-partners)."
-
-{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
-
-{% endif %}
-
-## About {% ifversion fpt or ghec %}user {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alerts
-
-{% ifversion fpt or ghec %}User alerts are alerts that are reported to users on {% data variables.product.prodname_dotcom %}. {% endif %}When {% data variables.secret-scanning.user_alerts %} {% ifversion fpt or ghec %}are{% else %}is{% endif %} enabled, {% data variables.product.prodname_dotcom %} scans repositories for secrets issued by a large variety of service providers and generates {% data variables.secret-scanning.alerts %}.
-
-{% ifversion secret-scanning-non-provider-patterns %}{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alerts can be of the following types:
-
-* High confidence alerts, which relate to supported patterns and specified custom patterns.
-* Non-provider alerts, which have a higher ratio of false positives, and correspond to secrets such as private keys.
-
-{% data variables.product.prodname_dotcom %} displays non-provider alerts in a different list to high confidence alerts, making triaging a better experience for users. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#other-alerts-list)."
-
-{% data reusables.secret-scanning.non-provider-patterns-beta %}
-
-{% endif %}
-
-You can see these alerts on the **Security** tab of the repository. {% ifversion fpt or ghec %}For more information about {% data variables.secret-scanning.user_alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."{% endif %}
+If you use the REST API for {% data variables.product.prodname_secret_scanning %}, you can use the `Secret type` to report on secrets from specific issuers. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/rest/secret-scanning)."
-{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
-
-If you use the REST API for secret scanning, you can use the `Secret type` to report on secrets from specific issuers. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/rest/secret-scanning)."
-
-{% ifversion ghes or ghec %}
-{% note %}
-
-**Note:** You can also define custom {% data variables.product.prodname_secret_scanning %} patterns for your repository, organization, or enterprise. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
-
-{% endnote %}
-{% endif %}
-
-## About push protection alerts
-
-Push protection alerts are user alerts that are reported by push protection. {% data variables.product.prodname_secret_scanning_caps %} as a push protection currently scans repositories for secrets issued by some service providers.
-
-{% ifversion secret-scanning-push-protection-for-users %}Push protection alerts are not created for secrets that are bypassed with user-based push protection only. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)."{% endif %}
-
-{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
-
-{% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see "[AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning#push-protection-and-pattern-versions)."
+If you believe that {% data variables.product.prodname_secret_scanning %} should have detected a secret committed to your repository, and it has not, you first need to check that {% data variables.product.prodname_dotcom %} supports your secret. For more information, refer to the following sections. For more advanced troubleshooting information, see "[AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning)."
## Supported secrets
-This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token{% ifversion secret-scanning-validity-check %}, as well as whether a validity check is performed on the token{% endif %}.
+This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token.
+
* **Provider**—name of the token provider.{% ifversion fpt or ghec %}
* **Partner**—token for which leaks are reported to the relevant token partner. Applies to public repositories only.
* **User**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
- * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %}, {% data variables.product.prodname_secret_scanning %}.
+ * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled.
* Includes high confidence tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives.
- * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories)."
+ * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)."
{% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %}
* **{% data variables.product.prodname_secret_scanning_caps %} alert**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled.
* Includes high confidence tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %}
* **Push protection**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.
- {% note %}
-
- **Note:** {% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see "[AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning#push-protection-and-pattern-versions)."
- {% endnote %}{% ifversion secret-scanning-validity-check %}
-* **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}{% endif %}
+* **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}
{% ifversion secret-scanning-non-provider-patterns %}
@@ -120,7 +64,7 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
| Generic | postgres_connection_string |
| Generic | rsa_private_key |
-Push protection and validity checks are not supported for non-provider patterns.
+>[!NOTE] Push protection and validity checks are not supported for non-provider patterns.
### High confidence patterns
@@ -145,6 +89,7 @@ Push protection and validity checks are not supported for non-provider patterns.
{%- for entry in secretScanningData %}
| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.isPrivateWithGhas %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasPushProtection %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasValidityCheck %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} |
{%- endfor %}
+
{% endif %}
@@ -158,12 +103,17 @@ Push protection and validity checks are not supported for non-provider patterns.
{% endif %}
+#### Token versions
+
+
+
+Service providers update the patterns used to generate tokens periodically and may support more than one version of a token. Push protection only supports the most recent token versions that {% data variables.product.prodname_secret_scanning %} can identify with confidence. This avoids push protection blocking commits unnecessarily when a result may be a false positive, which is more likely to happen with legacy tokens.
+
## Further reading
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)"
+{%- ifversion fpt or ghec %}
+* "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)"
+{%- endif %}
* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)"
-{%- ifversion fpt or ghec %}
-* "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partner-program)"
-{%- else %}
-* "[AUTOTITLE](/free-pro-team@latest/code-security/secret-scanning/secret-scanning-partner-program)" in the {% data variables.product.prodname_ghe_cloud %} documentation
-{% endif %}
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md
deleted file mode 100644
index a11d5c1aeda8..000000000000
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md
+++ /dev/null
@@ -1,252 +0,0 @@
----
-title: Managing alerts from secret scanning
-intro: You can view, evaluate and resolve alerts for secrets checked in to your repository.
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view and dismiss secret scanning alerts for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
-redirect_from:
- - /github/administering-a-repository/managing-alerts-from-secret-scanning
- - /code-security/secret-security/managing-alerts-from-secret-scanning
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: how_to
-topics:
- - Secret scanning
- - Advanced Security
- - Alerts
- - Repositories
-shortTitle: Manage secret alerts
----
-## About the {% data variables.product.prodname_secret_scanning %} alerts page
-
-{% data reusables.secret-scanning.secret-scanning-about-alerts %} {% data reusables.secret-scanning.repository-alert-location %}
-
-{% ifversion secret-scanning-non-provider-patterns %}
-To help you triage alerts more effectively, {% data variables.product.company_short %} separates alerts into two lists:
-* **High confidence** alerts.
-* **Other** alerts.
-
-
-
-### High confidence alerts list
-
-The "High confidence" alerts list displays alerts that relate to supported patterns and specified custom patterns. This list is always the default view for the alerts page.
-
-### Other alerts list
-
-The "Other" alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts have a higher rate of false positives.
-
-In addition, alerts that fall into this category:
-* Are limited in quantity to 5000 alerts per repository (this includes open and closed alerts).
-* Are not shown in the summary views for security overview, only in the "{% data variables.product.prodname_secret_scanning_caps %}" view.
-* Only have the first five detected locations shown on {% data variables.product.prodname_dotcom %} for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %}, and only the first detected location shown for AI-detected generic secrets{% endif %}.
-
-For {% data variables.product.company_short %} to scan for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} and generic secrets{% endif %}, you must first enable the feature{% ifversion secret-scanning-ai-generic-secret-detection %}s{% endif %} for your repository or organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %}" and "[AUTOTITLE](/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection){% endif %}."
-
-{% endif %}
-
-## Viewing alerts
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. {% ifversion secret-scanning-non-provider-patterns %}
-1. Optionally, toggle to "Other" to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.{% endif %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view.
- {% ifversion secret-scanning-user-owned-repos %}
-
- > [!NOTE]
- > {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}
-
- {% endif %}
-
-## Filtering alerts
-
-You can apply various filters to the alerts list to help you find the alerts you're interested in. You can use the dropdown menus above the alerts list, or input the qualifiers listed in the table into the search bar.
-
-|Qualifier|Description|
-|---------|-----------|
-|`is:open`|Displays open alerts.|
-|`is:closed`|Displays closed alerts.|{% ifversion secret-scanning-bypass-filter %}
-|`bypassed: true`|Displays alerts for secrets where push protection has been bypassed. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."|{% endif %}{% ifversion secret-scanning-validity-check %}
-|`validity:active`| Displays alerts for secrets that are still active. {% ifversion fpt %}Applies to {% data variables.product.company_short %} tokens only.{% endif %} For more information about validity statuses, see "[Checking a secret's validity](#checking-a-secrets-validity)."|
-|`validity:inactive`| Displays alerts for secrets that are no longer active.|
-|`validity:unknown`| Displays alerts for secrets where the validity status of the secret is unknown.|{% endif %}
-|`secret-type:SECRET-NAME`| Displays alerts for a specific secret type, for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secret)." |
-|`provider:PROVIDER-NAME`|Displays alerts for a specific provider, for example, `provider:github`. For a list of supported partners, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."|{% ifversion secret-scanning-non-provider-patterns %}
-|`confidence:high`| Displays alerts for high-confidence secrets, which relate to supported secrets and custom patterns. For a list of supported high-confidence patterns, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#high-confidence-patterns)." |
-|`confidence:other`| Displays alerts for non-provider patterns, such as private keys{% ifversion secret-scanning-ai-generic-secret-detection %}, and AI-detected generic secrets, such as passwords{% endif %}. For a list of supported non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns)." {% ifversion secret-scanning-ai-generic-secret-detection %}For more information AI-detected generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning)."{% endif %}|{% endif %}
-
-{% ifversion secret-scanning-validity-check %}
-
-## Evaluating alerts
-
-{% ifversion ghes = 3.9 %}You can check the validity of a secret, to see if the secret is still active. **Applies to GitHub tokens only**. For more information, see "[Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning#checking-a-secrets-validity)."
-{% else %}
-There are some additional features that can help you to evaluate alerts in order to better prioritize and manage them. You can:
-
-* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see "[Checking a secret's validity](#checking-a-secrets-validity)."{% ifversion secret-scanning-validity-check-partner-patterns %}
-* Perform an "on-demand" validity check, to get the most up to date validiation status. For more information, see "[Performing an on-demand-validity-check](#performing-an-on-demand-validity-check)."{% endif %}{% ifversion secret-scanning-github-token-metadata %}
-* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}
-{% endif %}
-
-### Checking a secret's validity
-
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-
-{% data reusables.secret-scanning.validity-check-partner-patterns-beta %}
-
-{% endif %}
-
-Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. An `active` secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority.
-
-By default, {% data variables.product.company_short %} checks the validity of {% data variables.product.company_short %} tokens and displays the validitation status of the token in the alert view.
-
-{% ifversion fpt %}
-
-Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable validity checks for partner patterns. For more information, see "[Checking a secret's validity](/enterprise-cloud@latest/code-security/secret-scanning/managing-alerts-from-secret-scanning#checking-a-secrets-validity)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
-{% endif %}
-
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-
-You can additionally choose to enable validity checks for partner patterns. Once enabled, {% data variables.product.company_short %} will periodically check the validity of a detected credential by sending the secret directly to the provider, as part of {% data variables.product.company_short %}'s formal secret scanning partnership program. {% data variables.product.company_short %} typically makes GET requests to check the validity of the credential, picks the least intrusive endpoints, and selects endpoints that don't return any personal information.
-
-{% data variables.product.company_short %} displays the validation status of the secret in the alert view.
-
-{% endif %}
-
-{% data reusables.secret-scanning.validity-check-table %}
-
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-
-{% data reusables.gated-features.partner-pattern-validity-check-ghas %}
-
-For information on how to enable validity checks for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)," and for information on which partner patterns are currently supported, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#high-confidence-patterns)."
-
-{% endif %}
-
-You can use the REST API to retrieve a list of the most recent validation status for each of your tokens. For more information, see "[AUTOTITLE](/rest/secret-scanning)" in the REST API documentation. You can also use webhooks to be notified of activity relating to a {% data variables.product.prodname_secret_scanning %} alert. For more information, see the `secret_scanning_alert` event in "[AUTOTITLE](/webhooks/webhook-events-and-payloads?actionType=created#secret_scanning_alert)."
-
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-
-### Performing an on-demand validity check
-
-Once you have enabled validity checks for partner patterns for your repository, you can perform an "on-demand" validity check for any supported secret by clicking {% octicon "sync" aria-hidden="true" %} **Verify secret** in the alert view. {% data variables.product.company_short %} will send the pattern to the relevant partner and display the validation status of the secret in the alert view.
-
-
-
-{% endif %}
-
-{% endif %}
-
-{% ifversion secret-scanning-github-token-metadata %}
-
-### Reviewing {% data variables.product.company_short %} token metadata
-
-> [!NOTE]
-> Metadata for {% data variables.product.company_short %} tokens is currently in public beta and subject to change.
-
-In the view for an active {% data variables.product.company_short %} token alert, you can review certain metadata about the token. This metadata may help you identify the token and decide what remediation steps to take.
-
-Tokens, like {% data variables.product.pat_generic %} and other credentials, are considered personal information. For more information about using {% data variables.product.company_short %} tokens, see [GitHub's Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) and [Acceptable Use Policies](/free-pro-team@latest/site-policy/acceptable-use-policies/github-acceptable-use-policies).
-
- 
-
- Metadata for {% data variables.product.company_short %} tokens is available for active tokens in any repository with secret scanning enabled. If a token has been revoked or its status cannot be validated, metadata will not be available. {% data variables.product.company_short %} auto-revokes {% data variables.product.company_short %} tokens in public repositories, so metadata for {% data variables.product.company_short %} tokens in public repositories is unlikely to be available. The following metadata is available for active {% data variables.product.company_short %} tokens:
-
-|Metadata|Description|
-|-------------------------|--------------------------------------------------------------------------------|
-|Secret name| The name given to the {% data variables.product.company_short %} token by its creator|
-|Secret owner| The {% data variables.product.company_short %} handle of the token's owner|
-|Created on| Date the token was created|
-|Expired on| Date the token expired|
-|Last used on| Date the token was last used|
-|Access| Whether the token has organization access|
-
-{% ifversion secret-scanning-user-owned-repos %}{% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %} If access is granted, {% data variables.product.prodname_dotcom %} will notify the owner of the repository containing the leaked secret, report the action in the repository owner and enterprise audit logs, and enable access for 2 hours.{% ifversion ghec %} For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise)."{% endif %}{% endif %}
-
-{% endif %}
-
-## Fixing alerts
-
-Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.prodname_dotcom %} recommends the following actions for compromised secrets:
-
-* For a compromised {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
-{%- ifversion token-audit-log %}
- * {% ifversion ghec %}If your organization is owned by an enterprise account, identify{% else %}Identify{% endif %} any actions taken by the compromised token on your enterprise's resources. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)."
-{%- endif %}
-* For all other secrets, first verify that the secret committed to {% data variables.product.product_name %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.
-
-{% ifversion fpt or ghec %}
-
-> [!NOTE]
-> If a secret is detected in a public repository on {% data variables.product.prodname_dotcom_the_website %} and the secret also matches a partner pattern, an alert is generated and the potential secret is reported to the service provider. For details of partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
-
-{% endif %}
-
-## Closing alerts
-
-> [!NOTE]
->{% data variables.product.prodname_secret_scanning_caps %} doesn't automatically close alerts when the corresponding token has been removed from the repository. You must manually close these alerts in the alert list on {% data variables.product.prodname_dotcom %}.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view. {% ifversion secret-scanning-partner-documentation-link-UI %}
-1. To dismiss an alert, select the "Close as" dropdown menu and click a reason for resolving an alert.
-
- 
-
- {% else %}
-1. To dismiss an alert, select the "Mark as" dropdown menu and click a reason for resolving an alert.
- {% endif %}{% ifversion secret-scanning-dismissal-comment %}
-1. Optionally, in the "Comment" field, add a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting. You can view the history of all dismissed alerts and dismissal comments in the alert timeline. You can also retrieve or set a comment by using the {% data variables.product.prodname_secret_scanning_caps %} API. The comment is contained in the `resolution_comment` field. For more information, see "[AUTOTITLE](/rest/secret-scanning#update-a-secret-scanning-alert)" in the REST API documentation.
-1. Click **Close alert**.
-{% endif %}
-
-## Configuring notifications for {% data variables.secret-scanning.alerts %}
-
-{% ifversion secret-scanning-backfills %}
-Notifications are different for incremental scans and historical scans.
-
-### Incremental scans
-
-{% endif %}
-
-{% data reusables.secret-scanning.secret-scanning-configure-notifications %}
-
-{% ifversion secret-scanning-notification-settings %}
-{% data reusables.repositories.navigate-to-repo %}
-1. To start watching the repository, select **{% octicon "eye" aria-hidden="true" %} Watch**.
-
- 
-
-1. In the dropdown menu, click **All Activity**. Alternatively, to only subscribe to security alerts, click **Custom**, then click **Security alerts**.
-1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications).
-1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown.
-1. Select "Email" as a notification option, then click **Save**.
-
- 
-{% endif %}
-
-{% data reusables.notifications.watch-settings %}
-
-{% ifversion secret-scanning-backfills %}
-
-### Historical scans
-
-For historical scans, {% data variables.product.product_name %} notifies the following users:
-
-* Organization owners, enterprise owners, and security managers—whenever a historical scan is complete, even if no secrets are found.
-* Repository administrators, security managers, and users with custom roles with read/write access—whenever a historical scan detects a secret, and according to their notification preferences.
-
-We do _not_ notify commit authors.
-
-{% data reusables.notifications.watch-settings %}
-
-{% endif %}
-
-## Auditing responses to secret scanning alerts
-
-{% data reusables.secret-scanning.audit-secret-scanning-events %}
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
new file mode 100644
index 000000000000..b166bb541bbe
--- /dev/null
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
@@ -0,0 +1,71 @@
+---
+title: About secret scanning alerts
+intro: 'Learn about the different types of {% data variables.secret-scanning.alerts %}.'
+permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can manage {% data variables.secret-scanning.alerts %} for the repository.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: About alerts
+allowTitleToDifferFromFilename: true
+---
+
+## About types of alerts
+
+{% data reusables.secret-scanning.alert-types %}
+
+## About {% ifversion fpt or ghec %}user alerts {% else %}{% data variables.secret-scanning.alerts %}{% endif %}
+
+When {% data variables.product.company_short %} detects a supported secret in a repository that has {% data variables.product.prodname_secret_scanning %} enabled, a {% ifversion fpt or ghec %}user {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alert is generated and displayed in the **Security** tab of the repository.
+
+{% ifversion secret-scanning-non-provider-patterns %}{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alerts can be of the following types:
+
+* High confidence alerts, which relate to supported patterns and specified custom patterns.
+* Other alerts, which have a higher ratio of false positives, and correspond to secrets such as private keys{% ifversion secret-scanning-ai-generic-secret-detection %} or AI-detected generic secrets{% endif %}.
+
+{% data variables.product.prodname_dotcom %} displays these "other" alerts in a different list to high confidence alerts, making triaging a better experience for users. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."
+
+{% data reusables.secret-scanning.non-provider-patterns-beta %}
+
+{% endif %}
+
+{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
+
+## About push protection alerts
+
+Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the **Security** tab of the repository. To see all push protection alerts for a repository, you must filter by `bypassed: true` on the alerts page. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts#filtering-alerts)."
+
+{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
+
+>[!NOTE]
+> {% ifversion secret-scanning-push-protection-for-users %}You can also enable push protection for your personal account, called "push protection for users", which prevents you from accidentally pushing supported secrets to _any_ public repository. Alerts are _not_ created if you choose to bypass your user-based push protection only. Alerts are only created if the repository itself has push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."{% endif %}
+>
+> {% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see "[AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning#push-protection-and-pattern-versions)."
+
+{% ifversion fpt or ghec %}
+
+## About partner alerts
+
+When {% data variables.product.company_short %} detects a leaked secret in a public repository or npm package, an alert is sent directly to the secret provider, if they are part of {% data variables.product.company_short %}'s secret scanning partner program. For more information about {% data variables.secret-scanning.partner_alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)" and "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)."
+
+Partner alerts are not sent to repository administrators, so you do not need to take any action for this type of alert.
+
+{% endif %}
+
+## Next steps
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)"
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns){% ifversion ghec or ghes %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)"{% endif %}{% ifversion secret-scanning-non-provider-patterns %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns)"{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning)"{% endif %}
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
new file mode 100644
index 000000000000..6652cf1273dd
--- /dev/null
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
@@ -0,0 +1,92 @@
+---
+title: Evaluating alerts from secret scanning
+intro: 'Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret''s validity.'
+permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view {% data variables.secret-scanning.alerts %} for the repository.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Evaluate alerts
+allowTitleToDifferFromFilename: true
+---
+
+## About evaluating alerts
+
+There are some additional features that can help you to evaluate alerts in order to better prioritize and manage them. You can:
+
+* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see "[Checking a secret's validity](#checking-a-secrets-validity)."{% ifversion secret-scanning-validity-check-partner-patterns %}
+* Perform an "on-demand" validity check, to get the most up to date validation status. For more information, see "[Performing an on-demand-validity-check](#performing-an-on-demand-validity-check)."{% endif %}{% ifversion secret-scanning-github-token-metadata %}
+* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}
+
+## Checking a secret's validity
+
+Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. An `active` secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority.
+
+By default, {% data variables.product.company_short %} checks the validity of {% data variables.product.company_short %} tokens and displays the validation status of the token in the alert view.
+
+{% ifversion fpt %}
+
+Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable validity checks for partner patterns. For more information, see "[Checking a secret's validity](/enterprise-cloud@latest/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+
+{% endif %}
+
+{% data reusables.secret-scanning.validity-check-table %}
+
+{% ifversion secret-scanning-validity-check-partner-patterns %}
+
+{% data reusables.gated-features.partner-pattern-validity-check-ghas %}
+
+For information on how to enable validity checks for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository)," and for information on which partner patterns are currently supported, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#high-confidence-patterns)."
+
+{% endif %}
+
+You can use the REST API to retrieve a list of the most recent validation status for each of your tokens. For more information, see "[AUTOTITLE](/rest/secret-scanning)" in the REST API documentation. You can also use webhooks to be notified of activity relating to a {% data variables.product.prodname_secret_scanning %} alert. For more information, see the `secret_scanning_alert` event in "[AUTOTITLE](/webhooks/webhook-events-and-payloads?actionType=created#secret_scanning_alert)."
+
+{% ifversion secret-scanning-validity-check-partner-patterns %}
+
+## Performing an on-demand validity check
+
+Once you have enabled validity checks for partner patterns for your repository, you can perform an "on-demand" validity check for any supported secret by clicking {% octicon "sync" aria-hidden="true" %} **Verify secret** in the alert view. {% data variables.product.company_short %} will send the pattern to the relevant partner and display the validation status of the secret in the alert view.
+
+
+
+{% endif %}
+
+{% ifversion secret-scanning-github-token-metadata %}
+
+## Reviewing {% data variables.product.company_short %} token metadata
+
+> [!NOTE]
+> Metadata for {% data variables.product.company_short %} tokens is currently in public beta and subject to change.
+
+In the view for an active {% data variables.product.company_short %} token alert, you can review certain metadata about the token. This metadata may help you identify the token and decide what remediation steps to take.
+
+Tokens, like {% data variables.product.pat_generic %} and other credentials, are considered personal information. For more information about using {% data variables.product.company_short %} tokens, see [GitHub's Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) and [Acceptable Use Policies](/free-pro-team@latest/site-policy/acceptable-use-policies/github-acceptable-use-policies).
+
+ 
+
+ Metadata for {% data variables.product.company_short %} tokens is available for active tokens in any repository with secret scanning enabled. If a token has been revoked or its status cannot be validated, metadata will not be available. {% data variables.product.company_short %} auto-revokes {% data variables.product.company_short %} tokens in public repositories, so metadata for {% data variables.product.company_short %} tokens in public repositories is unlikely to be available. The following metadata is available for active {% data variables.product.company_short %} tokens:
+
+|Metadata|Description|
+|-------------------------|--------------------------------------------------------------------------------|
+|Secret name| The name given to the {% data variables.product.company_short %} token by its creator|
+|Secret owner| The {% data variables.product.company_short %} handle of the token's owner|
+|Created on| Date the token was created|
+|Expired on| Date the token expired|
+|Last used on| Date the token was last used|
+|Access| Whether the token has organization access|
+
+{% ifversion secret-scanning-user-owned-repos %}{% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %} If access is granted, {% data variables.product.prodname_dotcom %} will notify the owner of the repository containing the leaked secret, report the action in the repository owner and enterprise audit logs, and enable access for 2 hours.{% ifversion ghec %} For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise)."{% endif %}{% endif %}
+
+{% endif %}
+
+## Next steps
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts)"
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md
new file mode 100644
index 000000000000..6dd0553b9b8c
--- /dev/null
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md
@@ -0,0 +1,26 @@
+---
+title: Managing alerts from secret scanning
+intro: 'Learn how to find, evaluate, and resolve alerts for secrets stored in your repository.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+redirect_from:
+ - /github/administering-a-repository/managing-alerts-from-secret-scanning
+ - /code-security/secret-security/managing-alerts-from-secret-scanning
+
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Managing alerts
+children:
+ - /about-alerts
+ - /viewing-alerts
+ - /evaluating-alerts
+ - /resolving-alerts
+ - /monitoring-alerts
+---
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
new file mode 100644
index 000000000000..55d3f7954280
--- /dev/null
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
@@ -0,0 +1,54 @@
+---
+title: Monitoring alerts from secret scanning
+intro: 'Learn how and when {% data variables.product.product_name %} will notify you about a secret scanning alert.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Monitor alerts
+allowTitleToDifferFromFilename: true
+---
+
+## Configuring notifications for {% data variables.secret-scanning.alerts %}
+
+In addition to displaying an alert in the **Security** tab of the repository, {% data variables.product.product_name %} can also send email notifications for alerts. These notifications are different for incremental scans and historical scans.
+
+### Incremental scans
+
+{% data reusables.secret-scanning.secret-scanning-configure-notifications %}
+
+{% data reusables.repositories.navigate-to-repo %}
+1. To start watching the repository, select **{% octicon "eye" aria-hidden="true" %} Watch**.
+
+ 
+
+1. In the dropdown menu, click **All Activity**. Alternatively, to only subscribe to security alerts, click **Custom**, then click **Security alerts**.
+1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications).
+1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown.
+1. Select "Email" as a notification option, then click **Save**.
+
+ 
+
+{% data reusables.notifications.watch-settings %}
+
+### Historical scans
+
+For historical scans, {% data variables.product.product_name %} notifies the following users:
+
+* Organization owners, enterprise owners, and security managers—whenever a historical scan is complete, even if no secrets are found.
+* Repository administrators, security managers, and users with custom roles with read/write access—whenever a historical scan detects a secret, and according to their notification preferences.
+
+We do _not_ notify commit authors.
+
+{% data reusables.notifications.watch-settings %}
+
+## Auditing responses to secret scanning alerts
+
+{% data reusables.secret-scanning.audit-secret-scanning-events %}
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
new file mode 100644
index 000000000000..695c708331b7
--- /dev/null
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
@@ -0,0 +1,55 @@
+---
+title: Resolving alerts from secret scanning
+intro: 'After reviewing the details of a secret scanning alert, you should fix and then close the alert.'
+permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can dismiss secret scanning alerts for the repository.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Resolve alerts
+allowTitleToDifferFromFilename: true
+---
+
+## Fixing alerts
+
+Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.prodname_dotcom %} recommends the following actions for compromised secrets:
+
+* For a compromised {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+{%- ifversion token-audit-log %}
+ * {% ifversion ghec %}If your organization is owned by an enterprise account, identify{% else %}Identify{% endif %} any actions taken by the compromised token on your enterprise's resources. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)."
+{%- endif %}
+* For all other secrets, first verify that the secret committed to {% data variables.product.product_name %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.
+
+{% ifversion fpt or ghec %}
+
+> [!NOTE]
+> If a secret is detected in a public repository on {% data variables.product.prodname_dotcom %} and the secret also matches a partner pattern, an alert is generated and the potential secret is reported to the service provider. For details of partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
+
+{% endif %}
+
+## Closing alerts
+
+> [!NOTE]
+>{% data variables.product.prodname_secret_scanning_caps %} doesn't automatically close alerts when the corresponding token has been removed from the repository. You must manually close these alerts in the alert list on {% data variables.product.prodname_dotcom %}.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view.
+1. To dismiss an alert, select the "Close as" dropdown menu and click a reason for resolving an alert.
+
+ 
+
+1. Optionally, in the "Comment" field, add a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting. You can view the history of all dismissed alerts and dismissal comments in the alert timeline. You can also retrieve or set a comment by using the {% data variables.product.prodname_secret_scanning_caps %} API. The comment is contained in the `resolution_comment` field. For more information, see "[AUTOTITLE](/rest/secret-scanning#update-a-secret-scanning-alert)" in the REST API documentation.
+1. Click **Close alert**.
+
+## Next steps
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts)"
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
new file mode 100644
index 000000000000..8c044d59d82d
--- /dev/null
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
@@ -0,0 +1,87 @@
+---
+title: Viewing and filtering alerts from secret scanning
+intro: 'Learn how to find and filter {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}{% data variables.secret-scanning.user_alerts %} alerts{% endif %} for your repository.'
+permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view {% data variables.secret-scanning.user_alerts %}{% ifversion ghes %} alerts{% endif %} for the repository.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: View alerts
+allowTitleToDifferFromFilename: true
+---
+
+## About the {% data variables.product.prodname_secret_scanning %} alerts page
+
+{% data reusables.secret-scanning.secret-scanning-about-alerts %} {% data reusables.secret-scanning.repository-alert-location %}
+
+{% ifversion secret-scanning-non-provider-patterns %}
+To help you triage alerts more effectively, {% data variables.product.company_short %} separates alerts into two lists:
+* **High confidence** alerts.
+* **Other** alerts.
+
+
+
+### High confidence alerts list
+
+The "High confidence" alerts list displays alerts that relate to supported patterns and specified custom patterns. This list is always the default view for the alerts page.
+
+### Other alerts list
+
+The "Other" alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts have a higher rate of false positives.
+
+In addition, alerts that fall into this category:
+* Are limited in quantity to 5000 alerts per repository (this includes open and closed alerts).
+* Are not shown in the summary views for security overview, only in the "{% data variables.product.prodname_secret_scanning_caps %}" view.
+* Only have the first five detected locations shown on {% data variables.product.prodname_dotcom %} for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %}, and only the first detected location shown for AI-detected generic secrets{% endif %}.
+
+For {% data variables.product.company_short %} to scan for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} and generic secrets{% endif %}, you must first enable the feature{% ifversion secret-scanning-ai-generic-secret-detection %}s{% endif %} for your repository or organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %}" and "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/enabling-ai-powered-generic-secret-detection){% endif %}."
+
+{% endif %}
+
+## Viewing alerts
+
+Alerts for {% data variables.product.prodname_secret_scanning %} are displayed under the **Security** tab of the repository.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. {% ifversion secret-scanning-non-provider-patterns %}
+1. Optionally, toggle to "Other" to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.{% endif %}
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view.
+ {% ifversion secret-scanning-user-owned-repos %}
+
+ > [!NOTE]
+ > {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}
+
+ {% endif %}
+
+## Filtering alerts
+
+You can apply various filters to the alerts list to help you find the alerts you're interested in. You can use the dropdown menus above the alerts list, or input the qualifiers listed in the table into the search bar.
+
+|Qualifier|Description|
+|---------|-----------|
+|`is:open`|Displays open alerts.|
+|`is:closed`|Displays closed alerts.|
+| {% ifversion secret-scanning-bypass-filter %} |
+|`bypassed: true`|Displays alerts for secrets where push protection has been bypassed. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."|
+| {% endif %} |
+|`validity:active`| Displays alerts for secrets that are known to be active. {% ifversion fpt %}Applies to {% data variables.product.company_short %} tokens only.{% endif %} For more information about validity statuses, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)."|
+|`validity:inactive`| Displays alerts for secrets that are no longer active.|
+|`validity:unknown`| Displays alerts for secrets where the validity status of the secret is unknown.|
+|`secret-type:SECRET-NAME`| Displays alerts for a specific secret type, for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secret)." |
+|`provider:PROVIDER-NAME`|Displays alerts for a specific provider, for example, `provider:github`. For a list of supported partners, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."|
+| {% ifversion secret-scanning-non-provider-patterns %} |
+|`confidence:high`| Displays alerts for high-confidence secrets, which relate to supported secrets and custom patterns. For a list of supported high-confidence patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#high-confidence-patterns)." |
+|`confidence:other`| Displays alerts for non-provider patterns, such as private keys{% ifversion secret-scanning-ai-generic-secret-detection %}, and AI-detected generic secrets, such as passwords{% endif %}. For a list of supported non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)." {% ifversion secret-scanning-ai-generic-secret-detection %}For more information about AI-detected generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning)."{% endif %}|
+| {% endif %} |
+
+## Next steps
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts)"
diff --git a/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md b/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md
deleted file mode 100644
index 43b442b305cd..000000000000
--- a/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md
+++ /dev/null
@@ -1,273 +0,0 @@
----
-title: Push protection for repositories and organizations
-intro: 'With push protection for repositories and organizations, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.'
-product: '{% data reusables.gated-features.push-protection-for-repos %}'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-redirect_from:
- - /early-access/code-security/secret-scanning/protecting-pushes-with-secret-scanning
- - /code-security/secret-scanning/protecting-pushes-with-secret-scanning
-type: how_to
-topics:
- - Secret scanning
- - Advanced Security
- - Alerts
- - Repositories
-shortTitle: Push protection for repositories
----
-
-{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
-
-## About push protection for repositories and organizations
-
-{% data reusables.secret-scanning.pre-push-protection %} {% data reusables.secret-scanning.push-protection-overview %} {% data reusables.secret-scanning.push-protection-custom-pattern %} {% ifversion secret-scanning-push-protection-custom-patterns %}For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."{% endif %}
-
-{% data reusables.secret-scanning.push-protection-bypass %}
-
-{% data reusables.secret-scanning.bypass-reasons-and-alerts %}
-
-{% ifversion push-protection-delegated-bypass %}
-
-By default, anyone with write access to the repository can choose to bypass push protection by specifying one of the bypass reasons outlined in the table. If you want greater control over which contributors can bypass push protection and which pushes containing secrets should be allowed, you can enable delegated bypass for push protection. Delegated bypass lets you configure a designated group of reviewers to oversee and manage requests to bypass push protection from contributors pushing to the repository. For more information, see "[Enabling delegated bypass for push protection](#enabling-delegated-bypass-for-push-protection)."
-
-{% endif %}
-
-{% ifversion secret-scanning-bypass-filter %}
-
-On the {% data variables.product.prodname_secret_scanning %} alerts page for a repository or organization, you can apply the `bypassed:true` filter to easily see which alerts are the result of a user bypassing push protection. For more information on viewing these alerts, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
-
-{% endif %}
-
-You can monitor security alerts to discover when users are bypassing push protections and creating alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)."
-
-{% ifversion security-overview-push-protection-metrics-page %}
-
-If you are an organization owner or security manager, you can view metrics on how push protection is performing across your organization. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization)."
-
-{% endif %}
-
-{% ifversion ghec or fpt %}
-{% note %}
-
-**Note:** The github.dev web-based editor doesn't support push protection. For more information about the editor, see "[AUTOTITLE](/codespaces/the-githubdev-web-based-editor)."
-
-{% endnote %}
-{% endif %}
-
-For information on the secrets and service providers supported for push protection, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
-
-## Enabling {% data variables.product.prodname_secret_scanning %} as a push protection
-
-For you to use {% data variables.product.prodname_secret_scanning %} as a push protection in public repositories, the {% ifversion secret-scanning-enterprise-level %}enterprise,{% endif %} organization{% ifversion secret-scanning-enterprise-level %},{% endif %} or repository needs to have {% data variables.product.prodname_secret_scanning %} enabled.{% ifversion secret-scanning-push-protection-private-internal %} To use {% data variables.product.prodname_secret_scanning %} as a push protection in private or internal repositories,{% ifversion secret-scanning-user-owned-repos %} or in user-owned repositories{% ifversion ghec %} for {% data variables.product.prodname_emus %}{% endif %},{% endif %} the enterprise or organization also needs to have {% data variables.product.prodname_GH_advanced_security %} enabled.{% endif %} For more information, see {% ifversion secret-scanning-enterprise-level %}"[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise),"{% endif %} "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)," "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)," and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
-
-Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see "[AUTOTITLE](/rest/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section.
-
-Organization owners can provide a custom link that will be displayed when a push is blocked. This custom link can contain organization-specific resources and advice, such as directions on using a recommended secrets vault or who to contact for questions relating to the blocked secret.
-
-{% ifversion secret-scanning-enable-by-default-for-public-repos %}
-
-You can also enable push protection for all of your existing {% ifversion ghec %}user-owned {% endif %} public repositories through your personal account settings. For any new public repositories you create, push protection will be enabled by default. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-secret-scanning-alerts-for-users-for-all-your-public-repositories)."
-
-{% endif %}
-
-{% ifversion secret-scanning-enterprise-level-api %}
-Enterprise administrators can also enable or disable {% data variables.product.prodname_secret_scanning %} as a push protection for the enterprise via the API. For more information, see "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis)."{% endif %}
-
-{% note %}
-
-**Note:** When you fork a repository with {% data variables.product.prodname_secret_scanning %} as a push protection enabled, this is not enabled by default on the fork. You can enable it on the fork the same way you enable it on a standalone repository.
-
-{% endnote %}
-
-{% ifversion secret-scanning-enterprise-level %}
-
-### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection for your enterprise
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-1. In the left sidebar, click **Code security and analysis**.
-{% data reusables.advanced-security.secret-scanning-push-protection-enterprise %}
-{% endif %}
-
-### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection for an organization
-
-{% ifversion code-security-multi-repo-enablement %}
-You can use security overview to find a set of repositories and enable or disable {% data variables.product.prodname_secret_scanning %} as a push protection for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
-
-You can also use the organization settings page for "Code security and analysis" to enable or disable {% data variables.product.prodname_secret_scanning %} as a push protection for all existing repositories in an organization.
-{% else %}
-You can use the organization settings page for "Code security and analysis" to enable or disable {% data variables.product.prodname_secret_scanning %} as a push protection for all existing repositories in an organization.
-{% endif %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling push protection and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
-{% endif %}
-
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-push-protection-org %}
-
-{% data reusables.security.note-securing-your-org %}
-
-### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection for a repository
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-push-protection-repo %}
-
-{% ifversion secret-scanning-push-protection-custom-patterns %}
-
-## Enabling push protection for a custom pattern
-
-You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at {% ifversion ghec or ghes %}the enterprise, organization, or repository level{% else%} the organization or repository level{% endif %}.
-
-{% ifversion ghec or ghes %}
-
-### Enabling push protection for a custom pattern stored in an enterprise
-
-{% data reusables.secret-scanning.push-protection-enterprise-note %}
-
-Before enabling push protection for a custom pattern at enterprise level, you must also{% ifversion custom-pattern-dry-run-ga %} test your custom patterns using dry runs. {% data reusables.secret-scanning.dry-runs-enterprise-permissions %}{% else %} test your custom patterns in a repository before defining them for your entire enterprise, as there is no dry-run functionality. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}.{% endif %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
-{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. Under "Code security and analysis", click **Security features**.{% else %}
-{% data reusables.enterprise-accounts.advanced-security-policies %}
-{% data reusables.enterprise-accounts.advanced-security-security-features %}{% endif %}
-{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
-
- {% ifversion custom-pattern-dry-run-ga %}
- >[!NOTE] At the enterprise level, you can only edit and enable push protection for custom patterns that you created.
- {%- endif %}
-
-1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
-
- {% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
-
- 
-
-{% endif %}
-
-### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in an organization for a custom pattern
-
-Before enabling push protection for a custom pattern at organization level, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on managing custom patterns for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)." For information on enabling push protection for specific custom patterns, reference the following steps.
-{% endif %}
-
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
-1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
-{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}
-
- 
-
-### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in a repository for a custom pattern
-
-Before enabling push protection for a custom pattern at repository level, you must define the custom pattern for the repository, and test it in the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
-1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
-
- {% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
-
- 
-
-{% endif %}
-
-{% ifversion push-protection-delegated-bypass %}
-
-## Enabling delegated bypass for push protection
-
-{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
-
-Delegated bypass for push protection lets you control who can bypass push protection and which blocked pushes should be allowed.
-
-When you enable push protection, by default, anyone with write access to the repository can choose to bypass the protection by specifying a reason for allowing the push containing a secret. With delegated bypass, contributors to a repository are instead obligated to request "bypass privileges." The request is sent to a designated group of reviewers, who either approve or deny the request to bypass push protection.
-
-If the request to bypass push protection is approved, the contributor can push the commit containing the secret. If the request is denied, the contributor must remove the secret from the commit (or commits) containing the secret before pushing again.
-
-To configure delegated bypass, organization owners or repository administrators first create a "bypass list". The bypass list comprises specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](#configuring-delegated-bypass-for-a-repository)."
-
-Members of the bypass list view and manage requests through the "Push protection bypass" page in the **Security** tab of the repository. For more information, see "[Managing requests to bypass push protection](#managing-requests-to-bypass-push-protection)."
-
-Members of the bypass list are still protected from accidentally pushing secrets to a repository. When a member of the bypass list attempts to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. Members of the bypass list do not have to request bypass privileges from other members in order to override the block.
-
-### Configuring delegated bypass for an organization
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-global-settings-callout %}
-{% endif %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
-1. Under "Bypass list", click **Add role or team**.
- >[!NOTE] You can't add secret teams to the bypass list.
-1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
-
-### Configuring delegated bypass for a repository
-
->[!NOTE] If an organization owner configures delegated bypass at the organization-level, the repository-level settings are disabled.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
-1. Under "Bypass list", click **Add role or team**.
- >[!NOTE] You can't add secret teams to the bypass list.
-1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
-
-## Managing requests to bypass push protection
-
-You can view and manage all requests for bypass privileges on the "Push protection bypass" page, located under the **Security** tab of the repository.
-
-You can filter requests by approver (member of the bypass list), requester (contributor making the request), timeframe, and status. The following statuses are assigned to a request:
-
-|Status|Description|
-|---------|-----------|
-|`Cancelled`| The request has been cancelled by the contributor.|
-|`Completed`|The request has been approved and the commit(s) have been pushed to the repository.|
-|`Denied`|The request has been reviewed and denied.|
-|`Expired`| The request has expired. Requests are valid for 7 days. |
-|`Open`| The request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository. |
-
-When a contributor requests bypass privileges to push a commit containing a secret, members of the bypass list all receive an email notification containing a link to the request. Members of the bypass list then have 7 days to review and either approve or deny the request before the request expires.
-
-The contributor is notified of the decision by email and must take the required action. If the request is approved, the contributor can push the commit containing the secret to the repository. If the request is denied, the contributor must remove the secret from the commit in order to successfully push the commit to the repository.
-
-### Managing requests to bypass push protection at the repository-level
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.bypass-requests-settings %}
-1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review.
-1. Click the request that you want to review.
-1. Review the details of the request.
-1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**.
-
-{% endif %}
-
-## Further reading
-
-* "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection)"
-* "[AUTOTITLE](/code-security/secret-scanning/working-with-push-protection)"
diff --git a/content/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection.md b/content/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection.md
deleted file mode 100644
index 6a40a2960f41..000000000000
--- a/content/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Pushing a branch blocked by push protection
-intro: 'Push protection proactively protects you against leaked secrets in your repositories. You can resolve blocked pushes and, once the detected secret is removed, you can push changes to your working branch from the command line or the web UI.'
-product: '{% data reusables.gated-features.push-protection-users-and-repos %}'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: how_to
-topics:
- - Secret scanning
- - Advanced Security
- - Alerts
- - Repositories
-shortTitle: Push a blocked branch
----
-
-## About push protection
-
-Push protection helps to prevent security leaks by scanning for secrets before you push changes to your repository.
-
-When you try to push a secret to a repository secured by push protection, {% data variables.product.prodname_dotcom %} blocks the push. You must remove the secret from your branch before pushing again. For more information on how to resolve a blocked push, see "[Resolving a blocked push on the command line](#resolving-a-blocked-push-on-the-command-line)" and "[Resolving a blocked commit in the web UI](#resolving-a-blocked-commit-in-the-web-ui)" in this article.
-
-If you believe it's safe to allow the secret, you {% ifversion push-protection-delegated-bypass %}may {% endif %}have the option to bypass the protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-push-protection)."
-
-For information on the secrets and service providers supported for push protection, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
-
-## Resolving a blocked push on the command line
-
-{% data reusables.secret-scanning.push-protection-command-line-choice %}
-
-{% data reusables.secret-scanning.push-protection-multiple-branch-note %}
-
-### Removing a secret introduced by the latest commit on your branch
-
-If the blocked secret was introduced by the latest commit on your branch, you can follow the guidance below.
-
-1. Remove the secret from your code.
-1. To commit the changes, run `git commit --amend`. This updates the original commit that introduced the secret instead of creating a new commit.
-1. Push your changes with `git push`.
-
-### Removing a secret introduced by an earlier commit on your branch
-
-You can also remove the secret if the secret appears in an earlier commit in the Git history. To do so, you will need to identify which commit first introduced the secret and modify the commit history with an interactive rebase.
-
-1. Examine the error message that displayed when you tried to push your branch, which lists all of the commits that contain the secret.
-
- ```text
- remote: —— {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic_title_case %} ——————————————————————
- remote: locations:
- remote: - commit: 8728dbe67
- remote: path: README.md:4
- remote: - commit: 03d69e5d3
- remote: path: README.md:4
- remote: - commit: 8053f7b27
- remote: path: README.md:4
- ```
-
-1. Next, run `git log` to see a full history of all the commits on your branch, along with their corresponding timestamps.
-
- ```text
- test-repo (test-branch)]$ git log
- commit 8053f7b27 (HEAD -> main)
- Author: Octocat <1000+octocat@users.noreply.github.com
- Date: Tue Jan 30 13:03:37 2024 +0100
-
- my fourth commit message
-
- commit 03d69e5d3
- Author: Octocat <1000+octocat@users.noreply.github.com>
- Date: Tue Jan 30 13:02:59 2024 +0100
-
- my third commit message
-
- commit 8728dbe67
- Author: Octocat <1000+octocat@users.noreply.github.com
- Date: Tue Jan 30 13:01:36 2024 +0100
-
- my second commit message
-
- commit 6057cbe51
- Author: Octocat <1000+octocat@users.noreply.github.com
- Date: Tue Jan 30 12:58:24 2024 +0100
-
- my first commit message
-
-1. Focusing only on the commits that contain the secret, use the output of `git log` to identify which commit comes _earliest_ in your Git history.
- * In the example, commit `8728dbe67` was the first commit to contain the secret.
-1. Start an interactive rebase with `git rebase -i ~1`.
- * For ``, use the commit identified in step 3. For example, `git rebase -i 8728dbe67~1`.
-1. In the editor, choose to edit the commit identified in step 3 by changing `pick` to `edit` on the first line of the text.
-
- ```text
- edit 8728dbe67 my second commit message
- pick 03d69e5d3 my third commit message
- pick 8053f7b27 my fourth commit message
- ```
-
-1. Save and close the editor to start the interactive rebase.
-1. Remove the secret from your code.
-1. Commit your changes using `git commit --amend`.
-1. Run `git rebase --continue` to finish the rebase.
-1. Push your changes with `git push`.
-
-## Resolving a blocked commit in the web UI
-
-{% data reusables.secret-scanning.push-protection-web-ui-choice %}
-
-To resolve a blocked commit in the web UI, you need to remove the secret from the file. Once you remove the secret, you will be able to commit your changes.
-
-Alternatively, if you determine that it's safe to allow the secret, use the options displayed in the dialog box to bypass push protection. For more information about bypassing push protection from the web UI, see "[AUTOTITLE](/code-security/secret-scanning/working-with-push-protection#bypassing-push-protection-when-working-with-the-web-ui)."
-
-# Further reading
-
-* "[AUTOTITLE](/code-security/secret-scanning/working-with-push-protection)"
-* "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)"{% ifversion secret-scanning-push-protection-for-users %}
-* "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)"{% endif %}
diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/index.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/index.md
new file mode 100644
index 000000000000..cdf66c1e9353
--- /dev/null
+++ b/content/code-security/secret-scanning/secret-scanning-partnership-program/index.md
@@ -0,0 +1,13 @@
+---
+title: Secret scanning partnership program
+intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.'
+versions:
+ fpt: '*'
+ ghec: '*'
+topics:
+ - API
+shortTitle: Partner program
+children:
+ - /secret-scanning-partner-program
+---
+
diff --git a/content/code-security/secret-scanning/secret-scanning-partner-program.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
similarity index 97%
rename from content/code-security/secret-scanning/secret-scanning-partner-program.md
rename to content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
index 742fc7fd79d6..8f7db1a742b5 100644
--- a/content/code-security/secret-scanning/secret-scanning-partner-program.md
+++ b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
@@ -6,11 +6,14 @@ redirect_from:
- /partnerships/secret-scanning
- /developers/overview/secret-scanning
- /developers/overview/secret-scanning-partner-program
+ - /code-security/secret-scanning/secret-scanning-partner-program
versions:
fpt: '*'
ghec: '*'
topics:
- API
+ - Secret scanning
+ - Advanced Security
shortTitle: Partner program
---
@@ -85,22 +88,22 @@ The message body is a JSON array that contains one or more objects, with each ob
The list of valid values for `source` are:
-* content
-* commit
-* pull_request_title
-* pull_request_description
-* pull_request_comment
-* issue_title
-* issue_description
-* issue_comment
-* discussion_title
-* discussion_body
-* discussion_comment
-* commit_comment
-* gist_content
-* gist_comment
-* npm
-* unknown
+* Content
+* Commit
+* Pull_request_title
+* Pull_request_description
+* Pull_request_comment
+* Issue_title
+* Issue_description
+* Issue_comment
+* Discussion_title
+* Discussion_body
+* Discussion_comment
+* Commit_comment
+* Gist_content
+* Gist_comment
+* Npm
+* Unknown
### Implement signature verification in your secret alert service
diff --git a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md
new file mode 100644
index 000000000000..8cbdd7d96ba4
--- /dev/null
+++ b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md
@@ -0,0 +1,18 @@
+---
+title: Troubleshooting secret scanning and push protection
+shortTitle: Troubleshoot secret scanning
+intro: 'If you have problems with {% data variables.product.prodname_secret_scanning %} or push protection, you can use these tips to help resolve issues.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Troubleshooting
+children:
+ - /troubleshooting-secret-scanning
+---
+
diff --git a/content/code-security/secret-scanning/troubleshooting-secret-scanning.md b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning.md
similarity index 86%
rename from content/code-security/secret-scanning/troubleshooting-secret-scanning.md
rename to content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning.md
index 829a21c7246e..aa572adac2df 100644
--- a/content/code-security/secret-scanning/troubleshooting-secret-scanning.md
+++ b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning.md
@@ -1,7 +1,7 @@
---
title: Troubleshooting secret scanning
shortTitle: Troubleshoot secret scanning
-intro: 'If you have problems with {% data variables.product.prodname_secret_scanning %}, you can use these tips to help resolve issues.'
+intro: 'When using {% data variables.product.prodname_secret_scanning %} to detect secrets in your repository, or secrets about to be committed into your repository, you may need to troubleshoot unexpected issues.'
product: '{% data reusables.gated-features.secret-scanning %}'
versions:
fpt: '*'
@@ -12,6 +12,8 @@ topics:
- Secret scanning
- Advanced Security
- Troubleshooting
+redirect_from:
+ - /code-security/secret-scanning/troubleshooting-secret-scanning
---
{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
@@ -20,7 +22,7 @@ topics:
{% data variables.product.prodname_secret_scanning_caps %} will only detect pattern pairs, such as AWS Access Keys and Secrets, if the ID and the secret are found in the same file, and both are pushed to the repository. Pair matching helps reduce false positives since both elements of a pair (the ID and the secret) must be used together to access the provider's resource.
-Pairs pushed to different files, or not pushed to the same repository, will not result in alerts. For more information about the supported pattern pairs, see the table in "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
+Pairs pushed to different files, or not pushed to the same repository, will not result in alerts. For more information about the supported pattern pairs, see the table in "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)."
{% ifversion secret-scanning-validity-check %}
@@ -32,7 +34,7 @@ For {% data variables.product.prodname_dotcom %} tokens, we check the validity o
## Push protection limitations
-If push protection did not detect a secret that you think should have been detected, then you should first check that push protection supports the secret type in the list of supported secrets. For further information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+If push protection did not detect a secret that you think should have been detected, then you should first check that push protection supports the secret type in the list of supported secrets. For further information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
If your secret is in the supported list, there are various reasons why push protection may not detect it.
diff --git a/content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai.md
similarity index 78%
rename from content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns.md
rename to content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai.md
index fa61ea51e259..e087bdaf2ed7 100644
--- a/content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai.md
@@ -1,5 +1,5 @@
---
-title: About the regular expression generator for custom patterns
+title: About generating regular expressions with AI
shortTitle: Generate regular expressions with AI
intro: 'You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions for each pattern, using the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}.'
product: '{% data reusables.gated-features.secret-scanning %}'
@@ -11,13 +11,14 @@ topics:
- Advanced Security
- Secret scanning
- AI
+redirect_from:
+ - /code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns
+ - /code-security/secret-scanning/about-generating-regular-expressions-with-ai
---
-{% data reusables.rai.secret-scanning.beta-custom-pattern-regular-expression-generator %}
-
-## About the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+## About generating regular expressions with AI
{% data variables.product.prodname_secret_scanning_caps %} scans repositories for a predefined set of secrets from our partner program, as well as custom patterns that are user-defined. Custom patterns are formatted as regular expressions.
@@ -35,21 +36,17 @@ The model returns up to three regular expressions for you to review. You can cli
Some results may be quite similar, and some results may not find every instance of the secret that the pattern is intended to detect. It is also possible that the regular expression generator may produce results which are invalid or inappropriate.
-When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization.{% ifversion secret-scanning-custom-pattern-ai-generated %} For more information on how to define a custom pattern for your repository or organization, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %}
+When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization.{% ifversion secret-scanning-custom-pattern-ai-generated %} For more information on how to define a custom pattern for your repository or organization, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)." {% endif %}
-## Improving performance for the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+## Improving performance when generating regular expressions with AI
-To enhance performance and address some of the limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, there are various measures that you can adopt. For more information on the limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, see "[Limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}](#limitations-of-the-regular-expression-generator)."
+To enhance performance and address some of the limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, there are various measures that you can adopt. For more information on the limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, see "[Limitations of generating regular expressions with AI](#limitations-of-generating-regular-expressions-with-ai)."
### Use the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} as a tool, not a replacement
While the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is a powerful tool to create custom patterns without you having to write regular expressions yourself, it is important to use it as a tool rather than a replacement for manual input. You should carefully validate the performance of the results by performing a dry run across your organization or repository. It's a good idea to run the pattern on a repository (or repositories) that are representative of the repositories in your organization. In some cases, it may be beneficial to modify a generated regular expression to more fully meet your needs. You remain ultimately responsible for any custom patterns you decide to use.
-### Provide feedback
-
-The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is currently in beta. If you encounter any issues or limitations with the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, we recommend that you provide feedback through the **Give feedback** button at the top of the generator, in the UI. This can help the developers to improve the tool and address any concerns or limitations.
-
-## Limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+## Limitations of generating regular expressions with AI
Depending on factors such as your input description and examples, you may experience different levels of performance when using the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}. You need to be as specific as possible with your description, and provide different types of examples of tokens that match your pattern, to be sure that the regular expression encompasses all the patterns you want {% data variables.product.prodname_secret_scanning %} to search for.
@@ -61,18 +58,18 @@ Note that the {% data variables.secret-scanning.custom-pattern-regular-expressio
## Next steps
-* [AUTOTITLE](/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai)
* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
{% endif %}
## Further reading
{% ifversion fpt %}
-* [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
{% endif %}
{% ifversion secret-scanning-custom-pattern-ai-generated %}
-* [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)
-* [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
{% endif %}
diff --git a/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md
similarity index 80%
rename from content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
rename to content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md
index b29c3d13253e..c9ff88542f3a 100644
--- a/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md
@@ -5,6 +5,7 @@ intro: 'You can define your own custom patterns to extend the capabilities of {%
product: '{% data reusables.gated-features.secret-scanning %}'
redirect_from:
- /code-security/secret-security/defining-custom-patterns-for-secret-scanning
+ - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
versions:
ghes: '*'
ghec: '*'
@@ -16,7 +17,7 @@ topics:
## About custom patterns for {% data variables.product.prodname_secret_scanning %}
-You can define custom patterns to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For example, you might have a secret pattern that is internal to your organization. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
+You can define custom patterns to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For example, you might have a secret pattern that is internal to your organization. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)."
You can define custom patterns for your enterprise, organization, or repository. {% data variables.product.prodname_secret_scanning_caps %} supports up to 500 custom patterns for each organization or enterprise account, and up to 100 custom patterns per repository.
@@ -45,13 +46,13 @@ For simple tokens you will usually only need to specify a secret format. The oth
### Using the regular expression generator
-{% data reusables.secret-scanning.regular-expression-generator-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai)."
+{% data reusables.secret-scanning.regular-expression-generator-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai)" and "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai)."
{% endif %}
## Defining a custom pattern for a repository
-Before defining a custom pattern, you must ensure that {% data variables.product.prodname_secret_scanning %} is enabled on your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories)."
+Before defining a custom pattern, you must ensure that {% data variables.product.prodname_secret_scanning %} is enabled on your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)."
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
@@ -107,18 +108,28 @@ aAAAe9
## Defining a custom pattern for an organization
-Before defining a custom pattern, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+Before defining a custom pattern, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. {% ifversion security-configurations-ga %} You can use {% data variables.product.prodname_security_configurations %} to enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization using the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."{% else %}
+To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+{% endif %}
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
+{% ifversion security-configurations-beta-and-pre-beta %}
{% data reusables.organizations.security-and-analysis %}
+{% else %}
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
+{% endif %}
-{% ifversion security-configurations %}
+{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on defining a custom pattern for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)."
{% endif %}
+{% ifversion security-configurations-beta-and-pre-beta %}
{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+{% else %}
+1. Find "{% data variables.product.prodname_GH_advanced_security %}."
+{% endif %}
+{% data reusables.advanced-security.secret-scanning-new-custom-pattern-org %}
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
{%- ifversion custom-pattern-dry-run-ga %}
1. When you're ready to test your new custom pattern, to identify matches in select repositories without creating alerts, click **Save and dry run**.
@@ -168,44 +179,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
-## Editing a custom pattern
-
-When you save a change to a custom pattern, this closes all the {% data variables.secret-scanning.alerts %} that were created using the previous version of the pattern.
-{% data reusables.secret-scanning.view-custom-pattern %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
-{%- ifversion custom-pattern-dry-run-ga %}
-1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
-{%- endif %}
-1. When you have reviewed and tested your changes, click **Publish changes**.{% ifversion secret-scanning-push-protection-custom-patterns %}
-{% data reusables.advanced-security.secret-scanning-enable-push-protection-custom-pattern %}
-1. Optionally, to disable push protection for your custom pattern, click **Disable**.
-
- {% endif %}
-
-## Removing a custom pattern
-
-{% data reusables.secret-scanning.view-custom-pattern %}
-1. To the right of the custom pattern you want to remove, click {% octicon "trash" aria-label="Remove pattern" %}.
-1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern.
-1. Click **Yes, delete this pattern**.
-
-{% ifversion secret-scanning-custom-patterns-metrics %}
+## Further reading
-## Metrics for custom patterns
-
-Organization owners and people with admin permissions can see an overview of the activity for custom patterns. The overview includes alert and push protection activity for the custom pattern during the last 30 days.
-
-{% note %}
-
-**Note:** Metrics for custom patterns are in public beta and subject to change.
-
-{% endnote %}
-
-### Viewing metrics for custom patterns
-
-{% data reusables.secret-scanning.view-custom-pattern %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the custom pattern you want to view.
-
-The metrics are displayed under the custom pattern's name.
-
-{% endif %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns)" {% ifversion secret-scanning-custom-patterns-metrics %}
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns)"{% endif %}
diff --git a/content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai.md
similarity index 66%
rename from content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md
rename to content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai.md
index 1980dddad50a..b8144155c074 100644
--- a/content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai.md
@@ -10,10 +10,11 @@ topics:
- Advanced Security
- Secret scanning
- AI
+redirect_from:
+ - /code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai
---
-{% data reusables.secret-scanning.beta-custom-pattern-regular-expression-generator %}
-## Generating a regular expression for a repository using the generator
+## Generating a regular expression for a repository with AI
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
@@ -27,18 +28,12 @@ topics:
{% data reusables.secret-scanning.link-to-push-protection %}
-## Generating a regular expression for an organization using the generator
+## Generating a regular expression for an organization with AI
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For detail on using the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, reference the following steps in this procedure. For more information on configuring {% data variables.product.prodname_global_settings %} for your organization, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)."
-{% endif %}
-
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
+{% data reusables.advanced-security.secret-scanning-new-custom-pattern-org %}
{% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %}
1. When you're ready to test your new custom pattern, to identify matches in selected repositories without creating alerts, click **Save and dry run**.
{% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
@@ -49,4 +44,4 @@ topics:
## Further reading
-* "[AUTOTITLE](/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns)"
+* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai)"
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md
new file mode 100644
index 000000000000..779f371f9327
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md
@@ -0,0 +1,20 @@
+---
+title: Custom patterns
+shortTitle: Custom patterns
+allowTitleToDifferFromFilename: true
+intro: 'You can extend the capabilities of {% data variables.product.prodname_secret_scanning %} to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ ghes: '*'
+ ghec: '*'
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /defining-custom-patterns-for-secret-scanning
+ - /managing-custom-patterns
+ - /about-generating-regular-expressions-with-ai
+ - /generating-regular-expressions-for-custom-patterns-with-ai
+ - /metrics-for-custom-patterns
+---
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md
new file mode 100644
index 000000000000..457469577649
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md
@@ -0,0 +1,107 @@
+---
+title: Managing custom patterns
+shortTitle: Manage custom patterns
+intro: 'You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Advanced Security
+ - Secret scanning
+---
+
+Custom patterns are user-defined patterns that you can use to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
+
+## Editing a custom pattern
+
+When you save a change to a custom pattern, this closes all the {% data variables.secret-scanning.alerts %} that were created using the previous version of the pattern.
+
+{% data reusables.secret-scanning.view-custom-pattern %}
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
+{%- ifversion custom-pattern-dry-run-ga %}
+1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
+{%- endif %}
+1. When you have reviewed and tested your changes, click **Publish changes**.{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-enable-push-protection-custom-pattern %}
+1. Optionally, to disable push protection for your custom pattern, click **Disable**.
+
+ {% endif %}
+
+## Removing a custom pattern
+
+{% data reusables.secret-scanning.view-custom-pattern %}
+1. To the right of the custom pattern you want to remove, click {% octicon "trash" aria-label="Remove pattern" %}.
+1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern.
+1. Click **Yes, delete this pattern**.
+
+{% ifversion secret-scanning-push-protection-custom-patterns %}
+
+## Enabling push protection for a custom pattern
+
+You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at {% ifversion ghec or ghes %}the enterprise, organization, or repository level{% else %} the organization or repository level{% endif %}.
+
+{% ifversion ghec or ghes %}
+
+### Enabling push protection for a custom pattern stored in an enterprise
+
+{% data reusables.secret-scanning.push-protection-enterprise-note %}
+
+Before enabling push protection for a custom pattern at enterprise level, you must also{% ifversion custom-pattern-dry-run-ga %} test your custom patterns using dry runs. {% data reusables.secret-scanning.dry-runs-enterprise-permissions %}{% else %} test your custom patterns in a repository before defining them for your entire enterprise, as there is no dry-run functionality. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}.{% endif %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. Under "Code security and analysis", click **Security features**.{% else %}
+{% data reusables.enterprise-accounts.advanced-security-policies %}
+{% data reusables.enterprise-accounts.advanced-security-security-features %}{% endif %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+
+ {% ifversion custom-pattern-dry-run-ga %}
+ >[!NOTE] At the enterprise level, you can only edit and enable push protection for custom patterns that you created.
+ {%- endif %}
+
+1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
+
+ {% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
+
+ 
+
+{% endif %}
+
+### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in an organization for a custom pattern
+
+Before enabling push protection for a custom pattern at organization level, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.security-and-analysis %}
+
+{% ifversion security-configurations %}
+ {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on managing custom patterns for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)." For information on enabling push protection for specific custom patterns, reference the following steps.
+{% endif %}
+
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
+{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}
+
+ 
+
+### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in a repository for a custom pattern
+
+Before enabling push protection for a custom pattern at repository level, you must define the custom pattern for the repository, and test it in the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
+
+ {% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
+
+ 
+
+{% endif %}
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md
new file mode 100644
index 000000000000..a9e3e99c420e
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md
@@ -0,0 +1,25 @@
+---
+title: Metrics for custom patterns
+shortTitle: Custom pattern metrics
+intro: 'You can view alert metrics for custom patterns at the repository, organization, and enterprise levels.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ feature: secret-scanning-custom-patterns-metrics
+type: how_to
+topics:
+ - Advanced Security
+ - Secret scanning
+---
+
+## Metrics for custom patterns
+
+Organization owners and people with admin permission for a repository can see an overview of the activity for custom patterns. The overview includes alert and push protection activity for the custom pattern during the last 30 days.
+
+> [!NOTE] Metrics for custom patterns are in public beta and subject to change.
+
+## Viewing metrics for custom patterns
+
+{% data reusables.secret-scanning.view-custom-pattern %}
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the custom pattern you want to view.
+
+The metrics are displayed under the custom pattern's name.
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md
new file mode 100644
index 000000000000..90c877b02e01
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md
@@ -0,0 +1,22 @@
+---
+title: About delegated bypass for push protection
+intro: 'You can control which teams or roles have the ability to bypass push protection in your organization or repository.'
+product: '{% data reusables.gated-features.push-protection-for-repos %}'
+versions:
+ feature: push-protection-delegated-bypass
+type: overview
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Delegated bypass
+---
+
+## About delegated bypass for push protection
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %}
+
+{% data reusables.secret-scanning.push-protection-delegated-bypass-overview %}
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
new file mode 100644
index 000000000000..5bb5830abc9a
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
@@ -0,0 +1,68 @@
+---
+title: Enabling delegated bypass for push protection
+intro: 'You can use delegated bypass for your organization or repository to control who can push commits that contain secrets identified by {% data variables.product.prodname_secret_scanning %}.'
+product: '{% data reusables.gated-features.push-protection-for-repos %}'
+permissions: 'Organization owners and repository administrators can enable delegated bypass for push protection for their organization and repository, respectively.'
+versions:
+ feature: push-protection-delegated-bypass
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Enable delegated bypass
+---
+
+## About enabling delegated bypass for push protection
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)."
+
+When you enable this feature, you will create a bypass list of roles and teams who can manage requests to bypass push protection. If you don't already have appropriate teams or roles to use, you should create additional teams before you start.
+
+>[!NOTE] You can't add secret teams to the bypass list.
+
+{% ifversion push-protection-bypass-fine-grained-permissions %}Alternatively, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions, which give you more refined control over which individuals and teams can approve and deny bypass requests. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %}
+
+## Configuring delegated bypass for an organization
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.organizations.security-and-analysis %}
+{% ifversion security-configurations %}
+ {% data reusables.security-configurations.changed-org-settings-global-settings-callout %}
+{% endif %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
+1. Under "Bypass list", click **Add role or team**.
+1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
+
+## Configuring delegated bypass for a repository
+
+>[!NOTE] If an organization owner configures delegated bypass at the organization-level, the repository-level settings are disabled.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
+1. Under "Bypass list", click **Add role or team**.
+
+ >[!NOTE] You can't add secret teams to the bypass list.
+
+1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
+
+{% ifversion push-protection-bypass-fine-grained-permissions %}
+
+## Using fine-grained permissions to control who can review and manage bypass requests
+
+You can grant specific individuals or teams the ability to review and manage bypass requests using fine-grained permissions.
+
+1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-5 in "[Configuring delegated bypass for your organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)."
+1. Create (or edit) a custom organization role. For information on creating and editing custom roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#creating-a-custom-role)."
+1. When choosing which permissions to add to the custom role, select the "Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" permission.
+1. Assign the custom role to individual members or teams in your organization. For more information on assigning custom roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role)."
+
+{% endif %}
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md
new file mode 100644
index 000000000000..6546c4d8f392
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md
@@ -0,0 +1,19 @@
+---
+title: Delegated bypass for push protection
+shortTitle: Delegated bypass
+allowTitleToDifferFromFilename: true
+intro: 'You can control the ability to bypass push protection by setting up a reviewers group to assess requests. When a contributor proposes bypassing protections, any member of the bypass list can approve or block the request.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /about-delegated-bypass-for-push-protection
+ - /enabling-delegated-bypass-for-push-protection
+ - /managing-requests-to-bypass-push-protection
+---
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md
new file mode 100644
index 000000000000..bd54906659f1
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md
@@ -0,0 +1,51 @@
+---
+title: Managing requests to bypass push protection
+intro: 'As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.'
+product: '{% data reusables.gated-features.push-protection-for-repos %}'
+permissions: 'Members of the bypass list can process requests from non-members to bypass push protection.'
+versions:
+ feature: push-protection-delegated-bypass
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Manage bypass requests
+---
+
+## Managing requests to bypass push protection
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %}
+
+An organization owner or repository administrator defines which roles and teams are included in a bypass list. Members of the bypass list can view and manage all requests for bypass privileges on the "Push protection bypass" page, located under the **Security** tab of the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)."
+
+> [!NOTE] Members of the bypass list are still protected from accidentally pushing secrets to a repository. When a member of the bypass list attempts to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. Members of the bypass list do not have to request bypass privileges from other members in order to override the block.
+
+### Managing requests to bypass push protection at the repository level
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.bypass-requests-settings %}
+1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, or that have been approved but for which the commits haven't been pushed to the repository yet.
+1. Click the request that you want to review.
+1. Review the details of the request.
+1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**.
+
+### Filtering by request status
+
+You can filter requests by approver (member of the bypass list), requester (contributor making the request), timeframe, and status. The following statuses are assigned to a request:
+
+|Status|Description|
+|---------|-----------|
+|`Cancelled`| The request has been cancelled by the contributor.|
+|`Completed`|The request has been approved and the commit(s) have been pushed to the repository.|
+|`Denied`|The request has been reviewed and denied.|
+|`Expired`| The request has expired. Requests are valid for 7 days. |
+|`Open`| The request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository. |
+
+When a contributor requests bypass privileges to push a commit containing a secret, members of the bypass list all receive an email notification containing a link to the request. Members of the bypass list then have 7 days to review and either approve or deny the request before the request expires.
+
+The contributor is notified of the decision by email and must take the required action. If the request is approved, the contributor can push the commit containing the secret to the repository. If the request is denied, the contributor must remove the secret from the commit in order to successfully push the commit to the repository.
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md
new file mode 100644
index 000000000000..82e7f4b586e3
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md
@@ -0,0 +1,71 @@
+---
+title: Excluding folders and files from secret scanning
+intro: 'You can customize {% data variables.product.prodname_secret_scanning %} to exclude directories or files from analysis, by configuring a `secret_scanning.yml` file in your repository.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+shortTitle: Exclude folders and files
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+---
+
+## About {% data variables.product.prodname_secret_scanning %}
+
+{% data variables.product.prodname_secret_scanning_caps %} automatically detects tokens or credentials that have been checked into a repository. You can view {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}alerts{% endif %} for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised.{% data reusables.secret-scanning.alert-type-links %}
+
+## About excluding directories from {% data variables.secret-scanning.user_alerts %}
+
+You may have a reason to commit a secret to a repository, such as when you want to provide a fake secret in documentation, or in an example application. In these scenarios, you can quickly dismiss the alert and document the reasons. However, there may be cases where you want to ignore a directory entirely to avoid creating false positive alerts at scale. For example, you might have a monolithic application with several integrations containing a file of dummy keys that could set off numerous false alerts to triage.
+
+You can configure a `secret_scanning.yml` file to exclude directories from {% data variables.product.prodname_secret_scanning %}, including when you use push protection.
+
+## Excluding directories from {% data variables.secret-scanning.user_alerts %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.files.add-file %}
+1. In the file name field, enter ".github/secret_scanning.yml".
+1. Under **Edit new file**, type `paths-ignore:` followed by the paths you want to exclude from {% data variables.product.prodname_secret_scanning %}.
+
+ ``` yaml copy
+ paths-ignore:
+ - "docs/**"
+ ```
+
+ This tells {% data variables.product.prodname_secret_scanning %} to ignore everything in the `docs` directory. You can use this example file as a template to add the files and folders you’d like to exclude from your own repositories.
+
+ You can also use special characters, such as `*` to filter paths. For more information about filter patterns, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
+
+ ``` yaml copy
+ paths-ignore:
+ - "foo/bar/*.js"
+ ```
+
+ {% note %}
+
+ **Notes:**
+ * If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans.
+ * If `secret_scanning.yml` is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file.
+
+ {% endnote %}
+
+## Verifying that the folder is excluded from {% data variables.product.prodname_secret_scanning %}
+
+1. Open a file in a directory that you have excluded from secret scanning
+1. Paste a pre-invalidated secret, or a test secret.
+1. Commit the change.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %} There should be no new open alerts for the secret you just introduced into the file.
+
+## Best practices
+
+Best practices include:
+
+* Minimizing the number of directories excluded and being as precise as possible when defining exclusions. This ensures that the instructions are as clear as possible, and that exclusions work as intended.
+* Explaining why a particular file or folder is excluded in a comment in the `secret_scanning.yml` file. As with regular code, using comments clarifies your intention, making it easier for others to understand the desired behavior.
+* Reviewing the `secret_scanning.yml` file on a regular basis. Some exclusions may no longer apply with time, and it is good practice to keep the file clean and current. The use of comments, as advised above, can help with this.
+* Informing the security team what files and folders you've excluded, and why. Good communication is vital in ensuring that everyone is on the same page, and understands why specific folders or files are excluded.
diff --git a/content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning.md
similarity index 85%
rename from content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md
rename to content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning.md
index fd62a76201c1..4738306efde1 100644
--- a/content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning.md
@@ -10,6 +10,8 @@ topics:
- Secret scanning
- Advanced Security
- AI
+redirect_from:
+ - /code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning
---
@@ -24,7 +26,7 @@ Generic secret detection is an AI-powered expansion of {% data variables.product
When a password is detected, an alert is displayed in the list of {% data variables.product.prodname_secret_scanning %} alerts (under the **Security** tab of the repository, organization, or enterprise), so that maintainers and security managers can review the alert and, where necessary, remove the credential or implement a fix.
-In order to use generic secret detection, the enterprise owner sets a policy at the enterprise level. The feature must then be enabled for repositories. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-to-manage-the-use-of-generic-secret-detection-for-secret-scanning-in-your-enterprises-repositories)."
+To use the feature, an enterprise owner sets a policy at the enterprise level that controls whether repositories can enable or disable AI detection. This policy is set to "allowed" by default. The feature must then be enabled for repositories and organizations.
### Input processing
@@ -36,7 +38,7 @@ The system scans for passwords using the LLM. No additional data is collected by
The LLM scans for strings that resemble passwords and verifies that the identified strings included in the response actually exist in the input.
-These detected strings are surfaced as alerts on the {% data variables.product.prodname_secret_scanning %} alerts page, but they are displayed in an additional list that is separate from regular {% data variables.secret-scanning.alerts %}. The intent is that this separate list is triaged with more scrutiny to verify the validity of the findings. Each alert notes that it was detected using AI. {% ifversion secret-scanning-ai-generic-secret-detection %}For information on how to view alerts for generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."{% endif %}
+These detected strings are surfaced as alerts on the {% data variables.product.prodname_secret_scanning %} alerts page, but they are displayed in an additional list that is separate from regular {% data variables.secret-scanning.alerts %}. The intent is that this separate list is triaged with more scrutiny to verify the validity of the findings. Each alert notes that it was detected using AI. {% ifversion secret-scanning-ai-generic-secret-detection %}For information on how to view alerts for generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."{% endif %}
## Improving the performance of generic secret detection
@@ -74,11 +76,12 @@ Generic secret detection has been subject to Responsible AI Red Teaming and {% d
## Next steps
-* [AUTOTITLE](/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/enabling-ai-powered-generic-secret-detection)
* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
{% endif %}
## Further reading
-* [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
+* [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-to-manage-the-use-of-generic-secret-detection-for-secret-scanning-in-your-enterprises-repositories)
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/enabling-ai-powered-generic-secret-detection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/enabling-ai-powered-generic-secret-detection.md
new file mode 100644
index 000000000000..7fb698011111
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/enabling-ai-powered-generic-secret-detection.md
@@ -0,0 +1,46 @@
+---
+title: Enabling AI-powered generic secret detection
+shortTitle: Enable generic secret detection
+intro: 'You can enable AI-powered generic secret detection for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page.'
+versions:
+ feature: secret-scanning-ai-generic-secret-detection
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - AI
+redirect_from:
+ - /code-security/secret-scanning/enabling-ai-powered-generic-secret-detection
+---
+
+{% data reusables.secret-scanning.generic-secret-detection-ai %}
+
+## Enabling AI-powered generic secret detection for your repository
+
+To use generic secret detection, an enterprise owner must first set a policy at the enterprise level that controls whether repositories can enable or disable AI detection. This policy is set to "allowed" by default.
+
+You can then enable the feature in the "Code security and analysis" settings page of your repository.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+1. Under "Secret scanning", select the checkbox next to "Use AI detection to find additional secrets".
+
+## Enabling AI-powered generic secret detection for your organizations
+
+To use generic secret detection, an enterprise owner must first set a policy at the enterprise level that controls whether repositories in an organization can enable or disable AI detection. This policy is set to "allowed" by default.
+
+You can then enable the feature in the security settings page of your organization.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
+1. Under "Secret scanning", select the checkbox next to "Use AI detection to find additional secrets".
+
+For information on how to view alerts for generic secrets that have been detected using AI, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."
+
+## Further reading
+
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/index.md
new file mode 100644
index 000000000000..7604bae5926b
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/index.md
@@ -0,0 +1,16 @@
+---
+title: Generic secret detection
+shortTitle: Generic secret detection
+allowTitleToDifferFromFilename: true
+intro: 'You can use AI in combination with {% data variables.product.prodname_secret_scanning %} to detect unstructured passwords in git content.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ feature: secret-scanning-ai-generic-secret-detection
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /about-the-detection-of-generic-secrets-with-secret-scanning
+ - /enabling-ai-powered-generic-secret-detection
+---
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md
new file mode 100644
index 000000000000..6ed5a0921dda
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md
@@ -0,0 +1,21 @@
+---
+title: Using advanced secret scanning and push protection features
+shortTitle: Advanced features
+allowTitleToDifferFromFilename: true
+intro: 'Learn how you can customize {% data variables.product.prodname_secret_scanning %} to meet the needs of your company.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /excluding-folders-and-files-from-secret-scanning
+ - /non-provider-patterns
+ - /generic-secret-detection
+ - /custom-patterns
+ - /delegated-bypass-for-push-protection
+---
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md
new file mode 100644
index 000000000000..4c06b3369570
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md
@@ -0,0 +1,46 @@
+---
+title: Enabling secret scanning for non-provider patterns
+allowTitleToDifferFromFilename: true
+intro: 'You can enable {% data variables.product.prodname_secret_scanning %} to detect additional potential secrets at the {% ifversion security-configurations %}repository and organization levels{% else %}repository level{% endif %}.'
+product: '{% data reusables.gated-features.push-protection-for-repos %}'
+versions:
+ feature: secret-scanning-non-provider-patterns
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+shortTitle: Enable for non-provider patterns
+---
+
+## Enabling scanning for non-provider patterns
+
+{% data reusables.secret-scanning.non-provider-patterns-beta %}
+
+You can enable scanning for non-provider patterns. Non-provider patterns correspond to secrets such as private keys and they have a higher ratio of false positives.
+
+For more information about non-provider patterns, see "{% ifversion fpt or ghec %}[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#about-user--alerts){% else %}[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#about-secret-scanning-alerts){% endif %}."
+
+{% ifversion security-configurations %}
+
+### Enabling detection of non-provider patterns for a repository
+
+{%endif %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. Under {% data variables.product.prodname_secret_scanning_caps %}, to the right of "Non-provider patterns", click **Enable**.
+
+{% ifversion security-configurations %}
+
+### Enabling detection of non-provider patterns for an organization
+
+You can enable scanning for non-provider patterns at the organization level{% ifversion org-npp-enablement-security-configurations %} using the {% data variables.product.prodname_github_security_configuration %} or by applying a custom security configuration{% endif %}. For more information, see {% ifversion org-npp-enablement-security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration){% elsif ghes < 3.15 %}"[Configuring global secret scanning settings](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#configuring-global-secret-scanning-settings){% endif %}."
+
+{% endif %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)"
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md
new file mode 100644
index 000000000000..8ee2edb91607
--- /dev/null
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md
@@ -0,0 +1,15 @@
+---
+title: Non-provider patterns
+shortTitle: Non-provider patterns
+allowTitleToDifferFromFilename: true
+intro: '{% data variables.product.prodname_secret_scanning_caps %} can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ feature: secret-scanning-non-provider-patterns
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /enabling-secret-scanning-for-non-provider-patterns
+---
diff --git a/content/code-security/secret-scanning/working-with-push-protection.md b/content/code-security/secret-scanning/working-with-push-protection.md
deleted file mode 100644
index 74105e744194..000000000000
--- a/content/code-security/secret-scanning/working-with-push-protection.md
+++ /dev/null
@@ -1,129 +0,0 @@
----
-title: Working with push protection
-intro: 'Push protection proactively secures you against leaked secrets in your repositories by blocking pushes containing secrets. To push a commit containing a secret, you must specify a reason for bypassing the block{% ifversion push-protection-delegated-bypass %}, or, if required, request bypass privileges to bypass the block{% endif %}.'
-product: '{% data reusables.gated-features.push-protection-for-repos %}'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-type: how_to
-topics:
- - Secret scanning
- - Advanced Security
- - Alerts
- - Repositories
-shortTitle: Work with push protection
----
-
-## About working with push protection
-
-Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets.
-
-You can work with push protection from the command line or from the web UI.
-
-For more information on working with push protection, including how to bypass the block if necessary, see "[Using push protection from the command line](#using-push-protection-from-the-command-line)" and "[Using push protection from the web UI](#using-push-protection-from-the-web-ui)" in this article.
-
-## Using push protection from the command line
-
-{% data reusables.secret-scanning.push-protection-command-line-choice %}
-
-Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
-
-{% data reusables.secret-scanning.push-protection-remove-secret %} For more information about remediating blocked secrets, see "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-on-the-command-line)."
-
-If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
-
-{% data reusables.secret-scanning.push-protection-multiple-branch-note %}
-
-In some cases, you may need to bypass the block on a secret. {% ifversion push-protection-delegated-bypass %} Whether or not you are able to bypass the block depends on the permissions that have been set for you by your repository administrator or organization owner.
-
-You may be able to bypass the block by specifying a reason for allowing the push. {% endif %} For more information on how to bypass push protection and push a blocked secret, see "[Bypassing push protection when working with the command line](#bypassing-push-protection-when-working-with-the-command-line)."
-
-{% ifversion push-protection-delegated-bypass %} Alternatively, you may be required to submit a request for "bypass privileges" in order to push the secret. For information on how to request permission to bypass push protection and push the blocked secret, see "[Requesting bypass privileges when working with the command line](#requesting-bypass-privileges-when-working-with-the-command-line)."
-
-{% endif %}
-
-### Bypassing push protection when working with the command line
-
-If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you {% ifversion push-protection-delegated-bypass %}may be able to {% else %}can {% endif %}bypass the block by specifying a reason for allowing the secret to be pushed.
-
-{% data reusables.secret-scanning.push-protection-allow-secrets-alerts %}
-
-{% data reusables.secret-scanning.push-protection-allow-email %}
-
-{% ifversion push-protection-delegated-bypass %}
-
-If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see "[Requesting bypass privileges when working with the command line](#requesting-bypass-privileges-when-working-with-the-command-line)."
-
-{% endif %}
-
-{% data reusables.secret-scanning.push-protection-visit-URL %}
-{% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
-{% data reusables.secret-scanning.push-protection-public-repos-bypass %}
-1. Click **Allow me to push this secret**.
-1. Reattempt the push on the command line within three hours. If you have not pushed within three hours, you will need to repeat this process.
-
-{% ifversion push-protection-delegated-bypass %}
-
-### Requesting bypass privileges when working with the command line
-
-{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
-
-If your push has been blocked by push protection and you believe the secret is safe to push, you can request permission to bypass the block. Your request is sent to a designated group of reviewers, who will either approve or deny the request.
-
-Requests expire after 7 days.
-
-{% data reusables.secret-scanning.push-protection-visit-URL %}
-{% data reusables.secret-scanning.push-protection-bypass-request-add-comment %}
-{% data reusables.secret-scanning.push-protection-submit-bypass-request %}
-{% data reusables.secret-scanning.push-protection-bypass-request-check-email %}
-
-{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %}
-
-If your request is approved, you can push the commit (or commits) containing the secret to the repository, as well as any future commits that contain the same secret.
-
-If your request is denied, you will need to remove the secret from all commits containing the secret before pushing again. For information on how to remove a blocked secret, see "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-on-the-command-line)."
-
-{% endif %}
-
-## Using push protection from the web UI
-
-{% data reusables.secret-scanning.push-protection-web-ui-choice %}
-
-For a blocked commit, you can remove the secret from the file using the web UI. Once you remove the secret, you will be able to commit your changes.
-
-{% ifversion push-protection-block-uploads %}
-
-{% data variables.product.prodname_dotcom %} will also block the commit if you attempt to upload files containing supported secrets. The dialog box will show you which files contain the secret. You should remove the secret from the files before attempting to upload the files again.
-
-{% data reusables.secret-scanning.push-protection-web-UI-uploads-beta %}
-
-{% endif %}
-
-{% data variables.product.prodname_dotcom %} will only display one detected secret at a time in the web UI. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
-
-Organization owners can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history.
-
-You can bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)."
-
-### Bypassing push protection when working with the web UI
-
-{% data reusables.secret-scanning.push-protection-remove-secret %} For more information about remediating blocked secrets, see "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-in-the-web-ui)."
-
-If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
-
-If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to commit, you {% ifversion push-protection-delegated-bypass %}may be able to {% else %}can {% endif %}bypass the block by specifying a reason for allowing the secret.
-
-{% data reusables.secret-scanning.push-protection-allow-secrets-alerts %}
-
-{% data reusables.secret-scanning.push-protection-allow-email %}
-
-1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
-{% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
-{% data reusables.secret-scanning.push-protection-public-repos-bypass %}
-1. Click **Allow secret**.
-
-## Further reading
-
-* "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection)"
-* "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)"
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md
new file mode 100644
index 000000000000..4a5ba486277b
--- /dev/null
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md
@@ -0,0 +1,22 @@
+---
+title: Working with secret scanning and push protection
+shortTitle: Work with secret scanning
+allowTitleToDifferFromFilename: true
+intro: '{% data variables.product.prodname_secret_scanning_caps %} scans for and detects secrets that have been checked into a repository. Push protection proactively secures you against leaking secrets by blocking pushes containing secrets.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Repositories
+children:
+ - /push-protection-for-users
+ - /working-with-push-protection-from-the-command-line
+ - /working-with-push-protection-in-the-github-ui
+redirect_from:
+ - /code-security/secret-scanning/working-with-push-protection
+ - /code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection
+---
diff --git a/content/code-security/secret-scanning/push-protection-for-users.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md
similarity index 81%
rename from content/code-security/secret-scanning/push-protection-for-users.md
rename to content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md
index 46de326d8004..4884500b35c0 100644
--- a/content/code-security/secret-scanning/push-protection-for-users.md
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md
@@ -10,21 +10,23 @@ topics:
- Advanced Security
- Alerts
- User account
+redirect_from:
+ - /code-security/secret-scanning/push-protection-for-users
---
## About push protection for users
Push protection for users automatically protects you from accidentally committing secrets to public repositories across {% data variables.product.product_name %}.
-When you try to push a secret to a public repository, {% data variables.product.prodname_dotcom %} blocks the push. If you believe it's safe to allow the secret, you have the option to bypass the block. Otherwise, you must remove the secret from the commit before pushing again. For more information on how to resolve a blocked push, see "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection)."
+When you try to push a secret to a public repository, {% data variables.product.prodname_dotcom %} blocks the push. If you believe it's safe to allow the secret, you have the option to bypass the block. Otherwise, you must remove the secret from the commit before pushing again. For more information on how to resolve a blocked push, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)" or "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)", depending on whether you use the {% data variables.product.product_name %} UI or the command line.
Push protection for users is always on by default. You can disable the feature at any time through your personal account settings. This may cause secrets to be accidentally leaked. For more information, see "[Disabling push protection for users](#disabling-push-protection-for-users)."
-Push protection for users is different from _push protection for repositories and organizations_, which is a {% data variables.product.prodname_secret_scanning %} feature that must be enabled by a repository administrator or organization owner. With push protection for repositories and organizations, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."
+Push protection for users is different from _push protection for repositories and organizations_, which is a {% data variables.product.prodname_secret_scanning %} feature that must be enabled by a repository administrator or organization owner. With push protection for repositories and organizations, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
With push protection for users, {% data variables.product.prodname_dotcom %} won't create an alert when you bypass the protection and push a secret to a public repository, unless the repository itself has {% data variables.product.prodname_secret_scanning %} enabled. However, if the bypassed secret is a {% data variables.product.prodname_dotcom %} token, the token will be revoked and you will be notified by email.
-For information on the secrets and service providers supported for push protection, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+For information on the secrets and service providers supported for push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
## Disabling push protection for users
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
new file mode 100644
index 000000000000..742267de805a
--- /dev/null
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
@@ -0,0 +1,155 @@
+---
+title: Working with push protection from the command line
+shortTitle: Push protection on the command line
+intro: 'Learn your options for unblocking your push from the command line to {% data variables.product.prodname_dotcom %} if {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+---
+
+## About push protection from the command line
+
+Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets.
+
+When you attempt to push a supported secret from the command line to a repository secured by push protection, {% data variables.product.prodname_dotcom %} will block the push.
+
+You should either:
+
+* **Remove** the secret from your branch. For more information, see "[Resolving a blocked push](#resolving-a-blocked-push)."
+* **Follow a provided URL** {% ifversion push-protection-delegated-bypass %}to see what options are available to you{% endif %} to allow the push. For more information, see "[Bypassing push protection](#bypassing-push-protection){% ifversion push-protection-delegated-bypass %}" and "[Requesting bypass privileges](#requesting-bypass-privileges){% endif %}."
+
+Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
+
+If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
+
+{% data reusables.secret-scanning.push-protection-multiple-branch-note %}
+
+## Resolving a blocked push
+
+To resolve a blocked push, you must remove the secret from all of the commits it appears in.
+* If the secret was introduced by your latest commit, see "[Removing a secret introduced by the latest commit on your branch](#removing-a-secret-introduced-by-the-latest-commit-on-your-branch)."
+* If the secret appears in earlier commits, see "[Removing a secret introduced by an earlier commit on your branch](#removing-a-secret-introduced-by-an-earlier-commit-on-your-branch)."
+
+>[!NOTE] To learn how to resolved a blocked commit in the {% data variables.product.prodname_dotcom %} UI, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui#resolving-a-blocked-commit)."
+
+### Removing a secret introduced by the latest commit on your branch
+
+If the blocked secret was introduced by the latest commit on your branch, you can follow the guidance below.
+
+1. Remove the secret from your code.
+1. To commit the changes, run `git commit --amend`. This updates the original commit that introduced the secret instead of creating a new commit.
+1. Push your changes with `git push`.
+
+### Removing a secret introduced by an earlier commit on your branch
+
+You can also remove the secret if the secret appears in an earlier commit in the Git history. To do so, you will need to identify which commit first introduced the secret and modify the commit history with an interactive rebase.
+
+1. Examine the error message that displayed when you tried to push your branch, which lists all of the commits that contain the secret.
+
+ ```text
+ remote: —— {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic_title_case %} ——————————————————————
+ remote: locations:
+ remote: - commit: 8728dbe67
+ remote: path: README.md:4
+ remote: - commit: 03d69e5d3
+ remote: path: README.md:4
+ remote: - commit: 8053f7b27
+ remote: path: README.md:4
+ ```
+
+1. Next, run `git log` to see a full history of all the commits on your branch, along with their corresponding timestamps.
+
+ ```text
+ test-repo (test-branch)]$ git log
+ commit 8053f7b27 (HEAD -> main)
+ Author: Octocat <1000+octocat@users.noreply.github.com
+ Date: Tue Jan 30 13:03:37 2024 +0100
+
+ my fourth commit message
+
+ commit 03d69e5d3
+ Author: Octocat <1000+octocat@users.noreply.github.com>
+ Date: Tue Jan 30 13:02:59 2024 +0100
+
+ my third commit message
+
+ commit 8728dbe67
+ Author: Octocat <1000+octocat@users.noreply.github.com
+ Date: Tue Jan 30 13:01:36 2024 +0100
+
+ my second commit message
+
+ commit 6057cbe51
+ Author: Octocat <1000+octocat@users.noreply.github.com
+ Date: Tue Jan 30 12:58:24 2024 +0100
+
+ my first commit message
+
+1. Focusing only on the commits that contain the secret, use the output of `git log` to identify which commit comes _earliest_ in your Git history.
+ * In the example, commit `8728dbe67` was the first commit to contain the secret.
+1. Start an interactive rebase with `git rebase -i ~1`.
+ * For ``, use the commit identified in step 3. For example, `git rebase -i 8728dbe67~1`.
+1. In the editor, choose to edit the commit identified in step 3 by changing `pick` to `edit` on the first line of the text.
+
+ ```text
+ edit 8728dbe67 my second commit message
+ pick 03d69e5d3 my third commit message
+ pick 8053f7b27 my fourth commit message
+ ```
+
+1. Save and close the editor to start the interactive rebase.
+1. Remove the secret from your code.
+1. Commit your changes using `git commit --amend`.
+1. Run `git rebase --continue` to finish the rebase.
+1. Push your changes with `git push`.
+
+## Bypassing push protection
+
+If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you {% ifversion push-protection-delegated-bypass %}may be able to {% else %}can {% endif %}bypass the block by specifying a reason for allowing the secret to be pushed.
+
+{% data reusables.secret-scanning.push-protection-allow-secrets-alerts %}
+
+{% data reusables.secret-scanning.push-protection-allow-email %}
+
+If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see "[Requesting bypass privileges](/enterprise-cloud@latest/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#requesting-bypass-privileges)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+
+{% data reusables.secret-scanning.push-protection-visit-URL %}
+{% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
+{% data reusables.secret-scanning.push-protection-public-repos-bypass %}
+1. Click **Allow me to push this secret**.
+1. Reattempt the push on the command line within three hours. If you have not pushed within three hours, you will need to repeat this process.
+
+{% ifversion push-protection-delegated-bypass %}
+
+## Requesting bypass privileges
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+If your push has been blocked by push protection and you believe the secret is safe to push, you can request permission to bypass the block. Your request is sent to a designated group of reviewers, who will either approve or deny the request.
+
+Requests expire after 7 days.
+
+{% data reusables.secret-scanning.push-protection-visit-URL %}
+{% data reusables.secret-scanning.push-protection-bypass-request-add-comment %}
+{% data reusables.secret-scanning.push-protection-submit-bypass-request %}
+{% data reusables.secret-scanning.push-protection-bypass-request-check-email %}
+
+{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %}
+
+If your request is approved, you can push the commit (or commits) containing the secret to the repository, as well as any future commits that contain the same secret.
+
+If your request is denied, you will need to remove the secret from all commits containing the secret before pushing again. For information on how to remove a blocked secret, see "[Resolving a blocked push](#resolving-a-blocked-push)."
+
+{% endif %}
+
+## Further reading
+
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md
new file mode 100644
index 000000000000..1a334dc55f3b
--- /dev/null
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md
@@ -0,0 +1,92 @@
+---
+title: Working with push protection in the GitHub UI
+shortTitle: Push protection in the GitHub UI
+intro: 'Learn your options for unblocking your commit when {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+---
+
+## About push protection in the {% data variables.product.prodname_dotcom %} UI
+
+When you are creating and editing files in the {% data variables.product.prodname_dotcom %} UI, push protection prevents you from accidentally committing secrets to a repository by blocking commits containing supported secrets.
+
+{% ifversion push-protection-block-uploads %}
+
+{% data variables.product.prodname_dotcom %} will also block the commit if you attempt to upload files containing supported secrets.
+
+{% data reusables.secret-scanning.push-protection-web-UI-uploads-beta %}
+
+{% endif %}
+
+You should either:
+
+* **Remove** the secret from the commit. For more information, see "[Resolving a blocked commit](#resolving-a-blocked-commit)."
+* **Review** the instructions in the dialog box {% ifversion push-protection-delegated-bypass %}to see what options are available to you{% endif %} to allow the push. For more information, see "[Bypassing push protection](#bypassing-push-protection){% ifversion push-protection-delegated-bypass %}" and "[Requesting bypass privileges](#requesting-bypass-privileges){% endif %}."
+
+{% data variables.product.prodname_dotcom %} will only display one detected secret at a time in the web UI. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
+
+Organization owners can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history.
+
+## Resolving a blocked commit
+
+{% data reusables.secret-scanning.push-protection-web-ui-choice %}
+
+To resolve a blocked commit in the web UI, you need to remove the secret from the file. Once you remove the secret, you will be able to commit your changes.
+
+>[!NOTE] To learn how to resolved a blocked push on the command line, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push)."
+
+## Bypassing push protection
+
+If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to commit, you {% ifversion push-protection-delegated-bypass %}may be able to {% else %}can {% endif %}bypass the block by specifying a reason for allowing the secret.
+
+{% data reusables.secret-scanning.push-protection-allow-secrets-alerts %}
+
+{% data reusables.secret-scanning.push-protection-allow-email %}
+
+1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
+{% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
+{% data reusables.secret-scanning.push-protection-public-repos-bypass %}
+1. Click **Allow secret**.
+
+{% ifversion push-protection-delegated-bypass %}
+
+If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see "[Requesting bypass privileges](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui#requesting-bypass-privileges)."
+
+{% endif %}
+
+{% ifversion push-protection-delegated-bypass %}
+
+## Requesting bypass privileges
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+If your commit has been blocked by push protection, you can request permission to bypass the block. The request is sent to a designated group of reviewers, who will either approve or deny the request.
+
+Requests expire after 7 days.
+
+1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
+1. Click **Start request**. The request will open in a new tab.
+{% data reusables.secret-scanning.push-protection-bypass-request-add-comment %}
+{% data reusables.secret-scanning.push-protection-submit-bypass-request %}
+{% data reusables.secret-scanning.push-protection-bypass-request-check-email %}
+
+{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %}
+
+If your request is approved, you can commit the changes containing the secret to the file. You can also commit any future changes that contain the same secret.
+
+If your request is denied, you will need to remove the secret from the file before you can commit your changes.
+
+{% endif %}
+
+## Further reading
+
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
index 1a6f56ca88f7..25741ad7d426 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
@@ -50,9 +50,13 @@ The {% data variables.product.prodname_github_security_configuration %} is a col
## Enforcing the {% data variables.product.prodname_github_security_configuration %}
+{% ifversion enforce-security-configurations-beta %}
+
>[!NOTE]
> This feature is in beta, and is subject to change.
+{% endif %}
+
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
{% data reusables.security-configurations.view-configurations-page %}
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md
index 215a721b6a03..f72a9141db7d 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md
@@ -51,7 +51,7 @@ For more information on {% data variables.dependabot.auto_triage_rules %}, see "
### Enabling dependency updates on {% data variables.product.prodname_actions %} runners
-You can allow {% data variables.product.prodname_dependabot %} to use {% data variables.product.prodname_actions %} runners and the {% data variables.product.prodname_dependabot %} action to perform dependency updates. To enable {% data variables.product.prodname_dependabot %} for {% data variables.product.company_short %}-hosted runners on all repositories in your organization, click **Enable all**. To automatically enable {% data variables.product.prodname_dependabot %} for {% data variables.product.company_short %}-hosted runners on new repositories in your organization, select **Automatically enable for new repositories**. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners)."
+You can allow {% data variables.product.prodname_dependabot %} to use {% data variables.product.prodname_actions %} runners and the {% data variables.product.prodname_dependabot %} action to perform dependency updates. To enable {% data variables.product.prodname_dependabot %} for {% data variables.product.company_short %}-hosted runners on all repositories in your organization, select **Dependabot on Actions runners**. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners)."
{% data reusables.dependabot.dependabot-on-actions-self-hosted-link %}
@@ -59,7 +59,7 @@ You can allow {% data variables.product.prodname_dependabot %} to use {% data va
### Granting {% data variables.product.prodname_dependabot %} access to private {% ifversion ghec or ghes %}and internal {% endif %}repositories
-To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
+To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)."
## Configuring global {% data variables.product.prodname_code_scanning %} settings
@@ -68,7 +68,7 @@ To update private dependencies of repositories in your organization, {% data var
You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_code_scanning %}:
* [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion code-scanning-autofix %}
-* [Enabling autofix for {% data variables.product.prodname_codeql %}](#enabling-autofix-for-codeql) {% endif %}
+* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}](#enabling-copilot-autofix-for-codeql) {% endif %}
* [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests)
### Recommending the extended query suite for default setup
@@ -77,9 +77,9 @@ You can customize several {% data variables.product.prodname_global_settings %}
{% ifversion code-scanning-autofix %}
-### Enabling autofix for {% data variables.product.prodname_codeql %}
+### Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}
-You can select **Autofix for {% data variables.product.prodname_codeql %}** to enable autofix for all the repositories in your organization that use {% data variables.product.prodname_codeql %} default setup or {% data variables.product.prodname_codeql %} advanced setup. Autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that suggests fixes for {% data variables.product.prodname_code_scanning %} alerts in pull requests. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+You can select **{% data variables.product.prodname_copilot_autofix_short %}** to enable {% data variables.product.prodname_copilot_autofix_short %} for all the repositories in your organization that use {% data variables.product.prodname_codeql %} default setup or {% data variables.product.prodname_codeql %} advanced setup. {% data variables.product.prodname_copilot_autofix_short %} is an expansion of {% data variables.product.prodname_code_scanning %} that suggests fixes for {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
{% endif %}
@@ -93,26 +93,29 @@ You can choose the severity levels at which {% data variables.product.prodname_c
You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_secret_scanning %}:
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-* [Verifying partner pattern secrets automatically](#verifying-partner-pattern-secrets-automatically){% endif %}{% ifversion secret-scanning-non-provider-patterns %}
-* [Scanning for non-provider patterns](#scanning-for-non-provider-patterns){% endif %}
+{% ifversion ghes < 3.15 %}
+* [Scanning for non-provider patterns](#scanning-for-non-provider-patterns){% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+* [Generic secret detection](#generic-secret-detection){% endif %}
* [Adding a resource link for blocked commits](#adding-a-resource-link-for-blocked-commits){% ifversion ghec or ghes %}
* [Defining custom patterns](#defining-custom-patterns){% endif %}
-{% ifversion secret-scanning-validity-check-partner-patterns %}
+{% ifversion ghes < 3.15 %}
-### Verifying partner pattern secrets automatically
+### Scanning for non-provider patterns
+
+You can choose to scan for non-provider patterns, such as private keys, to detect non-provider secrets before they are leaked. To enable these scans, select **Scan for non-provider patterns**. Be aware that non-provider tokens often have a higher rate of false positives. To learn more about non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts#other-alerts-list)."
-To reduce the rate of false positive {% data variables.product.prodname_secret_scanning %} alerts, you can automatically verify the validity of some partner pattern secrets by sending each secret to the provider. To enable this automatic verification, select **Automatically verify if a secret is valid by sending it to the relevant partner**. For information on which partners support validity checks, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#checking-a-secrets-validity)."
+ {% data reusables.secret-scanning.non-provider-patterns-beta %}
{% endif %}
-{% ifversion secret-scanning-non-provider-patterns %}
-### Scanning for non-provider patterns
+{% ifversion secret-scanning-ai-generic-secret-detection %}
-You can choose to scan for non-provider patterns, such as private keys, to detect non-provider secrets before they are leaked. To enable these scans, select **Scan for non-provider patterns**. Be aware that non-provider tokens often have a higher rate of false positives. To learn more about non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#about-user-alerts)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#other-alerts-list)."
+### Generic secret detection
- {% data reusables.secret-scanning.non-provider-patterns-beta %}
+Generic secret detection is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords. To enable these scans, select **Use AI detection to find additional secrets**. Be aware that generic secrets often have a higher rate of false positives than other types of alert. To learn more about generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning)."
+
+{% data reusables.secret-scanning.generic-secret-detection-ai %}
{% endif %}
@@ -123,7 +126,7 @@ To provide context for developers when {% data variables.product.prodname_secret
### Defining custom patterns
-You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
{% endif %}
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
index adb32e9134ac..cf2994b3ec8c 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
@@ -36,7 +36,7 @@ To determine if your {% data variables.product.prodname_custom_security_configur
1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired.
1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.{% ifversion enforce-security-configurations %}
-1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu. This feature is in beta, and is subject to change.
+1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu. {% ifversion enforce-security-configurations-beta %}This feature is in beta, and is subject to change.{% endif %}
>[!NOTE]
{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md
index a8b8fd728cf7..caad619b9387 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md
@@ -39,7 +39,7 @@ After you apply a {% data variables.product.prodname_security_configuration %} t
{% endif %}
You can view {% data variables.product.prodname_secret_scanning %} alerts for a repository by navigating to the main page of that repository, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "key" aria-hidden="true" %} **{% data variables.product.prodname_secret_scanning_caps %}**.
-For an introduction to {% data variables.product.prodname_secret_scanning %} alerts, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
+For an introduction to {% data variables.product.prodname_secret_scanning %} alerts, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)."
To learn how to interpret and resolve {% data variables.product.prodname_secret_scanning %} alerts, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md
index 2ab99337c1ad..fd85e2f02509 100644
--- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md
@@ -28,7 +28,7 @@ After you create a {% data variables.product.prodname_custom_security_configurat
* To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
* After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.{% ifversion enforce-security-configurations %}
>[!NOTE]
- > The repository table will show which repositories have an enforced configuration (beta). This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.{% endif %}
+ > The repository table will show which repositories have an enforced configuration{% ifversion enforce-security-configurations-beta %} (beta){% endif %}. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.{% endif %}
1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **YOUR-CONFIGURATION-NAME**.
{% data reusables.security-configurations.apply-configuration-by-default %}
diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md
index 2048a6565d7f..a0110c2ac051 100644
--- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md
@@ -34,7 +34,8 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c
1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Code {% data variables.product.prodname_security_configurations %}" page, name your configuration and create a description.
1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. To learn more about committers and GHAS licensing, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
1. In the "Dependency graph" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
- * Dependency graph. To learn about dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
+ * Dependency graph. To learn about dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."{%- ifversion maven-transitive-dependencies %}
+ * Automatic dependency submission. To learn about automatic dependency submission, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository)."{%- endif %}
* {% data variables.product.prodname_dependabot %}. To learn about {% data variables.product.prodname_dependabot %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
* Security updates. To learn about security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
@@ -46,15 +47,20 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c
1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup)."
1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
- * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
- * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."
+ * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."{% ifversion secret-scanning-validity-check-partner-patterns %}
+ * Validity check. To learn more about validity checks for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)".{% endif %}
+ * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."{% ifversion org-npp-enablement-security-configurations %}
+ * Non-provider patterns. To learn more about scanning for non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts#other-alerts-list)."
+
+ {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}
+
{% ifversion fpt or ghec %}
1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository)."
{% endif %}
1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or both.
{% data reusables.security-configurations.default-configuration-exception-repo-transfers %}{% ifversion enforce-security-configurations %}
-1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu. This feature is in beta, and is subject to change.
+1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.{% ifversion enforce-security-configurations-beta %} This feature is in beta, and is subject to change.{% endif %}
>[!NOTE]
{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md
deleted file mode 100644
index 0d0b076e8f1e..000000000000
--- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: A repository has an existing advanced setup for code scanning
-shortTitle: Existing advanced setup
-intro: 'You need to override existing advanced setups at the repository level before you can apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled.'
-permissions: '{% data reusables.security-configurations.security-configurations-permissions %}'
-versions:
- feature: security-configurations
-topics:
- - Advanced Security
- - Organizations
- - Security
----
-
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
-
-To successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled, the target repository cannot have an existing advanced setup for {% data variables.product.prodname_code_scanning %}. {% data variables.product.prodname_security_configurations_caps %} cannot override advanced setups since advanced setups are tailored to the specific security needs of their repositories, and organization owners or security managers enabling default setup at scale may not realize they are overriding those custom settings.
-
-If you try to apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository with an existing advanced setup for {% data variables.product.prodname_code_scanning %}, security settings will be enabled as follows:
-
- * {% data variables.product.prodname_code_scanning_caps %} default setup _will not_ be enabled on the repository, and the existing advanced setup will continue to run as normal.
- * Aside from {% data variables.product.prodname_code_scanning %}, all security features enabled in the configuration _will_ be enabled on the repository.
- * The {% data variables.product.prodname_security_configuration %} _will not_ be attached to the repository, since only some features from the configuration are enabled.
-
-For all repositories without an existing advanced setup for {% data variables.product.prodname_code_scanning %}, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled.
-
-{% note %}
-
-**Note:** If you cannot successfully apply a configuration to a private{% ifversion ghec or ghes %} or internal{% endif %} repository without {% data variables.product.prodname_code_scanning %} advanced setup enabled, you should make sure you have sufficient available {% data variables.product.prodname_GH_advanced_security %} licenses to apply that configuration. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses)."
-
-{% endnote %}
-
-To apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository with advanced setup, you must first configure default setup at the repository level, then apply the {% data variables.product.prodname_security_configuration %} as normal. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md
new file mode 100644
index 000000000000..861852d06f75
--- /dev/null
+++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md
@@ -0,0 +1,44 @@
+---
+title: A repository is using advanced setup for code scanning
+shortTitle: Active advanced setup
+intro: 'You cannot attach a {% data variables.product.prodname_security_configuration %} with code scanning enabled to repositories that are using advanced setup for code scanning.'
+permissions: '{% data reusables.security-configurations.security-configurations-permissions %}'
+versions:
+ feature: security-configurations
+redirect_from:
+ - /code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning
+topics:
+ - Advanced Security
+ - Organizations
+ - Security
+---
+
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
+
+## About the problem
+
+You cannot successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled to a target repository that uses advanced setup for {% data variables.product.prodname_code_scanning %}. Advanced setups are tailored to the specific security needs of their repositories, so they are not intended to be overridden at scale.
+
+If you try to attach a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository already using advanced setup, security settings will be applied as follows:
+
+* **{% data variables.product.prodname_code_scanning_caps %} default setup will not be enabled**, and advanced setup will continue to run as normal.
+* **All other security features enabled in the configuration will be enabled.**
+* **The {% data variables.product.prodname_security_configuration %} will not be attached** to the repository, since only some features from the configuration are enabled.
+
+For all repositories without an active advanced setup, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled.
+
+{% note %}
+
+**Note:** If advanced setup is considered inactive for a repository, default setup _will_ still be enabled for that repository. Advanced setup is considered inactive for a repository if the repository meets any of the following criteria:
+* The latest {% data variables.product.prodname_codeql %} analysis is more than 90 days old
+* All {% data variables.product.prodname_codeql %} configurations have been deleted
+* The workflow file has been deleted or disabled (exclusively for YAML-based advanced setup)
+
+{% endnote %}
+
+## Solving the problem
+
+There are two ways you can solve this problem:
+
+1. **Update the affected repositories to use default setup** for {% data variables.product.prodname_code_scanning %} at the repository level and then reapply your {% data variables.product.prodname_security_configuration %} to the repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
+1. **Create a new custom {% data variables.product.prodname_security_configuration %}** that does not include a setting for {% data variables.product.prodname_code_scanning %} and apply this {% data variables.product.prodname_security_configuration %} to repositories that use advanced setup. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md
index 13214eb0e3c5..6b4e411c1381 100644
--- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md
+++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md
@@ -9,6 +9,6 @@ topics:
- Organizations
- Security
children:
- - /a-repository-has-an-existing-advanced-setup-for-code-scanning
+ - /a-repository-is-using-advanced-setup-for-code-scanning
- /not-enough-github-advanced-security-licenses
---
diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md
index 9d67f9104603..b9ac5aeb3f08 100644
--- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md
+++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md
@@ -11,11 +11,7 @@ topics:
- Security
---
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
You must have an available {% data variables.product.prodname_GH_advanced_security %} (GHAS) license for each unique active committer to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md
index e8f809a000ab..755cc4a681ee 100644
--- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md
+++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md
@@ -58,7 +58,7 @@ There are two processes available on {% data variables.product.prodname_dotcom %
### Standard process
-The process for reporting and disclosing vulnerabilities for projects on {% data variables.product.prodname_dotcom_the_website %} is as follows:
+The process for reporting and disclosing vulnerabilities for projects on {% data variables.product.prodname_dotcom %} is as follows:
If you are a vulnerability reporter (for example, a security researcher) who would like report a vulnerability, first check if there is a security policy for the related repository. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository#about-security-policies)." If there is one, follow it to understand the process before contacting the security team for that repository.
@@ -70,7 +70,7 @@ The process for reporting and disclosing vulnerabilities for projects on {% data
{% endnote %}
- If you've found a security vulnerability in {% data variables.product.prodname_dotcom_the_website %}, please report the vulnerability through our coordinated disclosure process. For more information, see the [{% data variables.product.prodname_dotcom %} Security Bug Bounty](https://bounty.github.com/) website.
+ If you've found a security vulnerability in {% data variables.product.prodname_dotcom %}, please report the vulnerability through our coordinated disclosure process. For more information, see the [{% data variables.product.prodname_dotcom %} Security Bug Bounty](https://bounty.github.com/) website.
If you are a maintainer, you can take ownership of the process at the very beginning of the pipeline by setting up a security policy for your repository, or otherwise making security reporting instructions clearly available, for example in your project’s README file. For information about adding a security policy, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository#about-security-policies)." If there is no security policy, it's likely that a vulnerability reporter will try to email you or otherwise privately contact you. Alternatively, someone may open a (public) issue with details of a security issue.
diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md
index 07b72164e31e..521d2718fb9f 100644
--- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md
+++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md
@@ -22,8 +22,6 @@ Anyone with admin permissions to a public repository can create and edit a secur
{% data reusables.security-advisory.security-advisory-overview %} For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)."
-## Best practices
-
We recommend you use the syntax used in the {% data variables.product.prodname_advisory_database %}, especially the version formatting, when you write a repository security advisory, or make a community contribution to a global security advisory.
If you follow the syntax for the {% data variables.product.prodname_advisory_database %}, especially when you define affected versions:
@@ -35,29 +33,60 @@ You add or edit a repository advisory using the _Draft security advisory_ form.
You suggest an improvement to an existing global advisory using the _Improve security advisory_ form. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database)."
-### Ecosystem
+## Ecosystem
You need to assign the advisory to one of our supported ecosystems using the **Ecosystem** field. For more information about the ecosystems we support, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database#github-reviewed-advisories)."
-### Package name
+## Package name
We recommend that you use the **Package name** field to specify which packages are affected because package information is required for "{% data variables.product.company_short %}-reviewed" advisories in the {% data variables.product.prodname_advisory_database %}. Package information is optional for repository-level security advisories, but including this information early simplifies the review process when you publish your security advisory.
-### Affected versions
+## Affected versions
We recommend that you use the **Affected versions** field to specify which versions are affected because this information is required for "{% data variables.product.company_short %}-reviewed" advisories in the {% data variables.product.prodname_advisory_database %}. Version information is optional for repository-level security advisories, but including this information early simplifies the review process when you publish your security advisory.
+For more information about the {% data variables.product.prodname_advisory_database %}, see [https://github.com/github/advisory-database](https://github.com/github/advisory-database).
+
+### Glossary
+
+* **Vulnerable Version Range (VVR)**: the range of versions that are vulnerable to a particular software bug.
+* **Operator**: any symbol that indicates the boundary of a vulnerable version range.
+* **Open Source Vulnerability format (OSV)**: format that the {% data variables.product.prodname_advisory_database %} data strives to be compatible with.
+
+### Version syntax
+
+* Smaller numbers are earlier versions than larger numbers. for example, `1.0.0` is a lower version than `2.0.0`
+* Earlier letters in the alphabet are earlier versions than later letters in the alphabet. For example, `2.0.0-a` is an earlier version than `2.0.0-b`.
+* Any letters that come after a number are considered part of a prerelease, so any versions with letters after the numbers are earlier versions than numbers without letters in the version number. For example, `2.0.0-alpha`, `2.0.0-beta`, and `2.0.0-rc` are earlier than `2.0.0`.
+* A fixed version cannot be smaller than the largest number in the VVR. For example, a vulnerable version is released and the maintainer recommends downgrading. The maintainer cannot label that lower version as a fixed or patched version in the `Fixed` field because that version is smaller than the vulnerable version.
+
+### Supported operators
+
+* `>=` for “greater than or equal to this version”.
+* `>` for “greater than this version”.
+
+ >[!WARNING] Although {% data variables.product.prodname_dotcom %} supports the use of the `>` operator, using this operator is not recommended because it's not supported by the OSV format.
+
+* `=` for “equal to this version”.
+* `<=` for “less than or equal to this version”.
+* `<` for “less than this version”.
+
+### Specifying affected versions on {% data variables.product.prodname_dotcom %}
+
+It is important to clearly define the affected versions for an advisory. {% data variables.product.prodname_dotcom %} provides several options in the **Affected versions** field for you to specify vulnerable version ranges.
+
+For examples showing how affected versions are defined in some existing advisories, see [Examples](#examples).
+
* A valid affected version string consists of one of the following:
* A lower bound operator sequence.
* An upper bound operator sequence.
- * Both an upper and lower bound operator sequence.
+ * Both an upper and lower bound operator sequence. The lower bound must come first, followed by a comma and a single space, then the upper bound.
* A specific version sequence using the equality (`=`) operator.
-* Each operator sequence must be specified as the operator, a single space, and then the version.
- * Valid operators are `=`, `<`, `<=`, `>`, or `>=`.
- * The version must begin with a number followed by any number of numbers, letters, dots, dashes, or underscores (anything other than a space or comma)
- * When specifying both an upper and lower bound sequence, the lower bound must come first, followed by a comma and a single space, then the upper bound.
+ * Each operator sequence must be specified as the operator, a single space, and then the version. For more information about valid operators, see [Supported operators](#supported-operators) above.
+ * The version must begin with a number followed by any number of numbers, letters, dots, dashes, or underscores (anything other than a space or comma). For more information about version formatting, see [Version syntax](#version-syntax) above.
+
{% note %}
**Note:** Affected version strings cannot contain leading or trailing spaces.
@@ -66,11 +95,16 @@ We recommend that you use the **Affected versions** field to specify which versi
* Upper-bound operators can be inclusive or exclusive, i.e. `<=` or `<`, respectively.
* Lower-bound operators can be inclusive or exclusive, i.e. `>=` or `>`, respectively. However, if you publish your repository advisory, and we graduate your repository advisory into a global advisory, a different rule applies: lower-bound strings can only be inclusive, i.e. `>=`. The exclusive lower bound operator (`>`) is only allowed when the version is `0`, for example `> 0`.
+* Proper use of spaces
+ * Use a space between an operator and a version number.
+ * Do not use a space in `>=` or `<=`.
+ * Do not use a space between a number and a comma in `>= lower bound, <= upper bound`.
+ * Use a space between a comma and the upper bound operator.
{% note %}
**Notes:** The lower-bound limitation:
- * Is due to incompatibilities with the OSV (Open Source Vulnerability) schema.
+ * Is due to incompatibilities with the OSV schema.
* Only applies when you make a suggestion on an existing advisory in the {% data variables.product.prodname_advisory_database %}.
{% endnote %}
@@ -82,4 +116,58 @@ We recommend that you use the **Affected versions** field to specify which versi
* The implicit value is always `> 0` if the lower bound is not explicitly specified.
* The implicit value is always infinity if the upper bound is not explicitly specified.
-For more information about the {% data variables.product.prodname_advisory_database %}, see [https://github.com/github/advisory-database](https://github.com/github/advisory-database).
+### Setting an upper bound only on a VVR
+
+* If you set only an upper bound, use `<=` or `<`.
+* The {% data variables.product.prodname_advisory_database %} uses the PyPA database as one of its data sources. However, {% data variables.product.prodname_dotcom %} doesn't match the PyPA VVR format exactly (PyPa security advisories often use `>= 0, <= n` or `>= 0, < n` to refer to version ranges that only have an upper bound).
+* There is no need to include `>= 0` in a range that only has an upper bound.
+
+### Setting a lower bound only on a VVR
+
+* The advisory curation team doesn't recommend setting lower bounds only on any advisory other than malware.
+This is because, if a fixed version is ever released, users of the fixed version will continue to receive unnecessary {% data variables.product.prodname_dependabot_alerts %} until the advisory is manually updated.
+* Use `>= 0` for all versions
+* `> 0` is generally not used.
+
+### Specifying only one affected version
+
+* `= n` for the single affected version
+* Keep in mind that the `=` will not automatically include any pre-releases, alpha, or beta versions, _only_ the version specified.
+
+### Common errors
+
+* Avoid using the `< n` vulnerable version range and then saying `n+1` is patched.
+ * `< n` should only be used when `n` is not vulnerable.
+ * In this case, the VVR should be `<= n` or `< n+1`.
+
+* Avoid using only a number when describing fixed versions with official version numbers that have letters. Say your software has two branches, `linux` and `windows`. When you release `2.0.0-linux` and `2.0.0-windows`, using `< 2.0.0` as the vulnerable version will mark `2.0.0-linux` and `2.0.0-windows` as vulnerable because the version logic interprets `-linux` and `-windows` as prereleases. You will need to mark `2.0.0-linux`, the earliest branch in the alphabet, as the first patched version to avoid `2.0.0-linux` and `2.0.0-windows` being considered vulnerable.
+
+### Examples
+
+#### Advisory with multiple VVRs and multiple operators
+
+[Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records (GHSA-wr2v-9rpq-c35q)](https://github.com/advisories/GHSA-wr2v-9rpq-c35q) has two vulnerable version ranges:
+* `< 3.3.23`, which has an upper bound with no lower bound and uses the `<` operator.
+* `>= 3.4.0-rc.0, <= 3.4.9`, which has both an upper bound and a lower bound, and uses the `>=` and `<=` operators.
+
+#### Advisory showing the relationship between a prerelease and a regular release
+
+[XWiki Platform allows XSS through XClass name in string properties (GHSA-wcg9-pgqv-xm5v)](https://github.com/advisories/GHSA-wcg9-pgqv-xm5v) has four vulnerable version ranges:
+
+* `>= 1.1.2, < 14.10.21`
+* `>= 15.0-rc-1, < 15.5.5`
+* `>= 15.6-rc-1, < 15.10.6`
+* `= 16.0.0-rc-1`
+
+Three of these VVRs include prereleases in the range of vulnerable versions. The last VVR, `= 16.0.0-rc-1`, shows that only `16.0.0-rc-1` is vulnerable, while the regular release that came after it, `16.0.0`, isn't. The logic considers `16.0.0-rc-1` and `16.0.0` as separate versions, with `16.0.0-rc-1` being an earlier release than `16.0.0`.
+
+The patch for this vulnerability was published on Jan 24, 2024, for version 16.0.0. For more information see [commit 27eca84](https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c) in the `xwiki/xwiki-platform ` repository. The [XWiki Platform Old Core](https://mvnrepository.com/artifact/org.xwiki.platform/xwiki-platform-oldcore) page in the MVN Repository site shows that `16.0.0-rc-1` was published on Jan 22, 2024, before the fix was added to XWiki, and `16.0.0` was published on Jan 29, 2024, after the fix was committed.
+
+#### Advisory with branch names in version numbers
+
+[Google Guava](https://mvnrepository.com/artifact/com.google.guava/guava) has two branches, `android` and `jre`, in its version releases. [Guava vulnerable to insecure use of temporary directory (GHSA-7g45-4rm6-3mm3)](https://github.com/advisories/GHSA-7g45-4rm6-3mm3) and [Information Disclosure in Guava (GHSA-5mg8-w23w-74h3)](https://github.com/advisories/GHSA-5mg8-w23w-74h3) are advisories about vulnerabilities that affect Guava. Both advisories set `32.0.0-android` as the patched version.
+
+* The version range logic interprets letters after `32.0.0` as prereleases, so if you set the patched version to `32.0.0`, then both `32.0.0-android` and `32.0.0-jre` would be incorrectly marked as vulnerable.
+* The version range logic interprets letters later in the alphabet as being a later version than letters earlier in the alphabet, so if you set the patched version to `32.0.0-jre`, then `32.0.0-android` would be incorrectly marked as vulnerable.
+
+The best way to indicate that both `32.0.0-android` and `32.0.0-jre` are patched is to use `32.0.0-android` as the patched version, and the logic will interpret everything after `32.0.0-android` in the alphabet as patched.
diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md
index c0491d9d8a12..5456097440af 100644
--- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md
+++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md
@@ -40,7 +40,7 @@ For security researchers, the benefits of using private vulnerability reporting
## Privately reporting a security vulnerability
-If you do not have admin or security permissions for a public repository, you can still privately report a security vulnerability to repository maintainers. You can also evaluate the general security of a public repository and suggest a security policy. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository)."
+If a public repository has private vulnerability reporting enabled, anyone can privately report a security vulnerability to repository maintainers. Users can also evaluate the general security of a public repository and suggest a security policy. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository)."
{% data reusables.security-advisory.reporting-a-vulnerability-non-admin %}
diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md
index dd87ad6721cb..8efe8f6daca7 100644
--- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md
+++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md
@@ -84,7 +84,7 @@ In this section, you can find more detailed information about security advisorie
### About GHSA IDs
-Each security advisory, regardless of its type, has a unique identifier referred to as a GHSA ID. A `GHSA-ID` qualifier is assigned when a new advisory is created on {% data variables.product.prodname_dotcom_the_website %} or added to the {% data variables.product.prodname_advisory_database %} from any of the supported sources.
+Each security advisory, regardless of its type, has a unique identifier referred to as a GHSA ID. A `GHSA-ID` qualifier is assigned when a new advisory is created on {% data variables.product.prodname_dotcom %} or added to the {% data variables.product.prodname_advisory_database %} from any of the supported sources.
The syntax of GHSA IDs follows this format: `GHSA-xxxx-xxxx-xxxx` where:
@@ -116,4 +116,4 @@ The {% data variables.product.prodname_advisory_database %} uses the CVSS levels
## Further reading
* "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)"
-* The CVE Program's [definition of "vulnerability"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability)
+* The CVE Program's [definition of "vulnerability"](https://www.cve.org/ResourcesSupport/Glossary#glossaryVulnerability)
diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md
index 15da14daf39a..4bf871cd1167 100644
--- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md
+++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md
@@ -56,10 +56,12 @@ You can search the database, and use qualifiers to narrow your search. For examp
{% data reusables.search.date_gt_lt %}
| Qualifier | Example |
-| ------------- | ------------- |
+| ---------- | ------- |
| `type:reviewed`| [**type:reviewed**](https://github.com/advisories?query=type%3Areviewed) will show {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. |
-{% ifversion GH-advisory-db-supports-malware %}| `type:malware` | [**type:malware**](https://github.com/advisories?query=type%3Amalware) will show malware advisories. |
-{% endif %}| `type:unreviewed`| [**type:unreviewed**](https://github.com/advisories?query=type%3Aunreviewed) will show unreviewed advisories. |
+| {% ifversion GH-advisory-db-supports-malware %} |
+| `type:malware` | [**type:malware**](https://github.com/advisories?query=type%3Amalware) will show malware advisories. |
+| {% endif %} |
+| `type:unreviewed`| [**type:unreviewed**](https://github.com/advisories?query=type%3Aunreviewed) will show unreviewed advisories. |
| `GHSA-ID`| [**GHSA-49wp-qq6x-g2rf**](https://github.com/advisories?query=GHSA-49wp-qq6x-g2rf) will show the advisory with this {% data variables.product.prodname_advisory_database %} ID. |
| `CVE-ID`| [**CVE-2020-28482**](https://github.com/advisories?query=CVE-2020-28482) will show the advisory with this CVE ID number. |
| `ecosystem:ECOSYSTEM`| [**ecosystem:npm**](https://github.com/advisories?utf8=%E2%9C%93&query=ecosystem%3Anpm) will show only advisories affecting npm packages. |
@@ -90,9 +92,9 @@ For any {% data variables.product.company_short %}-reviewed advisory in the {% d
{% ifversion security-advisories-ghes %}
-## Accessing the local advisory database on {% data variables.location.product_location %}
+## Accessing the local advisory database on {% data variables.product.prodname_ghe_server %}
-If your site administrator has enabled {% data variables.product.prodname_github_connect %} for {% data variables.location.product_location %}, you can also browse reviewed advisories locally. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)".
+If your site administrator has enabled {% data variables.product.prodname_github_connect %} for your instance, you can also browse reviewed advisories locally. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)".
You can use your local advisory database to check whether a specific security vulnerability is included, and therefore whether you'd get alerts for vulnerable dependencies. You can also view any vulnerable repositories.
@@ -107,7 +109,7 @@ You can use your local advisory database to check whether a specific security vu
You can also suggest improvements to any advisory directly from your local advisory database. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database#editing-advisories-from-your-github-enterprise-server-instance)".
-### Viewing vulnerable repositories for {% data variables.location.product_location %}
+### Viewing vulnerable repositories for your instance
{% data reusables.repositories.enable-security-alerts %}
diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md
index 43a1c3c025f7..6051382afdcd 100644
--- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md
+++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md
@@ -45,12 +45,12 @@ You can also open a pull request directly on an advisory file in the [github/adv
{% ifversion security-advisories-ghes %}
-## Editing advisories from {% data variables.location.product_location %}
+## Editing advisories from {% data variables.product.prodname_ghe_server %}
-If you have {% data variables.product.prodname_github_connect %} enabled for {% data variables.location.product_location %}, you will be able to see advisories by adding `/advisories` to the instance url.
+If you have {% data variables.product.prodname_github_connect %} enabled on your instance, you will be able to see advisories by adding `/advisories` to the instance url.
1. Navigate to `https://HOSTNAME/advisories`.
1. Select the security advisory you would like to contribute to.
-1. On the right-hand side of the page, click the **Suggest improvements for this vulnerability on {% data variables.product.prodname_dotcom_the_website %}.** link. A new tab opens with the same security advisory on {% data variables.product.prodname_dotcom_the_website %}.
+1. On the right-hand side of the page, click the **Suggest improvements for this vulnerability on {% data variables.product.prodname_dotcom %}.** link. A new tab opens with the same security advisory on {% data variables.product.prodname_dotcom %}.
1. Edit the advisory, following steps four through six in "[Editing advisories in the GitHub Advisory Database](#editing-advisories-in-the-github-advisory-database)" above.
{% endif %}
diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md
index ce2b202a0615..eacd0e259870 100644
--- a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md
+++ b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md
@@ -29,33 +29,9 @@ The instructions below refer to enablement at organization level. For informatio
For more information about configuring notification preferences, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#configuring-notifications-for-private-vulnerability-reporting)."
-## Enabling or disabling private vulnerability reporting for all the existing public repositories in an organization
+## Enabling or disabling private vulnerability reporting for public repositories added to the organization
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling private vulnerability reporting and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
-{% endif %}
-
-1. Under "Code security and analysis", to the right of "Private vulnerability reporting", click **Enable all** or **Disable all**, to enable or disable the feature for all the public repositories within the organization, respectively.
- 
-
-## Enabling or disabling private vulnerability reporting for new public repositories added to the organization
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-
-{% ifversion security-configurations %}
- {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on setting a default {% data variables.product.prodname_security_configuration %} for new public repositories that will automatically enable private vulnerability reporting, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
-{% endif %}
-
-1. Under "Code security and analysis", to the right of the feature, click **Automatically enable for new public repositories**.
- 
-
-1. To the right of "Private vulnerability reporting", click **Enable all** or **Disable all**, to enable or disable the feature for all new public repositories that will be added to the organization, respectively.
+You can enable or disable private vulnerability reporting for new public repositories added to the organization using the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
## What having private vulnerability reporting enabled for a repository looks like for a security researcher
diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md b/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md
index 3e02776285ee..dfa0a2f5b70d 100644
--- a/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md
+++ b/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md
@@ -59,7 +59,7 @@ You can assign different types of credit to people.
| Credit type | Reason |
|-----------------------|--------------------------------------------------------------------------------------------|
| Finder | Identifies the vulnerability |
-| Reporter | Notifies the vendor of the vulnerability to a CNA |
+| Reporter | Notifies the vendor of the vulnerability to a CNA |
| Analyst | Validates the vulnerability to ensure accuracy or severity |
| Coordinator | Facilitates the coordinated response process |
| Remediation developer | Prepares a code change or other remediation plans |
@@ -67,6 +67,7 @@ You can assign different types of credit to people.
| Remediation verifier | Tests and verifies the vulnerability or its remediation |
| Tool | Names of tools used in vulnerability discovery or identification |
| Sponsor | Supports the vulnerability identification or remediation activities |
+
{% endif %}
If someone accepts credit, the person's username appears in the "Credits" section of the security advisory. Anyone with read access to the repository can see the advisory and the people who accepted credit for it.
diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md
index 4b66989c5682..78eb6aaff519 100644
--- a/content/code-security/security-overview/about-security-overview.md
+++ b/content/code-security/security-overview/about-security-overview.md
@@ -43,7 +43,7 @@ Security overview shows which security features are enabled for repositories and
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies)" and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
{% ifversion security-overview-export-data %}
-{% data reusables.security-overview.download-csv-files %} For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages)."
+{% data reusables.security-overview.download-csv-files %} For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
{% endif %}
The views are interactive with filters that allow you to look at the aggregated data in detail and identify sources of high risk or low feature coverage. As you apply multiple filters to focus on narrower areas of interest, all data and metrics across the view change to reflect your current selection. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
@@ -60,7 +60,7 @@ There are also dedicated views for each type of security alert that you can use
## About security overview for organizations
-The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view (beta) to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}
+The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}{% ifversion security-configurations-beta-and-pre-beta %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}{% endif %}
You can find security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
@@ -89,7 +89,7 @@ Each repository is shown in security overview with an indicator for each type of
| Indicator | Meaning |
| -------- | -------- |
| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)." |
-| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." |
+| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." |
| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
| {% octicon "check" aria-label="Enabled" %} | The security feature is enabled, but does not raise alerts in this repository. |
| {% octicon "x" aria-label="Not supported" %} | The security feature is not supported in this repository. |
@@ -128,27 +128,29 @@ For information about permissions, see "[Permission to view data in security ove
If you are an owner or security manager for an organization, you can see data for all the repositories in the organization in all views.
-If you are an organization member, you can view security overview for the organization and see data for repositories where you have access.
+If you are an organization or team member, you can view security overview for the organization and see data for repositories where you have an appropriate level of access.
{% ifversion security-overview-dashboard %}
{% rowheaders %}
-| Organization member with | Overview dashboard (beta) view | Risk and alerts views | Coverage view |
+| Organization or team member with | Overview dashboard view | Risk and alerts views | Coverage view |
|--------------------|-------------|---------------------|---------|
-| `admin` access for one or more repositories | View data for those repositories | View data for those repositories | View data for those repositories, and enable and disable security features |
-| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access for those repositories |
-| Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access for those repositories
+| `admin` access for one or more repositories | View data for those repositories | View data for those repositories | View data for those repositories{% ifversion security-configurations-beta-and-pre-beta %}, and enable and disable security features{% endif %} |
+| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access |
+| `read` or `triage` access for one or more repositories | No access | No access | No access |
+| Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access |
| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories | View allowed alert data for all repositories in all views | No access |
{% endrowheaders %}
{% else %}
{% rowheaders %}
-| Organization member with | Risk and alerts views | Coverage view |
+| Organization or team member with | Risk and alerts views | Coverage view |
|--------------------|-------------|---------------------|
| `admin` access for one or more repositories | View data for those repositories | View data for those repositories, and enable and disable security features |
-| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access for those repositories |
-| Security alert access for one or more repositories | View all security alert data for those repositories | No access for those repositories
+| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access |
+| `read` or `triage` access for one or more repositories | No access | No access |
+| Security alert access for one or more repositories | View all security alert data for those repositories | No access |
| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories in all views | No access |
{% endrowheaders %}
@@ -176,12 +178,17 @@ For more information about access to security alerts and related views, see "[AU
{% endnote %}
{% endif %}
-In the enterprise-level security overview, you can see data for all organizations where you are an organization owner or security manager. However, you cannot use the enterprise-level security overview to enable and disable security features. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
+In the enterprise-level security overview, you can see data for all organizations where you are an organization owner or security manager. {% ifversion security-configurations-beta-and-pre-beta %}However, you cannot use the enterprise-level security overview to enable and disable security features.{% endif %} For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
+{% endif %}
+
+{% ifversion ghec %}
+If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can view data from user-owned repositories in security overview and filter by repository owner type. For more information on {% data variables.enterprise.prodname_managed_users %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
{% endif %}
## Further reading
-* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
-* "[AUTOTITLE](/code-security/getting-started/securing-your-organization)"
+* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"{% ifversion security-configurations-ga %}
+* "[AUTOTITLE](/code-security/securing-your-organization)"{% else %}
+* "[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)"{% endif %}
* "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)"
{% endif %}
diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md
index 9025b126d786..663009aa3122 100644
--- a/content/code-security/security-overview/assessing-adoption-code-security.md
+++ b/content/code-security/security-overview/assessing-adoption-code-security.md
@@ -24,19 +24,15 @@ You can use security overview to see which repositories and teams have already e
-{% note %}
-
-**Note:** "Pull request alerts" are reported as enabled only when {% data variables.product.prodname_code_scanning %} has analyzed at least one pull request since alerts were enabled for the repository.
-
-{% endnote %}
+>[!NOTE] "Pull request alerts" are reported as enabled only when {% data variables.product.prodname_code_scanning %} has analyzed at least one pull request since alerts were enabled for the repository.
{% ifversion security-overview-export-data %}
-You can download a CSV file of the data displayed on the "Security coverage" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages)."
+You can download a CSV file of the data displayed on the "Security coverage" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
{% endif %}
{% ifversion security-overview-tool-adoption %}
-You can use the "Enablement trends" (beta) view to see enablement status and enablement status trends over time for {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %}, or {% data variables.product.prodname_secret_scanning %} for repositories in an organization{% ifversion security-overview-enterprise-enablement-report %}, or across organizations in an enterprise{% endif %}. For each of these features, you can view a graph visualizing the percentage of repositories that have the feature enabled, as well as a detailed table with enablement percentages for different points in time. For more information, see "[Viewing enablement trends for an organization (beta)](#viewing-enablement-trends-for-an-organization-beta){% ifversion security-overview-enterprise-enablement-report %}" and "[Viewing enablement trends for an enterprise (beta)](#viewing-enablement-trends-for-an-enterprise-beta){% endif %}."
+You can use the "Enablement trends" view to see enablement status and enablement status trends over time for {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %}, or {% data variables.product.prodname_secret_scanning %} for repositories in an organization{% ifversion security-overview-enterprise-enablement-report %}, or across organizations in an enterprise{% endif %}. For each of these features, you can view a graph visualizing the percentage of repositories that have the feature enabled, as well as a detailed table with enablement percentages for different points in time. For more information, see "[Viewing enablement trends for an organization](#viewing-enablement-trends-for-an-organization){% ifversion security-overview-enterprise-enablement-report %}" and "[Viewing enablement trends for an enterprise](#viewing-enablement-trends-for-an-enterprise){% endif %}."
{% endif %}
@@ -55,8 +51,11 @@ In the list of repositories, the "Paused" label under "{% data variables.product
+{% ifversion security-configurations-ga %}
+1. You can optionally enable code security features for a repository or selected repositories using the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
+{% endif %}
+{% ifversion security-configurations-beta-and-pre-beta %}
1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)."
-{% ifversion code-security-multi-repo-enablement %}
1. Optionally, select some or all of the repositories that match your current search and click **Security settings** in the table header to display a side panel where you can enable security features for the selected repositories. When you've finished, click **Apply changes** to confirm the changes. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
{% endif %}
@@ -68,13 +67,11 @@ In the list of repositories, the "Paused" label under "{% data variables.product
You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
+{% ifversion security-configurations-beta-and-pre-beta %}
In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. For more information about enabling features, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
+{% endif %}
-{% tip %}
-
-**Tip:** You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-
-{% endtip %}
+{% data reusables.security-overview.enterprise-filters-tip %}
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
{% data reusables.code-scanning.click-code-security-enterprise %}
@@ -87,13 +84,13 @@ In the enterprise-level view, you can view data about the enablement of features
{% ifversion security-overview-tool-adoption %}
-## Viewing enablement trends for an organization (beta)
+## Viewing enablement trends for an organization
-{% note %}
+{% ifversion ghes < 3.15 %}
-**Note:** The "Enablement trends" view is currently in beta and is subject to change.
+> [!NOTE] The "Enablement trends" view is currently in beta and is subject to change.
-{% endnote %}
+{% endif %}
You can view data to assess the enablement status and enablement status trends of code security features for an organization.
@@ -103,29 +100,25 @@ You can view data to assess the enablement status and enablement status trends o
1. Click on one of the tabs for "{% data variables.product.prodname_dependabot %}", "{% data variables.product.prodname_code_scanning_caps %}", or "{% data variables.product.prodname_secret_scanning_caps %}" to view enablement trends and the percentage of repositories in your organization with that feature enabled. This data is displayed as a graph and a detailed table.
1. Optionally, use the options at the top of the "Enablement trends" view page to filter the group of repositories you want to see enablement trends for.
* Use the date picker to set the time range that you want to view enablement trends for.
- * Click in the search box to add further filters on the enablement trends displayed. The filters you can apply are the same as those for the "Overview" dashboard (beta) view. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+ * Click in the search box to add further filters on the enablement trends displayed. The filters you can apply are the same as those for the "Overview" dashboard view. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+ 
- 
-
{% endif %}
{% ifversion security-overview-enterprise-enablement-report %}
-## Viewing enablement trends for an enterprise (beta)
+## Viewing enablement trends for an enterprise
-{% note %}
+{% ifversion ghes < 3.15 %}
-**Note:** The "Enablement trends" view is currently in beta and is subject to change.
+> [!NOTE] The "Enablement trends" view is currently in beta and is subject to change.
-{% endnote %}
+{% endif %}
You can view data to assess the enablement status and enablement status trends of code security features across organizations in an enterprise.
-{% tip %}
-
-**Tip:** You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-
-{% endtip %}
+>[!TIP] You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
{% data reusables.code-scanning.click-code-security-enterprise %}
diff --git a/content/code-security/security-overview/assessing-code-security-risk.md b/content/code-security/security-overview/assessing-code-security-risk.md
index 30c09b32b699..e722aad442fa 100644
--- a/content/code-security/security-overview/assessing-code-security-risk.md
+++ b/content/code-security/security-overview/assessing-code-security-risk.md
@@ -28,7 +28,7 @@ You can use security overview to see which repositories and teams are free from
{% ifversion security-overview-export-data %}
-You can download a CSV file of the data displayed on the "Security risk" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages)."
+You can download a CSV file of the data displayed on the "Security risk" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
{% endif %}
{% note %}
@@ -74,11 +74,7 @@ You can download a CSV file of the data displayed on the "Security risk" page. T
You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
-{% tip %}
-
-**Tip:** You can use the `org:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-
-{% endtip %}
+{% data reusables.security-overview.enterprise-filters-tip %}
{% endif %}
diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
index 10f309b08cdb..655c0db571ae 100644
--- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
+++ b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
@@ -6,7 +6,7 @@ permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
allowTitleToDifferFromFilename: true
versions:
- feature: code-security-multi-repo-enablement
+ feature: security-configurations-beta-and-pre-beta
type: how_to
topics:
- Security overview
@@ -29,7 +29,7 @@ You can use checkboxes to select which repositories you want to include, or use
For more information on filters you can use in different parts of security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-For more information about the different ways of enabling security features in an organization, see "[AUTOTITLE](/code-security/getting-started/securing-your-organization)."
+For more information about the different ways of enabling security features in an organization, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %}
## Enabling security features for multiple repositories
diff --git a/content/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages.md b/content/code-security/security-overview/exporting-data-from-security-overview.md
similarity index 57%
rename from content/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages.md
rename to content/code-security/security-overview/exporting-data-from-security-overview.md
index 7e4b4dbdf829..d30dd00691d3 100644
--- a/content/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages.md
+++ b/content/code-security/security-overview/exporting-data-from-security-overview.md
@@ -1,7 +1,7 @@
---
-title: Exporting data from the risk and coverage pages
+title: Exporting data from security overview
shortTitle: Export data
-intro: You can export CSV files of your risk and coverage data from security overview.
+intro: You can export CSV files of your organization's{% ifversion security-overview-export-dashboard-data %} overview,{% endif %} risk and coverage data from security overview.
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
versions:
@@ -13,12 +13,16 @@ topics:
- Alerts
- Organizations
- Teams
+redirect_from:
+ - /code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages
---
-## About exporting your risk and coverage data
+## About exporting your security overview data
{% data reusables.security-overview.download-csv-files %}
+{% ifversion security-overview-export-dashboard-data %}The overview page contains data about security alerts across your organization, while the risk and coverage pages contain data about repositories and how they are affected by security alerts or covered by security features.{% endif %}
+
The CSV file you download will contain data corresponding to the filters you have applied to security overview. For example, if you add the filter `dependabot-alerts:enabled`, your file will only contain data for repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}.
{% note %}
@@ -27,15 +31,15 @@ The CSV file you download will contain data corresponding to the filters you hav
{% endnote %}
-## Exporting risk or coverage data from your organization's security overview
+## Exporting data from your organization's security overview
{% data reusables.profile.access_org %}
-1. In the "Organizations" section, select the organization for which you would like to download risk and/or coverage data.
-{% data reusables.organizations.security-overview %} By default, you will see the risk page of your organization's security overview.
-1. If you would instead like to download coverage data for your organization, in the "Security" sidebar, click {% octicon "meter" aria-hidden="true" %} **Coverage**.
+1. In the "Organizations" section, select the organization for which you would like to download security overview data.
+{% data reusables.organizations.security-overview %}
+1. In the "Security" sidebar, choose the page that you want to export data from by clicking on {% ifversion security-overview-export-dashboard-data %}**{% octicon "graph" aria-hidden="true" %}Overview**, {% endif %}**{% octicon "meter" aria-hidden="true" %} Coverage** or **{% octicon "shield" aria-hidden="true" %} Risk**.
1. Next to the search bar, click {% octicon "download" aria-hidden="true" %} **Export CSV**.
- It may take a moment for {% data variables.product.product_name %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready.
+ It may take a moment for {% data variables.product.product_name %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. {% ifversion security-overview-export-dashboard-data %}If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV.{% endif %}
{% ifversion secret-scanning-non-provider-patterns %}
diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
index 8eccec990738..33ce7de4a650 100644
--- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md
+++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
@@ -56,10 +56,12 @@ In all views, there are two methods for filtering results by repository name.
You can also filter by repository visibility (internal, private, or public) and archive status.
| Qualifier | Description | Views |
-|--------|--------|------|{% ifversion security-overview-dashboard %}
-| `visibility` | Display data for all repositories that are `public`, `private`, or `internal`. | "Overview" and metrics{% endif %}
-| `is` | Display data for all repositories that are `public`, `private`, or `internal`. | "Risk" and "Coverage"
-| `archived` | Display only data for archived (`true`) or active (`false`) repositories. | All except "Alerts" views
+|--------|--------|------|
+| {% ifversion security-overview-dashboard %} |
+| `visibility` | Display data for all repositories that are `public`, `private`, or `internal`. | "Overview" and metrics |
+| {% endif %} |
+| `is` | Display data for all repositories that are `public`, `private`, or `internal`. | "Risk" and "Coverage" |
+| `archived` | Display only data for archived (`true`) or active (`false`) repositories. | All except "Alerts" views |
## Team and topic filters
@@ -92,13 +94,15 @@ If you add custom properties to your organization and set values for repositorie
## Repository owner name and type filters
-In enterprise-level views, you can limit the data to repositories owned by a single organization in your enterprise or an {% data variables.product.prodname_emu %} (EMU) account. Alternatively, you can filter by account owner type.
+In enterprise-level views, you can limit the data to repositories owned by a single organization in your enterprise{% ifversion ghec %} or an {% data variables.product.prodname_emu %} (EMU) account. If you are an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can also filter by repository owner type{% endif %}.
| Qualifier | Description | Views |
| -------- | -------- | ------ |
-| `owner` | Display data for all repositories owned by one account owner. | Most views
-| `owner-type` | Display data for all repositories owned by an organization or a user account in your enterprise. | "Risk", "Coverage" and {% data variables.secret-scanning.alerts %}
-| `org` | Display data for repositories owned by one organization. | {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_code_scanning %} alerts
+| `owner` | Display data for all repositories owned by one account owner. | Most views |
+| {% ifversion ghec %} |
+| `owner-type` | Display data for all repositories owned by an organization or a user account in your enterprise. | Most views, but only if you are an owner of an {% data variables.enterprise.prodname_emu_enterprise %} |
+| {% endif %} |
+| `org` | Display data for repositories owned by one organization. | {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_code_scanning %} alerts |
{% elsif security-overview-org-risk-coverage-enterprise %}
@@ -219,6 +223,6 @@ All {% data variables.product.prodname_code_scanning %} alerts have one of the c
|`confidence`|Display {% data variables.secret-scanning.alerts %} of high (`high`) or other (`other`) confidence.|
|`is`|Display {% data variables.secret-scanning.alerts %} that are open (`open`) or closed (`closed`).|
|`provider` | Display alerts for all secrets issued by a specified provider, for example: `adafruit`. |
-|`resolution`| Display {% data variables.secret-scanning.alerts %} closed as "false positive" (`false-postive`), "pattern deleted" (`pattern-deleted`), "pattern edited' (`pattern-edited`), "revoked" (`revoked`) "used in tests" (`used-in-tests`), or "won't fix" (`wont-fix`).|
+|`resolution`| Display {% data variables.secret-scanning.alerts %} closed as "false positive" (`false-positive`), "pattern deleted" (`pattern-deleted`), "pattern edited' (`pattern-edited`), "revoked" (`revoked`) "used in tests" (`used-in-tests`), or "won't fix" (`wont-fix`).|
|`sort`| Display alerts from newest to oldest (`created-desc`), oldest to newest (`created-asc`), most recently updated (`updated-desc`), or least recently updated (`updated-asc`).|
|`secret-type` | Display alerts for the specified secret and provider (`provider-pattern`) or custom pattern (`custom-pattern`). |
diff --git a/content/code-security/security-overview/index.md b/content/code-security/security-overview/index.md
index 687f7bb8e235..2672e044e02b 100644
--- a/content/code-security/security-overview/index.md
+++ b/content/code-security/security-overview/index.md
@@ -18,6 +18,7 @@ children:
- /assessing-code-security-risk
- /filtering-alerts-in-security-overview
- /enabling-security-features-for-multiple-repositories
- - /exporting-data-from-the-risk-and-coverage-pages
- - /viewing-metrics-for-secret-scanning-push-protection-in-your-organization
+ - /exporting-data-from-security-overview
+ - /viewing-metrics-for-secret-scanning-push-protection
+ - /viewing-metrics-for-pull-request-alerts
---
diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md
new file mode 100644
index 000000000000..1608e8783bbf
--- /dev/null
+++ b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md
@@ -0,0 +1,50 @@
+---
+title: Viewing metrics for pull request alerts
+shortTitle: View PR alert metrics
+allowTitleToDifferFromFilename: true
+intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organization, and to identify repositories where you may need to take action.'
+permissions: '{% data reusables.security-overview.permissions %}'
+product: '{% data reusables.gated-features.security-overview %}'
+type: how_to
+topics:
+ - Security overview
+ - Advanced Security
+ - Code scanning
+ - CodeQL
+ - Organizations
+ - Teams
+versions:
+ feature: security-overview-org-codeql-pr-alerts
+---
+
+## About {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization
+
+The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts helps you to understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in your organization. You can use the metrics to assess how {% data variables.product.prodname_codeql %} is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks.
+
+The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organization.
+
+You can also find more granular metrics, such as how many alerts were:
+
+* Fixed with and without {% data variables.product.prodname_copilot_autofix_short %} suggestions.
+* Unresolved and merged.
+* Dismissed as false positive.
+* Dismissed as risk accepted.
+
+You can also view the most common rules that are causing alerts in your organization.
+
+You can also apply filters to the data. The metrics are based on activity from the default period or your selected period.
+
+
+
+## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**.
+1. Optionally, use the date picker to set the time range. The date picker will show data based on the pull request alerts' creation dates.
+1. Optionally, apply filters in the search box at the top of the page.
+1. Alternatively, you can open the advanced filter dialog:
+ * At the top of the page, next to the search box, click {% octicon "filter" aria-hidden="true" %} **Filter**.
+ * Click {% octicon "plus" aria-hidden="true" %} **Add a filter**, then select a filter from the dropdown menu.
+ * To search for repositories matching the selected filter, fill out the available fields for that filter, then click **Apply**. You can repeat this process to add as many filters as you would like to your search.
+ * Optionally, to remove a filter from your search, click {% octicon "filter" aria-hidden="true" %} **Filter**. In the row of the filter you want to remove, click {% octicon "x" aria-label="Delete FILTER-NUMBER: FILTER-PROPERTIES" %}, then click **Apply**.
diff --git a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization.md b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md
similarity index 61%
rename from content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization.md
rename to content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md
index 146064fcb729..0e7786b87e1d 100644
--- a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization.md
+++ b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md
@@ -1,11 +1,13 @@
---
-title: Viewing metrics for secret scanning push protection in your organization
+title: Viewing metrics for secret scanning push protection
shortTitle: View secret scanning metrics
allowTitleToDifferFromFilename: true
-intro: 'You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization, and to identify repositories where you may need to take action.'
+intro: 'You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action.'
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
type: how_to
+redirect_from:
+- /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization
topics:
- Security overview
- Advanced Security
@@ -20,9 +22,9 @@ versions:
## About metrics for {% data variables.product.prodname_secret_scanning %} push protection
-If you are an organization owner or security manager, the metrics overview for {% data variables.product.prodname_secret_scanning %} push protection helps you to understand how well you are preventing security leaks in your organization. You can use the metrics to assess how push protection is performing, and to easily identify the repositories where you may need to take action in order to prevent leaks of sensitive information.
+The metrics overview for {% data variables.product.prodname_secret_scanning %} push protection helps you to understand how well you are preventing security leaks in your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or across organizations in your enterprise{% endif %}. You can use the metrics to assess how push protection is performing, and to easily identify the repositories where you may need to take action in order to prevent leaks of sensitive information.
-The overview shows you a summary of how many pushes containing secrets have been successfully blocked across your organization by push protection, as well as how many times push protection was bypassed.
+The overview shows you a summary of how many pushes containing secrets have been successfully blocked by push protection, as well as how many times push protection was bypassed.
You can also find more granular metrics, such as:
* The secret types that have been blocked or bypassed the most
@@ -50,9 +52,26 @@ The metrics are based on activity from the default period or your selected perio
{% endif %}
-## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection
+## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection for an organization
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}**.
1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your organization.
+{% data reusables.security-overview.filter-secret-scanning-metrics %}
+
+{% ifversion security-overview-enterprise-secret-scanning-metrics %}
+
+## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection for an enterprise
+
+You can view metrics for {% data variables.product.prodname_secret_scanning %} push protection across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
+
+{% data reusables.security-overview.enterprise-filters-tip %}
+
+{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+1. In the sidebar, click **{% data variables.product.prodname_secret_scanning_caps %} metrics**.
+1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your enterprise.
+{% data reusables.security-overview.filter-secret-scanning-metrics %}
+
+{% endif %}
diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md
index 2cbee5f0a571..c25d2bd2109d 100644
--- a/content/code-security/security-overview/viewing-security-insights.md
+++ b/content/code-security/security-overview/viewing-security-insights.md
@@ -17,8 +17,12 @@ redirect_from:
allowTitleToDifferFromFilename: true
---
+{% ifversion ghes < 3.14 %}
+
{% data reusables.security-overview.beta-overview-dashboard %}
+{% endif %}
+
## {% ifversion security-overview-dashboard-enterprise %}About security insights{% else %} About organization-level security insights{% endif %}
The overview page in security overview is a consolidated dashboard of insights about your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}'s security landscape and progress. You can use the dashboard to monitor the health of your application security program, collaborate with engineering teams, and gather data for benchmarking purposes.
@@ -33,7 +37,11 @@ You can view a variety of metrics about the security alerts in your organization
* The "Remediation" section shows information about how alerts are resolved and alert activity over time.
* The "Impact analysis" section shows the repositories that pose the highest potential security risk in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}.
-You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. {% ifversion security-overview-additional-tools %}By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools. This feature is in beta, and is subject to change.{% endif %} For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. {% ifversion security-overview-additional-tools %}By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools.{% endif %} For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+{% ifversion security-overview-export-dashboard-data %}
+You can download a CSV file of the overview dashboard data for your organization. This data file can integrate easily with external datasets, so you may find it useful for security research, data analysis, and more. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
+{% endif %}
{% ifversion security-overview-dashboard-enterprise %}Enterprise members can access the overview page for organizations in their enterprise. {% endif %}The metrics you see will depend on your role and repository permissions. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
@@ -56,6 +64,8 @@ Keep in mind that the overview page tracks changes over time for security alert
## Viewing the security overview dashboard for your enterprise
+{% data reusables.security-overview.enterprise-filters-tip %}
+
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
{% data reusables.code-scanning.click-code-security-enterprise %}
{% data reusables.security-overview.filter-and-toggle %}
@@ -76,9 +86,7 @@ Keep in mind that the overview page tracks changes over time for security alert
{% endif %}
{% ifversion security-overview-additional-tools %}
-
-Some metrics in the security overview dashboard include a trend indicator, which shows the percentage gain or loss for the chosen time period relative to previous period. For example, when you select a week with 10 alerts, if the previous week had 20 alerts, the trend indicator reports that the metric has dropped by 50%. If the average age of the open alerts is 15 days, and for the previous period it was 5 days, the trend indicator reports that the metric has risen by 200%. This feature is in beta, and is subject to change. This feature is in beta, and is subject to change.
-
+Some metrics in the security overview dashboard include a trend indicator, which shows the percentage gain or loss for the chosen time period relative to previous period. For example, when you select a week with 10 alerts, if the previous week had 20 alerts, the trend indicator reports that the metric has dropped by 50%. If the average age of the open alerts is 15 days, and for the previous period it was 5 days, the trend indicator reports that the metric has risen by 200%.
{% endif %}
>[!NOTE]
@@ -102,12 +110,6 @@ The age of each open alert is calculated by subtracting the date the alert was c
### Reopened alerts
-{% note %}
-
-**Note:** The "Reopened alerts" metric is in beta, and is subject to change.
-
-{% endnote %}
-
The "Reopened alerts" metric is the total open alerts that were reopened during the chosen time period. Only alerts that are open at the end of the reporting period are reported. This includes:
* Alerts that were closed as of the day before the chosen time period, and that remain open at the end of the period.
@@ -122,9 +124,9 @@ The "Secrets bypassed / blocked" metric shows the ratio of secrets bypassed to t
You can also see how many secrets were successfully blocked, which is calculated by subtracting the number of secrets bypassed from the total number of secrets blocked by push protection. A secret is considered to have been successfully blocked when it has been corrected, and not committed to the repository.
-{% ifversion security-overview-additional-tools %}You can click **View details** to view the {% data variables.product.prodname_secret_scanning %} report with the same filters and time period selected. This feature is in beta, and is subject to change.{% endif %}
+{% ifversion security-overview-additional-tools %}You can click **View details** to view the {% data variables.product.prodname_secret_scanning %} report with the same filters and time period selected.{% endif %}
-For more information on secret scanning push protection metrics, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization)."
+For more information on secret scanning push protection metrics, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection)."
### Mean time to remediate
@@ -138,23 +140,19 @@ The "Net resolve rate" metric is the rate at which alerts are being closed. This
The rate is calculated by dividing the number of alerts that were closed and remained closed during the chosen time period, by the number of alerts created during the time period.
-{% note %}
-
-**Note:** The net resolve rate takes into account any new and any closed alerts during the chosen time period. This means that the set of new alerts and set of closed alerts used for the calculation do not necessarily correspond, since they may represent different populations of alerts.
-
-{% endnote %}
+>[!NOTE] The net resolve rate takes into account any new and any closed alerts during the chosen time period. This means that the set of new alerts and set of closed alerts used for the calculation do not necessarily correspond, since they may represent different populations of alerts.
Alerts that are reopened and re-closed during the chosen time period are ignored.
{% ifversion code-scanning-autofix %}
-### Autofix suggestions
+### {% data variables.product.prodname_copilot_autofix_short %} suggestions
-{% data reusables.rai.code-scanning.beta-autofix %}
+{% data reusables.rai.code-scanning.autofix-note %}
-Autofix, powered by {% data variables.product.prodname_copilot %}, is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
-The "Autofix suggestions" metric is the total number of Autofix suggestions generated in open and closed pull requests during the chosen time period.
+The "{% data variables.product.prodname_copilot_autofix_short %} suggestions" metric is the total number of {% data variables.product.prodname_copilot_autofix_short %} suggestions generated in open and closed pull requests during the chosen time period.
{% endif %}
@@ -168,12 +166,6 @@ Green bars represent the number of new alerts created during the segmented time
### Impact analysis table
-{% note %}
-
-**Note:** The "Impact analysis" table is in beta, and is subject to change.
-
-{% endnote %}
-
The impact analysis table has separate tabs showing data for: "Repositories" and "Advisories".
* The "Repositories" tab shows the top 10 repositories with the most open alerts at the end of the chosen time period, ranked by the total number of open alerts. For each repository, the total number of open alerts is shown alongside a breakdown by severity.
diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md
index 498ad728c100..c3ce69576dd6 100644
--- a/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md
+++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md
@@ -37,4 +37,4 @@ Everyone's needs are different, so each guide starts with the highest impact cha
* [Safeguarding artifact integrity across any software supply chain](https://slsa.dev/)
* [Microsoft Supply Chain Integrity Model](https://github.com/microsoft/scim)
-* [Software Supply Chain Security Paper - CNCF Security Technical Advisory Group](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf)
+* [Software Supply Chain Security Paper - CNCF Security Technical Advisory Group](https://github.com/cncf/tag-security/blob/main/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf)
diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md
index 001b6f84400a..e422506f6ed8 100644
--- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md
+++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md
@@ -21,7 +21,7 @@ This guide describes the highest impact changes you can make to increase account
## What's the risk?
-Account security is fundamental to the security of your supply chain. If an attacker can take over your account on {% data variables.product.product_name %}, they can then make malicious changes to your code or build process. So your first goal should be to make it difficult for someone to take over your account and the accounts of other {% ifversion ghes %}users{% else %}members{% endif %} of {% ifversion fpt %}your organization{% elsif ghec %}your organization or enterprise{% elsif ghes %}{% data variables.location.product_location %}{% endif %}.
+Account security is fundamental to the security of your supply chain. If an attacker can take over your account on {% data variables.product.product_name %}, they can then make malicious changes to your code or build process. So your first goal should be to make it difficult for someone to take over your account and the accounts of other {% ifversion ghes %}users{% else %}members{% endif %} of {% ifversion fpt %}your organization{% elsif ghec %}your organization or enterprise{% elsif ghes %}your instance{% endif %}.
{% ifversion ghec or ghes %}
@@ -32,7 +32,7 @@ Account security is fundamental to the security of your supply chain. If an atta
{% ifversion ghec %}
If you're an enterprise or organization owner, you can configure centralized authentication with SAML. While you can add or remove members manually, it's simpler and more secure to set up single sign-on (SSO) and SCIM between {% data variables.product.product_name %} and your SAML identity provider (IdP). This also simplifies the authentication process for all members of your enterprise.
-You can configure SAML authentication for an enterprise or organization account. With SAML, you can grant access to the personal accounts of members of your enterprise or organization on {% data variables.location.product_location %} through your IdP, or you can create and control the accounts that belong to your enterprise by using {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise)."
+You can configure SAML authentication for an enterprise or organization account. With SAML, you can grant access to the personal accounts of members of your enterprise or organization on {% data variables.product.prodname_dotcom %} through your IdP, or you can create and control the accounts that belong to your enterprise by using {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise)."
After you configure SAML authentication, when members request access to your resources, they'll be directed to your SSO flow to ensure they are still recognized by your IdP. If they are unrecognized, their request is declined.
@@ -40,7 +40,7 @@ Some IdPs support a protocol called SCIM, which can automatically provision or d
{% endif %}
{% ifversion ghes %}
-If you're the site administrator for {% data variables.location.product_location %}, you can simplify the login experience for users by choosing an authentication method that connects with your existing identity provider (IdP), like CAS, SAML, or LDAP. This means that they no longer need to remember an extra password for {% data variables.product.prodname_dotcom %}.
+If you're the site administrator for your instance, you can simplify the login experience for users by choosing an authentication method that connects with your existing identity provider (IdP), like CAS, SAML, or LDAP. This means that they no longer need to remember an extra password for {% data variables.product.prodname_dotcom %}.
Some authentication methods also support communicating additional information to {% data variables.product.product_name %}, for example, what groups the user is a member of, or synchronizing cryptographic keys for the user. This is a great way to simplify your administration as your organization grows.
@@ -53,11 +53,11 @@ For more information about the authentication methods available for {% data vari
{% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
{% endif %}
-The best way to improve the security of {% ifversion fpt %}your personal account{% elsif ghes %}your personal account or {% data variables.location.product_location %}{% elsif ghec %}your accounts{% endif %} is to configure two-factor authentication (2FA). Passwords by themselves can be compromised by being guessable, by being reused on another site that's been compromised, or by social engineering, like phishing. 2FA makes it much more difficult for your accounts to be compromised, even if an attacker has your password.
+The best way to improve the security of {% ifversion fpt %}your personal account{% elsif ghes %}your personal account or your instance{% elsif ghec %}your accounts{% endif %} is to configure two-factor authentication (2FA). Passwords by themselves can be compromised by being guessable, by being reused on another site that's been compromised, or by social engineering, like phishing. 2FA makes it much more difficult for your accounts to be compromised, even if an attacker has your password.
As a best practice, to ensure both security and reliable access to your account, you should always have at least two second-factor credentials registered on your account. Extra credentials ensures that even if you lose access to one credential, you won't be locked out of your account.{% ifversion fpt or ghec %}
-Additionally, you should prefer{% ifversion passkeys %} passkeys and{% endif %} security keys over authenticator apps (called TOTP apps) and avoid use of SMS whenever possible. Both SMS-based 2FA and TOTP apps are vulnerable to phishing, and do not provide the same level of protection as {% ifversion passkeys %}passkeys and {% endif %}security keys. SMS is no longer recommended under the [NIST 800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html) digital identity guidelines.
+Additionally, you should prefer{% ifversion passkeys %} passkeys and{% endif %} security keys over authenticator apps (called TOTP apps) and avoid use of SMS whenever possible. Both SMS-based 2FA and TOTP apps are vulnerable to phishing, and do not provide the same level of protection as {% ifversion passkeys %}passkeys and {% endif %}security keys. SMS is no longer recommended under the [NIST 800-63B](https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-63b.pdf) digital identity guidelines.
{% endif %}{% ifversion mandatory-2fa-dotcom-contributors %}{% ifversion ghec %}
If service accounts in your organization have been selected for 2FA enrollment by {% data variables.product.prodname_dotcom %}, their tokens and keys will continue to work after the deadline without interruption. Only access to {% data variables.product.prodname_dotcom %} through the website UI will be blocked until the account has enabled 2FA. We recommend setting up TOTP as the second factor for service accounts, and storing the TOTP secret exposed during setup in your company's shared password manager, with access to the secrets controlled through SSO.
@@ -68,7 +68,7 @@ If you're an enterprise owner, you may be able to configure a policy to require
{% endif %}
{% ifversion ghes %}
-If you're the site administrator for {% data variables.location.product_location %}, you may be able to configure 2FA for all users of your instance. The availability of 2FA on {% data variables.product.product_name %} depends on the authentication method that you use. For more information, see "[Centralize authentication](#centralize-authentication)."
+If you're the site administrator for your instance, you may be able to configure 2FA for all users of your instance. The availability of 2FA on {% data variables.product.product_name %} depends on the authentication method that you use. For more information, see "[Centralize authentication](#centralize-authentication)."
{% endif %}
If you're an organization owner, then you {% ifversion fpt %}can{% else %}may be able to{% endif %} require that all members of the organization enable 2FA.
@@ -82,14 +82,14 @@ To learn more about enabling 2FA on your own account, see "[AUTOTITLE](/authenti
Enterprise owners may be able to require 2FA for all {% ifversion ghes %}users on{% elsif ghec %}members of{% endif %} the {% ifversion ghes %}instance{% elsif ghec %}enterprise{% endif %}. The availability of 2FA policies on {% data variables.product.product_name %} depends on how {% ifversion ghes %}users{% else %}members{% endif %} authenticate to access your {% ifversion ghes %}instance{% elsif ghec %}enterprise's resources{% endif %}.
{% ifversion ghes %}
-* If you sign into {% data variables.location.product_location %} through an external IdP using CAS or SAML SSO, you
+* If you sign into {% data variables.product.prodname_ghe_server %} through an external IdP using CAS or SAML SSO, you
{% elsif ghec %}
If your enterprise uses {% data variables.product.prodname_emus %} or SAML authentication is enforced for your enterprise, you
{%- endif %} cannot configure 2FA on {% data variables.product.product_name %}. Someone with administrative access to your IdP must configure 2FA for the IdP.
{% ifversion ghes %}
-* If you sign into {% data variables.location.product_location %} through an external LDAP directory, you can require 2FA for your enterprise on {% data variables.product.product_name %}. If you allow built-in authentication for users outside of your directory, individual users can enable 2FA, but you cannot require 2FA for your enterprise.
+* If you sign into {% data variables.product.prodname_ghe_server %} through an external LDAP directory, you can require 2FA for your enterprise on {% data variables.product.product_name %}. If you allow built-in authentication for users outside of your directory, individual users can enable 2FA, but you cannot require 2FA for your enterprise.
{% endif %}
@@ -102,7 +102,7 @@ For more information, see {% ifversion ghec %}"[AUTOTITLE](/admin/identity-and-a
{% ifversion ghec or ghes %}
{% note %}
-**Note**: Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured for {% ifversion ghec %}your enterprise on {% endif %}{% data variables.location.product_location %}, you may not be able to enable 2FA for your personal account.
+**Note**: Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured, you may not be able to enable 2FA for your personal account.
{% endnote %}
{% endif %}
@@ -116,7 +116,7 @@ When you set up 2FA, you should always download the recovery codes and set up mo
{% ifversion ghec or ghes %}
{% note %}
-**Note**: Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured for {% ifversion ghec %}your enterprise on {% endif %}{% data variables.location.product_location %}, you may not be able to require 2FA for your organization.
+**Note**: Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured, you may not be able to require 2FA for your organization.
{% endnote %}
{% endif %}
diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md
index 22e60d20ecc6..d5498bcadcf4 100644
--- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md
+++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md
@@ -43,8 +43,6 @@ In addition to the security benefits, {% data variables.product.prodname_actions
## Generate artifact attestations for your builds
-{% data reusables.actions.artifact-attestations-public-beta-note %}
-
{% data reusables.actions.about-artifact-attestations %}
Artifact attestations include a signature over a built artifact, along with links to the source code and build instructions. If you sign your build with artifact attestations, you do not have to manage your own signing key material. {% data variables.product.prodname_dotcom %} handles this for you with the signing authority we operate.
diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md
index 4050c6dab3a0..d6ff8da471a8 100644
--- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md
+++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md
@@ -74,20 +74,20 @@ Code often needs to communicate with other systems over a network, and requires
{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
{% ifversion fpt or ghec %}
-{% data variables.product.prodname_dotcom %} partners with many providers to automatically detect when secrets are committed to or stored in your public repositories and public npm packages you depend on, and will notify the provider so they can take appropriate actions to ensure your account remains secure. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-partners)."
+{% data variables.product.prodname_dotcom %} partners with many providers to automatically detect when secrets are committed to or stored in your public repositories and public npm packages you depend on, and will notify the provider so they can take appropriate actions to ensure your account remains secure. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts##about-partner-alerts)."
{% endif %}
{% ifversion fpt %}
You can enable and configure additional scanning that will alert you about accidentally leaked secrets on {% data variables.product.product_name %} if you own:
- * public repositories on {% data variables.product.prodname_dotcom_the_website %}.
- * an organization using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %}. {% data variables.product.prodname_secret_scanning_caps %} will also analyze your private repositories.
+ * Public repositories on {% data variables.product.prodname_dotcom %}.
+ * An organization using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %}. {% data variables.product.prodname_secret_scanning_caps %} will also analyze your private repositories.
{% elsif secret-scanning-user-owned-repos %}
If your organization uses {% data variables.product.prodname_GH_advanced_security %}, you can enable {% data variables.secret-scanning.user_alerts %} on any repository owned by the organization, including private repositories. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
-You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
+You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-secret-scanning-alerts)."
{% else %}
-You can configure {% data variables.product.prodname_secret_scanning %} to check for secrets issued by many service providers and to notify you when any are detected. You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
+You can configure {% data variables.product.prodname_secret_scanning %} to check for secrets issued by many service providers and to notify you when any are detected. You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)."
{% endif %}
### Secure storage of secrets you use in {% data variables.product.product_name %}
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index 9a66c3ebe239..24305bef9717 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -47,10 +47,16 @@ The dependency review feature becomes available when you enable the dependency g
The action is available for all {% ifversion fpt or ghec %}public repositories, as well as private {% endif %}repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
+{% data reusables.dependency-review.org-level-enforcement %}
+
{% data reusables.dependency-review.action-enterprise %}
{% data reusables.dependency-review.about-dependency-review-action %}
+
+
+{% data reusables.dependency-review.about-dependency-review-action2 %}
+
The action uses the dependency review REST API to get the diff of dependency changes between the base commit and head commit. You can use the dependency review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[AUTOTITLE](/rest/dependency-graph/dependency-review)."{% ifversion dependency-review-submission-api %} The action also considers dependencies submitted via the {% data variables.dependency-submission-api.name %}. For more information about the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
{% data reusables.dependency-review.works-with-submission-api-beta %}
@@ -90,3 +96,7 @@ If you don’t use {% data variables.product.prodname_actions %}, and your code
* Implement a retry logic with exponential backoff retries.
* Implement a reasonable number of retries to account for the typical runtime of your dependency submission code.
{% endif %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration)"
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
index f3b0a913e77b..153ee534a9e0 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
@@ -21,7 +21,11 @@ topics:
## About supply chain security at GitHub
-With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and replace any malware{% endif %}.
+When developing a software project, you likely use other software to build and run your application, such as open-source libraries, frameworks or other tools. These resources are collectively referred to as your “dependencies”, because your project depends on them to function properly. Your project could rely on hundreds of these dependencies, forming what is known as your "supply chain".
+
+Your supply chain can pose a security problem. If one of your dependencies has a known security weakness or a bug, malicious actors could exploit this vulnerability to, for example, insert malicious code ("malware"), steal sensitive data, or cause some other type of disruption to your project. This type of threat is called a "supply chain attack". Having vulnerable dependencies in your supply chain compromises the security of your own project, and you put your users at risk, too.
+
+One of the most important things you can do to protect your supply chain is to patch your vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and replace any malware{% endif %}.
You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency.
@@ -104,7 +108,7 @@ The term "{% data variables.product.prodname_dependabot %}" encompasses the foll
* {% data variables.product.prodname_dependabot %} performs a scan to detect insecure dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when:
{% ifversion fpt or ghec %}
* A new advisory is added to the {% data variables.product.prodname_advisory_database %}.{% else %}
- * New advisory data is synchronized to {% data variables.location.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
+ * New advisory data is synchronized to your instance each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
* The dependency graph for the repository changes.
* {% data variables.product.prodname_dependabot_alerts %} are displayed on the **Security** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version.
@@ -155,7 +159,7 @@ Any repository type:
{% ifversion ghes %}
* **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-* **Dependency review**—available when dependency graph is enabled for {% data variables.location.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+* **Dependency review**—available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
{% endif %}
{% ifversion ghes %}
* **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
index d7a3ac788945..962ae5dc9d1c 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
@@ -45,12 +45,12 @@ For more information about configuration of the dependency graph, see "[AUTOTITL
## Dependencies included
-The dependency graph includes all the dependencies of a repository that are detailed in the manifest and lock files, or their equivalent, for supported ecosystems, as well as any dependencies that are submitted using the {% data variables.dependency-submission-api.name %} (beta). This includes:
+The dependency graph includes all the dependencies of a repository that are detailed in the manifest and lock files, or their equivalent, for supported ecosystems, as well as any dependencies that are submitted using the {% data variables.dependency-submission-api.name %}. This includes:
-* Direct dependencies, that are explicitly defined in a manifest or lock file or have been submitted using the {% data variables.dependency-submission-api.name %} (beta)
+* Direct dependencies, that are explicitly defined in a manifest or lock file or have been submitted using the {% data variables.dependency-submission-api.name %}
* Indirect dependencies of these direct dependencies, also known as transitive dependencies or sub-dependencies
-The dependency graph identifies indirect dependencies{% ifversion fpt or ghec %} only if they are defined in a lock file or have been submitted using the {% data variables.dependency-submission-api.name %} (beta). For the most reliable graph, you should use lock files (or their equivalent) because they define exactly which versions of the direct and indirect dependencies you currently use. If you use lock files, you also ensure that all contributors to the repository are using the same versions, which will make it easier for you to test and debug code{% else %} from the lock files{% endif %}. If your ecosystem does not have lock files, you can use pre-made actions that resolve transitive dependencies for many ecosystems. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#using-pre-made-actions)."
+The dependency graph identifies indirect dependencies{% ifversion fpt or ghec %} only if they are defined in a lock file or have been submitted using the {% data variables.dependency-submission-api.name %}. For the most reliable graph, you should use lock files (or their equivalent) because they define exactly which versions of the direct and indirect dependencies you currently use. If you use lock files, you also ensure that all contributors to the repository are using the same versions, which will make it easier for you to test and debug code{% else %} from the lock files{% endif %}. If your ecosystem does not have lock files, you can use pre-made actions that resolve transitive dependencies for many ecosystems. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#using-pre-made-actions)."
For more information on how {% data variables.product.product_name %} helps you understand the dependencies in your environment, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)."
@@ -115,7 +115,7 @@ The recommended formats explicitly define which versions are used for all direct
{% endnote %}
-You can use the {% data variables.dependency-submission-api.name %} (beta) to add dependencies from the package manager or ecosystem of your choice to the dependency graph, even if the ecosystem is not in the supported ecosystem list above. {% data reusables.dependency-graph.dependency-submission-API-short %}
+You can use the {% data variables.dependency-submission-api.name %} to add dependencies from the package manager or ecosystem of your choice to the dependency graph, even if the ecosystem is not in the supported ecosystem list above. {% data reusables.dependency-graph.dependency-submission-API-short %}
You will only get {% data variables.product.prodname_dependabot_alerts %} for dependencies that are from one of the [supported ecosystems](https://github.com/github/advisory-database#supported-ecosystems) of the {% data variables.product.prodname_advisory_database %}. For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md
new file mode 100644
index 000000000000..f322f46ab807
--- /dev/null
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md
@@ -0,0 +1,87 @@
+---
+title: Configuring automatic dependency submission for your repository
+shortTitle: Automatic dependency submission
+intro: 'You can use automatic dependency submission to submit transitive dependency data in your repository. This enables you to analyze these transitive dependencies using the dependency graph.'
+permissions: 'People with admin permissions to a repository, or the security manager role for the repository, can configure automatic dependency submission for that repository.'
+redirect_from:
+ - /early-access/ghas/automatic-dependency-submission-for-maven
+versions:
+ feature: maven-transitive-dependencies
+type: how_to
+topics:
+ - Dependency graph
+ - Dependencies
+ - Repositories
+---
+
+## About automatic dependency submission
+
+> [!NOTE]
+> Automatic dependency submission is currently only supported for Maven.
+
+Dependency graph analyzes the manifest and lock files in a repository, in order to help users understand the dependencies that the repository depends on. However, in some ecosystems, the resolution of transitive dependencies occurs at build-time and {% data variables.product.company_short %} isn't able to automatically discover all dependencies based on the contents of the repository alone.
+
+When you enable automatic dependency submission for a repository, {% data variables.product.company_short %} automatically identifies the transitive dependencies in the repository and will submit these dependencies to {% data variables.product.company_short %} using the {% data variables.dependency-submission-api.name %}. You can then report on these dependencies using the dependency graph.
+
+Using automatic dependency submission counts toward your {% data variables.product.prodname_actions %} minutes. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."
+
+Optionally, you can choose to configure self-hosted runners or {% data variables.product.company_short %}-hosted {% data variables.actions.hosted_runners %} for automatic dependency submission. For more information, see "[Using self-hosted runners for automatic dependency submission](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository#using-self-hosted-runners-for-automatic-dependency-submission
+)" and "[Using GitHub-hosted larger runners for automatic dependency submission](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository#using-github-hosted-larger-runners-for-automatic-dependency-submission
+)."
+
+## Prerequisites
+
+Dependency graph must be enabled for the repository for you to enable automatic dependency submission.
+
+You must also enable {% data variables.product.prodname_actions %} for the repository in order to use automatic dependency submission. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository)."
+
+## Enabling automatic dependency submission
+
+Repository administrators can enable or disable automatic dependency submission for a repository by following the steps outlined in this procedure.
+
+Organization owners can enable automatic dependency submission for multiple repositories using a security configuration. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. Under "Dependency graph", click the dropdown menu next to “Automatic dependency submission”, then select **Enabled**.
+
+Once you've enabled automatic dependency submission for a repository, {% data variables.product.company_short %} will:
+* Monitor for changes to the `pom.xml` file in the root of the repository on all branches of the repository.
+* Perform an automatic dependency submission on each change.
+
+You can view details about the automatic workflows run by viewing the **Actions** tab of your repository.
+
+> [!NOTE] Automatic submission will occur on the first push to the `pom.xml` file after the option is enabled.
+
+## Using self-hosted runners for automatic dependency submission
+
+You can configure self-hosted runners to run automatic dependency submission jobs, instead of using the {% data variables.product.prodname_actions %} infrastructure.
+
+1. Provision one or more self-hosted runners, at the repository or organization level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." The self-hosted runners must be running on Linux or macOS, and must have Docker installed.
+1. Assign a `dependency-submission` label to each runner you want automatic dependency submission to use. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners#assigning-a-label-to-a-self-hosted-runner)."
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. Under "Dependency graph", click the dropdown menu next to “Automatic dependency submission”, then select **Enabled for labeled runners**.
+
+Once enabled, automatic dependency submission jobs will run on the self-hosted runners, unless:
+* The self-hosted runners are unavailable.
+* There aren't any runner groups tagged with a `dependency-submission` label.
+
+>[!NOTE] When using self-hosted runners, you need to add access to the Maven server settings file to allow the dependency submission workflows to connect to private registries. Dependencies from private registries will be included in the dependency tree in the next `pom.xml` update. For more information about the Maven server settings file, see [Security and Deployment Settings](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#transitive-dependencies) in the Maven documentation.
+
+## Using {% data variables.product.company_short %}-hosted {% data variables.actions.hosted_runners %} for automatic dependency submission
+
+{% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} users can use {% data variables.actions.hosted_runners %} to run automatic dependency submissions jobs.
+
+1. Provision a larger runner at the organization level with the name `dependency-submission`. For more information, see "[Adding a {% data variables.actions.hosted_runner %} to an organization](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-organization)."
+1. Give your repository access to the runner. For more information, see "[Allowing repositories to access {% data variables.actions.hosted_runners %}](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#allowing-repositories-to-access-larger-runners)."
+1. Under "Dependency graph", click the dropdown menu next to “Automatic dependency submission”, then select **Enabled for labeled runners**.
+
+## Troubleshooting automatic dependency submission
+
+Automatic dependency submission is currently only supported for Maven. The feature uses the Maven Dependency Tree Submission action. For more information, see the documentation for the [Maven Dependency Tree Dependency Submission](https://github.com/marketplace/actions/maven-dependency-tree-dependency-submission) action in the {% data variables.product.prodname_marketplace %}. If your project uses a non-standard Maven configuration, it may not properly generate the dependencies and submit them to the dependency graph.
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)"
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 1525b410ad8d..b755de2bf574 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -34,7 +34,7 @@ Dependency review is included in {% data variables.product.product_name %} for p
{% elsif ghes %}
-Dependency review is available when dependency graph is enabled for {% data variables.location.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository.{% ifversion ghes %} For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)."{% endif %}
+Dependency review is available when dependency graph is enabled for the instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository.{% ifversion ghes %} For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)."{% endif %}
### Checking if the dependency graph is enabled
@@ -47,22 +47,24 @@ Dependency review is available when dependency graph is enabled for {% data vari
{% endif %}
-{% ifversion dependency-review-action-configuration %}
-
## About configuring the {% data variables.dependency-review.action_name %}
{% data reusables.dependency-review.dependency-review-action-overview %}
+{% data reusables.dependency-review.org-level-enforcement %}
+
Here is a list of common configuration options. For more information, and a full list of options, see [Dependency Review](https://github.com/marketplace/actions/dependency-review) on the {% data variables.product.prodname_marketplace %}.
| Option | Required | Usage |
|------------------|-------------------------------|--------|
| `fail-on-severity` | {% octicon "x" aria-label="Optional" %} | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. |
-{%- ifversion dependency-review-action-licenses %}
-| `allow-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|{% endif %}
-{%- ifversion dependency-review-action-licenses %}
-| `deny-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.The action will fail on pull requests that introduce dependencies with licenses that match the list.|{% endif %}{% ifversion dependency-review-action-fail-on-scopes %}
-| `fail-on-scopes` | {% octicon "x" aria-label="Optional" %} | Contains a list of strings representing the build environments you want to support (`development`, `runtime`, `unknown`). The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list.|{% endif %}
+| {% ifversion dependency-review-action-licenses %} |
+| `allow-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
+| {% endif %} |
+| {% ifversion dependency-review-action-licenses %} |
+| `deny-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.The action will fail on pull requests that introduce dependencies with licenses that match the list.|
+| {% endif %} |
+| `fail-on-scopes` | {% octicon "x" aria-label="Optional" %} | Contains a list of strings representing the build environments you want to support (`development`, `runtime`, `unknown`). The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list.|
| `comment-summary-in-pr` | {% octicon "x" aria-label="Optional" %} | Enable or disable the reporting of the review summary as a comment in the pull request. If enabled, you must give the workflow or job the `pull-requests: write` permission. |
| `allow-ghsas` | {% octicon "x" aria-label="Optional" %} | Contains a list of {% data variables.product.prodname_advisory_database %} IDs that can be skipped during detection. You can find the possible values for this parameter in the [{% data variables.product.prodname_advisory_database %}](https://github.com/advisories). |
| `config-file` | {% octicon "x" aria-label="Optional" %} | Specifies a path to a configuration file. The configuration file can be local to the repository or a file located in an external repository.|
@@ -74,7 +76,6 @@ Here is a list of common configuration options. For more information, and a ful
**Tip:** The `allow-licenses` and `deny-licenses` options are mutually exclusive.
{% endtip %}
-{% endif %}
## Configuring the {% data variables.dependency-review.action_name %}
@@ -144,11 +145,9 @@ Notice that all of the examples use a short version number for the action (`v3`)
# ([String]). Skip these {% data variables.product.prodname_advisory_database %} IDs during detection (optional)
# Possible values: Any valid {% data variables.product.prodname_advisory_database %} ID from https://github.com/advisories
allow-ghsas: GHSA-abcd-1234-5679, GHSA-efgh-1234-5679
- {% ifversion dependency-review-action-fail-on-scopes %}
# ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional)
# Possible values: "development", "runtime", "unknown"
fail-on-scopes: development, runtime
- {% endif %}
```
@@ -214,16 +213,18 @@ Notice that all of the examples use a short version number for the action (`v3`)
allow-ghsas:
- GHSA-abcd-1234-5679
- GHSA-efgh-1234-5679
- {% ifversion dependency-review-action-fail-on-scopes %}
# ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional)
# Possible values: "development", "runtime", "unknown"
fail-on-scopes:
- development
- runtime
- {% endif %}
```
For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).
{% endif %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration)"
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md
index 17dfa0275084..ccf59ff16136 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md
@@ -57,6 +57,9 @@ When the dependency graph is first enabled, any manifest and lock files for supp
## Further reading
-{% ifversion ghec %}- "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization)"{% endif %}
+{%- ifversion maven-transitive-dependencies %}
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository)"{%- endif %}
+{%- ifversion ghec %}
+* "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization)"{%- endif %}
* "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)"
* "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md
new file mode 100644
index 000000000000..3b04d03e3c7a
--- /dev/null
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md
@@ -0,0 +1,148 @@
+---
+title: Customizing your dependency review action configuration
+intro: 'Learn how to add a basic customization to your dependency review configuration.'
+product: '{% data reusables.gated-features.dependency-review-action %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: tutorial
+topics:
+ - Dependency graph
+ - Dependencies
+ - Repositories
+shortTitle: Customize dependency review
+---
+
+## Introduction
+
+The {% data variables.dependency-review.action_name %} scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. Once installed, if the workflow run is marked as required, pull requests introducing known vulnerable packages will be blocked from merging.
+
+This guide shows you how to add three very common customizations: failing builds based on vulnerability severity level, dependency license, and scope.
+
+### Prerequisites
+
+This guide assumes that:
+
+* Dependency graph is enabled for the repository.{% ifversion fpt or ghec %} Dependency graph is enabled by default for public repositories and you can choose to enable it for private repositories.{% endif %} For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository)".
+* {% data variables.product.prodname_actions %} is enabled for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository)".
+
+## Step 1: Adding the dependency review action
+
+In this step, we'll add the dependency review workflow to your repository.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.actions-tab %}
+1. Under "Get started with {% data variables.product.prodname_actions %}", find the "Security" category, then click **View all**.
+1. Find "Dependency review", then click **Configure**. Alternatively, search for "Dependency review" using the search bar.
+1. This will open dependency review’s {% data variables.product.prodname_actions %} workflow file, `dependency-review.yml`. It should contain the following:
+
+ ```yaml copy
+ name: 'Dependency review'
+ on:
+ pull_request:
+ branches: [ "main" ]
+
+ permissions:
+ contents: read
+
+ jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Checkout repository'
+ uses: {% data reusables.actions.action-checkout %}
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v4
+ ```
+
+## Step 2: Changing the severity
+
+You can block code containing vulnerable dependencies from ever being merged by setting the {% data variables.dependency-review.action_name %} to required. However, it's worth noting that blocking low-risk vulnerabilities may be too restrictive in some circumstances. In this step, we will change the severity of vulnerability that will cause a build to fail with the `fail-on-severity` option.
+
+1. Add the `fail-on-severity` option to the end of the `dependency-review.yml` file:
+
+ ```yaml copy
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v4
+ with:
+ fail-on-severity: moderate
+ ```
+
+## Step 3: Adding licenses to block
+
+Vulnerabilities aren’t the only reason you might want to block a dependency. If your organization has restrictions on what sorts of licenses you can use, you can use dependency review to enforce those policies with the `deny-licenses` option. In this step, we will add a customization that will break the build if the pull request introduces a dependency that contains the LGPL-2.0 or BSD-2-Clause license.
+
+1. Add the `deny-licenses` option to the end of the `dependency-review.yml` file:
+
+ ```yaml copy
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v4
+ with:
+ fail-on-severity: moderate
+ deny-licenses: LGPL-2.0, BSD-2-Clause
+ ```
+
+## Step 4: Adding scopes
+
+Finally, we'll use the `fail-on-scopes` option to prevent merging vulnerable dependencies to specific deployment environments, in this case the development environment.
+
+1. Add the `fail-on-scopes` option to the end of the `dependency-review.yml` file:
+
+ ```yaml copy
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v4
+ with:
+ fail-on-severity: moderate
+ deny-licenses: LGPL-2.0, BSD-2-Clause
+ fail-on-scopes: development
+ ```
+
+## Step 5: Check the configuration
+
+The `dependency-review.yml` file should now look like this:
+
+```yaml copy
+
+name: 'Dependency Review'
+on: [pull_request]
+
+
+
+permissions:
+ contents: read
+
+
+
+jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Checkout Repository'
+ uses: {% data reusables.actions.action-checkout %}
+ - name: Dependency Review
+ uses: actions/dependency-review-action@v4
+ with:
+ fail-on-severity: moderate
+ deny-licenses: LGPL-2.0, BSD-2-Clause
+ fail-on-scopes: development
+```
+
+You can use this configuration as a template for your own custom configurations.
+
+For more information on all the possible customization options, see the [README](https://github.com/actions/dependency-review-action/blob/main/README.md#configuration) in the dependency review action documentation.
+
+## Best practices
+
+When customizing your dependency review configuration, there are some best practices you can follow:
+
+* Choose block lists over allow lists. It is more practical to compile a list of the "really bad" dependencies you want to block than to create an inclusive list of all the libraries you want to allow.
+
+* Choose to block licenses instead of specifying which licenses to allow. There are a wide variety of licenses out there, so it's usually more practical to exclude those you know are incompatible with current licenses than it is to compile a complete list of compatible licenses.
+
+* Choose `fail-on-severity`. Failing based on the severity of a vulnerability is a good way to balance the need for security with the need to create low-friction experiences for developers.
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#about-configuring-the-dependency-review-action)"{% ifversion repo-rules %}
+* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization)"{% endif %}
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md
new file mode 100644
index 000000000000..771fb769a269
--- /dev/null
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md
@@ -0,0 +1,45 @@
+---
+title: Enforcing dependency review across an organization
+intro: 'Dependency review lets you catch insecure dependencies before you introduce them to your environment. You can enforce the use of the {% data variables.dependency-review.action_name %} across your organization.'
+product: '{% data reusables.gated-features.dependency-review %}'
+shortTitle: Enforce dependency review
+permissions: 'Organization owners can enforce use of the {% data variables.dependency-review.action_name %} in repositories within their organization.'
+versions:
+ feature: repo-rules
+type: overview
+topics:
+ - Advanced Security
+ - Dependency review
+ - Vulnerabilities
+ - Dependencies
+ - Pull requests
+---
+
+## About dependency review enforcement
+
+{% data reusables.dependency-review.action-enterprise %}
+
+{% data reusables.dependency-review.about-dependency-review-action %} For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
+
+You can enforce the use of the {% data variables.dependency-review.action_name %} in your organization by setting up a repository ruleset that will require the `dependency-review-action` workflow to pass before pull requests can be merged. Repository rulesets are rule settings that allow you to control how users can interact with selected branches and tags in your repositories. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)" and "[Require workflows to pass before merging](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging)."
+
+## Prerequisites
+
+You need to add the {% data variables.dependency-review.action_name %} to one of the repositories in your organization, and configure the action. For more information, see "[Configuring the dependency review action](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-action)."
+
+## Enforcing dependency review for your organization
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.access-ruleset-settings %}
+1. Click **New branch ruleset**.
+1. Set **Enforcement status** to {% octicon "play" aria-hidden="true" %} **Active**.
+1. Optionally, you can target specific repositories in your organization. For more information, see "[Choosing which repositories to target in your organization](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#choosing-which-repositories-to-target-in-your-organization)."
+1. In the "Rules" section, select the "Require workflows to pass before merging" option.
+1. In "Workflow configurations", click **Add workflow**.
+1. In the dialog, select the repository that you added the {% data variables.dependency-review.action_name %} to. For more information, see "[Prerequisites](#prerequisites)."
+1. Select a branch and the workflow file for dependency review in the enhanced dialog.
+
+ 
+
+1. Click **Create**.
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
index 62bccd55c0a0..60f9b555974d 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
@@ -29,15 +29,20 @@ The dependency graph shows the dependencies{% ifversion fpt or ghec %} and depen
{% data reusables.repositories.accessing-repository-graphs %}
{% data reusables.repositories.click-dependency-graph %}{% ifversion dependency-graph-repository-view-update %}
1. Optionally, use the search bar to find a specific dependency or set of dependencies.
- {% note %}
- **Note:** The search bar only searches based on the package name.
+ >[!NOTE] The search bar only searches based on the package name.
+
+{% endif %}
- {% endnote %}{% endif %}
{% ifversion fpt or ghec %}
+
1. Optionally, to view the repositories and packages that depend on your repository, under "Dependency graph", click **Dependents**.
- {% endif %}
+ 
+
+ >[!NOTE] {% data variables.product.prodname_dotcom %} currently only determines dependents for public repositories.
+
+{% endif %}
{% ifversion ghes %}
Enterprise owners can configure the dependency graph at an enterprise level. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)."
@@ -50,11 +55,11 @@ For each dependency, you can see its ecosystem, the manifest file in which it wa
{% endif %}
{% ifversion ghes %}
-Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed{% ifversion ghes > 3.9 %}.{% else %}, grouped by ecosystem.{% endif %}
+Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed{% ifversion ghes %}.{% else %}, grouped by ecosystem.{% endif %}
{% endif %}
{% ifversion dependency-graph-repository-view-update %}
-Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} (beta) will show which detector was used for their submission and when they were submitted.{% elsif ghes %}Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} (beta), although also grouped by ecosystem, are shown separately from dependencies identified through manifest or lock files in the repository. These submitted dependencies appear in the dependency graph as "Snapshot dependencies" because they are submitted as a snapshot, or set, of dependencies.{% else %}{% endif %} For more information on using the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
+Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted.{% elsif ghes %}Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %}, although also grouped by ecosystem, are shown separately from dependencies identified through manifest or lock files in the repository. These submitted dependencies appear in the dependency graph as "Snapshot dependencies" because they are submitted as a snapshot, or set, of dependencies.{% else %}{% endif %} For more information on using the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}.
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md
index 9b723bd83976..539319a8dc20 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md
@@ -26,13 +26,16 @@ You can export the current state of the dependency graph for your repository as
If your company provides software to the US federal government per [Executive Order 14028](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), you will need to provide an SBOM for your product. You can also use SBOMs as part of your audit process and use them to comply with regulatory and legal requirements.
-## Exporting a software bill of material for your repository from the UI
+> [!NOTE]
+> Dependents are not included in SBOMs.
+
+## Exporting a software bill of materials for your repository from the UI
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.accessing-repository-graphs %}
1. In the left sidebar, click **Dependency graph**.
1. On the top right side of the **Dependencies** tab, click **Export SBOM** to generate an SBOM file for download from your browser.
-## Exporting a software bill of material for your repository using the REST API
+## Exporting a software bill of materials for your repository using the REST API
If you want to use the REST API to export an SBOM for your repository, see "[AUTOTITLE](/rest/dependency-graph/sboms#export-a-software-bill-of-materials-sbom-for-a-repository)."
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md
index 0b6ab8751d28..74891e2975c1 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md
@@ -13,10 +13,13 @@ children:
- /about-supply-chain-security
- /about-the-dependency-graph
- /configuring-the-dependency-graph
+ - /configuring-automatic-dependency-submission-for-your-repository
- /exporting-a-software-bill-of-materials-for-your-repository
- /using-the-dependency-submission-api
- /about-dependency-review
- /configuring-dependency-review
+ - /customizing-your-dependency-review-action-configuration
+ - /enforcing-dependency-review-across-an-organization
- /exploring-the-dependencies-of-a-repository
- /troubleshooting-the-dependency-graph
---
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
index 7605e2103e79..764a428779d1 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
@@ -25,7 +25,7 @@ The dependency graph automatically includes information on dependencies that are
The dependency graph doesn't automatically include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile.
-However, you can use the {% data variables.dependency-submission-api.name %} (beta) to add dependencies to a project's dependency graph, even if the dependencies are not declared in a manifest or lock file, such as dependencies resolved when a project is built. {% data reusables.dependency-graph.dependency-submission-API-short %} For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
+However, you can use the {% data variables.dependency-submission-api.name %} to add dependencies to a project's dependency graph, even if the dependencies are not declared in a manifest or lock file, such as dependencies resolved when a project is built. {% data reusables.dependency-graph.dependency-submission-API-short %} For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile?
@@ -33,7 +33,7 @@ However, you can use the {% data variables.dependency-submission-api.name %} (be
The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not automatically be included in the dependency graph.
-However, you can use the {% data variables.dependency-submission-api.name %} (beta) to add dependencies to a project's dependency graph, even if the dependencies are only resolved when a project is built. For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
+However, you can use the {% data variables.dependency-submission-api.name %} to add dependencies to a project's dependency graph, even if the dependencies are only resolved when a project is built. For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version?
@@ -61,15 +61,6 @@ Yes, the dependency graph has {% ifversion dependency-graph-repository-view-upda
* third-party/dependencies/dependency1
* vendors/dependency1
* /externals/vendor1/dependency1
-{% ifversion ghes < 3.10 %}
-1. **Visualization limits**
-
- These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created.
-
- The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}.
-
-**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests?
-{% endif %}
## Further reading
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
index 4fbf90060849..1622db9a63b7 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
@@ -13,8 +13,6 @@ versions:
ghec: '*'
---
-{% data reusables.dependency-submission.dependency-submission-api-beta %}
-
## About the {% data variables.dependency-submission-api.name %}
{% data reusables.dependency-submission.about-dependency-submission %}
diff --git a/content/codespaces/developing-in-a-codespace/rebuilding-the-container-in-a-codespace.md b/content/codespaces/developing-in-a-codespace/rebuilding-the-container-in-a-codespace.md
index 230ea9ec0729..bb0fd901d791 100644
--- a/content/codespaces/developing-in-a-codespace/rebuilding-the-container-in-a-codespace.md
+++ b/content/codespaces/developing-in-a-codespace/rebuilding-the-container-in-a-codespace.md
@@ -53,7 +53,7 @@ If you want to preserve files outside the `/workspaces` directory over a rebuild
```json
{
"image": "mcr.microsoft.com/devcontainers/base:alpine",
- "postCreateCommand": ".devcontainer/postCreate.sh"
+ "postCreateCommand": "chmod +x .devcontainer/postCreate.sh && .devcontainer/postCreate.sh"
}
```
diff --git a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md
index 1d0eaef08def..565ca933fc70 100644
--- a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md
+++ b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md
@@ -45,7 +45,7 @@ The basic process behind using a codespace in your JetBrains IDE is as follows.
To work in a codespace in a JetBrains IDE you need:
* A valid JetBrains license.
-* The JetBrains Gateway application, versions 2023.3.\* or 2024.1.\*.
+* The JetBrains Gateway application, versions 2023.3.\* or 2024.1.\*.
* An existing codespace running on a virtual machine that has at least 4 cores. The codespace must also be running an SSH server. For more information, see "[Codespace running an SSH server](#codespace-running-an-ssh-server)."
### JetBrains license
diff --git a/content/codespaces/reference/using-github-copilot-in-github-codespaces.md b/content/codespaces/reference/using-github-copilot-in-github-codespaces.md
index 740cf531977f..5af87c9162bf 100644
--- a/content/codespaces/reference/using-github-copilot-in-github-codespaces.md
+++ b/content/codespaces/reference/using-github-copilot-in-github-codespaces.md
@@ -16,7 +16,7 @@ redirect_from:
- /codespaces/codespaces-reference/using-github-copilot-in-github-codespaces
---
-[{% data variables.product.prodname_copilot %}](https://copilot.github.com/) is an AI pair programmer that you can use in any codespace that you open in the {% data variables.product.prodname_vscode_shortname %} web client or desktop application. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)."
+[{% data variables.product.prodname_copilot %}](https://copilot.github.com/) is an AI pair programmer that you can use in any codespace that you open in the {% data variables.product.prodname_vscode_shortname %} web client or desktop application. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)."
To start using {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_github_codespaces %}, install the [{% data variables.product.prodname_copilot %} extension from the {% data variables.product.prodname_vscode_marketplace %}](https://marketplace.visualstudio.com/items?itemName=GitHub.copilot).
diff --git a/content/codespaces/setting-your-user-preferences/setting-your-default-editor-for-github-codespaces.md b/content/codespaces/setting-your-user-preferences/setting-your-default-editor-for-github-codespaces.md
index 7a26713d536b..577fb5bc0aa0 100644
--- a/content/codespaces/setting-your-user-preferences/setting-your-default-editor-for-github-codespaces.md
+++ b/content/codespaces/setting-your-user-preferences/setting-your-default-editor-for-github-codespaces.md
@@ -40,8 +40,6 @@ If you want to work on a codespace in a JetBrains IDE you must install the JetBr
You may need to allow access to both your browser and {% data variables.product.prodname_vscode %} for it to open successfully.
- * If you choose **JetBrains Gateway**, the Gateway application will automatically open when you next create or open a codespace.
-
* If you choose **JetBrains Gateway**, the Gateway application will automatically open when you next create or open a codespace.
The first time you open a codespace this way you must give permission to open the application.
diff --git a/content/codespaces/the-githubdev-web-based-editor.md b/content/codespaces/the-githubdev-web-based-editor.md
index 8336cfc44382..df4e6b6d52c1 100644
--- a/content/codespaces/the-githubdev-web-based-editor.md
+++ b/content/codespaces/the-githubdev-web-based-editor.md
@@ -15,7 +15,7 @@ redirect_from:
{% note %}
-**Note:** The {% data variables.codespaces.serverless %} editor is currently in beta preview. You can provide feedback [in our Discussions](https://github.com/community/community/discussions/categories/general).
+**Note:** The {% data variables.codespaces.serverless %} editor is currently in beta preview. You can provide feedback [in our Discussions](https://github.com/community/community/discussions/categories/codespaces).
{% endnote %}
diff --git a/content/communities/documenting-your-project-with-wikis/about-wikis.md b/content/communities/documenting-your-project-with-wikis/about-wikis.md
index 59a1766da1e8..af517d29fd11 100644
--- a/content/communities/documenting-your-project-with-wikis/about-wikis.md
+++ b/content/communities/documenting-your-project-with-wikis/about-wikis.md
@@ -14,9 +14,9 @@ topics:
- Community
---
-Every repository on {% data variables.location.product_location %} comes equipped with a section for hosting documentation, called a wiki. You can use your repository's wiki to share long-form content about your project, such as how to use it, how you designed it, or its core principles. A README file quickly tells what your project can do, while you can use a wiki to provide additional documentation. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)."
+Every repository on {% data variables.product.product_name %} comes equipped with a section for hosting documentation, called a wiki. You can use your repository's wiki to share long-form content about your project, such as how to use it, how you designed it, or its core principles. A README file quickly tells what your project can do, while you can use a wiki to provide additional documentation. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)."
-With wikis, you can write content just like everywhere else on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github)." We use [our open-source Markup library](https://github.com/github/markup) to convert different formats into HTML, so you can choose to write in Markdown or any other supported format.
+With wikis, you can write content just like everywhere else on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github)." We use [our open-source Markup library](https://github.com/github/markup) to convert different formats into HTML, so you can choose to write in Markdown or any other supported format.
{% data reusables.getting-started.math-and-diagrams %}
@@ -29,14 +29,14 @@ You can edit wikis directly on {% data variables.product.product_name %}, or you
**Note:** Search engines will only index wikis with 500 or more stars that you configure to prevent public editing. For more information, see "[AUTOTITLE](/communities/documenting-your-project-with-wikis/changing-access-permissions-for-wikis)."
-If you need search engines to index your content, you can use [{% data variables.product.prodname_pages %}](/pages) in a public repository.
+If you need search engines to index your content, you can use {% data variables.product.prodname_pages %} in a public repository. For more information, see "[{% data variables.product.prodname_pages %}](/pages)."
{% endnote %}
{% endif %}
{% note %}
-**Note:** For performance reasons, wikis have a soft limit of 5,000 pages. If you exceed this limit, some pages may be inaccessible to users.
+**Note:** For performance reasons, wikis have a soft limit of 5,000 total files, regardless of file type. If you exceed this limit, some pages may be inaccessible to users. If you need a larger wiki, we recommend using {% data variables.product.prodname_pages %}. For more information, see "[{% data variables.product.prodname_pages %}](/pages)."
{% endnote %}
diff --git a/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md b/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md
index ee5e404abb72..93cc84e1791d 100644
--- a/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md
+++ b/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md
@@ -64,6 +64,19 @@ In your organization's repositories, blocked users also cannot:
1. Click **Block user**.
1. Optionally, to add a note to describe why a user was blocked, click **Add Note**. The note will be visible to the owners and moderators of the organization.
+## Blocking a user on a discussion
+
+1. Navigate to the discussion whose author you would like to block.
+1. In the upper-right corner of the comment, click {% octicon "kebab-horizontal" aria-label="Show options" %}, then click **Block user**.
+
+ 
+
+1. If you'd like to set a time limit for the block, select the **Block user** dropdown menu, and click the amount of time you'd like to block the user.
+1. If you'd like to hide all of the comments the user has made in the organization, select **Hide this user's comments** and choose a reason.
+1. If you'd like to delete just the discussion you're viewing, select **Delete this discussion**.
+1. If you'd like to delete all of the discussions the user has made in the organization, select **Delete all of USER's discussions in ORGANIZATION**.
+1. Click **Block user from organization**.
+
## Further reading
* "[AUTOTITLE](/communities/maintaining-your-safety-on-github/viewing-users-who-are-blocked-from-your-organization)"
diff --git a/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md b/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md
index 1b6663753667..8d9b4a725f81 100644
--- a/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md
+++ b/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md
@@ -25,7 +25,19 @@ If reported content is enabled for a public repository, you can also report cont
{% data reusables.profile.user_profile_page_navigation %}
{% data reusables.profile.user_profile_page_block_or_report %}
1. Click **Report abuse**.
-1. Complete the contact form to tell {% data variables.contact.github_support %} about the user's behavior, then click **Send request**.
+1. Complete the contact form to tell {% data variables.contact.github_support %} about the user's behavior, then click **Submit**.
+
+## Reporting an organization
+
+{% data reusables.organizations.navigate-to-org %}
+1. In the right sidebar, under the "Top languages" section, click **Report abuse**.
+1. Complete the contact form to tell {% data variables.contact.github_support %} about the organization's behavior, then click **Submit**.
+
+## Reporting a repository
+
+{% data reusables.repositories.navigate-to-repo %}
+1. In the right sidebar, under the "About" section, click **Report repository**.
+1. Complete the contact form to tell {% data variables.contact.github_support %} about the repository's behavior, then click **Submit**.
## Reporting an issue or pull request
diff --git a/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md b/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md
index 65d4037b7cf2..0676704e9886 100644
--- a/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md
+++ b/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md
@@ -39,16 +39,22 @@ As a repository maintainer, you can use the community standards checklist to see
You can create defaults in your organization or personal account for the following community health files:
-Community health file | Description
---- | ---{% ifversion fpt or ghec %}
-_CODE_OF_CONDUCT.md_ | A CODE_OF_CONDUCT file defines standards for how to engage in a community. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/adding-a-code-of-conduct-to-your-project)."{% endif %}
-_CONTRIBUTING.md_ | A CONTRIBUTING file communicates how people should contribute to your project. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors)."{% ifversion discussion-category-forms %}
-Discussion category forms | Discussion category forms customize the templates that are available for community members to use when they open new discussions in your repository. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/creating-discussion-category-forms)."{% endif %}{% ifversion fpt or ghec %}
-_FUNDING.yml_ | A FUNDING file displays a sponsor button in your repository to increase the visibility of funding options for your open source project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)."{% endif %}
-_GOVERNANCE.md_ | A GOVERNANCE file lets people know about how your project is governed. For example, it might discuss project roles and how decisions are made.
-Issue and pull request templates and _config.yml_ | Issue and pull request templates customize and standardize the information you'd like contributors to include when they open issues and pull requests in your repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates)."
-_SECURITY.md_ | A SECURITY file gives instructions on how to report a security vulnerability in your project and description that hyperlinks the file. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
-_SUPPORT.md_ | A SUPPORT file lets people know about ways to get help with your project. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project)."
+| Community health file | Description |
+| --- | --- |
+| {% ifversion fpt or ghec %} |
+| _CODE_OF_CONDUCT.md_ | A CODE_OF_CONDUCT file defines standards for how to engage in a community. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/adding-a-code-of-conduct-to-your-project)." |
+| {% endif %} |
+| _CONTRIBUTING.md_ | A CONTRIBUTING file communicates how people should contribute to your project. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors)." |
+| {% ifversion discussion-category-forms %} |
+| Discussion category forms | Discussion category forms customize the templates that are available for community members to use when they open new discussions in your repository. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/creating-discussion-category-forms)." |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| _FUNDING.yml_ | A FUNDING file displays a sponsor button in your repository to increase the visibility of funding options for your open source project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)." |
+| {% endif %} |
+| _GOVERNANCE.md_ | A GOVERNANCE file lets people know about how your project is governed. For example, it might discuss project roles and how decisions are made. |
+| Issue and pull request templates and _config.yml_ | Issue and pull request templates customize and standardize the information you'd like contributors to include when they open issues and pull requests in your repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates)." |
+| _SECURITY.md_ | A SECURITY file gives instructions on how to report a security vulnerability in your project and description that hyperlinks the file. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)." |
+| _SUPPORT.md_ | A SUPPORT file lets people know about ways to get help with your project. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project)." |
You cannot create a default license file. License files must be added to individual repositories so the file will be included when a project is cloned, packaged, or downloaded.
diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md
index 443297e60aa3..3cf52041d2cf 100644
--- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md
+++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md
@@ -46,8 +46,10 @@ You can set the following top-level keys for each issue form.
| `body` | Definition of the input types in the form. | Required | Array |
| `assignees` | People who will be automatically assigned to issues created with this template. | Optional | Array or comma-delimited string |
| `labels` | Labels that will automatically be added to issues created with this template. If a label does not already exist in the repository, it will not be automatically added to the issue. | Optional | Array or comma-delimited string |
-| `title` | A default title that will be pre-populated in the issue submission form. | Optional | String |{% ifversion projects-in-issue-forms %}
-| `projects` | Projects that any issues created with this template will automatically be added to. The format of this key is `PROJECT-OWNER/PROJECT-NUMBER`. {% note %} **Note:** The person opening the issue must have write permissions for the specified projects. {% ifversion projects-v2 %} If you don't expect people using this template to have write access, consider enabling your project's auto-add workflow. For more information, see "[Adding items automatically](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."{% endif %} {% endnote %} | Optional | Array or comma-delimited string |{% endif %}
+| `title` | A default title that will be pre-populated in the issue submission form. | Optional | String |
+| {% ifversion projects-in-issue-forms %} |
+| `projects` | Projects that any issues created with this template will automatically be added to. The format of this key is `PROJECT-OWNER/PROJECT-NUMBER`. {% note %} **Note:** The person opening the issue must have write permissions for the specified projects. {% ifversion projects-v2 %} If you don't expect people using this template to have write access, consider enabling your project's auto-add workflow. For more information, see "[Adding items automatically](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."{% endif %} {% endnote %} | Optional | Array or comma-delimited string |
+| {% endif %} |
For the available `body` input types and their syntaxes, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema)."
diff --git a/content/contributing/collaborating-on-github-docs/self-review-checklist.md b/content/contributing/collaborating-on-github-docs/self-review-checklist.md
index 43160d9bb848..1704462f4012 100644
--- a/content/contributing/collaborating-on-github-docs/self-review-checklist.md
+++ b/content/contributing/collaborating-on-github-docs/self-review-checklist.md
@@ -1,16 +1,15 @@
---
title: Self review checklist
-intro: "Before you submit your pull request for review, you should first review it yourself."
+intro: "Before you submit your documentation pull request for review, you should first review it yourself."
versions:
feature: 'contributing'
---
Before you submit your changes to the {% data variables.product.prodname_docs %} team for review, work through the list below to complete your self review.
-* If there is a content design plan, confirm that your changes meet the user experience and goals outlined in the plan.
-* After opening your pull request, view your changes on staging to confirm the article renders as expected and matches the source. This helps spot issues like typos, content that doesn't follow the style guide, or content that isn't rendering due to versioning problems.
-* Review your changes for technical accuracy.
-* Review your entire pull request to ensure it follows our guidance on creating content that can be translated. For more information, see "[AUTOTITLE](/contributing/writing-for-github-docs/writing-content-to-be-translated)."
-* Check your changes for grammar, spelling, and adherence to the style guide. For more information, see "[AUTOTITLE](/contributing/style-guide-and-content-model/style-guide)."
-* If you have added new versioning or made changes to existing versioning, confirm your changes render as expected while viewing each available version of the article.
-* If there are any failing checks in your pull request, troubleshoot them until they're all passing.
+* Changes meet the **content goals and user needs** in the content design plan, if one has been created.
+* Content has been **confirmed for accuracy** by a subject matter expert (SME) in the technical area.
+* Content follows **quality guidelines** in "[AUTOTITLE](/contributing/writing-for-github-docs/best-practices-for-github-docs)" and "[AUTOTITLE](/contributing/writing-for-github-docs/writing-content-to-be-translated)."
+* Content is **free of errors** such as typos and adheres to the "[AUTOTITLE](/contributing/style-guide-and-content-model/style-guide)."
+* The article **renders properly on staging** for each version of the article (Free Pro Team, GHEC, GHES).
+* All **pull request checks** are passing.
diff --git a/content/contributing/style-guide-and-content-model/about-the-content-model.md b/content/contributing/style-guide-and-content-model/about-the-content-model.md
index f7ca9491c683..dd3e30b72bde 100644
--- a/content/contributing/style-guide-and-content-model/about-the-content-model.md
+++ b/content/contributing/style-guide-and-content-model/about-the-content-model.md
@@ -22,6 +22,10 @@ Docs are organized into multiple levels of hierarchy on our site.
* Categories
* Map topics
* Articles
+ * Articles
+ * Articles
+
+Organizing content is a balance between making specific groupings that help people find what they are searching for and limiting the layers of hierarchy through which people must navigate. Deep hierarchies with many map topics nested together can make it hard to find specific articles. Wide hierarchies with many categories or articles at the same level make it difficult for people to evaluate and decide what they want to select.
## Homepage content
@@ -44,6 +48,7 @@ For example, under the "Security" grouping on the homepage, in addition to the "
Top-level doc sets are organized around a {% data variables.product.prodname_dotcom %} product, feature, or core workflow. All top-level doc sets appear on the {% data variables.product.prodname_docs %} homepage. You should only create a top-level doc set when there is a large amount of content to be contained in the new doc set, multiple categories that are broken down into map topics, and the topic applies across products, features, or account types. If the content could fit in any existing top-level doc set, it probably belongs in that existing doc set.
* Top-level doc sets are of roughly equal importance to one another (each is centered on a {% data variables.product.prodname_dotcom %} product or major feature).
* Most top-level doc sets have a landing page layout, unless there is a significant exception. For example, the "[Site policy](/free-pro-team@latest/site-policy)" doc set does not have guides or procedural articles like other doc sets, so it does not use a landing page layout.
+* Top-level doc sets can contain a mix of categories, map topics, or articles.
### Titles for top-level doc sets
@@ -57,9 +62,10 @@ Top-level doc sets are organized around a {% data variables.product.prodname_dot
Categories are organized around a feature or a discrete set of tasks within a top-level doc set aligned with product themes. A category's subject is narrow enough that its contents are manageable and does not grow too large to use. Some categories appear on the homepage.
* Categories often start small and grow with the product.
-* Large categories may contain map topics to subdivide content around more specific user journeys or tasks.
+* Categories may contain map topics to subdivide content around more specific user journeys or tasks.
* Use long procedural articles to group related chunks of content and keep articles within the category streamlined.
* When categories have more than ten articles, consider breaking the content into map topics or additional categories.
+* Categories can contain a mix of map topics or articles.
### Titles for categories
@@ -79,7 +85,9 @@ All categories have intros. Intros should be one sentence long and general or hi
Map topics introduce a section of a category, grouping articles within a category around more specific workflows or subjects that are part of the category’s larger task.
-Map topics contain at least three articles. When map topics have more than eight articles, it may be useful to consider breaking the content into more specific map topics.
+Map topics contain at least two articles. When map topics have more than eight articles, it may be useful to consider breaking the content into more specific map topics.
+
+In general, avoid having a map topic within a map topic unless it is the best way to meet a specific user need.
### Titles for map topics
diff --git a/content/contributing/style-guide-and-content-model/style-guide.md b/content/contributing/style-guide-and-content-model/style-guide.md
index 609c315e447e..630db3b36fdc 100644
--- a/content/contributing/style-guide-and-content-model/style-guide.md
+++ b/content/contributing/style-guide-and-content-model/style-guide.md
@@ -7,11 +7,8 @@ redirect_from:
- /contributing/writing-for-github-docs/style-guide
---
-{% note %}
-
-**Note:** These guidelines are specific to {% data variables.product.company_short %}'s documentation. For general style questions or guidance on topics not covered here, see the [Microsoft Style Guide](https://docs.microsoft.com/style-guide/welcome/). For markup specific to source content on docs.github.com, see "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs)." For any questions about the GitHub brand, see our "[GitHub Brand Guide](https://brand.github.com)."
-
-{% endnote %}
+> [!NOTE]
+> These guidelines are specific to {% data variables.product.company_short %}'s documentation. For general style questions or guidance on topics not covered here, see the [Microsoft Style Guide](https://docs.microsoft.com/style-guide/welcome/). For markup specific to source content on docs.github.com, see "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs)." For any questions about the GitHub brand, see our "[GitHub Brand Guide](https://brand.github.com)."
## The {% data variables.product.prodname_docs %} approach to style
@@ -37,47 +34,47 @@ When writing the description for an audit log event, describe the event that too
* **Avoid**: An organization owner disabled a two-factor authentication requirement for the organization.
* **Avoid**: Triggered when a user updates which repositories a codespace can access.
-## Callouts
+## Alerts
-Callouts emphasize information within an article that is of special importance and justifies breaking the flow of information.
+Alerts emphasize information within an article that is of special importance and justifies breaking the flow of information.
-Use callouts sparingly. Do not use consecutive callouts, or more than one callout per section.
+Use alerts sparingly. Do not use consecutive alerts, or more than one alert per section.
-Callouts should be concise. If the information consists of more than a couple of sentences, or requires an ordered or unordered list, consider placing the information under a section heading instead.
+Alerts should be concise. If the information consists of more than a couple of sentences, or requires an ordered or unordered list, consider placing the information under a section heading instead.
-### Callout types
+### Alert types
-There are four types of callouts: tip, note, warning, and caution.
-
-#### Tip
-
-Recommendations, best practices or product hints. Tips contain non-essential information that users can follow at their discretion. Particularly useful in articles aimed at new users.
-
-For example, "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile)" uses a tip callout to help users understand what to expect when they @mention an organization.
-
-> [!TIP]
-> When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you.
+We use four types of alerts: Note, Tip, Warning, and Caution.
#### Note
-Provides additional context that users may need to take into account. Tasks can be accomplished without the information in note callouts, but some users in some contexts may benefit from the note.
+Provides additional context that users may need to take into account. Tasks can be accomplished without the information in note alerts, but some users in some contexts may benefit from the note.
Notes are particularly useful for communicating parenthetical information that is not central to the process being described:
* Caveats that might affect the outcome of a process, such as specific user settings.
* Products and features that are subject to changes in availability, such as those in beta or being deprecated.
-For example, "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata)" uses a note to inform users that metadata for {% data variables.product.prodname_dotcom %} tokens is currently in beta.
+For example, "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#reviewing-github-token-metadata)" uses a note to inform users that metadata for {% data variables.product.prodname_dotcom %} tokens is currently in beta.
> [!NOTE]
> Metadata for {% data variables.product.prodname_dotcom %} tokens is currently in public beta and subject to change.
+#### Tip
+
+Recommendations, best practices or product hints. Tips contain non-essential information that users can follow at their discretion. Particularly useful in articles aimed at new users.
+
+For example, "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile)" uses a tip alert to help users understand what to expect when they @mention an organization.
+
+> [!TIP]
+> When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you.
+
#### Warning
Highlights potential risks that a user should be aware of before starting or continuing with a task.
-Warning callouts are particularly relevant for processes that occur outside the {% data variables.product.prodname_dotcom %} UI, such as in the command line or through an API.
+Warning alerts are particularly relevant for processes that occur outside the {% data variables.product.prodname_dotcom %} UI, such as in the command line or through an API.
-For example, "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)" includes instructions for the command line, and uses a warning callout to alert users that once issued, certificates cannot be revoked:
+For example, "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)" includes instructions for the command line, and uses a warning alert to inform users that once issued, certificates cannot be revoked:
> [!WARNING]
> After a certificate has been signed and issued, the certificate cannot be revoked. Make sure to use the -V flag to configure a lifetime for the certificate, or the certificate can be used indefinitely.
@@ -86,26 +83,26 @@ For example, "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-git-ac
Alerts users to dangerous or destructive actions that warrant extreme caution before performing, particularly where there is a security risk or potential for data loss.
-Caution callouts will generally only be necessary when describing processes that occur outside the {% data variables.product.prodname_dotcom %} UI, such as in the command line or through an API.
+Caution alerts will generally only be necessary when describing processes that occur outside the {% data variables.product.prodname_dotcom %} UI, such as in the command line or through an API.
-### Formatting callouts
+### Formatting alerts
-We use standard formatting and colors for different types of callouts across doc sets.
+We use standard formatting and colors for different types of alerts across doc sets.
-Callouts are rendered using Markdown.
+Alerts are rendered using Markdown.
-Tip:
+Note:
```markdown
-> [!TIP]
-> Here's a suggestion.
+> [!NOTE]
+> Keep this in mind.
```
-Note:
+Tip:
```markdown
-> [!NOTE]
-> Keep this in mind.
+> [!TIP]
+> Here's a suggestion.
```
Warning:
@@ -122,9 +119,9 @@ Caution:
> Be extremely careful.
```
-Liquid syntax for callouts is still supported and may still appear in older articles, but should not be used for new callouts.
+Liquid syntax for alerts is still supported and may still appear in older articles, but should not be used for new alerts.
-For more information on formatting callouts, see “Callouts” in "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#callout-tags)."
+For more information on formatting alerts, see “Alerts” in "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#alerts)."
## Buttons
@@ -268,7 +265,7 @@ In YAML examples, such as actions and workflow files, use two spaces to indent l
python-version: {% raw %}${{ matrix.python }}{% endraw %}
```
-To indent reusables, see [`data/reusables/README.md`](https://github.com/github/docs/tree/main/data/reusables).
+To indent reusables, see [`data/reusables/README.md`](https://github.com/github/docs/tree/main/data/reusables#readme).
### Scheduled workflows
@@ -280,10 +277,14 @@ Workflow runs are delayed when too many workflows run at once. Since many users
## Emphasis
-Use italics to emphasize words or parts of a sentence. Use emphasis sparingly for terminology or context that someone must be aware of to successfully complete the task that they're working on. Do not use italics to emphasize words that have other formatting applied such as all caps for placeholder text or bold for UI elements.
+Use bold to emphasize words or parts of a sentence. Use emphasis sparingly (no more than five contiguous words), and remember that it is a visual aid for scannability for sighted users.
+
+* Do not bold words that have other formatting applied, such as all caps for placeholder text.
+* For accessibility, do not use bolding as the only way to convey meaning or emphasis.
+
+For example:
-* **Use:** _{% data variables.product.pat_v2 %}s_ have several security advantages over {% data variables.product.pat_v1_plural %}.
-* **Use:** _For types of packages other than containers_, to the right of the package version click **Delete**.
+* **Use:** Managed user accounts **cannot create public content** or collaborate outside your enterprise.
* **Avoid:** Next to _**Title**_, add a descriptive label for your new key.
## Error messages
@@ -302,7 +303,7 @@ If you must document content that you know will expire, you can use the content
## Footnotes
-Avoid using footnotes where possible. Consider instead whether you could use a [callout](#callouts) or present the information in another way. See some [examples of alternatives to footnotes from NICE.org.uk](https://www.nice.org.uk/corporate/ecd6/chapter/footnotes).
+Avoid using footnotes where possible. Consider instead whether you could use a [alert](#alerts) or present the information in another way. See some [examples of alternatives to footnotes from NICE.org.uk](https://www.nice.org.uk/corporate/ecd6/chapter/footnotes).
If you must use footnotes, use [Markdown-native footnotes](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#footnotes) (`[^1]`). Footnote markers will be hyperlinked to the footnote reference, which will be listed at the bottom of the page with a backlink to the marker.
@@ -414,7 +415,7 @@ Use alt text to express the core idea of the image, without duplicating the webp
> Diagram showing a five-step process by which a {% data variables.product.prodname_actions %} runner can be automatically added to named classes of runners and then requested by specific jobs.
-For example, see [accompanying explanation of this diagram in the Actions documentation](/free-pro-team@latest/actions/using-github-hosted-runners/using-larger-runners#architectural-overview-of-larger-runners).
+For example, see [accompanying explanation of this diagram in the Actions documentation](/free-pro-team@latest/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners#architectural-overview-of-larger-runners).
#### Alt text for images of command-line interfaces
@@ -580,6 +581,7 @@ Links must be consistent, accessible to as many people as possible, translatable
Some best practices for using links:
* Links should be meaningful and provide high value to the user’s journey. Link out thoughtfully.
* Do not repeat the same link more than once in the same article.
+* Consider adding "earlier/later in this article" after a link to a section in the same article.
* Do not include the `apiVersion` query parameter in REST links unless you need to link to a specific calendar version of the REST docs. (This should be a rare occurrence.)
### Formatting links
@@ -631,7 +633,7 @@ Links to specific sections of articles must be descriptive enough that someone u
To link to a specific header in the same article, use this format:
```markdown
-For more information, see "[HEADER TITLE](#HEADER-TITLE)."
+For more information, see "[HEADER TITLE](#HEADER-TITLE)," later in this article.
```
Same-page section links do **not** work with `AUTOTITLE`. Instead, you must type out the full header text.
@@ -727,7 +729,7 @@ Together, permission statements and product callouts tell readers who can use th
Consider what information belongs in a permission statement or a product callout.
-For example, when creating permissions and product callouts for the article "[AUTOTITLE](/free-pro-team@latest/copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization)," the permission statement would answer "What role can manage policies and features for {% data variables.product.prodname_copilot %} in an organization?" And the product callout would answer "What {% data variables.product.prodname_copilot_short %} subscriptions do users need to manage {% data variables.product.prodname_copilot_short %} policies and features for an organization?"
+For example, when creating permissions and product callouts for the article "[AUTOTITLE](/free-pro-team@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization)," the permission statement would answer "What role can manage policies and features for {% data variables.product.prodname_copilot %} in an organization?" And the product callout would answer "What {% data variables.product.prodname_copilot_short %} subscriptions do users need to manage {% data variables.product.prodname_copilot_short %} policies and features for an organization?"
#### Focus on key information, not explanations
diff --git a/content/contributing/writing-for-github-docs/annotating-code-examples.md b/content/contributing/writing-for-github-docs/annotating-code-examples.md
index 65bd15c1f9a6..6dc17e35d85c 100644
--- a/content/contributing/writing-for-github-docs/annotating-code-examples.md
+++ b/content/contributing/writing-for-github-docs/annotating-code-examples.md
@@ -1,6 +1,6 @@
---
title: Annotating code examples
-shortTitle: Annotating code examples
+shortTitle: Annotate code examples
intro: "You can annotate longer code examples to explain how they work and how people can customize them for other uses."
layout: inline
versions:
diff --git a/content/contributing/writing-for-github-docs/best-practices-for-github-docs.md b/content/contributing/writing-for-github-docs/best-practices-for-github-docs.md
index d692411667ae..32692ed5ee9a 100644
--- a/content/contributing/writing-for-github-docs/best-practices-for-github-docs.md
+++ b/content/contributing/writing-for-github-docs/best-practices-for-github-docs.md
@@ -85,7 +85,7 @@ For related information, see "Voice and tone" in [AUTOTITLE](/contributing/style
Most readers don't consume articles in their entirety. Instead they either _scan_ the page to locate specific information, or _skim_ the page to get a general idea of the concepts.
-When scanning or skimming content, readers skip over large chunks of text. They look for elements that are related to their task or that stand out on the page, such as headings, callouts, lists, tables, code blocks, visuals, and the first few words in each section.
+When scanning or skimming content, readers skip over large chunks of text. They look for elements that are related to their task or that stand out on the page, such as headings, alerts, lists, tables, code blocks, visuals, and the first few words in each section.
Once the article has a clearly defined purpose and structure, you can apply the following formatting techniques to optimize the content for scanning and skimming. These techniques can also help to make content more understandable for all readers.
@@ -93,7 +93,7 @@ Once the article has a clearly defined purpose and structure, you can apply the
* **Use formatting elements** to separate the content and create space on the page. For example:
* Bulleted lists (with optional run-in subheads)
* Numbered lists
- * [Callouts](/contributing/style-guide-and-content-model/style-guide#callouts)
+ * [Alerts](/contributing/style-guide-and-content-model/style-guide#alerts)
* Tables
* Visuals
* Code blocks and code annotations
diff --git a/content/contributing/writing-for-github-docs/configuring-redirects.md b/content/contributing/writing-for-github-docs/configuring-redirects.md
index 01e1c74bab3b..74e624cc848b 100644
--- a/content/contributing/writing-for-github-docs/configuring-redirects.md
+++ b/content/contributing/writing-for-github-docs/configuring-redirects.md
@@ -1,5 +1,6 @@
---
title: Configuring redirects
+shortTitle: Configure redirects
intro: "If an article's title, version, or location changes, you can create a redirect to the current content."
versions:
feature: 'contributing'
diff --git a/content/contributing/writing-for-github-docs/creating-diagrams-for-github-docs.md b/content/contributing/writing-for-github-docs/creating-diagrams-for-github-docs.md
index 643c6facab21..8e193d7d9dd2 100644
--- a/content/contributing/writing-for-github-docs/creating-diagrams-for-github-docs.md
+++ b/content/contributing/writing-for-github-docs/creating-diagrams-for-github-docs.md
@@ -1,6 +1,6 @@
---
title: Creating diagrams for {% data variables.product.prodname_docs %}
-shortTitle: Creating diagrams
+shortTitle: Create diagrams
intro: 'This guide explains when and how to create diagrams for {% data variables.product.prodname_docs %}.'
versions:
feature: 'contributing'
diff --git a/content/contributing/writing-for-github-docs/creating-tool-switchers-in-articles.md b/content/contributing/writing-for-github-docs/creating-tool-switchers-in-articles.md
index 41b78dae85bc..b84f450e309a 100644
--- a/content/contributing/writing-for-github-docs/creating-tool-switchers-in-articles.md
+++ b/content/contributing/writing-for-github-docs/creating-tool-switchers-in-articles.md
@@ -1,6 +1,6 @@
---
title: Creating tool switchers in articles
-shortTitle: Creating tool switchers
+shortTitle: Create tool switchers
intro: 'You can use a tool switcher to show how to complete tasks using specific tools.'
versions:
feature: 'contributing'
diff --git a/content/contributing/writing-for-github-docs/index.md b/content/contributing/writing-for-github-docs/index.md
index e791e9ee4f60..e2c648ea2eed 100644
--- a/content/contributing/writing-for-github-docs/index.md
+++ b/content/contributing/writing-for-github-docs/index.md
@@ -7,8 +7,9 @@ versions:
children:
- /best-practices-for-github-docs
- /about-githubs-documentation-philosophy
- - /writing-content-to-be-translated
- /content-design-principles
+ - /writing-content-to-be-translated
+ - /making-content-findable-in-search
- /versioning-documentation
- /using-markdown-and-liquid-in-github-docs
- /using-yaml-frontmatter
diff --git a/content/contributing/writing-for-github-docs/making-content-findable-in-search.md b/content/contributing/writing-for-github-docs/making-content-findable-in-search.md
new file mode 100644
index 000000000000..ed3069f80826
--- /dev/null
+++ b/content/contributing/writing-for-github-docs/making-content-findable-in-search.md
@@ -0,0 +1,66 @@
+---
+title: Making content findable in search
+shortTitle: Make content findable
+intro: 'Follow these SEO best practices to help users find {% data variables.product.company_short %} documentation using search engines.'
+versions:
+ feature: 'contributing'
+---
+
+## About search engine optimization (SEO)
+
+Search engine optimization (SEO) is the practice of earning visibility for web content in search engine results, such as those of Google and Bing. Google search is the top referrer to {% data variables.product.prodname_docs %} and the most common entry point for our users.
+
+We can plan and write our content to improve SEO. Better SEO improves the experience of people searching for documentation because it makes it more likely for them to find the information they seek using their preferred search terms.
+
+## Best practices for content SEO
+
+Good SEO requires planning content for specific audiences and being attentive to the words they use to search. Follow these best practices to improve an article's SEO.
+
+### Select a target audience
+
+Understand and write to the specific audience for the content: developers, administrators, or code learners. This helps you to:
+
+* Use words that your readers use.
+* Make content relevant to their needs and tasks.
+* Provide the right amount of context and background information.
+
+### Respond to search intent
+
+Craft content around **search intent**: the task, question, or problem that drives a member of the target audience to search for information online.
+
+* Conduct search intent research. For example, analyze search engine results pages (SERPs) for relevant queries.
+* Understand user needs. Use multiple sources such as customer feedback, user interviews, and metrics.
+
+### Use clear language
+
+Follow guidance in "[AUTOTITLE](/contributing/writing-for-github-docs/best-practices-for-github-docs)," including:
+
+* Ensure every article has a clear, discrete topic.
+* Put higher priority content first in an article.
+* Structure articles with clear headings.
+* Edit content for consistency following the "[AUTOTITLE](/contributing/style-guide-and-content-model/style-guide)."
+
+### Incorporate keywords
+
+Incorporate keywords, or top search terms used by your audience, into page copy and metadata. For example, if you are writing about "billing" but your audience primarily uses "cost" and "payment," use those terms instead.
+
+Google and Bing both offer keyword research tools to help you discover relevant keywords. The Docs team also consults Google Search Console data to understand what search terms lead to pages on {% data variables.product.prodname_docs %}.
+
+### Include metadata
+
+Use complete metadata in the frontmatter. To see the values available, see "[AUTOTITLE](/contributing/writing-for-github-docs/using-yaml-frontmatter)."
+
+On {% data variables.product.prodname_docs %}, the `intro` element displays as an on-page subhead and serves as the HTML metadata description. The article title serves as the HTML page title. For good SEO:
+
+* Write the title and `intro` to be complementary and keyword-rich. Consider how they will render in research.
+* Accompany all images with keyword-rich alt text, which is also metadata used by search engines. See "[Alt text](/contributing/style-guide-and-content-model/style-guide#alt-text)" in the {% data variables.product.prodname_docs %} Style Guide.
+
+### Link strategically
+
+Link frugally to other task-relevant pages on {% data variables.product.prodname_docs %} and high-quality peer sites, following "[Links](/contributing/style-guide-and-content-model/style-guide#links)" in the {% data variables.product.prodname_docs %} Style Guide.
+
+Ensure that incoming links do not break by carefully maintaining redirects.
+
+### Maintain accuracy
+
+Ensure content is free of errors in fact, spelling, and style. Audit content periodically to remove errors such as broken links and to retire unneeded content. See "[AUTOTITLE](/contributing/writing-for-github-docs/configuring-redirects)."
diff --git a/content/contributing/writing-for-github-docs/templates.md b/content/contributing/writing-for-github-docs/templates.md
index 22a20ee45762..ae73e2435274 100644
--- a/content/contributing/writing-for-github-docs/templates.md
+++ b/content/contributing/writing-for-github-docs/templates.md
@@ -342,16 +342,16 @@ The language guide introduction should include the following in a short paragrap
## Starting with the workflow template
{% comment %}
-Language guides typically walk through and build upon a starter workflow template. If that format doesn't work, you can include a boilerplate workflow.
-- Link to the GitHub Actions CI starter workflow as the boilerplate reference code and then walk through and build on that code in this guide - https://github.com/actions/starter-workflows/tree/master/ci
-- Provide instructions for adding the starter workflow template to a repository.
+Language guides typically walk through and build upon a workflow template template. If that format doesn't work, you can include a boilerplate workflow.
+- Link to the GitHub Actions CI workflow template as the boilerplate reference code and then walk through and build on that code in this guide - https://github.com/actions/starter-workflows/tree/master/ci
+- Provide instructions for adding the workflow template template to a repository.
- Include the starter template workflow code.
{% endcomment %}
## Running on different operating systems
{% comment %}
-Include a brief overview of how to choose the runner environment. These should be alternatives to what operating system is presented in the starter workflow/boilerplate template.
+Include a brief overview of how to choose the runner environment. These should be alternatives to what operating system is presented in the workflow template/boilerplate template.
{% endcomment %}
## Configuring the version
diff --git a/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md b/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md
index 5609243d0f25..397a7b429738 100644
--- a/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md
+++ b/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md
@@ -48,13 +48,13 @@ This content is displayed on the {% data variables.product.prodname_docs %} site
This is another paragraph in the list.
1. This is the next item.
-## Callout tags
+## Alerts
-Callouts highlight important information that users need to know. We use standard formatting and colors for four different types of callouts: notes, tips, warnings, and danger notices.
+Alerts highlight important information that users need to know. We use standard formatting and colors for four different types of Alerts: Note, Tip, Warning, and Caution.
-For information on when to use callouts, and how to format them in Markdown, see "[AUTOTITLE](/contributing/style-guide-and-content-model/style-guide#callouts)."
+For information on when to use alerts, and how to format them in Markdown, see "[AUTOTITLE](/contributing/style-guide-and-content-model/style-guide#alerts)."
-### Examples of callouts
+### Examples of alerts
```markdown
> [!NOTE] Keep this in mind.
@@ -62,15 +62,15 @@ For information on when to use callouts, and how to format them in Markdown, see
```markdown
> [!NOTE]
-> Generally callouts should be short.
+> Generally alerts should be short.
>
> But occasionally may require more than one paragraph
```
-### Example callouts rendered on {% data variables.product.prodname_docs %}
+### Example alerts rendered on {% data variables.product.prodname_docs %}
> [!NOTE]
-> Generally callouts should be short.
+> Generally alerts should be short.
>
> But occasionally may require more than one paragraph
@@ -138,7 +138,7 @@ Code annotations only work in articles with the `layout: inline` frontmatter pro
PR_URL: ${{ github.event.pull_request.html_url }}
```
-For an example of an article that uses code annotations on {% data variables.product.prodname_docs %}, see "[AUTOTITLE](/actions/examples/using-scripts-to-test-your-code-on-a-runner)."
+For an example of an article that uses code annotations on {% data variables.product.prodname_docs %}, see "[AUTOTITLE](/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions)."
## Octicons
diff --git a/content/contributing/writing-for-github-docs/using-videos-in-github-docs.md b/content/contributing/writing-for-github-docs/using-videos-in-github-docs.md
index 5ecef052e1ed..94167af8ad49 100644
--- a/content/contributing/writing-for-github-docs/using-videos-in-github-docs.md
+++ b/content/contributing/writing-for-github-docs/using-videos-in-github-docs.md
@@ -1,6 +1,6 @@
---
title: Using videos in GitHub Docs
-shortTitle: Using videos
+shortTitle: Use videos
intro: 'This guide explains how to create videos that support user needs for {% data variables.product.prodname_docs %}.'
versions:
feature: 'contributing'
diff --git a/content/copilot/about-github-copilot.md b/content/copilot/about-github-copilot.md
deleted file mode 100644
index 74b0abdc959b..000000000000
--- a/content/copilot/about-github-copilot.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-title: About GitHub Copilot
-intro: Find out what {% data variables.product.prodname_copilot %} can do and which {% data variables.product.prodname_copilot_short %} plan is right for you.
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: About GitHub Copilot
----
-
-{% data variables.product.prodname_copilot %} is an AI coding assistant that helps you write code faster and with less effort, allowing you to focus more energy on problem solving and collaboration. {% data variables.product.prodname_copilot_short %} offers coding suggestions as you type: sometimes the completion of the current line, sometimes a whole new block of code. You can accept all, or part, of a suggestion, or you can ignore the suggestion and keep typing.
-
-Using the chat feature, you can ask {% data variables.product.prodname_copilot_short %} how best to solve a problem. Or you can ask {% data variables.product.prodname_copilot_short %} to explain someone else's code. If your code has a bug, you can ask {% data variables.product.prodname_copilot_short %} how to fix it.
-
-{% data variables.product.prodname_copilot %} has been proven to increase developer productivity and accelerate the pace of software development. For more information, see "[Research: quantifying {% data variables.product.prodname_copilot %}’s impact on developer productivity and happiness](https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/)" on the {% data variables.product.prodname_dotcom %} blog.
-
-## Assistance where you need it
-
-{% data variables.product.prodname_copilot %} is available:
-* In your IDE
-* In {% data variables.product.prodname_mobile %}, as a chat interface
-* On the command line, through the {% data variables.product.prodname_cli %}
-* On {% data variables.product.prodname_dotcom_the_website %}, with a subscription to {% data variables.product.prodname_copilot_enterprise_short %}
-
-## {% data variables.product.prodname_copilot %} features
-
-{% data variables.product.prodname_copilot_short %} includes a suite of features, such as:
-
-* **Code completion** - {% data variables.product.prodname_copilot_short %} suggests code as you type. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot)."
-
-* **Chat** - Ask {% data variables.product.prodname_copilot_short %} for help with your code. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide){% ifversion ghec %}" and "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom){% endif %}."
-
-* **Pull request summaries** _({% data variables.product.prodname_copilot_enterprise_short %} only)_ - Get {% data variables.product.prodname_copilot_short %} to describe the changes in a pull request. For more information, see {% ifversion ghec %}"[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot)."{% else %}"[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries)."{% endif %}
-
-* **Knowledge bases** _({% data variables.product.prodname_copilot_enterprise_short %} only)_ - Create and manage collections of documentation to use as a context for chatting with {% data variables.product.prodname_copilot_short %}. For more information, see {% ifversion ghec %}"[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/managing-copilot-knowledge-bases)."{% else %}"[AUTOTITLE](/copilot/github-copilot-enterprise/managing-copilot-knowledge-bases)."{% endif %}
-
-For a full list of the features and functionality available on each {% data variables.product.prodname_copilot %} plan, see "[AUTOTITLE](/copilot/copilot-individual/github-copilot-individual-feature-set)", "[AUTOTITLE](/copilot/copilot-business/github-copilot-business-feature-set)", or "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set)."
-
-## Getting access to {% data variables.product.prodname_copilot %}
-
-You can access {% data variables.product.prodname_copilot %} as part of one of the following paid plans:
-
-* **{% data variables.product.prodname_copilot_individuals_short %}** - Get access to {% data variables.product.prodname_copilot %} in an IDE, or on the command line, for your personal or independent use. You can try {% data variables.product.prodname_copilot %} for free with a one-time 30-day trial. After the free trial, you will need a paid subscription for continued use. For more information, see "[AUTOTITLE](/copilot/copilot-individual/about-github-copilot-individual)."
-
- If you're a verified student, teacher, or maintainer of a popular open source project, {% data variables.product.prodname_copilot %} is free to use. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)."
-
-* **{% data variables.product.prodname_copilot_business_short %}** - Access {% data variables.product.prodname_copilot %} as a member of an organization. Owners of the organization can manage access for individual members or for teams. For more information, see "[AUTOTITLE](/copilot/copilot-business/about-github-copilot-business)."
-* **{% data variables.product.prodname_copilot_enterprise_short %}** - Access {% data variables.product.prodname_copilot %} as a member of an enterprise. Enterprise owners can allow some or all organizations in the enterprise to access {% data variables.product.prodname_copilot %}. If an organization has access to {% data variables.product.prodname_copilot_short %}, owners of the organization can grant access to {% data variables.product.prodname_copilot_enterprise_short %} for some or all members of the organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)."
-
- With {% data variables.product.prodname_copilot_enterprise_short %}, in addition to accessing {% data variables.product.prodname_copilot_short %} in an IDE or on the command line, you can use {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %}. This includes the ability to:
-
- * Chat with {% data variables.product.prodname_copilot_short %} to get help with your code, or to ask general tech-related questions.
- * Create tailored knowledge bases to use as the context for chat.
- * Generate automatic summaries of pull requests.
-
-> [!NOTE]
-> {% data reusables.copilot.copilot-one-account-short %}
diff --git a/content/copilot/about-github-copilot/github-copilot-features.md b/content/copilot/about-github-copilot/github-copilot-features.md
new file mode 100644
index 000000000000..191ce1f1555a
--- /dev/null
+++ b/content/copilot/about-github-copilot/github-copilot-features.md
@@ -0,0 +1,68 @@
+---
+title: GitHub Copilot features
+intro: '{% data variables.product.prodname_copilot %} offers a suite of features. {% data variables.product.prodname_copilot_short %} also offers a suite of features for administrators.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+shortTitle: Copilot features
+redirect_from:
+ - /copilot/copilot-business/github-copilot-business-feature-set
+ - /copilot/copilot-individual/github-copilot-individual-feature-set
+ - /copilot/github-copilot-enterprise/github-copilot-enterprise-feature-set
+---
+
+## {% data variables.product.prodname_copilot %} features
+
+### Code completion
+
+Autocomplete-style suggestions from {% data variables.product.prodname_copilot_short %} in supported IDEs _({% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, Azure Data Studio, and Vim/Neovim)_.
+
+### {% data variables.product.prodname_copilot_chat_short %}
+
+A chat interface that lets you ask coding-related questions. {% data variables.product.prodname_copilot_chat %} is available in {% data variables.product.prodname_dotcom_the_website %} _({% data variables.product.prodname_copilot_enterprise_short %} only)_, in {% data variables.product.prodname_mobile %}, and in supported IDEs _({% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and JetBrains IDEs)_. {% data variables.product.prodname_copilot_enterprise_short %} users can also use skills with {% data variables.product.prodname_copilot_chat_short %}.
+
+### {% data variables.product.prodname_copilot_cli_short %}
+
+A chat-like interface in the terminal, where you can ask questions about the command line. You can ask {% data variables.product.prodname_copilot_short %} to provide command suggestions or explanations of commands.
+
+### {% data variables.product.prodname_copilot_for_prs %} _({% data variables.product.prodname_copilot_enterprise_short %} only)_
+
+AI-generated summaries of the changes that were made in a pull request, which files they impact, and what a reviewer should focus on when they conduct their review.
+
+### {% data variables.product.prodname_copilot_autocomplete_pr %} (beta) _({% data variables.product.prodname_copilot_enterprise_short %} only)_
+
+AI-generated text completion to help you write pull request descriptions quickly and accurately.
+
+### {% data variables.product.prodname_copilot_short %} knowledge bases _({% data variables.product.prodname_copilot_enterprise_short %} only)_
+
+Create and manage collections of documentation to use as context for chatting with {% data variables.product.prodname_copilot_short %}. When you ask a question in {% data variables.product.prodname_copilot_chat_dotcom_short %} or in {% data variables.product.prodname_vscode_shortname %}, you can specify a knowledge base as the context for your question.
+
+## {% data variables.product.prodname_copilot %} features for administrators
+
+The following features are available to organization and enterprise owners with a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription.
+
+### Policy management
+
+Manage policies for {% data variables.product.prodname_copilot_short %} in your organization or enterprise.
+
+### Access management
+
+Enterprise owners can specify which organizations in the enterprise can use {% data variables.product.prodname_copilot_short %}, and organization owners can specify which organization members can use Copilot.
+
+### Usage data
+
+Review {% data variables.product.prodname_copilot_short %} usage data within your organization or enterprise to inform how to manage access and drive adoption of {% data variables.product.prodname_copilot_short %}.
+
+### Audit logs
+
+Review audit logs for {% data variables.product.prodname_copilot_short %} in your organization to understand what actions have been taken and by which users.
+
+### Exclude files
+
+Configure {% data variables.product.prodname_copilot_short %} to ignore certain files. This can be useful if you have files that you don't want to be available to {% data variables.product.prodname_copilot_short %}.
+
+## Next steps
+
+* To learn more about the subscription plans available for {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)."
+* To start using Copilot, see "[AUTOTITLE](/copilot/setting-up-github-copilot)."
diff --git a/content/copilot/about-github-copilot/index.md b/content/copilot/about-github-copilot/index.md
new file mode 100644
index 000000000000..dce4bcd67da5
--- /dev/null
+++ b/content/copilot/about-github-copilot/index.md
@@ -0,0 +1,13 @@
+---
+title: About GitHub Copilot
+shortTitle: About GitHub Copilot
+intro: 'Learn about GitHub Copilot.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /what-is-github-copilot
+ - /github-copilot-features
+ - /subscription-plans-for-github-copilot
+---
diff --git a/content/copilot/about-github-copilot/subscription-plans-for-github-copilot.md b/content/copilot/about-github-copilot/subscription-plans-for-github-copilot.md
new file mode 100644
index 000000000000..860a09001ccb
--- /dev/null
+++ b/content/copilot/about-github-copilot/subscription-plans-for-github-copilot.md
@@ -0,0 +1,29 @@
+---
+title: Subscription plans for GitHub Copilot
+intro: 'Learn about the subscription options for {% data variables.product.prodname_copilot_short %}.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+shortTitle: Subscriptions
+---
+
+{% data variables.product.company_short %} offers multiple subscription options for {% data variables.product.prodname_copilot %}:
+
+* **{% data variables.product.prodname_copilot_for_individuals %}** is available to individual {% data variables.product.company_short %} customers who don't have access to {% data variables.product.prodname_copilot_short %} through an organization or enterprise.
+* **{% data variables.product.prodname_copilot_for_business %}** is available for organizations with a {% data variables.product.prodname_free_team %} or {% data variables.product.prodname_team %} plan, or enterprises on {% data variables.product.prodname_ghe_cloud %}. {% data variables.product.prodname_copilot_business_short %} gives organizations and enterprises control over {% data variables.product.prodname_copilot_short %} policies, including which members can use {% data variables.product.prodname_copilot_short %}.
+* **{% data variables.product.prodname_copilot_enterprise %}** is available for enterprises on {% data variables.product.prodname_ghe_cloud %}. In addition to all of the {% data variables.product.prodname_copilot_business_short %} features, {% data variables.product.prodname_copilot_enterprise_short %} provides additional AI features on {% data variables.product.company_short %}. With this subscription plan you can choose to assign either {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} to each individual organization in the enterprise.
+
+{% data variables.product.prodname_copilot_short %} is not currently available for {% data variables.product.prodname_ghe_server %}.
+
+## Comparing {% data variables.product.prodname_copilot_short %} subscriptions
+
+{% data reusables.copilot.differences-cfi-cfb-table %}
+
+For more information, see "[AUTOTITLE](/copilot/about-github-copilot/github-copilot-features)."
+
+## Next steps
+
+* To subscribe to {% data variables.product.prodname_copilot_for_individuals %}, you can try {% data variables.product.prodname_copilot %} for free with a one-time 30-day trial. To continue using {% data variables.product.prodname_copilot_short %} after the trial, you will need a paid subscription, unless you are a verified student, teacher, or maintainer of a popular open source project on {% data variables.product.prodname_dotcom %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user)."
+* To subscribe your organization to {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization)."
+* To subscribe your enterprise to {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise)."
diff --git a/content/copilot/about-github-copilot/what-is-github-copilot.md b/content/copilot/about-github-copilot/what-is-github-copilot.md
new file mode 100644
index 000000000000..f0a5560476aa
--- /dev/null
+++ b/content/copilot/about-github-copilot/what-is-github-copilot.md
@@ -0,0 +1,73 @@
+---
+title: What is GitHub Copilot?
+intro: 'Learn what {% data variables.product.prodname_copilot %} is and what you can do with it.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+shortTitle: What is GitHub Copilot?
+redirect_from:
+ - /copilot/copilot-individual
+ - /copilot/copilot-individual/about-github-copilot-individual
+ - /copilot/copilot-business/about-github-copilot-business
+ - /copilot/github-copilot-enterprise/about-github-copilot-enterprise
+ - /copilot/github-copilot-enterprise/overview
+ - /copilot/overview-of-github-copilot/about-github-copilot-for-individuals
+ - /copilot/overview-of-github-copilot/about-github-copilot
+ - /copilot/overview-of-github-copilot/about-github-copilot-individual
+ - /copilot/overview-of-github-copilot/about-github-copilot-for-business
+ - /copilot/overview-of-github-copilot/about-github-copilot-business
+ - /copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise
+ - /copilot/configuring-github-copilot/configuring-github-copilot-settings-in-your-organization
+ - /copilot/managing-copilot-business
+ - /copilot/managing-copilot-for-business
+ - /copilot/github-copilot-enterprise
+ - /copilot/copilot-business
+---
+
+{% data variables.product.prodname_copilot %} is an AI coding assistant that helps you write code faster and with less effort, allowing you to focus more energy on problem solving and collaboration.
+
+{% data variables.product.prodname_copilot %} has been proven to increase developer productivity and accelerate the pace of software development. For more information, see "[Research: quantifying {% data variables.product.prodname_copilot %}’s impact on developer productivity and happiness](https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/)" in the {% data variables.product.prodname_dotcom %} blog.
+
+## {% data variables.product.prodname_copilot_short %} features
+
+{% data variables.product.prodname_copilot %} includes a suite of features. You can use {% data variables.product.prodname_copilot_short %} to:
+
+* Get code suggestions as you type in your IDE
+* Chat with {% data variables.product.prodname_copilot_short %} to ask for help with your code
+* Ask {% data variables.product.prodname_copilot_short %} for help using the command line
+* Generate a description of the changes in a pull request _({% data variables.product.prodname_copilot_enterprise_short %} only)_
+* Create and manage collections of documentation, called knowledge bases, to use as a context for chatting with {% data variables.product.prodname_copilot_short %} _({% data variables.product.prodname_copilot_enterprise_short %} only)_
+
+{% data variables.product.prodname_copilot_short %} is available:
+
+* In your IDE
+* In {% data variables.product.prodname_mobile %}, as a chat interface
+* On the command line, through the {% data variables.product.prodname_cli %}
+* On {% data variables.product.prodname_dotcom_the_website %}, with a subscription to {% data variables.product.prodname_copilot_enterprise_short %}
+
+For more information, see "[AUTOTITLE](/copilot/about-github-copilot/github-copilot-features)."
+
+## Getting access to {% data variables.product.prodname_copilot_short %}
+
+**As an individual**, there are a few different ways you can get access to {% data variables.product.prodname_copilot %}:
+
+* _Sign up for a subscription to {% data variables.product.prodname_copilot_for_individuals %}_. You can try {% data variables.product.prodname_copilot %} for free with a one-time 30-day trial. After the free trial, you will need a paid subscription for continued use.
+* _If you are a member of an organization or enterprise_ that has a subscription to {% data variables.product.prodname_copilot %}, you can request access to {% data variables.product.prodname_copilot_short %} by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get Copilot from an organization."
+* _If you are a verified student, teacher, or maintainer of a popular open source project_, {% data variables.product.prodname_copilot %} is free to use. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)."
+
+**As an organization owner**, you can purchase a subscription to {% data variables.product.prodname_copilot_for_business %} for your organization. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization)." If your organization is owned by an enterprise that has a {% data variables.product.prodname_copilot_short %} subscription, you can ask your enterprise owner to enable {% data variables.product.prodname_copilot_short %} for your organization by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get Copilot from an organization."
+
+**As an enterprise owner**, you can purchase a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} for your enterprise, and allow organizations to grant access to members. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise)."
+
+If you **don't need other features**, you can request an enterprise account specifically for managing {% data variables.product.prodname_copilot_for_business %} licenses. You won't pay for {% data variables.product.prodname_enterprise %} seats, and you won't be able to create organizations or repositories. See "[AUTOTITLE](/enterprise-cloud@latest/admin/copilot-business-only/about-enterprise-accounts-for-copilot-business)."
+
+## Next steps
+
+* To learn more about the Copilot features, see "[AUTOTITLE](/copilot/about-github-copilot/github-copilot-features)."
+* To start using Copilot, see "[AUTOTITLE](/copilot/setting-up-github-copilot)."
+
+## Further reading
+
+* "[Frequently asked questions](https://github.com/features/copilot#faq)" about {% data variables.product.prodname_copilot %}
+* "[{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)"
diff --git a/content/copilot/copilot-business/about-github-copilot-business.md b/content/copilot/copilot-business/about-github-copilot-business.md
deleted file mode 100644
index 03e477c8541f..000000000000
--- a/content/copilot/copilot-business/about-github-copilot-business.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: About GitHub Copilot Business
-intro: 'With {% data variables.product.prodname_copilot_for_business %} you can manage access to {% data variables.product.prodname_copilot %} for your organization{% ifversion ghec%} or enterprise{% endif %}.'
-product: '{% data reusables.gated-features.copilot-business %}'
-redirect_from:
- - /copilot/overview-of-github-copilot/about-github-copilot-for-business
- - /copilot/overview-of-github-copilot/about-github-copilot-business
-
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: About GitHub Copilot Business
----
-
-Get {% data variables.product.prodname_copilot_for_business %} {% octicon "link-external" height:16 %}
-
-## About {% data variables.product.prodname_copilot_business_short %}
-
-{% data reusables.copilot.about-copilot %}
-
-With {% data variables.product.prodname_copilot_business_short %}, you can manage access to {% data variables.product.prodname_copilot %} for organizations{% ifversion ghec %} within your enterprise{% endif %}. Once you grant an organization access to {% data variables.product.prodname_copilot %}, the administrators of that organization can grant access to individuals and teams. For more information, see "[AUTOTITLE](/copilot/copilot-business/enabling-and-setting-up-github-copilot-business)."
-
-{% data reusables.copilot.supported-tools %}
-
-### Understanding the differences between {% data variables.product.prodname_copilot_business_short %}, {% data variables.product.prodname_copilot_individuals_short %}, and {% data variables.product.prodname_copilot_enterprise_short %}
-
-{% data reusables.copilot.differences-cfi-cfb-table %}
-
-## Enabling and setting up {% data variables.product.prodname_copilot_business_short %}
-
-To use {% data variables.product.prodname_copilot_business_short %}, you need to set up a subscription for your organization{% ifversion ghec %} or enterprise{% endif %} account. For more information, see {% ifversion ghec %}"[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise)."{% else %}"[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization)."{% endif %}
-
-After setting up a subscription, you can enable {% data variables.product.prodname_copilot %} for organizations{% ifversion ghec %} within your enterprise{% endif %}. For more information, see "[AUTOTITLE](/copilot/copilot-business/enabling-and-setting-up-github-copilot-business)."
-
-## About billing for {% data variables.product.prodname_copilot_business_short %}
-
-{% data variables.product.prodname_copilot_business_short %} subscriptions are billed monthly, based on the number of {% data variables.product.prodname_copilot %} seats assigned to users within your organization{% ifversion ghec %} or enterprise{% endif %}. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#about-billing-for-github-copilot-business-and-github-copilot-enterprise)."
-
-## Submitting a request for {% data variables.product.prodname_copilot_for_business %}
-
-As a member of an organization, you can request access to {% data variables.product.prodname_copilot_for_business %} from your organization's owners. This can be done in a couple of different ways:
-
-* From the [{% data variables.product.prodname_copilot %} settings](https://github.com/settings/copilot) for your personal account
-
- 
-
-* From an empty repository in the organization
-
- 
-
-## Further reading
-
-* "[{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)"
-* "[{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)"
diff --git a/content/copilot/copilot-business/enabling-and-setting-up-github-copilot-business.md b/content/copilot/copilot-business/enabling-and-setting-up-github-copilot-business.md
deleted file mode 100644
index c98f426bf1fd..000000000000
--- a/content/copilot/copilot-business/enabling-and-setting-up-github-copilot-business.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Enabling and setting up GitHub Copilot Business
-intro: 'To use {% data variables.product.prodname_copilot_for_business %}, you need to set up a subscription for your organization{% ifversion ghec %} or enterprise{% endif %}.'
-product: '{% data reusables.gated-features.copilot-billing %}'
-redirect_from:
- - /copilot/overview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business
- - /copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-for-business
- - /copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-business
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: Enabling GitHub Copilot Business
----
-
-To use {% data variables.product.prodname_copilot_for_business %}, you need to set up a subscription for your organization{% ifversion ghec %} or enterprise{% endif %} account. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-organization-or-enterprise)."
-
-{% ifversion ghec %}{% data reusables.copilot.enabling-github-copilot-for-business %}
-
-## Enabling {% data variables.product.prodname_copilot_business_short %} for your enterprise
-
-{% note %}
-
-**Note:**
-
-* You must be an enterprise owner to enable {% data variables.product.prodname_copilot_business_short %} for your enterprise.
-* If you set up a {% data variables.product.prodname_copilot_business_short %} subscription for your organization account, you can skip this section.
-
-{% endnote %}
-
-Your enterprise owner can enable {% data variables.product.prodname_copilot_business_short %} for the organizations in the enterprise by first establishing the policy and then assigning users. To enforce a policy to manage the use of {% data variables.product.prodname_copilot_business_short %}, follow the steps in "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)." If you need additional help with policy configuration or user assignment for {% data variables.product.prodname_copilot_business_short %}, you can contact {% data variables.contact.contact_enterprise_sales %}.
-
-{% data variables.product.prodname_copilot %} includes a filter which detects code suggestions that match public code on {% data variables.product.prodname_dotcom %}. Your enterprise owner can choose whether to enable or disable the filter at the enterprise-level, or allow organization owners to decide at the organization-level. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-suggestions-that-match-public-code)."{% endif %}
-
-## Configuring {% data variables.product.prodname_copilot %} settings in your organization
-
-{% ifversion ghec %}
-{% note %}
-
-**Note:** If you set up a {% data variables.product.prodname_copilot_business_short %} subscription for your organization account, you configure {% data variables.product.prodname_copilot %} settings in your organization without an enterprise policy.
-
-{% endnote %}
-
-Once an enterprise owner has enabled {% data variables.product.prodname_copilot_business_short %} for an organization, organization owners and members with admin permissions can configure {% data variables.product.prodname_copilot %} access for their organization. Depending on the policy settings configured at the enterprise-level, an organization owner may also be able to configure various features, such as whether to allow or block {% data variables.product.prodname_copilot_short %} suggestions that match public code.{% endif %}{% ifversion fpt %}After setting up a {% data variables.product.prodname_copilot_business_short %} subscription for your organization, you can configure {% data variables.product.prodname_copilot %} settings in your organization. This includes granting and revoking access to individuals and teams, and determining whether to block suggestions that match public code.{% endif %} For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization)."
-
-## Assigning {% data variables.product.prodname_copilot %} seats
-
-To give people or teams within your organization access to {% data variables.product.prodname_copilot %}, you need to assign them a {% data variables.product.prodname_copilot %} seat. {% ifversion ghec %}Once a {% data variables.product.prodname_ghe_cloud %} admin enables a {% data variables.product.prodname_copilot_business_short %} subscription in your organization, you can assign {% data variables.product.prodname_copilot %} seats to individuals and teams in your organization.{% endif %} To enable access for all current and future users in your organization, or specific users in your organization, follow the steps in "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
-
-## Configuring network settings
-
-If members of your organization will be using {% data variables.product.prodname_copilot %} on your company's corporate network, you may need to configure network settings so that members can use {% data variables.product.prodname_copilot %} successfully.
-
-* If you use an HTTP proxy server on your network, you can configure {% data variables.product.prodname_copilot %} to connect via this server. To successfully intercept and inspect {% data variables.product.prodname_copilot %}'s secure connection, you may need to install custom SSL certificates on your users' machines. For more information, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot)."
-* If you use a firewall, you may need to add certain domains to the firewall's allowlist. For more information, see "[AUTOTITLE](/copilot/troubleshooting-github-copilot/troubleshooting-firewall-settings-for-github-copilot)."
diff --git a/content/copilot/copilot-business/github-copilot-business-feature-set.md b/content/copilot/copilot-business/github-copilot-business-feature-set.md
deleted file mode 100644
index 4f6fe2314d79..000000000000
--- a/content/copilot/copilot-business/github-copilot-business-feature-set.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: GitHub Copilot Business feature set
-intro: 'Get an overview of all the features included in {% data variables.product.prodname_copilot_for_business %}.'
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: Copilot Business feature set
----
-
-## About {% data variables.product.prodname_copilot_for_business %}
-
-{% data variables.product.prodname_copilot_for_business %} is a {% data variables.product.prodname_copilot %} plan available to {% data variables.product.prodname_dotcom %} customers through organization{% ifversion ghec %} or enterprise{% endif %} accounts. For more information, see "[AUTOTITLE](/copilot/copilot-business/about-github-copilot-business)."
-
-## {% data variables.product.prodname_copilot_for_business %} features
-
-{% data variables.product.prodname_copilot_for_business %} includes the following features, available to all users assigned a {% data variables.product.prodname_copilot_for_business %} seat.
-
-{% data reusables.copilot.copilot-individual-features %}
-
-{% data reusables.copilot.copilot-business-features %}
diff --git a/content/copilot/copilot-business/index.md b/content/copilot/copilot-business/index.md
deleted file mode 100644
index e8b5b0372056..000000000000
--- a/content/copilot/copilot-business/index.md
+++ /dev/null
@@ -1,17 +0,0 @@
----
-title: Copilot Business
-shortTitle: Copilot Business
-intro: 'Learn how to manage your Copilot Business subscription.'
-redirect_from:
- - /copilot/configuring-github-copilot/configuring-github-copilot-settings-in-your-organization
- - /copilot/managing-copilot-business
- - /copilot/managing-copilot-for-business
-versions:
- feature: copilot
-topics:
- - Copilot
-children:
- - /about-github-copilot-business
- - /github-copilot-business-feature-set
- - /enabling-and-setting-up-github-copilot-business
----
diff --git a/content/copilot/copilot-individual/about-github-copilot-individual.md b/content/copilot/copilot-individual/about-github-copilot-individual.md
deleted file mode 100644
index a7166c349597..000000000000
--- a/content/copilot/copilot-individual/about-github-copilot-individual.md
+++ /dev/null
@@ -1,111 +0,0 @@
----
-title: About GitHub Copilot Individual
-intro: '{% data variables.product.prodname_copilot %} can help you code by offering autocomplete-style suggestions. You can learn how {% data variables.product.prodname_copilot %} works, and what to consider while using {% data variables.product.prodname_copilot %}.'
-redirect_from:
- - /copilot/overview-of-github-copilot/about-github-copilot-for-individuals
- - /copilot/overview-of-github-copilot/about-github-copilot
- - /copilot/overview-of-github-copilot/about-github-copilot-individual
-
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: About GitHub Copilot Individual
-product: '{% data reusables.copilot.copilot-individual-emus %}'
----
-
-Start a free trial {% octicon "link-external" height:16 %}
-
-## About {% data variables.product.prodname_copilot %}
-
-{% data variables.product.prodname_copilot %} is an AI pair programmer that offers autocomplete-style suggestions as you code. You can receive suggestions from {% data variables.product.prodname_copilot %} either by starting to write the code you want to use, or by writing a natural language comment describing what you want the code to do. {% data variables.product.prodname_copilot %} analyzes the context in the file you are editing, as well as related files, and offers suggestions from within your text editor. {% data variables.product.prodname_copilot %} is powered by a generative AI model developed by {% data variables.product.prodname_dotcom %}, OpenAI, and Microsoft.
-
-{% data variables.product.prodname_copilot %} is trained on all languages that appear in public repositories. For each language, the quality of suggestions you receive may depend on the volume and diversity of training data for that language. For example, JavaScript is well-represented in public repositories and is one of {% data variables.product.prodname_copilot %}'s best supported languages. Languages with less representation in public repositories may produce fewer or less robust suggestions.
-
-{% data reusables.copilot.supported-tools %}
-
-### Understanding the differences between {% data variables.product.prodname_copilot_individuals_short %}, {% data variables.product.prodname_copilot_business_short %}, and {% data variables.product.prodname_copilot_enterprise_short %}
-
-{% data reusables.copilot.differences-cfi-cfb-table %}
-
-## Using {% data variables.product.prodname_copilot %}
-
-You can see real-world examples of {% data variables.product.prodname_copilot %} in action. For more information, see the [{% data variables.product.prodname_copilot %}](https://copilot.github.com/) website.
-
-{% data variables.product.prodname_copilot %} offers suggestions from a model that OpenAI built from billions of lines of open source code. As a result, the training set for {% data variables.product.prodname_copilot %} may contain insecure coding patterns, bugs, or references to outdated APIs or idioms. When {% data variables.product.prodname_copilot %} produces suggestions based on this training data, those suggestions may also contain undesirable patterns.
-
-You are responsible for ensuring the security and quality of your code. We recommend you take the same precautions when using code generated by {% data variables.product.prodname_copilot %} that you would when using any code you didn't write yourself. These precautions include rigorous testing, IP scanning, and tracking for security vulnerabilities. {% data variables.product.company_short %} provides a number of features to help you monitor and improve code quality, such as {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_codeql %} and {% data variables.product.prodname_code_scanning %}. All these features are free to use in public repositories. For more information, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)" and "[AUTOTITLE](/code-security/getting-started/github-security-features)."
-
-{% data variables.product.prodname_copilot %} uses filters to block offensive words in the prompts and avoid producing suggestions in sensitive contexts. We are committed to constantly improving the filter system to more intelligently detect and remove offensive suggestions generated by {% data variables.product.prodname_copilot %}, including biased, discriminatory, or abusive outputs. If you see an offensive suggestion generated by {% data variables.product.prodname_copilot %}, please report the suggestion directly to copilot-safety@github.com so that we can improve our safeguards.
-
-## About billing for {% data variables.product.prodname_copilot %}
-
-{% data variables.product.prodname_copilot %} is a paid feature, requiring a monthly or yearly subscription. {% data variables.product.prodname_copilot %} subscriptions can be paid for and managed through a personal account on {% data variables.product.prodname_dotcom_the_website %} with {% data variables.product.prodname_copilot_individuals_short %}, or paid for and managed centrally through {% ifversion fpt %}an organization account {% else %}an enterprise account on {% data variables.product.prodname_ghe_cloud %}{% endif %} with {% ifversion ghec %}either{% endif %} {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}{% endif %}.
-
-Verified students, teachers, and maintainers of popular open source projects on {% data variables.product.prodname_dotcom %} are eligible to use {% data variables.product.prodname_copilot_individuals_short %} for free. If you meet the criteria for a free {% data variables.product.prodname_copilot_individuals_short %} subscription, you will be automatically notified when you visit the {% data variables.product.prodname_copilot %} subscription page. {% ifversion fpt %}If you do not meet the criteria for a free {% data variables.product.prodname_copilot_individuals_short %} subscription, you will be offered a {% data reusables.copilot.trial-period %}-day free trial, after which a paid subscription is required for continued use.{% endif %}
-
-For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)."
-
-## About the license for the {% data variables.product.prodname_copilot %} plugin in JetBrains IDEs
-
-{% data variables.product.prodname_dotcom %}, Inc. is the licensor of the JetBrains plugin. The end user license agreement for this plugin is the [{% data variables.product.prodname_dotcom %} Terms for Additional Products and Features](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot) and use of this plugin is subject to those terms. JetBrains has no responsibility or liability in connection with the plugin or such agreement. By using the plugin, you agree to the foregoing terms.
-
-## About privacy for {% data variables.product.prodname_copilot_for_individuals %}
-
-Learn more about {% data variables.product.prodname_dotcom %}'s data collection, retention, and processing for {% data variables.product.prodname_copilot_for_individuals %}.
-
-### What data does {% data variables.product.prodname_copilot_for_individuals %} collect?
-
-{% data variables.product.prodname_copilot_for_individuals %} relies on file content and additional data to work. It collects data to provide the service, some of which is then retained for further analysis and product improvements. {% data variables.product.prodname_copilot %} processes the following data for individual users.
-
-### User Engagement Data
-
-When you use {% data variables.product.prodname_copilot %} it will collect usage information about events generated when interacting with {% data variables.product.prodname_copilot %}. These events include user edit actions like if Suggestions are accepted or dismissed, and error and general usage data to identify metrics like latency and features engagement. This information may include personal data, such as pseudonymous identifiers.
-
-#### Prompts
-
-A Prompt is the collection of code and supporting contextual information {% data variables.product.prodname_copilot %} sends to {% data variables.product.company_short %} to generate Suggestions, including data you submit through a chat interface. {% data variables.product.prodname_copilot %} in the code editor retains Prompts unless you have disabled code snippet collection in your settings. {% data variables.product.prodname_copilot_cli %} and {% data variables.product.prodname_copilot_mobile_short %} retain Prompts in order to provide the Service.
-
-#### Suggestions
-
-A Suggestion is the code, functions, or other output returned to you by {% data variables.product.prodname_copilot %} after a Prompt is received and processed by the AI-model. {% data variables.product.prodname_copilot %} in the code editor retains Suggestions unless you disable code snippet collection in your settings. {% data variables.product.prodname_copilot_cli %} and {% data variables.product.prodname_copilot_mobile_short %} retain Suggestions in order to provide the Service.
-
-### How is the data in {% data variables.product.prodname_copilot_for_individuals %} used and shared?
-
-User Engagement Data, Prompts and Suggestions are used by {% data variables.product.company_short %} and Microsoft to improve {% data variables.product.prodname_copilot %} and related services and to conduct product and academic research.
-
-* Enhancing {% data variables.product.prodname_copilot %}: The data collected is utilized to improve {% data variables.product.prodname_copilot %} by evaluating different strategies for processing and predicting suggestions that users may find valuable.
-* Developing related developer products and services: The insights gained from the data help in the development and improvement of other developer tools and services offered by {% data variables.product.company_short %} and Microsoft.
-* Detecting abuse and policy violations: The data is examined to investigate and identify any potential misuse or violation of the Acceptable Use Policies associated with {% data variables.product.prodname_copilot %}.
-* Conducting experiments and research: The data is used for conducting experiments and research related to developers and their utilization of developer tools and services. This aids in gaining valuable insights into user behavior and preferences.
-* Evaluating {% data variables.product.prodname_copilot %}: The impact of {% data variables.product.prodname_copilot %} on users is assessed by measuring its positive effects and benefits.
-* Improving code generation models: The collected data is employed to refine and enhance the underlying models responsible for generating code. This is achieved by utilizing both positive and negative examples.
-* Fine-tuning ranking and sorting algorithms: The data helps in the optimization and improvement of algorithms used for ranking and sorting suggestions, thereby enhancing the overall user experience.
-
-### How is the transmitted Code Snippets data protected?
-
-To ensure the protection of sensitive data such as user edit actions, source code snippets, and repository URLs/file paths, several protective measures are implemented. These measures include:
-
-* Encryption of transmitted data: All data is encrypted both during transit and while at rest, ensuring that it remains secure and inaccessible to unauthorized parties.
-* Strict access control: Access to the data is tightly regulated and limited to specific individuals, including:
- * Named {% data variables.product.company_short %} personnel working on the {% data variables.product.prodname_copilot %} team or the {% data variables.product.company_short %} platform health team.
- * Microsoft personnel involved with the {% data variables.product.prodname_copilot %} team.
-* Role-based access controls and multi-factor authentication: People who require access to code snippet data must adhere to role-based access controls. Additionally, multi-factor authentication is implemented to add an extra layer of security, ensuring that only authorized individuals can access the data.
-
-### How can users of {% data variables.product.prodname_copilot_for_individuals %} control use of their Code Snippets Data?
-
-{% data variables.product.prodname_copilot %} gives you choices about how it uses the data it collects.
-
-* User Engagement Data: User Engagement Data, including pseudonymous identifiers and general usage data, is necessary for the proper functioning of {% data variables.product.prodname_copilot %}. This data is collected, processed, and shared with Microsoft while you use {% data variables.product.prodname_copilot %}.
-* Retention of Prompts and Suggestions: You have the option to decide whether Prompts and Suggestions, when using {% data variables.product.prodname_copilot %} in your code editor, are retained by {% data variables.product.company_short %} and shared with Microsoft. These preferences can be adjusted in the [{% data variables.product.prodname_copilot %} settings](https://github.com/settings/copilot).
-* Requesting Deletion: If you wish to delete Prompts and Suggestions associated with your {% data variables.product.company_short %} identity, contact {% data variables.contact.contact_support %}.
-
-### Will my private code be shared with other users?
-
-No. We follow responsible practices in accordance with our [Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) to ensure that your code snippets will not be used as suggested code for other users of {% data variables.product.prodname_copilot %}.
-
-## Further reading
-
-* "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot)"{% ifversion ghec %}
-* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/){% endif %}
-* "[{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)"
diff --git a/content/copilot/copilot-individual/github-copilot-individual-feature-set.md b/content/copilot/copilot-individual/github-copilot-individual-feature-set.md
deleted file mode 100644
index cb6f95b9a7c6..000000000000
--- a/content/copilot/copilot-individual/github-copilot-individual-feature-set.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-title: GitHub Copilot Individual feature set
-intro: 'Get an overview of all the features included in {% data variables.product.prodname_copilot_for_individuals %}.'
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: Copilot Individual feature set
-product: '{% data reusables.copilot.copilot-individual-emus %}'
----
-
-## About {% data variables.product.prodname_copilot_for_individuals %}
-
-{% data variables.product.prodname_copilot_for_individuals %} is a {% data variables.product.prodname_copilot %} plan available to {% data variables.product.prodname_dotcom %} customers through personal accounts. For more information, see "[AUTOTITLE](/copilot/copilot-individual/about-github-copilot-individual)."
-
-## {% data variables.product.prodname_copilot_for_individuals %} features
-
-{% data variables.product.prodname_copilot_for_individuals %} includes the following features.
-
-{% data reusables.copilot.copilot-individual-features %}
diff --git a/content/copilot/copilot-individual/index.md b/content/copilot/copilot-individual/index.md
deleted file mode 100644
index 6fb58ec720d3..000000000000
--- a/content/copilot/copilot-individual/index.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: GitHub Copilot Individual
-shortTitle: Copilot Individual
-intro: 'Learn about GitHub Copilot Individual and the features available with it.'
-topics:
- - Copilot
-versions:
- feature: copilot
-children:
- - /about-github-copilot-individual
- - /github-copilot-individual-feature-set
----
\ No newline at end of file
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/enabling-github-copilot-chat-for-github-mobile.md b/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/enabling-github-copilot-chat-for-github-mobile.md
deleted file mode 100644
index 978aea9844e4..000000000000
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/enabling-github-copilot-chat-for-github-mobile.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Enabling GitHub Copilot Chat for GitHub Mobile
-intro: 'You can enable or disable {% data variables.product.prodname_copilot_chat %} for your organization{% ifversion ghec %} or enterprise{% endif %}.'
-topics:
- - Copilot
- - Mobile
-versions:
- feature: copilot-chat-for-mobile
-shortTitle: Enable Copilot Chat
-redirect_from:
- - /copilot/github-copilot-chat/enabling-github-copilot-chat-for-github-mobile
----
-
-If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, {% data variables.product.prodname_copilot_mobile %} is already enabled.
-
-If you are part of an organization{% ifversion ghec %} or enterprise{% endif %} with a {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}{% endif %} subscription, the organization{% ifversion ghec %} or enterprise{% endif %} owner will need to enable {% data variables.product.prodname_copilot_chat %} in the {% data variables.product.prodname_copilot_short %} settings.
-
-## Enabling or disabling {% data variables.product.prodname_copilot_mobile_short %} at the organization level
-
-An organization owner can enable or disable {% data variables.product.prodname_copilot_mobile_short %} for the organization. {% ifversion ghec %}You may not be able to configure this setting for your organization, if an enterprise owner has set a policy at the enterprise level.{% endif %} If your organization has a {% data variables.product.prodname_copilot_for_business %} subscription, {% data variables.product.prodname_copilot_mobile_short %} is disabled by default.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.copilot.policy-settings %}
-1. To the right of "{% data variables.product.prodname_copilot_mobile_short %}", select the dropdown menu, then click **Enabled** or **Disabled**.
-
-{% ifversion ghec %}
-
-## Enabling or disabling {% data variables.product.prodname_copilot_mobile_short %} at the enterprise level
-
-An enterprise owner can choose whether to enable a feature for all organizations, disable for all organizations, or allow each organization to choose its own policy for the feature.
-
-{% data reusables.copilot.copilot-chat-mobile-enable %}
-
-{% endif %}
-
-## Next steps
-
-You successfully enabled {% data variables.product.prodname_copilot_mobile_short %} for your organization{% ifversion ghec %} or enterprise{% endif %}. To learn more about how to use it, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github-mobile/using-github-copilot-chat-in-github-mobile)."
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/index.md b/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/index.md
deleted file mode 100644
index 93bad7117aed..000000000000
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/index.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-title: Copilot Chat in GitHub Mobile
-intro: 'You can chat with {% data variables.product.prodname_copilot_chat_dotcom_short %} in {% data variables.product.prodname_mobile %} to learn out about aspects of software development, or to understand or improve specific lines of code.'
-versions:
- feature: 'copilot-chat-for-mobile'
-children:
- - /about-github-copilot-chat-in-github-mobile
- - /enabling-github-copilot-chat-for-github-mobile
- - /using-github-copilot-chat-in-github-mobile
----
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github/index.md b/content/copilot/github-copilot-chat/copilot-chat-in-github/index.md
deleted file mode 100644
index 4f6b8c1f154b..000000000000
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github/index.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: Copilot Chat in GitHub.com
-intro: 'You can chat with {% data variables.product.prodname_copilot_chat_dotcom_short %} in {% data variables.product.prodname_dotcom_the_website %} to learn out about aspects of software development, or to understand or improve specific lines of code.'
-versions:
- feature: 'copilot-on-dotcom'
- fpt: '*'
-redirect_from:
- - /copilot/github-copilot-enterprise/copilot-chat-in-github
-children:
- - /about-github-copilot-chat-in-githubcom
- - /using-github-copilot-chat-in-githubcom
----
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-ides/index.md b/content/copilot/github-copilot-chat/copilot-chat-in-ides/index.md
deleted file mode 100644
index 8c55bd588a3f..000000000000
--- a/content/copilot/github-copilot-chat/copilot-chat-in-ides/index.md
+++ /dev/null
@@ -1,9 +0,0 @@
----
-title: Copilot Chat in IDEs
-intro: 'You can chat with {% data variables.product.prodname_copilot_chat_dotcom_short %} in IDEs to learn out about aspects of software development, or to understand or improve specific lines of code.'
-versions:
- feature: 'copilot'
-children:
- - /about-github-copilot-chat-in-your-ide
- - /using-github-copilot-chat-in-your-ide
----
diff --git a/content/copilot/github-copilot-chat/github-copilot-extensions/about-github-copilot-extensions.md b/content/copilot/github-copilot-chat/github-copilot-extensions/about-github-copilot-extensions.md
deleted file mode 100644
index 36b7bebc84d4..000000000000
--- a/content/copilot/github-copilot-chat/github-copilot-extensions/about-github-copilot-extensions.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: About GitHub Copilot Extensions
-intro: '{% data variables.product.prodname_copilot_extensions %} are integrations for external tools in {% data variables.product.prodname_copilot_chat %}.'
-product: '{% data reusables.gated-features.copilot-extensions %}'
-versions:
- feature: copilot-extensions
-topics:
- - Copilot
-shortTitle: About Copilot Extensions
-type: overview
----
-
-{% data reusables.copilot.copilot-extensions.beta-note %}
-
-## About {% data variables.product.prodname_copilot_extensions %}
-
-{% data reusables.copilot.copilot-extensions.copilot-extensions-intro %}
-
-> [!NOTE] {% data variables.product.prodname_copilot_extensions %} are not the same as the {% data variables.product.prodname_copilot %} extension, which you install in an external application to access {% data variables.product.prodname_copilot_short %} within that application. For more information on the {% data variables.product.prodname_copilot %} extension, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot)."
-
-After you install a {% data variables.product.prodname_copilot_extension_short %} from {% data variables.product.prodname_marketplace %}, you can interact with that extension in a {% data variables.product.prodname_copilot_chat_short %} conversation, asking questions and authorizing actions that combine the capabilities of the external tool and {% data variables.product.prodname_dotcom %}. For example, if you install the Sentry extension for {% data variables.product.prodname_copilot %}, you can use the extension to get information about Sentry issues, then create and assign related tracking issues on {% data variables.product.prodname_dotcom %}.
-
-{% data variables.product.prodname_copilot_extensions_short %} provide several benefits, including:
-
-* Interaction with external tools using natural language
-* Reduced context switching
-* Customization of your {% data variables.product.prodname_copilot_chat_short %} experience for your developer flow
-
-**{% data variables.product.prodname_copilot_extensions_short %} are included in all {% data variables.product.prodname_copilot_short %} subscriptions**, and can be used with:
-
-{% data reusables.copilot.copilot-extensions.compatible-chat-interfaces %}
-
-## Next steps
-
-If you have a {% data variables.product.prodname_copilot_individuals_short %} subscription, to get started with {% data variables.product.prodname_copilot_extensions_short %}, see "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account)."
-
-If you are an organization owner or enterprise administrator with a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, you should set a policy for {% data variables.product.prodname_copilot_extension_short %} usage in your enterprise or organization. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions)."
-
-If you are a developer with {% data variables.product.prodname_copilot_short %} access through a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, to get started with {% data variables.product.prodname_copilot_extensions_short %}, see "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions)."
diff --git a/content/copilot/github-copilot-chat/github-copilot-extensions/index.md b/content/copilot/github-copilot-chat/github-copilot-extensions/index.md
deleted file mode 100644
index 0f49dac7538b..000000000000
--- a/content/copilot/github-copilot-chat/github-copilot-extensions/index.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: GitHub Copilot Extensions
-shortTitle: Copilot Extensions
-intro: 'Learn about {% data variables.product.prodname_copilot_extensions %} (beta) and their uses.'
-versions:
- feature: copilot-extensions
-topics:
- - Copilot
-children:
- - /about-github-copilot-extensions
- - /managing-github-copilot-extensions
- - /installing-github-copilot-extensions-for-your-personal-account
- - /installing-github-copilot-extensions-for-your-organization
- - /using-github-copilot-extensions
----
diff --git a/content/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization.md b/content/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization.md
deleted file mode 100644
index 2b917efee780..000000000000
--- a/content/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Installing GitHub Copilot Extensions for your organization
-intro: 'You can install {% data variables.product.prodname_copilot_extensions %} for your organization from {% data variables.product.prodname_marketplace %}.'
-product: 'Organization owners can install {% data variables.product.prodname_copilot_extensions %} for an organization.'
-versions:
- feature: copilot-extensions
-topics:
- - Copilot
-shortTitle: Install organization extensions
-type: how_to
----
-
-{% data reusables.copilot.copilot-extensions.beta-note %}
-
-## About installing {% data variables.product.prodname_copilot_extensions %} for your organization
-
-Before you install any {% data variables.product.prodname_copilot_extensions_short %} in your organization, you should set a usage policy for {% data variables.product.prodname_copilot_extensions_short %} at the {% ifversion ghec %}enterprise or {% endif %}organization level. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions)."
-
-Any organization owner can install {% data variables.product.prodname_copilot_extensions_short %} for their organization, but your organization must meet the following criteria to use an installed {% data variables.product.prodname_copilot_extension_short %}:
-
-* Your organization is enrolled in the limited public beta for {% data variables.product.prodname_copilot_extensions_short %}.
-* Your organization has an active {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription.
-
-> [!NOTE] Anyone can install a {% data variables.product.prodname_copilot_extension_short %} on their personal account. However, if they get access to {% data variables.product.prodname_copilot_short %} through a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, they will only be able to use the extension if it is installed at the organization level.
-
-## Installing {% data variables.product.prodname_copilot_extensions %} for your organization
-
-{% data reusables.copilot.copilot-extensions.copilot-extensions-on-marketplace %}
-
-To install a {% data variables.product.prodname_copilot_extension_short %} on an organization with a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, see "[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations)."
-
-## Next steps
-
-After installing a {% data variables.product.prodname_copilot_extension_short %} for your organization, developers in your organization can start using the extension. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions)."
diff --git a/content/copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions.md b/content/copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions.md
deleted file mode 100644
index 8f051ea5ff7c..000000000000
--- a/content/copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Managing GitHub Copilot Extensions
-intro: 'You can manage {% data variables.product.prodname_copilot_extension %} policies and permissions in your organization{% ifversion ghec %} or enterprise{% endif %}.'
-product: 'Organization owners {% ifversion ghec %}and enterprise administrators {% endif %}can manage {% data variables.product.prodname_copilot_extensions_short %}.'
-versions:
- feature: copilot-extensions
-topics:
- - Copilot
-shortTitle: Manage Copilot Extensions
-type: how_to
----
-
-{% data reusables.copilot.copilot-extensions.beta-note %}
-
-## About managing {% data variables.product.prodname_copilot_extensions %}
-
-Before you install {% data variables.product.prodname_copilot_extensions_short %} in your organization, you should set a usage policy for your {% ifversion ghec %}enterprise or {% endif %}organization. Setting a usage policy allows you to enable or disable {% data variables.product.prodname_copilot_extensions_short %} for all members of your {% ifversion ghec %}enterprise or {% endif %}organization, limiting your security risk. See {% ifversion ghec %}"[Setting a policy for {% data variables.product.prodname_copilot_extensions %} in your enterprise](#setting-a-policy-for-github-copilot-extensions-in-your-enterprise)" and {% endif %}"[Setting a policy for {% data variables.product.prodname_copilot_extensions %} in your organization](#setting-a-policy-for-github-copilot-extensions-in-your-organization)."
-
-Additionally, after you install a {% data variables.product.prodname_copilot_extension_short %} in your organization, you can view and manage the permissions for that extension. See "[Managing permissions for a {% data variables.product.prodname_copilot_extension %} in your organization](#managing-permissions-for-a-github-copilot-extension-in-your-organization)."
-
-{% ifversion ghec %}
-
-## Setting a policy for {% data variables.product.prodname_copilot_extensions %} in your enterprise
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.copilot-tab %}
-{% data reusables.enterprise-accounts.copilot-policies-tab %}
-1. In the "{% data variables.product.prodname_copilot_extensions_short %}" section, select the dropdown menu, then click one of the following options:
- * **No policy**: organizations within your enterprise can set their own policies for {% data variables.product.prodname_copilot_extensions_short %}.
- * **Enabled**: {% data variables.product.prodname_copilot_extensions_short %} are enabled for all organizations in your enterprise.
- * **Disabled**: {% data variables.product.prodname_copilot_extensions_short %} are disabled for all organizations in your enterprise.
-
-{% endif %}
-
-## Setting a policy for {% data variables.product.prodname_copilot_extensions %} in your organization
-
-{% ifversion ghec %}
-If {% data variables.product.prodname_copilot_extensions_short %} have not been enabled or disabled at the enterprise level, you can set a {% data variables.product.prodname_copilot_extensions_short %} policy for your organization.
-{% endif %}
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.copilot.policy-settings %}
-1. In the "{% data variables.product.prodname_copilot_extensions_short %}" section, select the dropdown menu, then enable or disable {% data variables.product.prodname_copilot_extensions_short %} for your organization.
-
-## Managing permissions for a {% data variables.product.prodname_copilot_extension %} in your organization
-
-After you have installed a {% data variables.product.prodname_copilot_extension_short %} in your organization, you can view the permissions the extension has in your organization, and why those permissions are necessary. If you do not want the {% data variables.product.prodname_copilot_extension_short %} to have the listed permissions, you can suspend or uninstall the extension.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.apps.access-org-app-settings %}
-1. Optionally, to filter your installed {% data variables.product.prodname_github_apps %} for {% data variables.product.prodname_copilot_extensions_short %}, select the **Filter:** dropdown menu, then click **{% data variables.product.prodname_copilot_extensions_short %}**.
-1. Next to the {% data variables.product.prodname_copilot_extension_short %} you want to review or modify, click **Configure**.
-1. In the "Permissions" section, review the permissions listed for the {% data variables.product.prodname_copilot_extension_short %}. Optionally, you can block the {% data variables.product.prodname_copilot_extension_short %}'s access to your organization in one of two ways:
- * To indefinitely suspend the {% data variables.product.prodname_copilot_extension_short %}'s access to resources in your organization while keeping the extension installed, in the "Danger zone" section, click **Suspend**.
- * To uninstall a {% data variables.product.prodname_copilot_extension_short %} completely, in the "Danger zone" section, click **Uninstall**.
-
-## Next steps
-
-After you have set a {% data variables.product.prodname_copilot_extensions_short %} policy, you can install {% data variables.product.prodname_copilot_extensions_short %} for your organization. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization)."
diff --git a/content/copilot/github-copilot-chat/index.md b/content/copilot/github-copilot-chat/index.md
deleted file mode 100644
index 74f018d5ba5b..000000000000
--- a/content/copilot/github-copilot-chat/index.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: GitHub Copilot Chat
-shortTitle: Copilot Chat
-intro: 'Learn about {% data variables.product.prodname_copilot_chat %}, including use cases, tools, best practices, and limitations.'
-versions:
- feature: copilot
-topics:
- - Copilot
-children:
- - /copilot-chat-in-github
- - /copilot-chat-in-ides
- - /copilot-chat-in-github-mobile
- - /github-copilot-extensions
----
diff --git a/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/index.md b/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/index.md
deleted file mode 100644
index 71d2a116d9d5..000000000000
--- a/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/index.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: Copilot pull request summaries
-shortTitle: Copilot pull request summaries
-intro: 'With {% data variables.product.prodname_copilot_for_prs %}, you can create an AI-generated description for a pull request.'
-topics:
- - Copilot
-versions:
- feature: copilot
-children:
- - /about-copilot-pull-request-summaries
- - /creating-a-pull-request-summary-with-github-copilot
----
diff --git a/content/copilot/github-copilot-enterprise/index.md b/content/copilot/github-copilot-enterprise/index.md
deleted file mode 100644
index 7a131b834895..000000000000
--- a/content/copilot/github-copilot-enterprise/index.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: GitHub Copilot Enterprise
-shortTitle: Copilot Enterprise
-intro: Learn about GitHub Copilot Enterprise and the features available with it.
-topics:
- - Copilot
-versions:
- feature: copilot
-children:
- - /overview
- - /copilot-pull-request-summaries
----
-
diff --git a/content/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise.md b/content/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise.md
deleted file mode 100644
index 89ddab132f85..000000000000
--- a/content/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: About GitHub Copilot Enterprise
-shortTitle: About Copilot Enterprise
-intro: 'Learn about {% data variables.product.prodname_copilot_enterprise %} and how it compares to other {% data variables.product.prodname_copilot_short %} plans.'
-product: '{% data reusables.gated-features.copilot-enterprise %}'
-versions:
- feature: copilot
-topics:
- - Copilot
----
-
-{% ifversion fpt %}
-
-{% data reusables.copilot.enterprise-fpt-link %}
-
-{% endif %}
-
-Get {% data variables.product.prodname_copilot_enterprise %} {% octicon "link-external" height:16 %}
-
-## About {% data variables.product.prodname_copilot_enterprise_short %}
-
-{% data reusables.copilot.about-copilot %}
-
-{% data variables.product.prodname_copilot_enterprise %} is a {% data variables.product.prodname_copilot_short %} plan available for enterprises that use {% data variables.product.prodname_ghe_cloud %}. It provides AI features to enhance your experience on {% data variables.product.prodname_dotcom_the_website %}, such as the ability to chat with {% data variables.product.prodname_copilot_short %} in the browser and reference context for {% data variables.product.prodname_copilot_short %} from across your project repositories. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set)." For details of the differences between {% data variables.product.prodname_copilot_enterprise %} and the other {% data variables.product.prodname_copilot_short %} plans, see the comparison table below.
-
-Enterprise owners can allow some or all organizations in the enterprise to access {% data variables.product.prodname_copilot %}. If an organization has access to {% data variables.product.prodname_copilot_short %}, owners of the organization can assign {% data variables.product.prodname_copilot_enterprise_short %} seats to some or all members of the organization. {% ifversion ghec %}For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)."{% endif %}
-
-### Understanding the differences between {% data variables.product.prodname_copilot_business_short %}, {% data variables.product.prodname_copilot_individuals_short %}, and {% data variables.product.prodname_copilot_enterprise_short %}
-
-{% data reusables.copilot.differences-cfi-cfb-table %}
-
-## Setting up and enabling {% data variables.product.prodname_copilot_enterprise_short %}
-
-To use {% data variables.product.prodname_copilot_enterprise_short %}, you need to set up a subscription for your enterprise account. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization)."
-
-After setting up a subscription, enterprise owners and organization owners can enable {% data variables.product.prodname_copilot_enterprise_short %} for their enterprise or organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)."
-
-## Assigning {% data variables.product.prodname_copilot %} seats
-
-To use the features of {% data variables.product.prodname_copilot_enterprise_short %} you must have access to {% data variables.product.prodname_copilot %}.
-
-Access to {% data variables.product.prodname_copilot %} is managed at the organization level. To give people or teams within an organization access to {% data variables.product.prodname_copilot %}, an organization owner must assign each individual a {% data variables.product.prodname_copilot %} seat. Organization owners can grant access to all current and future users in the organization, or just to specific users. For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)."
-
-## About billing for {% data variables.product.prodname_copilot_enterprise_short %}
-
-{% data variables.product.prodname_copilot_enterprise_short %} subscriptions are billed monthly, based on the number of {% data variables.product.prodname_copilot %} seats assigned to users within your enterprise. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#pricing-for-github-copilot-enterprise)."
-
-## Further reading
-
-* "[{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)"
-* "[{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)"
diff --git a/content/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features.md b/content/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features.md
deleted file mode 100644
index d28a62c0844f..000000000000
--- a/content/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-title: Enabling GitHub Copilot Enterprise features
-shortTitle: Enabling Copilot Enterprise
-intro: 'Learn how to enable or disable the features available with {% data variables.product.prodname_copilot_enterprise %}.'
-versions:
- ghec: '*'
-redirect_from:
- - /copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise
-topics:
- - Copilot
----
-
-## Introduction
-
-To enable users to use {% data variables.product.prodname_copilot_enterprise_short %} features, your {% data variables.product.prodname_ghe_cloud %} enterprise must have a subscription to {% data variables.product.prodname_copilot_enterprise_short %}. For more information, see "[AUTOTITLE](/copilot/about-github-copilot#getting-access-to-github-copilot)."
-
-Access to {% data variables.product.prodname_copilot_short %} is determined at the enterprise and organization levels:
-
-* Enterprise owners can allow some or all of the organizations in the enterprise to access {% data variables.product.prodname_copilot_short %}. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)."
-* Owners of organizations that have been granted access to {% data variables.product.prodname_copilot_short %} can assign {% data variables.product.prodname_copilot_enterprise %} seats to some or all members of their organization. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
-
-When access to {% data variables.product.prodname_copilot_short %} has been enabled, features such as the ability to use {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %}, can be configured. Features are enabled or disabled at the enterprise or organization level:
-
-* Enterprise owners can set {% data variables.product.prodname_copilot_short %} features to be enabled or disabled for all organizations in the enterprise that have access to {% data variables.product.prodname_copilot_short %}. Alternatively, they can allow each organization to set its own policy for each feature.
-* If the enterprise owner has permitted it, organization owners can enable or disable {% data variables.product.prodname_copilot_short %} features for their organization.
-
-This article explains how to enable or disable the features of {% data variables.product.prodname_copilot_enterprise %} at the enterprise level, and for an individual organization.
-
-## About {% data variables.product.prodname_copilot_enterprise_short %} features
-
-{% data variables.product.prodname_copilot_enterprise %} provides AI features to enhance your experience on {% data variables.product.prodname_dotcom_the_website %}, such as the ability to chat with {% data variables.product.prodname_copilot_short %} in the browser and reference context for {% data variables.product.prodname_copilot_short %} from across your project repositories. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set)."
-
-When members are granted access to the features, they'll be notified by email that they have access. The message includes instructions on how to start using the features.
-
-## Enabling or disabling {% data variables.product.prodname_copilot_enterprise %} features for an enterprise
-
-An enterprise owner can choose whether to enable {% data variables.product.prodname_copilot_enterprise %} features for all organizations, disable for all organizations, or allow each organization to choose its own policy for the features. By default, each organization can choose its own policy.
-
-{% data reusables.copilot.copilot-enterprise-enable %}
-
-## Enabling or disabling {% data variables.product.prodname_copilot_enterprise_short %} features for an organization
-
-Organization owners can enable or disable {% data variables.product.prodname_copilot_enterprise_short %} for all members of their organization that have access to {% data variables.product.prodname_copilot_enterprise_short %}, provided no specific policy has been set to enable or disable {% data variables.product.prodname_copilot_enterprise_short %} at the enterprise level.
-
-### Granting access to {% data variables.product.prodname_copilot_short %}
-
-To give members of your organization access to the features of {% data variables.product.prodname_copilot_enterprise_short %} those members must have access to {% data variables.product.prodname_copilot_short %}. This is achieved by assigning seats for {% data variables.product.prodname_copilot_short %}. Once a {% data variables.product.prodname_ghe_cloud %} admin enables a {% data variables.product.prodname_copilot_enterprise_short %} subscription in your organization, you can assign {% data variables.product.prodname_copilot %} seats to individuals and teams in the organization. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization#configuring-access-to-github-copilot-in-your-organization)."
-
-### Enabling or disabling {% data variables.product.prodname_copilot_enterprise_short %}
-
-{% data variables.product.prodname_copilot_enterprise_short %} can be enabled or disabled at either the enterprise or organization level.
-
-If your organization's parent enterprise has selected **No policy** for "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" in the enterprise settings, {% data variables.product.prodname_copilot_enterprise %} will initially be disabled for your organization. If you are an owner of the organization, you can choose to enable the additional features provided by {% data variables.product.prodname_copilot_enterprise %} for all of the organization's members who have access to {% data variables.product.prodname_copilot_short %}.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.copilot.policy-settings %}
-
- > [!NOTE] If the side panel only contains the **Access** option under **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, it indicates that {% data variables.product.prodname_copilot_short %} is not currently available in the organization. An enterprise admin must enable {% data variables.product.prodname_copilot_short %} for your organization. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)."
-
-1. Next to "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}", select the dropdown menu (labeled **Disabled** by default), then choose from the following options.
-
- * **Enabled**: The feature is enabled for all members of the organization.
- * **Disabled**: The feature is disabled for all members of the organization.
-
-1. If you select **Enabled**, two check boxes are displayed.
-
- {% data reusables.copilot.policies-for-dotcom %}
-
-## Configuring {% data variables.product.prodname_copilot_enterprise_short %} features for an organization
-
-After {% data variables.product.prodname_copilot_enterprise_short %} has been enabled for an organization, an administrator should spend a few minutes setting up their organization to ensure users have a great onboarding experience.
-
-1. Index your organization's most popular repositories.
-
- {% data variables.product.prodname_copilot_enterprise_short %} works best when repositories have semantic code indexing enabled. For more information, see [AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#repo-indexing-note).
-
- > [!NOTE] Initial indexing can take up to 30 minutes for large repositories. Once a repository has been indexed for the first time, updates will typically be indexed within 5 minutes.
-
-1. Create at least one knowledge base.
-
- Knowledge bases bring together Markdown documentation across one or more repositories and make them available through {% data variables.product.prodname_copilot_enterprise_short %}. Once created, organization members can specify a knowledge base as the context for {% data variables.product.prodname_copilot_chat_dotcom_short %} and {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/managing-copilot-knowledge-bases)."
-
-## Further reading
-
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)"
diff --git a/content/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set.md b/content/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set.md
deleted file mode 100644
index f658e4f92593..000000000000
--- a/content/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: GitHub Copilot Enterprise feature set
-intro: 'Get an overview of all the features included in {% data variables.product.prodname_copilot_enterprise %}.'
-versions:
- feature: copilot
-topics:
- - Copilot
-shortTitle: Copilot Enterprise feature set
----
-
-{% ifversion fpt %}
-
-{% data reusables.copilot.enterprise-fpt-link %}
-
-{% endif %}
-
-## About {% data variables.product.prodname_copilot_enterprise %}
-
-{% data variables.product.prodname_copilot_enterprise %} is a {% data variables.product.prodname_copilot %} plan available to {% data variables.product.prodname_ghe_cloud %} customers. For more information on {% data variables.product.prodname_copilot_enterprise %}, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)."
-
-## {% data variables.product.prodname_copilot_enterprise %} features
-
-{% data variables.product.prodname_copilot_enterprise %} includes the following features, available to all users who are assigned a {% data variables.product.prodname_copilot_enterprise %} seat.
-
-{% data reusables.copilot.copilot-individual-features %}
-
-{% data reusables.copilot.copilot-enterprise-features %}
-
-{% data reusables.copilot.copilot-business-features %}
diff --git a/content/copilot/github-copilot-enterprise/overview/index.md b/content/copilot/github-copilot-enterprise/overview/index.md
deleted file mode 100644
index 1c810490c0be..000000000000
--- a/content/copilot/github-copilot-enterprise/overview/index.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: Overview
-shortTitle: Overview
-intro: 'Learn about GitHub Copilot Enterprise and the features available with it.'
-topics:
- - Copilot
-versions:
- feature: copilot
-children:
- - /about-github-copilot-enterprise
- - /github-copilot-enterprise-feature-set
- - /enabling-github-copilot-enterprise-features
----
diff --git a/content/copilot/github-copilot-in-the-cli/index.md b/content/copilot/github-copilot-in-the-cli/index.md
deleted file mode 100644
index 0c2ecb81a0be..000000000000
--- a/content/copilot/github-copilot-in-the-cli/index.md
+++ /dev/null
@@ -1,16 +0,0 @@
----
-title: GitHub Copilot in the CLI
-shortTitle: Copilot in the CLI
-intro: 'Learn about {% data variables.product.prodname_copilot_cli %}, including use cases, best practices, and limitations.'
-versions:
- feature: copilot-in-the-cli
-topics:
- - Copilot
- - CLI
-children:
- - /about-github-copilot-in-the-cli
- - /installing-github-copilot-in-the-cli
- - /using-github-copilot-in-the-cli
- - /configuring-github-copilot-in-the-cli
----
-
diff --git a/content/copilot/index.md b/content/copilot/index.md
index de0fed9b4713..8bc11fb26242 100644
--- a/content/copilot/index.md
+++ b/content/copilot/index.md
@@ -7,30 +7,29 @@ redirect_from:
changelog:
label: copilot
introLinks:
- overview: /copilot/about-github-copilot
+ overview: /copilot/about-github-copilot/what-is-github-copilot
quickstart: /copilot/quickstart
featuredLinks:
startHere:
- - /copilot/using-github-copilot/using-github-copilot-code-suggestions-in-your-editor
+ - /copilot/about-github-copilot/what-is-github-copilot
+ - /copilot/quickstart
popular:
+ - /copilot/using-github-copilot/best-practices-for-using-github-copilot
- /copilot/using-github-copilot/prompt-engineering-for-github-copilot
- - /billing/managing-billing-for-github-copilot/about-billing-for-github-copilot
- - /copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment
- - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber
+ - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot
+ - /copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide
+ - /copilot/using-github-copilot/using-github-copilot-in-the-command-line
layout: product-landing
versions:
feature: copilot
children:
- - /about-github-copilot
- /quickstart
+ - /about-github-copilot
+ - /setting-up-github-copilot
- /using-github-copilot
- - /copilot-individual
- - /copilot-business
- - /github-copilot-enterprise
- /managing-copilot
- - /github-copilot-chat
- - /github-copilot-in-the-cli
- /troubleshooting-github-copilot
+ - /responsible-use-of-github-copilot-features
topics:
- Copilot
---
diff --git a/content/copilot/github-copilot-in-the-cli/configuring-github-copilot-in-the-cli.md b/content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-the-cli.md
similarity index 95%
rename from content/copilot/github-copilot-in-the-cli/configuring-github-copilot-in-the-cli.md
rename to content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-the-cli.md
index cf3ac0357029..55e66b026eeb 100644
--- a/content/copilot/github-copilot-in-the-cli/configuring-github-copilot-in-the-cli.md
+++ b/content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-the-cli.md
@@ -1,12 +1,14 @@
---
title: Configuring GitHub Copilot in the CLI
+shortTitle: Configure in the CLI
intro: 'Learn how to configure settings and set up aliases for {% data variables.product.prodname_copilot_cli_short %}.'
versions:
feature: copilot-in-the-cli
topics:
- Copilot
- CLI
-shortTitle: Configure Copilot in the CLI
+redirect_from:
+ - /copilot/github-copilot-in-the-cli/configuring-github-copilot-in-the-cli
---
## Setting up aliases
diff --git a/content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment.md b/content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment.md
index 07cba4171c4b..87c975bd948b 100644
--- a/content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment.md
+++ b/content/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment.md
@@ -1,6 +1,6 @@
---
title: Configuring GitHub Copilot in your environment
-shortTitle: Copilot in your environment
+shortTitle: Configure in your environment
intro: 'You can enable, configure, or disable {% data variables.product.prodname_copilot %} in a supported IDE.'
product: '{% data reusables.gated-features.copilot %}'
redirect_from:
@@ -213,7 +213,6 @@ You can use the default keyboard shortcuts in {% data variables.product.prodname
|:---|:---|:---|
|Show next inline suggestion|Alt+.|Edit.NextSuggestion|
|Show previous inline suggestion|Alt+,|Edit.PreviousSuggestion|
-|Trigger inline suggestion|Ctrl+Alt+\\|Edit.Copilot.TriggerInlineSuggestion|
### Rebinding keyboard shortcuts
diff --git a/content/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot.md b/content/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot.md
index 7c375da1ddad..61823c60a0da 100644
--- a/content/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot.md
+++ b/content/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot.md
@@ -23,6 +23,8 @@ By default, {% data variables.product.prodname_copilot %} connects to {% data va
Some networks use an HTTP proxy server to intercept Internet traffic before sending it to its intended location. Companies often use an HTTP proxy to detect suspicious traffic or restrict the content entering their networks. If you're working on a corporate network, you may need to configure {% data variables.product.prodname_copilot_short %} to connect via an HTTP proxy.
+> [!NOTE] The administrator of your proxy server or firewall also needs to configure network settings for {% data variables.product.prodname_copilot_short %} to work as expected. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
+
## Configuring proxy settings for {% data variables.product.prodname_copilot %}
{% data variables.product.prodname_copilot %} supports basic HTTP proxy setups. If you need to authenticate to a proxy, {% data variables.product.prodname_copilot %} supports basic authentication or authentication with Kerberos. If the proxy URL starts `https://`, the proxy is not currently supported.
@@ -36,11 +38,7 @@ If you don't configure a proxy directly in your editor, {% data variables.produc
* `HTTP_PROXY`
* `http_proxy`
-{% note %}
-
-**Note:** You can use any of these variables to store the URL of a standard HTTP proxy. In standard usage, the `http` and `https` portions of these variables refer to the type of request being made, not the URL of the proxy itself. {% data variables.product.prodname_copilot %} does not follow this convention and uses the URL stored in the variable with the highest priority as the proxy for both HTTP and HTTPS requests.
-
-{% endnote %}
+> [!NOTE] You can use any of these variables to store the URL of a standard HTTP proxy. In standard usage, the `http` and `https` portions of these variables refer to the type of request being made, not the URL of the proxy itself. {% data variables.product.prodname_copilot %} does not follow this convention and uses the URL stored in the variable with the highest priority as the proxy for both HTTP and HTTPS requests.
If you have configured a proxy but are still encountering connection errors, see "[AUTOTITLE](/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot#troubleshooting-proxy-errors)."
@@ -54,11 +52,7 @@ If you have configured a proxy but are still encountering connection errors, see
1. In the "Host name" field, enter the hostname of your proxy server, and in the "Port number" field, enter the port number of your proxy server.
1. Optionally, to configure {% data variables.product.prodname_copilot_short %} to ignore certificate errors, in the left sidebar, click **Tools**, click **Server Certificates**, then select or deselect **Accept non-trusted certificates automatically**.
- {% warning %}
-
- **Warning:** Ignoring certificate errors can cause security issues and is not recommended.
-
- {% endwarning %}
+ > [!WARNING] Ignoring certificate errors can cause security issues and is not recommended.
### Basic authentication
@@ -77,11 +71,7 @@ This stores your credentials as plaintext in your editor's settings. Alternative
1. In the text box under "Proxy", type the address of your proxy server, for example `http://localhost:3128`.
1. Optionally, to configure {% data variables.product.prodname_copilot_short %} to ignore certificate errors, under "Proxy Strict SSL", select or deselect the checkbox.
- {% warning %}
-
- **Warning:** Ignoring certificate errors can cause security issues and is not recommended.
-
- {% endwarning %}
+ > [!WARNING] Ignoring certificate errors can cause security issues and is not recommended.
### Basic authentication
@@ -147,11 +137,7 @@ If the default SPN isn't correct for your proxy, you can override the SPN in {%
Generally, if you're using company equipment, your company's IT department should have already installed any required certificates on your machine. If you need to install a certificate, see the following instructions.
-{% warning %}
-
-**Warning:** Installing a custom certificate is an instruction for your computer to trust the creator of the certificate, potentially allowing the creator to intercept all Internet traffic from your machine. You should be very careful to verify that you are installing the correct certificate.
-
-{% endwarning %}
+> [!WARNING] Installing a custom certificate is an instruction for your computer to trust the creator of the certificate, potentially allowing the creator to intercept all Internet traffic from your machine. You should be very careful to verify that you are installing the correct certificate.
* For Windows, see [Installing the trusted root certificate](https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate) in the Microsoft documentation.
* For macOS, see [Add certificates to a keychain using Keychain Access on Mac](https://support.apple.com/en-gb/guide/keychain-access/kyca2431/mac) in the Keychain Access User Guide.
diff --git a/content/copilot/managing-copilot/configure-personal-settings/index.md b/content/copilot/managing-copilot/configure-personal-settings/index.md
index d9f1b7e435f0..fdc849251d84 100644
--- a/content/copilot/managing-copilot/configure-personal-settings/index.md
+++ b/content/copilot/managing-copilot/configure-personal-settings/index.md
@@ -7,9 +7,12 @@ versions:
topics:
- Copilot
children:
- - /configuring-github-copilot-in-your-environment
- /installing-the-github-copilot-extension-in-your-environment
+ - /installing-github-copilot-in-the-cli
- /configuring-network-settings-for-github-copilot
+ - /configuring-github-copilot-in-your-environment
+ - /configuring-github-copilot-in-the-cli
+
redirect_from:
- /copilot/configuring-github-copilot
---
diff --git a/content/copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli.md b/content/copilot/managing-copilot/configure-personal-settings/installing-github-copilot-in-the-cli.md
similarity index 88%
rename from content/copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli.md
rename to content/copilot/managing-copilot/configure-personal-settings/installing-github-copilot-in-the-cli.md
index baee897b3314..079083131cda 100644
--- a/content/copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli.md
+++ b/content/copilot/managing-copilot/configure-personal-settings/installing-github-copilot-in-the-cli.md
@@ -10,6 +10,7 @@ shortTitle: Install Copilot in the CLI
redirect_from:
- /copilot/github-copilot-in-the-cli/enabling-github-copilot-in-the-cli
- /copilot/github-copilot-in-the-cli/setting-up-github-copilot-in-the-cli
+ - /copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli
---
## Prerequisites
@@ -17,7 +18,7 @@ redirect_from:
* **Access to {% data variables.product.prodname_copilot %}**. See "[AUTOTITLE](/copilot/about-github-copilot#getting-access-to-github-copilot)".
* **{% data variables.product.prodname_cli %} installed.** {% data reusables.cli.cli-installation %}
-If you have access to {% data variables.product.prodname_copilot %} via your organization or enterprise, you cannot use {% data variables.product.prodname_copilot_cli_short %} if your organization owner or enterprise administrator has disabled {% data variables.product.prodname_copilot_cli_short %}. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization)."
+If you have access to {% data variables.product.prodname_copilot %} via your organization or enterprise, you cannot use {% data variables.product.prodname_copilot_cli_short %} if your organization owner or enterprise administrator has disabled {% data variables.product.prodname_copilot_cli_short %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization)."
## Installing {% data variables.product.prodname_copilot_cli_short %}
diff --git a/content/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment.md b/content/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment.md
index ced62ad76caf..a2079b747f8e 100644
--- a/content/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment.md
+++ b/content/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment.md
@@ -48,6 +48,10 @@ To see instructions for other popular coding environments, use the tool switcher
For information about version compatibility of the {% data variables.product.prodname_copilot %} extension in JetBrains IDEs, see [{% data variables.product.prodname_copilot %} Versions](https://plugins.jetbrains.com/plugin/17718-github-copilot/versions) in the JetBrains Marketplace.
+### About the license for the {% data variables.product.prodname_copilot %} plugin in JetBrains IDEs
+
+{% data variables.product.prodname_dotcom %}, Inc. is the licensor of the JetBrains plugin. The end user license agreement for this plugin is the [{% data variables.product.prodname_dotcom %} Terms for Additional Products and Features](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot) and use of this plugin is subject to those terms. JetBrains has no responsibility or liability in connection with the plugin or such agreement. By using the plugin, you agree to the foregoing terms.
+
## Installing the {% data variables.product.prodname_copilot %} plugin in your JetBrains IDE
The following procedure will guide you through installation of the {% data variables.product.prodname_copilot %} plugin in IntelliJ IDEA. Steps to install the plugin in another supported IDE may differ.
@@ -96,32 +100,32 @@ To see instructions for other popular coding environments, use the tool switcher
1. Install {% data variables.product.prodname_copilot %} using the built-in plugin manager:
- * For **Vim on macOS or Linux**, run the following command in the terminal.
+ * For **Neovim on macOS or Linux**, run the following command in the terminal.
```shell copy
git clone https://github.com/github/copilot.vim \
- ~/.vim/pack/github/start/copilot.vim
+ ~/.config/nvim/pack/github/start/copilot.vim
```
- * For **Vim on Windows**, run the following command in Git Bash:
+ * For **Neovim on Windows**, run the following command in Git Bash:
```shell copy
git clone https://github.com/github/copilot.vim.git \
- $HOME/vimfiles/pack/github/start/copilot.vim
+ $HOME/AppData/Local/nvim/pack/github/start/copilot.vim
```
- * For **Neovim on macOS or Linux**, run the following command in the terminal.
+ * For **Vim on macOS or Linux**, run the following command in the terminal.
```shell copy
git clone https://github.com/github/copilot.vim \
- ~/.config/nvim/pack/github/start/copilot.vim
+ ~/.vim/pack/github/start/copilot.vim
```
- * For **Neovim on Windows**, run the following command in Git Bash:
+ * For **Vim on Windows**, run the following command in Git Bash:
```shell copy
git clone https://github.com/github/copilot.vim.git \
- $HOME/AppData/Local/nvim/pack/github/start/copilot.vim
+ $HOME/vimfiles/pack/github/start/copilot.vim
```
{% data reusables.copilot.config-enable-copilot-in-vimneovim %}
@@ -162,9 +166,7 @@ To see instructions for other popular coding environments, use the tool switcher
### Version compatibility
-{% data variables.product.prodname_copilot_chat_short %} releases in lockstep with {% data variables.product.prodname_vscode %}, due to its deep UI integration. As a result, every new version of {% data variables.product.prodname_copilot_chat_short %} is only compatible with the latest release of {% data variables.product.prodname_vscode %}. This means that if you are using an older version of {% data variables.product.prodname_vscode %}, you will not be able to use the latest {% data variables.product.prodname_copilot_chat_short %}.
-
-Only the latest {% data variables.product.prodname_copilot_chat_short %} versions will use the latest large language model provided by the {% data variables.product.prodname_copilot_short %} service, as even minor model upgrades require prompt changes and fixes in the extension. An older version of {% data variables.product.prodname_copilot_chat_short %} will still use the latest version of {% data variables.product.prodname_copilot_short %} code completions.
+{% data reusables.copilot.vscode-version-compatibility %}
## Installing the {% data variables.product.prodname_copilot %} extension in {% data variables.product.prodname_vscode %}
diff --git a/content/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/extending-the-capabilities-of-github-copilot-in-your-personal-account.md
similarity index 56%
rename from content/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account.md
rename to content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/extending-the-capabilities-of-github-copilot-in-your-personal-account.md
index cb1c8db840d5..7045d65b9e36 100644
--- a/content/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account.md
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/extending-the-capabilities-of-github-copilot-in-your-personal-account.md
@@ -1,17 +1,22 @@
---
-title: Installing GitHub Copilot Extensions for your personal account
-intro: 'You can install {% data variables.product.prodname_copilot_extensions %} for your personal account from {% data variables.product.prodname_marketplace %}.'
+title: Extending the capabilities of GitHub Copilot in your personal account
+shortTitle: Install personal extensions
+intro: 'You can add additional functionality to {% data variables.product.prodname_copilot_short %} in your personal account, by installing certain {% data variables.product.prodname_github_apps %} from {% data variables.product.prodname_marketplace %}.'
versions:
feature: copilot-extensions
topics:
- Copilot
-shortTitle: Install personal extensions
type: how_to
+redirect_from:
+ - /copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account
+ - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/installing-github-copilot-extensions-for-your-personal-account
---
{% data reusables.copilot.copilot-extensions.beta-note %}
-## About installing {% data variables.product.prodname_copilot_extensions %} for your personal account
+## About {% data variables.product.prodname_copilot_extensions %} for your personal account
+
+{% data reusables.copilot.copilot-extensions.copilot-extensions-on-marketplace %}
Anyone can install {% data variables.product.prodname_copilot_extensions_short %} for their personal account, but you must meet the following criteria to use a {% data variables.product.prodname_copilot_extension_short %} you install:
@@ -22,9 +27,10 @@ Anyone can install {% data variables.product.prodname_copilot_extensions_short %
## Installing {% data variables.product.prodname_copilot_extensions %} for your personal account
-{% data reusables.copilot.copilot-extensions.copilot-extensions-on-marketplace %}
-
-To install a {% data variables.product.prodname_copilot_extension_short %} on your personal account, see "[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account#installing-a-github-app-in-your-personal-account)."
+1. Open [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=apps&copilot_app=true).
+1. In the left sidebar, click {% octicon "copilot" aria-hidden="true" %} **{% data variables.product.prodname_copilot_short %}**.
+1. In the list of {% data variables.product.prodname_copilot_extensions_short %}, locate an app you'd like to install.
+1. To install the {% data variables.product.prodname_copilot_extension_short %} on your personal account, see "[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account#installing-a-github-app-in-your-personal-account)."
## Next steps
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/index.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/index.md
index be924caeb8b7..7f0f495268aa 100644
--- a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/index.md
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/index.md
@@ -7,9 +7,8 @@ versions:
topics:
- Copilot
children:
- - /subscribing-to-copilot-as-an-individual-user
+ - /managing-your-copilot-subscription
- /managing-copilot-policies-as-an-individual-subscriber
- - /modifying-your-copilot-subscription-as-an-individual-user
- - /canceling-your-copilot-trial-as-an-individual-user
- - /canceling-copilot-as-an-individual-user
+ - /extending-the-capabilities-of-github-copilot-in-your-personal-account
---
+
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/about-billing-for-github-copilot-individual.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/about-billing-for-github-copilot-individual.md
new file mode 100644
index 000000000000..e29d788c4a79
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/about-billing-for-github-copilot-individual.md
@@ -0,0 +1,57 @@
+---
+title: About billing for GitHub Copilot Individual
+shortTitle: About billing
+intro: 'Learn about pricing and billing cycles for {% data variables.product.prodname_copilot_for_individuals %}.'
+versions:
+ feature: copilot
+type: overview
+topics:
+ - Copilot
+---
+
+## Pricing for {% data variables.product.prodname_copilot_for_individuals %}
+
+The {% data variables.product.prodname_copilot_for_individuals %} subscription is available on a monthly or yearly cycle.
+
+* **If you choose a monthly billing cycle**, you will be billed {% data variables.copilot.cfi_price_per_month %} per calendar month.
+* **If you choose a yearly billing cycle**, you will be billed {% data variables.copilot.cfi_price_per_year %} per year.
+
+You can change to a monthly or yearly billing cycle at any time. The change will take effect from the start of your next billing cycle.
+
+{% ifversion billing-auth-and-capture %}
+
+{% data reusables.billing.authorization-charge %}
+
+> [!NOTE] If you are an eligible student, teacher, or open-source maintainer, you can access {% data variables.product.prodname_copilot_for_individuals %} for free. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)."
+
+{% endif %}
+
+{% ifversion fpt %}
+
+### About the 30-day trial for {% data variables.product.prodname_copilot_for_individuals %}
+
+Before starting a paid subscription for a personal account, you can set up a one-time {% data reusables.copilot.trial-period %}-day trial to evaluate {% data variables.product.prodname_copilot %}. To begin a trial, you will need to choose a monthly or yearly billing cycle, and provide a payment method. If you do not cancel the trial before the end of the {% data reusables.copilot.trial-period %} days, the trial will automatically convert to a paid subscription.
+
+You can cancel your {% data variables.product.prodname_copilot %} trial at any time during the {% data reusables.copilot.trial-period %} days and you won't be charged. If you cancel before the end of the trial, you will continue to have access to {% data variables.product.prodname_copilot %} until the {% data reusables.copilot.trial-period %}-day trial period ends. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user)."
+
+{% data reusables.copilot.tp-users-trial-eligibility %}{% endif %}
+
+## About changes to your {% data variables.product.prodname_copilot_short %} subscription
+
+{% data reusables.copilot.copilot-one-account %}
+
+You can cancel your {% data variables.product.prodname_copilot_individuals_short %} subscription at any time. The cancellation will take effect at the end of your current billing cycle. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-copilot-as-an-individual-user)."
+
+## Determining your billing date
+
+Your billing date will depend on whether or not you are already being billed by {% data variables.product.prodname_dotcom %}.
+
+* **If you are not already being billed by {% data variables.product.prodname_dotcom %}**, in most cases your billing cycle will start on the day you sign up for {% data variables.product.prodname_copilot %}. For example, if you sign up on 3 September, with monthly billing, your initial billing cycle will run from 3 September until and including 2 October, and then on the same days of subsequent months. For annual billing, if you sign up on 3 September, your initial cycle will end on 2 September the following year.
+
+* **If you already have a billing cycle**, billing for {% data variables.product.prodname_copilot %} will be included in your next bill, or your first bill after the end of your 30-day {% data variables.product.prodname_copilot_short %} trial. You will be charged on a pro rata basis for that initial period. If you do not already have an established billing date, you will be billed for {% data variables.product.prodname_copilot_for_individuals %} at the end of your 30-day trial, or when you set up a new paid {% data variables.product.prodname_copilot %} subscription.
+
+## Further reading
+
+* "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription)"
+* "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-information-to-your-receipts)"
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-copilot-as-an-individual-user.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-copilot-as-an-individual-user.md
similarity index 92%
rename from content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-copilot-as-an-individual-user.md
rename to content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-copilot-as-an-individual-user.md
index 0016ab1b2bdd..16817dcd4242 100644
--- a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-copilot-as-an-individual-user.md
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-copilot-as-an-individual-user.md
@@ -1,13 +1,15 @@
---
title: Canceling Copilot as an individual user
shortTitle: Cancel subscription
-intro: "You can cancel your {% data variables.product.prodname_copilot_individuals_short %} subscription if you no longer want to use {% data variables.product.prodname_copilot_individuals_short %}."
+intro: 'You can cancel your {% data variables.product.prodname_copilot_individuals_short %} subscription if you no longer want to use {% data variables.product.prodname_copilot_individuals_short %}.'
product: '{% data variables.product.prodname_copilot_individuals_short %}'
versions:
feature: copilot
type: how_to
topics:
- Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-copilot-as-an-individual-user
---
To cancel a free {% data variables.product.prodname_copilot_short %} trial, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user)."
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-your-copilot-trial-as-an-individual-user.md
similarity index 75%
rename from content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user.md
rename to content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-your-copilot-trial-as-an-individual-user.md
index b991b5664fae..5a99fb9e8dd9 100644
--- a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user.md
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/canceling-your-copilot-trial-as-an-individual-user.md
@@ -1,13 +1,15 @@
---
title: Canceling your Copilot trial as an individual user
shortTitle: Cancel trial
-intro: "You can cancel your {% data variables.product.prodname_copilot_individuals_short %} trial if you don't want to be subscribed to {% data variables.product.prodname_copilot_individuals_short %} after your trial period ends."
+intro: 'You can cancel your {% data variables.product.prodname_copilot_individuals_short %} trial if you don''t want to be subscribed to {% data variables.product.prodname_copilot_individuals_short %} after your trial period ends.'
product: '{% data variables.product.prodname_copilot_individuals_short %}'
versions:
feature: copilot
type: how_to
topics:
- Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/canceling-your-copilot-trial-as-an-individual-user
---
You can cancel your {% data variables.product.prodname_copilot_individuals_short %} trial at any time during your trial period. If you cancel during your {% data reusables.copilot.trial-period %}-day trial, you won't be charged. Your cancellation will take effect at the end of your trial period. If you do not cancel your trial, you will be automatically enrolled in a paid subscription at the end of your trial period, according to the billing preferences you set up when you started your trial.
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer.md
new file mode 100644
index 000000000000..c47e952e8cac
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer.md
@@ -0,0 +1,30 @@
+---
+title: Getting free access to Copilot as a student, teacher, or maintainer
+shortTitle: Get free access
+intro: 'Learn how to use {% data variables.product.prodname_copilot_short %} for free as a student, teacher, or open-source maintainer.'
+versions:
+ feature: copilot
+type: how_to
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer
+---
+
+## About free {% data variables.product.prodname_copilot_short %} access
+
+There are three ways to qualify for free access to {% data variables.product.prodname_copilot_for_individuals %}:
+
+* **As a verified student on {% data variables.product.prodname_education %}.** To learn about becoming a verified student, see "[AUTOTITLE](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student)."
+* **As a verified teacher on {% data variables.product.prodname_education %}.** To learn about becoming a verified teacher, see "[AUTOTITLE](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/apply-to-github-education-as-a-teacher)."
+* **As a maintainer of a popular open-source repository.** To determine if you are an eligible maintainer, see "[Accessing {% data variables.product.prodname_copilot %} for free](#accessing-github-copilot-for-free)."
+
+{% data variables.product.company_short %} reevaluates your eligibility every month.
+
+> [!NOTE] If you do not meet the previous criteria, you can still try {% data variables.product.prodname_copilot %} for free with a one-time 30-day trial. After the free trial, you will need a paid subscription for continued use.
+
+## Accessing {% data variables.product.prodname_copilot %} for free
+
+1. In the upper-right corner of any page, click your profile photo, then click **{% octicon "copilot" aria-hidden="true" %} Your {% data variables.product.prodname_copilot_short %}**.
+1. If you qualify for free access to {% data variables.product.prodname_copilot_short %}, you will see a page titled "{% data variables.product.prodname_copilot_for_individuals %}" informing you that you are eligible. Click **Get access to {% data variables.product.prodname_copilot %}**.
+1. On the page that appears, configure the {% data variables.product.prodname_copilot_short %} use policies to meet your needs, then click **Save and complete**.
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/index.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/index.md
new file mode 100644
index 000000000000..6ec73755f809
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/index.md
@@ -0,0 +1,16 @@
+---
+title: Managing your Copilot subscription
+shortTitle: Manage subscription
+intro: 'Subscribe to {% data variables.product.prodname_copilot %} and manage your subscription as an individual user.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /about-billing-for-github-copilot-individual
+ - /getting-free-access-to-copilot-as-a-student-teacher-or-maintainer
+ - /subscribing-to-copilot-as-an-individual-user
+ - /modifying-your-copilot-subscription-as-an-individual-user
+ - /canceling-your-copilot-trial-as-an-individual-user
+ - /canceling-copilot-as-an-individual-user
+---
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/modifying-your-copilot-subscription-as-an-individual-user.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/modifying-your-copilot-subscription-as-an-individual-user.md
similarity index 87%
rename from content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/modifying-your-copilot-subscription-as-an-individual-user.md
rename to content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/modifying-your-copilot-subscription-as-an-individual-user.md
index 800ded5509d8..0da9119030ac 100644
--- a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/modifying-your-copilot-subscription-as-an-individual-user.md
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/modifying-your-copilot-subscription-as-an-individual-user.md
@@ -8,6 +8,8 @@ versions:
type: how_to
topics:
- Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/modifying-your-copilot-subscription-as-an-individual-user
---
If you have access to {% data variables.product.prodname_copilot %} through an organization {% ifversion ghec %}or enterprise {% endif %}subscription, you will not be able to modify your subscription.
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/subscribing-to-copilot-as-an-individual-user.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/subscribing-to-copilot-as-an-individual-user.md
new file mode 100644
index 000000000000..39761dbf92aa
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/subscribing-to-copilot-as-an-individual-user.md
@@ -0,0 +1,29 @@
+---
+title: Subscribing to Copilot as an individual user
+shortTitle: Subscribe
+intro: 'Start a free trial to begin using {% data variables.product.prodname_copilot_individuals_short %}.'
+redirect_from:
+ - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription
+ - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-for-individuals-subscription
+ - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-personal-account
+ - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-individual-subscription
+ - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user
+versions:
+ feature: copilot
+type: how_to
+topics:
+ - Copilot
+---
+
+Before you can start using {% data variables.product.prodname_copilot_for_individuals %}, you will need to set up a free trial or subscription.
+
+>[!NOTE]
+>
+> * _If you are a member of an organization or enterprise_ that has a subscription to {% data variables.product.prodname_copilot %}, you can request access to {% data variables.product.prodname_copilot_short %} by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get Copilot from an organization."{% ifversion ghec %} If you have a {% data variables.enterprise.prodname_managed_user %} account instead of a personal account, you cannot get a {% data variables.product.prodname_copilot_for_individuals %} subscription.{% endif %}
+> * _If you are a verified student, teacher, or maintainer of a popular open source project_, {% data variables.product.prodname_copilot %} is free to use. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)."
+
+{% data reusables.copilot.signup-procedure %}
+
+## Next steps
+
+To start using {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-yourself)."
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user.md
deleted file mode 100644
index 79507bd9d380..000000000000
--- a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Subscribing to Copilot as an individual user
-shortTitle: Subscribe
-intro: 'Start a free trial to begin using {% data variables.product.prodname_copilot_individuals_short %}.'
-redirect_from:
- - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription
- - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-for-individuals-subscription
- - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-personal-account
- - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-individual-subscription
-versions:
- feature: copilot
-type: how_to
-topics:
- - Copilot
----
-
-Before you can start using {% data variables.product.prodname_copilot_for_individuals %}, you will need to set up a free trial or subscription.
-
-{% data reusables.copilot.copilot-individual-emus %}
-
-{% data reusables.copilot.tp-users-trial-eligibility %}
-
-{% data reusables.copilot.signup-procedure %}
-
-## Further reading
-
-* "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)"
-* "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot)"
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise.md
deleted file mode 100644
index fd2ede6036b2..000000000000
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Disabling Copilot for organizations in your enterprise
-shortTitle: Disable for organizations
-intro: 'Disable {% data variables.product.prodname_copilot %} for some or all of the organizations in your enterprise.'
-permissions: Enterprise admins
-product: '{% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
-versions:
- feature: copilot-enterprise
-topics:
- - Copilot
----
-
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.copilot-tab %}
-1. In the "{% data variables.product.prodname_copilot_short %} is active in your enterprise" section, configure the access for your {% data variables.product.prodname_copilot %} subscription.
- * To disable {% data variables.product.prodname_copilot %} for all organizations in your enterprise, select **Disabled**.
- * To disable {% data variables.product.prodname_copilot %} for specific organizations, select **Allow for specific organizations**.
-
-1. If you selected **Allow for specific organizations**, select the organizations you want to disable {% data variables.product.prodname_copilot %} for. Then, click the **Set organization permissions** dropdown and select **Disable** to deny {% data variables.product.prodname_copilot %} access for the specified organizations.
-
- 
-
-1. Review your selection.
- * If you selected **Disabled**, you will see a warning that disabling {% data variables.product.prodname_copilot %} will revoke access for all organizations and members. To confirm, click **Confirm and save**.
- * If you selected **Allow for specific organizations**, click **Save**.
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/downgrading-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/downgrading-copilot-for-your-enterprise.md
deleted file mode 100644
index 322d3fa7d415..000000000000
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/downgrading-copilot-for-your-enterprise.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: 'Downgrading Copilot for your enterprise'
-shortTitle: Downgrade subscription
-intro: 'Change from {% data variables.product.prodname_copilot_enterprise_short %} to {% data variables.product.prodname_copilot_business_short %} for your enterprise.'
-permissions: Enterprise admins
-product: '{% data variables.product.prodname_copilot_enterprise %}'
-versions:
- feature: copilot-enterprise
-topics:
- - Copilot
----
-
-Enterprise admins can change their enterprise's {% data variables.product.prodname_copilot_short %} subscription from {% data variables.product.prodname_copilot_enterprise_short %} to {% data variables.product.prodname_copilot_business_short %}. To do so, you must contact [{% data variables.product.prodname_dotcom %} Billing Support](https://support.github.com).
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise.md
deleted file mode 100644
index eaec336f1874..000000000000
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Enabling Copilot for organizations in your enterprise
-shortTitle: Enable for organizations
-intro: 'Enable {% data variables.product.prodname_copilot %} for some or all of the organizations in your enterprise.'
-permissions: Enterprise admins
-product: '{% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
-versions:
- feature: copilot-enterprise
-topics:
- - Copilot
----
-
-Admins of enterprises that have a {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} subscription can enable {% data variables.product.prodname_copilot %} for all, none, or some organizations within the enterprise.
-
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.copilot-tab %}
-1. In the "{% data variables.product.prodname_copilot_short %} is active in your enterprise" section, configure the access for your {% data variables.product.prodname_copilot %} subscription.
- * To enable {% data variables.product.prodname_copilot %} for all organizations in your enterprise, both current and future, select **Allow for: All organizations**.
- * To enable {% data variables.product.prodname_copilot %} for specific organizations, select **Allow for specific organizations**.
-
-1. If you selected **Allow for specific organizations**, select the organizations you want to enable {% data variables.product.prodname_copilot %} for. Then, click the **Set organization permissions** dropdown and select **Enable** to grant {% data variables.product.prodname_copilot %} access for the specified organizations.
-
-1. Click **Save**.
-
-## Next steps
-
-When {% data variables.product.prodname_copilot_short %} is enabled for an organization, owners of the organization can grant access to some or all members of the organization. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)."
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/index.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/index.md
index 4dae93f9420f..793f1c630802 100644
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/index.md
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/index.md
@@ -1,19 +1,13 @@
---
title: Managing GitHub Copilot in your enterprise
shortTitle: Manage for enterprise
-intro: 'Enterprise admins can subscribe to {% data variables.product.prodname_copilot_short %}, manage {% data variables.product.prodname_copilot_short %} for organizations in the enterprise, and control {% data variables.product.prodname_copilot_short %} policies.'
+intro: 'Enterprise owners can subscribe to {% data variables.product.prodname_copilot_short %}, manage {% data variables.product.prodname_copilot_short %} for organizations in the enterprise, and control {% data variables.product.prodname_copilot_short %} policies.'
versions:
feature: copilot-enterprise
topics:
- Copilot
children:
- - /subscribing-to-copilot-for-your-enterprise
+ - /managing-the-copilot-subscription-for-your-enterprise
+ - /managing-access-to-copilot-in-your-enterprise
- /managing-policies-and-features-for-copilot-in-your-enterprise
- - /enabling-copilot-for-organizations-in-your-enterprise
- - /disabling-copilot-for-organizations-in-your-enterprise
- - /viewing-copilot-usage-for-your-enterprise
- - /upgrading-copilot-for-your-enterprise
- - /downgrading-copilot-for-your-enterprise
- - /canceling-copilot-for-your-enterprise
---
-
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise.md
new file mode 100644
index 000000000000..f16c76bd9322
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise.md
@@ -0,0 +1,32 @@
+---
+title: Disabling Copilot for organizations in your enterprise
+shortTitle: Disable for organizations
+intro: 'Disable {% data variables.product.prodname_copilot %} for some or all of the organizations in your enterprise.'
+permissions: Enterprise owners
+product: 'Enterprises with a subscription to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/disabling-copilot-for-organizations-in-your-enterprise
+---
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. In the "{% data variables.product.prodname_copilot_short %} is active in your enterprise" section, configure the access for your {% data variables.product.prodname_copilot %} subscription.
+ * To disable {% data variables.product.prodname_copilot %} for all organizations in your enterprise, select **Disabled**.
+ * To disable {% data variables.product.prodname_copilot %} for specific organizations, select **Allow for specific organizations**.
+
+1. If you selected **Allow for specific organizations**:
+
+ 1. Under "Access management", locate the organization for which you want to disable {% data variables.product.prodname_copilot_short %}.
+ 1. To the right of the organization name, select the **Copilot** dropdown menu.
+ * If your enterprise has a {% data variables.product.prodname_copilot_business_short %} subscription, click **Disabled**.
+ * If your enterprise has a {% data variables.product.prodname_copilot_enterprise_short %} subscription, click **Remove access**.
+
+## Further reading
+
+* "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)"
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise.md
new file mode 100644
index 000000000000..5ff6379f399b
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise.md
@@ -0,0 +1,39 @@
+---
+title: Enabling Copilot for organizations in your enterprise
+shortTitle: Enable for organizations
+intro: 'Enable {% data variables.product.prodname_copilot %} for some or all of the organizations in your enterprise.'
+permissions: Enterprise owners
+product: 'Enterprises with a subscription to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise
+---
+
+Owners of enterprises that have a {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} subscription can enable {% data variables.product.prodname_copilot %} for all, none, or some organizations within the enterprise.
+
+For enterprises with a {% data variables.product.prodname_copilot_enterprise_short %} subscription, enterprise owners can choose to assign either {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} to individual organizations in the enterprise.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. In the "{% data variables.product.prodname_copilot_short %} is active in your enterprise" section, configure the access for your {% data variables.product.prodname_copilot %} subscription.
+ * To enable {% data variables.product.prodname_copilot %} for all organizations in your enterprise, both current and future, select **Allow for all organizations**.
+ * To enable {% data variables.product.prodname_copilot %} for specific organizations, select **Allow for specific organizations**.
+
+1. If you selected **Allow for specific organizations**:
+ 1. Under "Access management", locate the organization for which you want to enable {% data variables.product.prodname_copilot_short %}.
+ 1. To the right of the organization name, select the **Copilot** dropdown menu.
+ * If your enterprise has a {% data variables.product.prodname_copilot_business_short %} subscription, click **Enabled**.
+ * If your enterprise has a {% data variables.product.prodname_copilot_enterprise_short %} subscription, click either **Copilot: Enterprise** or **Copilot: Business** to assign a specific Copilot plan to the organization.
+
+## Next steps
+
+After you've enabled {% data variables.product.prodname_copilot_short %} for an organization in your enterprise, owners of the organization can grant access to some or all members of the organization. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)."
+
+## Further reading
+
+* "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)"
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/index.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/index.md
new file mode 100644
index 000000000000..13fd5caab29b
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/index.md
@@ -0,0 +1,15 @@
+---
+title: Managing access to Copilot in your enterprise
+shortTitle: Manage access
+intro: 'Enterprise owners can manage {% data variables.product.prodname_copilot_short %} for organizations in the enterprise.'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+children:
+ - /enabling-copilot-for-organizations-in-your-enterprise
+ - /disabling-copilot-for-organizations-in-your-enterprise
+ - /viewing-copilot-license-usage-in-your-enterprise
+ - /managing-github-copilot-access-to-your-enterprises-network
+---
+
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/managing-github-copilot-access-to-your-enterprises-network.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/managing-github-copilot-access-to-your-enterprises-network.md
new file mode 100644
index 000000000000..1a1f7dbce461
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/managing-github-copilot-access-to-your-enterprises-network.md
@@ -0,0 +1,13 @@
+---
+title: Managing GitHub Copilot access to your enterprise's network
+intro: 'Learn how to use subscription-based network routing to control {% data variables.product.prodname_copilot_short %} access to your network.'
+permissions: Enterprise owners
+product: '{% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+shortTitle: Manage network access
+---
+
+{% data reusables.copilot.sku-isolation %}
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/viewing-copilot-license-usage-in-your-enterprise.md
similarity index 59%
rename from content/copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise.md
rename to content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/viewing-copilot-license-usage-in-your-enterprise.md
index b361d513db5f..3288bb036310 100644
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise.md
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/viewing-copilot-license-usage-in-your-enterprise.md
@@ -1,16 +1,18 @@
---
-title: Viewing Copilot usage for your enterprise
-intro: 'You can view how many users have access to {% data variables.product.prodname_copilot %} across {% ifversion fpt %}your organization{% else %} all the organizations in your enterprise{% endif %}.'
-product: '{% data reusables.gated-features.copilot-billing %}'
-permissions: '{% ifversion fpt %}Organization admins{% else %}Enterprise owners{% endif %} can view usage for {% data variables.product.prodname_copilot %} in their {% ifversion fpt %}organization{% else %}enterprise{% endif %}.'
+title: Viewing Copilot license usage in your enterprise
+shortTitle: View license usage
+intro: 'View how many users have access to {% data variables.product.prodname_copilot %} across {% ifversion fpt %}your organization{% else %} all the organizations in your enterprise{% endif %}.'
+product: 'Enterprises with a subscription to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
+permissions: Enterprise owners
versions:
feature: copilot-enterprise
type: how_to
topics:
- Copilot
-shortTitle: View usage
redirect_from:
- /copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-your-github-copilot-usage
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/viewing-copilot-usage-for-your-enterprise
---
{% ifversion enhanced-billing-platform %}
@@ -25,10 +27,9 @@ If you have a subscription to {% data variables.product.prodname_copilot_for_bus
{% ifversion ghec %}
-## Viewing usage of {% data variables.product.prodname_copilot %}
-
-### At the enterprise-level
+## Viewing {% data variables.product.prodname_copilot_short %} license usage at the enterprise-level
+{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.billing-tab %}
1. Under "{% data variables.product.prodname_copilot_short %} monthly usage," view the breakdown of your {% data variables.product.prodname_copilot %} usage.
@@ -39,7 +40,11 @@ If you have a subscription to {% data variables.product.prodname_copilot_for_bus
The total spending for each organization for the current cycle will usually be the number of seats assigned, multiplied by the cost per seat. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#about-billing-for-github-copilot-business-and-github-copilot-enterprise)." However, if the same organization member is assigned a seat in multiple organizations, their seat usage will be included for each organization, but the enterprise will only be charged once. The cost for this person will only be included in the organization where they were first assigned a seat.
-### At the organization-level
+1. Optionally, to receive a CSV report by email detailing the usage of {% data variables.product.prodname_actions %}, {% data variables.product.prodname_registry %}, {% data variables.product.prodname_github_codespaces %}, and {% data variables.product.prodname_copilot %} for each of your enterprise account's organizations, under the billing summary at the top of the page click **Get usage report**. The report is sent to your account's primary email address.
+
+ 
+
+## Viewing {% data variables.product.prodname_copilot_short %} license usage at the organization-level
{% else %}
@@ -55,3 +60,6 @@ If you have a subscription to {% data variables.product.prodname_copilot_for_bus
The figure for Total Seats shows how many seats are currently assigned for {% data variables.product.prodname_copilot %}.
+
+1. Optionally, to download a CSV report detailing the usage of {% data variables.product.prodname_actions %}, {% data variables.product.prodname_registry %}, {% data variables.product.prodname_github_codespaces %}, and {% data variables.product.prodname_copilot %} in your organization, next to "Usage this month", click **Get usage report**. An email containing a link for downloading the CSV report is sent to the primary email address for your account. You can choose whether the report should cover the last 7, 30, 90, or 180 days.
+ 
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md
index 8115f976b37f..d8a11a5457ef 100644
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md
@@ -1,7 +1,7 @@
---
title: Managing policies and features for Copilot in your enterprise
-intro: 'Enterprise admins can enforce {% data variables.product.prodname_copilot_short %} policies for organizations in their enterprise.'
-permissions: Enterprise admins
+intro: 'Enterprise owners can control the availability of {% data variables.product.prodname_copilot %} and its features for all organizations in the enterprise.'
+permissions: Enterprise owners
product: '{% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
versions:
feature: copilot-enterprise
@@ -12,52 +12,71 @@ shortTitle: Manage policies
## About policies for {% data variables.product.prodname_copilot %} in your enterprise
-If you have a subscription to {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %}, you can enforce policies for {% data variables.product.prodname_copilot %} within your enterprise's organizations, or allow policies to be set in each organization.
+You can set policies that control the availability of {% data variables.product.prodname_copilot_short %} and its features in your enterprise and organizations.
-Wherever a restrictive policy has been chosen at the enterprise level, an organization owner will not be able to select a more permissive policy at the organization level. In cases where no policy is selected at the enterprise level, and multiple organizations within the enterprise have chosen different policies and granted access to the same users, the most restrictive policy takes precedence for those users.
+There are **three enforcement options** for {% data variables.product.prodname_copilot_short %} policies in your enterprise:
-## Enforcing a policy to manage the use of {% data variables.product.prodname_copilot %} suggestions that match public code
+* **No policy** - The feature is initially disabled at the organization level, but each organization with {% data variables.product.prodname_copilot_short %} enabled in your enterprise can set their own policy for the feature.
+* **Enabled** - The feature is available in all organizations with {% data variables.product.prodname_copilot_short %} enabled in your enterprise.
+* **Disabled** - The feature is blocked for all organizations with {% data variables.product.prodname_copilot_short %} enabled in your enterprise.
-{% data variables.product.prodname_copilot %} includes a filter which detects code suggestions that match public code on {% data variables.product.prodname_dotcom %}. You can choose whether to enable or disable the filter at the enterprise level, or allow organization owners to decide at the organization level. When the filter is enabled, {% data variables.product.prodname_copilot %} checks code suggestions with their surrounding code of about 150 characters against public code on {% data variables.product.prodname_dotcom %}. If there is a match or near match, the suggestion will not be shown.
+If a policy is enabled or disabled at the enterprise level, the same policy cannot be changed at the organization level.
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.copilot-tab %}
-{% data reusables.enterprise-accounts.copilot-policies-tab %}
-1. Next to "Suggestions matching public code," click the dropdown menu and select the policy you want to enforce.
- * To block {% data variables.product.prodname_copilot %} suggestions matching public code, select **Blocked**.
- * To allow {% data variables.product.prodname_copilot %} suggestions matching public code, select **Allowed**.
- * To allow each of your organizations to set their own policy on the use of {% data variables.product.prodname_copilot %} suggestions matching public code, select **No policy**.
+If no policy is chosen at the enterprise level, and multiple organizations within the enterprise choose different policies and grant access to the same users, the most restrictive policy is enforced.
-## Enforcing a policy to manage the use of {% data variables.product.prodname_copilot %} features on {% data variables.product.prodname_dotcom_the_website %}
+You can configure any of the following policies for your enterprise:
-With a {% data variables.product.prodname_copilot_enterprise_short %} license, members of your enterprise can access AI features that enhance their experience on {% data variables.product.prodname_dotcom_the_website %}, such as the ability to chat with {% data variables.product.prodname_copilot_short %} in the browser and reference context for {% data variables.product.prodname_copilot_short %} across multiple repositories. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/github-copilot-enterprise-feature-set)."
+* [{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}](#copilot-in-githubcom)
+* [{% data variables.product.prodname_copilot_cli %}](#github-copilot-in-the-cli)
+* [{% data variables.product.prodname_copilot_chat %} in the IDE](#github-copilot-chat-in-the-ide)
+* [{% data variables.product.prodname_copilot_mobile %}](#github-copilot-chat-in-github-mobile)
+* [{% data variables.product.prodname_copilot_extensions %}](#github-copilot-extensions)
+* [Suggestions matching public code](#suggestions-matching-public-code)
+* [Give {% data variables.product.prodname_copilot_short %} access to Bing](#give-copilot-access-to-bing)
-You can enable or disable the use of these features for organizations in your enterprise. Alternatively, you can allow organization owners to select their own policy to determine access to the features for their organization.
+### {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}
-{% data reusables.copilot.copilot-enterprise-enable %}
+With a {% data variables.product.prodname_copilot_enterprise_short %} license, you can enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" to provide members of your enterprise access to AI features on {% data variables.product.prodname_dotcom_the_website %}, including:
+* **{% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_dotcom_the_website %}** - You can ask {% data variables.product.prodname_copilot %} coding-related questions within a chat interface on {% data variables.product.prodname_dotcom_the_website %}. You can ask general questions or questions within a specific context such as a repository, issue, file, or symbol.
+* **{% data variables.product.prodname_copilot_short %} pull request summaries** - {% data variables.product.prodname_copilot_short %} can generate a summary of the changes made in a pull request, as well as a list of impacted files, using natural language. This overview helps reviewers quickly understand the proposed changes.
+* **{% data variables.product.prodname_copilot_short %} knowledge bases** - Organization owners can create knowledge bases consisting of Markdown documentation across one or more repositories, allowing organization members to use that documentation as context when they ask questions in {% data variables.product.prodname_copilot_chat_dotcom_short %}, {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}, and {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %}.
-## Enforcing a policy to manage the use of {% data variables.product.prodname_copilot_chat %} in IDEs
+If you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}", you can also configure additional features:
-{% data variables.product.prodname_copilot_chat %} is a feature that allows users to chat with {% data variables.product.prodname_copilot %} to get code suggestions and answers to coding-related questions. You can enable or disable the use of {% data variables.product.prodname_copilot_chat %} in IDEs for organizations in your enterprise. Alternatively, you can allow organization owners to select their own policy to determine access to {% data variables.product.prodname_copilot_chat %} for their organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide)."
+{% data reusables.copilot.policies-for-dotcom %}
-To manage the use of {% data variables.product.prodname_copilot_chat_dotcom_short %}, see "[Enforcing a policy to manage the use of {% data variables.product.prodname_copilot %} features on {% data variables.product.prodname_dotcom_the_website %}](#enforcing-a-policy-to-manage-the-use-of-github-copilot-features-on-githubcom)."
+### {% data variables.product.prodname_copilot_cli %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.copilot-tab %}
-{% data reusables.enterprise-accounts.copilot-policies-tab %}
-1. Next to "{% data variables.product.prodname_copilot_chat %} in the IDE," click the dropdown menu and select the policy you want to enforce.
- * To allow each of your organizations to set their own policy on the use of {% data variables.product.prodname_copilot_chat %}, select **No policy**.
- * To allow use of {% data variables.product.prodname_copilot_chat %}, select **Enabled**.
- * To prevent use of {% data variables.product.prodname_copilot_chat %}, select **Disabled**.
+{% data variables.product.prodname_copilot_cli %} is an extension for {% data variables.product.prodname_cli %} which provides a chat-like interface in the terminal. You can ask {% data variables.product.prodname_copilot %} for command suggestions, or for explanations of commands they run.
+
+### {% data variables.product.prodname_copilot_chat %} in the IDE
+
+You can chat with {% data variables.product.prodname_copilot %} in your IDE to get code suggestions and answers to coding-related questions without context switching.
+
+### {% data variables.product.prodname_copilot_mobile %}
-## Enforcing a policy to manage the use of {% data variables.product.prodname_copilot_cli %}
+{% data variables.product.prodname_copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %} to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}.
-{% data reusables.copilot.copilot-cli-about %} You can enable or disable the use of {% data variables.product.prodname_copilot_cli_short %} for organizations in your enterprise. Alternatively, you can allow organization owners to select their own policy for {% data variables.product.prodname_copilot_cli_short %} for their organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli)."
+### {% data variables.product.prodname_copilot_extensions %}
-{% data reusables.copilot.copilot-cli-enable %}
+{% data reusables.copilot.copilot-extensions.beta-note %}
-## Enforcing a policy to manage the use of {% data variables.product.prodname_copilot_mobile %}
+{% data variables.product.prodname_copilot_extensions %} integrate external tools with {% data variables.product.prodname_copilot_chat %}, helping members of your enterprise reduce context switching, interact with tools using natural language, and customize their {% data variables.product.prodname_copilot_chat_short %} experience.
-{% data variables.product.prodname_copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}. You can enable or disable the use of {% data variables.product.prodname_copilot_mobile_short %} for organizations in your enterprise. Alternatively, you can allow organization owners to select their own policy for {% data variables.product.prodname_copilot_mobile_short %} for their organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github-mobile/about-github-copilot-chat-in-github-mobile)."
+### Suggestions matching public code
-{% data reusables.copilot.copilot-chat-mobile-enable %}
+{% data variables.product.prodname_copilot %} includes a filter which detects code suggestions that match public code on {% data variables.product.prodname_dotcom %}. When the filter is enabled, {% data variables.product.prodname_copilot %} checks code suggestions with their surrounding code of about 150 characters against public code on {% data variables.product.prodname_dotcom %}. If there is a match or near match, the suggestion will not be shown.
+
+### Give {% data variables.product.prodname_copilot_short %} access to Bing
+
+> [!NOTE] Bing search integration into {% data variables.product.prodname_copilot_chat_dotcom_short %}, {% data variables.product.prodname_vscode_shortname %}, and {% data variables.product.prodname_vs %} is currently in beta and is subject to change.
+
+{% data variables.product.prodname_copilot_chat %} can use Bing to provide enhanced responses by searching the internet for information related to a question. Bing search is particularly helpful when discussing new technologies or highly specific subjects.
+
+## Configuring policies for {% data variables.product.prodname_copilot %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+{% data reusables.enterprise-accounts.copilot-policies-tab %}
+1. For each policy you want to configure, click the dropdown menu and select an enforcement option.
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md
new file mode 100644
index 000000000000..479eef362c90
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md
@@ -0,0 +1,78 @@
+---
+title: About billing for GitHub Copilot in your enterprise
+shortTitle: About billing
+intro: 'Learn about pricing and billing cycles for {% data variables.product.prodname_copilot_short %} in your enterprise.'
+permissions: 'Enterprise owners'
+product: '{% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %}'
+versions:
+ feature: copilot
+type: overview
+topics:
+ - Copilot
+---
+
+## About pricing for {% data variables.product.prodname_copilot_short %} in your enterprise
+
+Enterprises on {% data variables.product.prodname_ghe_cloud %} can subscribe to either {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}. For more information, see "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)."
+
+### Pricing for {% data variables.product.prodname_copilot_for_business %}
+
+Subscriptions to {% data variables.product.prodname_copilot_business_short %} are available on a monthly cycle. The subscriptions are billed to the enterprise account at the end of each cycle, at {% data variables.copilot.cfb_price_per_month %} per user per month.
+
+### Pricing for {% data variables.product.prodname_copilot_enterprise %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} subscription, you can choose to assign either {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} to each individual organization in the enterprise.
+
+Subscriptions to {% data variables.product.prodname_copilot_enterprise_short %} are available on a monthly cycle. The subscriptions are billed to the enterprise account at the end of each cycle, at the following prices:
+
+* For organizations in the enterprise that are assigned a **{% data variables.product.prodname_copilot_for_business %}** subscription: {% data variables.copilot.cfb_price_per_month %} per user per month.
+* For organizations in the enterprise that are assigned a **{% data variables.product.prodname_copilot_enterprise %}** subscription: {% data variables.copilot.ce_price_per_month %} per user per month.
+
+## About the billing cycle for {% data variables.product.prodname_copilot_short %} in your enterprise
+
+Billed users are calculated at the end of each billing cycle, based on the number of {% data variables.product.prodname_copilot %} seats that are assigned. You can add or remove seats at any time during the billing cycle.
+
+* **Any seat assigned part way through the billing cycle** will be prorated based on the number of days remaining in the cycle.
+* **Any seat assignment removed during a billing cycle** will take effect from the beginning of the next cycle. The person will still be able to use {% data variables.product.prodname_copilot %} until the end of the cycle. If a user's access to organizations in the enterprise with {% data variables.product.prodname_copilot_short %} seats is removed, they will lose access immediately.
+
+Your enterprise will be charged on whichever payment method you’ve set up for the enterprise account, such as a credit card or a Microsoft Azure subscription.
+
+{% ifversion billing-auth-and-capture %}
+
+{% data reusables.billing.authorization-charge %}
+
+{% endif %}
+
+> [!NOTE] {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
+
+### About seat assignment for {% data variables.product.prodname_copilot_short %} in your enterprise
+
+A {% data variables.product.prodname_copilot %} seat is a license to use {% data variables.product.prodname_copilot %}, which is granted to a unique user account through an enterprise's {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription. Each month, the enterprise is charged for the number of assigned seats.
+
+If a single user receives a seat from multiple organizations in the same enterprise, the enterprise will only be billed once per billing cycle for that unique user. One of the organizations that assigned {% data variables.product.prodname_copilot_short %} to the user will be chosen at random each month to be billed for the seat.
+
+Seat assignment is managed by owners of organizations{% ifversion ghec %} that have been granted access to {% data variables.product.prodname_copilot %} at the enterprise level{% endif %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
+
+If you are a member of an organization or enterprise with a {% data variables.product.prodname_copilot %} subscription, to use the subscription, you will need to be assigned a seat by an organization owner.
+
+### About billing through Azure
+
+When you connect an Azure subscription to your organization or enterprise account and enable metered billing via Azure, metered usage will start to be sent to Azure. You will be billed through {% data variables.product.prodname_dotcom %} for usage from the start of the current billing cycle to when you enabled metered billing via Azure, on your next billing date. The period between the date you connected your Azure subscription and enabled metered billing via Azure, and the end of the calendar month will be charged in Azure on the first of the month. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)."
+
+> [!NOTE] Usage data is sent to Azure daily, but you are billed at the end of the month based on the number of seats used. This means that although you can track your daily spending (number of seats in this case), actual payments are processed monthly.
+
+## About changes to your {% data variables.product.prodname_copilot_short %} subscription
+
+If you upgrade an organization from {% data variables.product.prodname_copilot_business_short %} to {% data variables.product.prodname_copilot_enterprise_short %}, all users who currently have a seat for {% data variables.product.prodname_copilot_business_short %} will immediately receive access to {% data variables.product.prodname_copilot_enterprise_short %}. You will be charged for each {% data variables.product.prodname_copilot_enterprise %} seat pro rata for the rest of the cycle.
+
+If you downgrade an organization's {% data variables.product.prodname_copilot_enterprise %} subscription during a billing cycle, the users will have access to {% data variables.product.prodname_copilot_enterprise %} for the rest of the cycle, and the change to your bill will take effect from the following cycle.
+
+Disabling {% data variables.product.prodname_copilot %} for all organizations in your enterprise will cancel your enterprise's {% data variables.product.prodname_copilot_short %} subscription.
+
+{% data reusables.copilot.copilot-one-account %}
+
+## Further reading
+
+* "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise)"
+* "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-information-to-your-receipts)"
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/canceling-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/canceling-copilot-for-your-enterprise.md
similarity index 56%
rename from content/copilot/managing-copilot/managing-copilot-for-your-enterprise/canceling-copilot-for-your-enterprise.md
rename to content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/canceling-copilot-for-your-enterprise.md
index e6dd7436761b..63011dc0d80c 100644
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/canceling-copilot-for-your-enterprise.md
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/canceling-copilot-for-your-enterprise.md
@@ -1,13 +1,15 @@
---
-title: 'Canceling Copilot for your enterprise'
+title: Canceling Copilot for your enterprise
shortTitle: Cancel subscription
-intro: "Disabling {% data variables.product.prodname_copilot %} for all organizations in your enterprise will cancel your enterprise's {% data variables.product.prodname_copilot_short %} subscription."
+intro: 'Disabling {% data variables.product.prodname_copilot %} for all organizations in your enterprise will cancel your enterprise''s {% data variables.product.prodname_copilot_short %} subscription.'
permissions: Enterprise admins
product: '{% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
versions:
feature: copilot-enterprise
topics:
- Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/canceling-copilot-for-your-enterprise
---
{% data reusables.copilot.disable-copilot-for-all-orgs %}
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/downgrading-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/downgrading-copilot-for-your-enterprise.md
new file mode 100644
index 000000000000..2a2bde2c5c33
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/downgrading-copilot-for-your-enterprise.md
@@ -0,0 +1,23 @@
+---
+title: Downgrading Copilot for your enterprise
+shortTitle: Downgrade subscription
+intro: 'You can downgrade organizations in your enterprise from {% data variables.product.prodname_copilot_enterprise_short %} to {% data variables.product.prodname_copilot_business_short %}.'
+permissions: Enterprise owners
+product: 'Enterprises with a subscription to {% data variables.product.prodname_copilot_enterprise_short %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/downgrading-copilot-for-your-enterprise
+---
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. Under "Access management", locate the organization for which you want to downgrade {% data variables.product.prodname_copilot_short %}.
+1. To the right of the organization name, select the **Copilot** dropdown menu, and click **Business**.
+
+ 
+
+1. In the pop-up window that appears, review the effects of downgrading the organization, then click **Confirm and downgrade**.
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/index.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/index.md
new file mode 100644
index 000000000000..09e81ee8e04d
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/index.md
@@ -0,0 +1,15 @@
+---
+title: Managing the Copilot subscription for your enterprise
+shortTitle: Manage subscription
+intro: 'Enterprise owners can manage the {% data variables.product.prodname_copilot_short %} subscription for the enterprise.'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+children:
+ - /about-billing-for-github-copilot-in-your-enterprise
+ - /subscribing-to-copilot-for-your-enterprise
+ - /canceling-copilot-for-your-enterprise
+ - /upgrading-copilot-for-your-enterprise
+ - /downgrading-copilot-for-your-enterprise
+---
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/subscribing-to-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/subscribing-to-copilot-for-your-enterprise.md
new file mode 100644
index 000000000000..94424bed00c5
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/subscribing-to-copilot-for-your-enterprise.md
@@ -0,0 +1,32 @@
+---
+title: Subscribing to Copilot for your enterprise
+shortTitle: Subscribe
+intro: 'Enterprise owners can set up a {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} subscription for their enterprise.'
+permissions: Enterprise owners
+product: 'Enterprises on {% data variables.product.prodname_ghe_cloud %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+redirect_from:
+ - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-enterprise-subscription
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise
+---
+
+>[!NOTE]
+> {% data reusables.copilot.signup-procedure-enterprise-msft-ea %}
+
+1. Ensure you are signed in as an enterprise admin on {% data variables.product.prodname_dotcom_the_website %}.
+1. Navigate to the {% data variables.product.prodname_copilot_short %} signup page:
+ * For **{% data variables.product.prodname_copilot_business_short %}**, go to the [signup page for {% data variables.product.prodname_copilot_business_short %}](https://github.com/github-copilot/business_signup/choose_business_type).
+ * For **{% data variables.product.prodname_copilot_enterprise_short %}**, go to the [signup page for {% data variables.product.prodname_copilot_enterprise_short %}](https://github.com/github-copilot/enterprise_signup/choose_enterprise).
+1. Follow the steps to sign up and enable {% data variables.product.prodname_copilot_short %} for organizations in your enterprise. If you purchased {% data variables.product.prodname_copilot_enterprise_short %}, you will be able to assign either {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} to each individual organization in the enterprise.
+
+## Next steps
+
+* To finish setting up {% data variables.product.prodname_copilot_short %} for your enterprise, see "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise)."
+* For billing information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#about-billing-for-github-copilot-business-and-github-copilot-enterprise)" and "[AUTOTITLE](/billing/managing-your-github-billing-settings)."
+
+## Further reading
+
+* "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)"
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/upgrading-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/upgrading-copilot-for-your-enterprise.md
new file mode 100644
index 000000000000..b58ca2717ebc
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/upgrading-copilot-for-your-enterprise.md
@@ -0,0 +1,31 @@
+---
+title: Upgrading Copilot for your enterprise
+shortTitle: Upgrade subscription
+intro: 'Change your enterprise''s subscription from {% data variables.product.prodname_copilot_business_short %} to {% data variables.product.prodname_copilot_enterprise_short %}.'
+permissions: Enterprise owners
+product: 'Enterprises with a subscription to {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-copilot-for-your-enterprise/upgrading-copilot-for-your-enterprise
+---
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. In the "{% data variables.product.prodname_copilot_business_short %} is active in your enterprise" section, click **Purchase {% data variables.product.prodname_copilot_enterprise_short %}**.
+
+ 
+
+1. In the dialog, click **Continue to billing summary**.
+1. Review your updated billing summary, then click **Enable plan**.
+
+## Next steps
+
+After upgrading to {% data variables.product.prodname_copilot_enterprise_short %}, you can assign {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} to individual organizations in the enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)."
+
+## Further reading
+
+* "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)"
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise.md
deleted file mode 100644
index 53ad952b4fe3..000000000000
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-title: 'Subscribing to Copilot for your enterprise'
-shortTitle: Subscribe
-intro: 'Get access to {% data variables.product.prodname_copilot %} for your enterprise.'
-permissions: Enterprise admins
-product: '{% data variables.product.prodname_ghe_cloud %}'
-versions:
- feature: copilot-enterprise
-topics:
- - Copilot
-redirect_from:
- - /billing/managing-billing-for-github-copilot/managing-your-github-copilot-enterprise-subscription
----
-
-Enterprise admins can set up a {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} subscription for their enterprise. To learn more about each subscription, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)" and "[AUTOTITLE](/copilot/copilot-business/about-github-copilot-business)."
-
-If your enterprise is already subscribed to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}, you can upgrade or downgrade the subscription. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/upgrading-copilot-for-your-enterprise)" and "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/downgrading-copilot-for-your-enterprise)."
-
-For billing information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#about-billing-for-github-copilot-business-and-github-copilot-enterprise)" and "[AUTOTITLE](/billing/managing-your-github-billing-settings)."
-
-## Subscribing
-
->[!NOTE]
-> {% data reusables.copilot.signup-procedure-enterprise-msft-ea %}
-
-1. Ensure you are signed in as an enterprise admin on {% data variables.product.prodname_dotcom_the_website %}.
-1. Go to the [{% data variables.product.prodname_copilot_short %} plans page](https://github.com/features/copilot/plans).
-1. Under "{% data variables.product.prodname_copilot_enterprise_short %}" or "{% data variables.product.prodname_copilot_business_short %}", click **Buy now**.
-1. Follow the steps to sign up and enable {% data variables.product.prodname_copilot_short %} for organizations in your enterprise.
-
-## Next steps
-
-* Configure policies for {% data variables.product.prodname_copilot_short %} in your enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)."
-* Enable {% data variables.product.prodname_copilot_short %} for organizations in your enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)."
-* When {% data variables.product.prodname_copilot_short %} is enabled for an organization, owners of the organization can grant access to some or all members of the organization. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)."
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/upgrading-copilot-for-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/upgrading-copilot-for-your-enterprise.md
deleted file mode 100644
index 1c5597dbaeac..000000000000
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/upgrading-copilot-for-your-enterprise.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: 'Upgrading Copilot for your enterprise'
-shortTitle: Upgrade subscription
-intro: 'Change from {% data variables.product.prodname_copilot_business_short %} to {% data variables.product.prodname_copilot_enterprise %} for your enterprise.'
-permissions: Enterprise admins
-product: '{% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_copilot_business_short %}'
-versions:
- feature: copilot-enterprise
-topics:
- - Copilot
----
-
-Enterprise admins can change their enterprise's {% data variables.product.prodname_copilot_short %} subscription from {% data variables.product.prodname_copilot_business_short %} to {% data variables.product.prodname_copilot_enterprise_short %}.
-
-When you upgrade, all users with a {% data variables.product.prodname_copilot_business_short %} seat will be upgraded to {% data variables.product.prodname_copilot_enterprise_short %}. Your enterprise will be charged pro rata for these seats for the rest of the billing cycle.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.copilot-tab %}
-1. In the "{% data variables.product.prodname_copilot_business_short %} is active in your enterprise" section, click **Purchase {% data variables.product.prodname_copilot_enterprise_short %}**.
-
- 
-
-1. In the dialog, click **Continue to billing summary**.
-1. Review your updated billing summary, then click **Enable plan**.
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot.md
deleted file mode 100644
index f3952d7cd740..000000000000
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot.md
+++ /dev/null
@@ -1,306 +0,0 @@
----
-title: Configuring content exclusions for GitHub Copilot
-shortTitle: Excluding content
-intro: 'You can prevent specified files from being used to inform code completion suggestions made by {% data variables.product.prodname_copilot %}. {% data variables.product.prodname_copilot %} will not be available in excluded files.'
-product: 'This feature is available for organization and enterprise accounts with a {% data variables.product.prodname_copilot_business_short %} subscription, and for enterprise accounts with a {% data variables.product.prodname_copilot_enterprise_short %} subscription.'
-permissions: 'Repository administrators and organization owners can manage the content exclusion settings for {% data variables.product.prodname_copilot %}.
People with the "Maintain" role for a repository can view the content exclusion settings for that repository, but can''t change these settings. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)."'
-redirect_from:
- - /copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot
- - /copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot
-layout: inline
-topics:
- - Copilot
-versions:
- feature: copilot
----
-
-{% note %}
-
-**Note:**
-
-{% data reusables.copilot.content-exclusion-note %}
-
-{% endnote %}
-
-## About configuring content exclusions
-
-You may want to prevent certain files from being available to {% data variables.product.prodname_copilot %}. You can configure {% data variables.product.prodname_copilot %} so that it ignores these files. You do this by specifying paths to excluded content in the settings for your repository or organization.
-
-When you specify content exclusions it has two effects:
-
-* The content of the affected files will not be used by {% data variables.product.prodname_copilot %} to inform the code completion suggestions it makes in other files.
-* {% data variables.product.prodname_copilot %} code completion will not be available in the affected files.
-
-{% data reusables.copilot.content-exclusions-delay %} For more information, see "[Propagating content exclusion changes to your IDE](#propagating-content-exclusion-changes-to-your-ide)."
-
-### Limitations
-
-{% data reusables.copilot.content-exclusion-limitations %}
-
-### What can you exclude?
-
-When you specify content exclusion in the settings for a repository, you can only exclude files in that repository.
-
-When you specify content exclusion in the settings for an organization, you can exclude files in any Git-based repository hosted on {% data variables.product.prodname_dotcom_the_website %} or anywhere that can be accessed using any of the following syntaxes:
-
-```text
-http[s]://host.xz[:port]/path/to/repo.git/
-
-git://host.xz[:port]/path/to/repo.git/
-
-[user@]host.xz:path/to/repo.git/
-
-ssh://[user@]host.xz[:port]/path/to/repo.git/
-```
-
-{% note %}
-
-**Note:** It's important to be aware that content can be excluded by the settings of any {% data variables.product.prodname_dotcom %} organization with a {% data variables.product.prodname_copilot_business_short %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise_short %}{% endif %} subscription. Excluded files may be in a repository that is not owned by the organization in which the exclusion was defined. The excluded files may also be located in a Git-based repository that is not hosted on {% data variables.product.prodname_dotcom %}.
-
-{% endnote %}
-
-### Who is affected by a content exclusion setting?
-
-{% data reusables.copilot.content-exclusions-scope %}
-
-{% ifversion fpt %}All exclusions, whether they are defined in repository settings or in organization settings, apply to all members of the organization who have been granted a {% data variables.product.prodname_copilot_short %} seat as part of a {% data variables.product.prodname_copilot_business_short %} subscription.{% endif %}
-
-{% ifversion ghec %}
-You can't specify content exclusions in the settings for an enterprise. However, all content exclusions defined in organization or repository settings apply to all members of the enterprise who have been granted a {% data variables.product.prodname_copilot_short %} seat as part of a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription.
-
-This means, for example, that if you are an admin of an organization that belongs to Enterprise X, you can set up an exclusion for files in any Git-based repositories, hosted on {% data variables.product.prodname_dotcom %} or elsewhere, and the exclusion will apply to anyone who gets their {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} license from any organization in Enterprise X.
-
-However, it's recommended that, where an exclusion is being defined for a {% data variables.product.prodname_dotcom %} repository, you should define this either in the settings of that repository or in the settings for the organization that owns the repository. This makes it easier to identify the exclusions that are in place for a repository than if you define the exclusions in the settings of another organization in the enterprise.
-{% endif %}
-
-### Data sent to {% data variables.product.prodname_dotcom %}
-
-After you configure content exclusion, the client (for example, the {% data variables.product.prodname_copilot_short %} extension for {% data variables.product.prodname_vscode_shortname %}) sends the current repository URL to the {% data variables.product.prodname_dotcom %} server so that the server can return the correct policy to the client. URLs sent to the server in this way are not logged anywhere.
-
-## Configuring content exclusions for your repository
-
-You can use your repository settings to specify content in your repository that {% data variables.product.prodname_copilot %} should ignore.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-
-1. In the "Code & automation" section of the side bar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**.
-
- If your repository inherits any exclusions from {%ifversion fpt %}its parent organization{% else %} organizations in the same enterprise{% endif %}, you'll see {%ifversion ghec %}one or more{% else %} a{% endif %} gray box{%ifversion ghec %}es{% endif %} at the top of the page containing details of these exclusions. You cannot edit these settings.
-
- {%ifversion ghec %}
-
- {% note %}
-
- **Note**: Exclusions that affect your repository can be defined in the settings of any organization in your {% data variables.product.prodname_dotcom %} enterprise, in addition to those defined in your repository settings.
-
- {% endnote %}
-
- {% endif %}
-
-1. In the box under "Paths to exclude in this repository," enter the paths to files from which {% data variables.product.prodname_copilot_short %} should be excluded.
-
- 
-
- Use the format: `- "/PATH/TO/DIRECTORY/OR/FILE"`, with each path on a separate line. You can add comments by starting a line with `#`.
-
- You can use fnmatch pattern matching notation to specify file paths. For more information, see "[File](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch)" in the ruby-doc.org documentation.
-
- {% note %}
-
- **Note**: Patterns are case insensitive.
-
- {% endnote %}
-
-### Example of paths specified in the repository settings
-
-```yaml annotate
-# Ignore the `/src/some-dir/kernel.rs` file in this repository.
-- "/src/some-dir/kernel.rs"
-
-# Ignore files called `secrets.json` anywhere in this repository.
-- "secrets.json"
-
-# Ignore all files whose names begin `secret` anywhere in this repository.
-- "secret*"
-
-# Ignore files whose names end `.cfg` anywhere in this repository.
-- "*.cfg"
-
-# Ignore all files in or below the `/scripts` directory of this repository.
-- "/scripts/**"
-```
-
-## Configuring content exclusions for your organization
-
-You can use your organization settings to specify content, in any repository, that {% data variables.product.prodname_copilot %} should ignore.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-
-1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Content exclusion**.
-1. In the box under "Repositories and paths to exclude," enter details of where {% data variables.product.prodname_copilot_short %} should be excluded.
-
- For each repository in which you want files to be excluded from {% data variables.product.prodname_copilot_short %}, enter a reference to the repository on one line, followed by paths to locations within the repository, with each path on a separate line. Use the following format:
-
- ```yaml
- REPOSITORY-REFERENCE:
- - "/PATH/TO/DIRECTORY/OR/FILE"
- - "/PATH/TO/DIRECTORY/OR/FILE"
- - ...
- ```
-
- Repositories can be referenced using various protocols. You can use any of the following syntaxes for `REPOSITORY-REFERENCE` and {% data variables.product.prodname_copilot_short %} will match them regardless of how the repository was cloned locally:
-
- ```text
- http[s]://host.xz[:port]/path/to/repo.git/
-
- git://host.xz[:port]/path/to/repo.git/
-
- [user@]host.xz:path/to/repo.git/
-
- ssh://[user@]host.xz[:port]/path/to/repo.git/
- ```
-
- {% note %}
-
- **Notes**:
- * The `user@` and `:port` parts of the `REPOSITORY-REFERENCE` are ignored in the calculation of which paths to ignore for a repository.
- * Each repository reference can contain a single `*` wildcard. For example, `https://github.com/octo-org/*` matches all repositories in the `octo-org` organization.
- * There is additional support for Azure DevOps URLs. For more information, see "[Azure DevOps `REPOSITORY-REFERENCE` support](#azure-devops-repository-reference-support)."
-
- {% endnote %}
-
- You can use fnmatch pattern matching notation to specify file paths. For more information, see "[File](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch)" in the ruby-doc.org documentation.
-
- {% note %}
-
- **Note**: Patterns are case insensitive.
-
- {% endnote %}
-
-### Example of repositories and paths in organization settings
-
-```yaml annotate
-# Ignore all `.env` files at any path, in any repository.
-# This setting applies to all repositories, not just to those on GitHub.com.
-# This could also have been written on a single line as:
-#
-# "*": ["**/.env"]
-"*":
- - "**/.env"
-
-# In the `octo-repo` repository in this organization:
-octo-repo:
- # Ignore the `/src/some-dir/kernel.rs` file.
- - "/src/some-dir/kernel.rs"
-
-# In the `primer/react` repository on {% data variables.product.prodname_dotcom %}:
-https://github.com/primer/react.git:
- # Ignore files called `secrets.json` anywhere in this repository.
- - "secrets.json"
- # Ignore files called `temp.rb` in or below the `/src` directory.
- - "/src/**/temp.rb"
-
-# In the `copilot` repository of any {% data variables.product.prodname_dotcom %} organization:
-git@github.com:*/copilot:
- # Ignore any files in or below the `/__tests__` directory.
- - "/__tests__/**"
- # Ignore any files in the `/scripts` directory.
- - "/scripts/*"
-
-# In the `gitlab-org/gitlab-runner` repository on GitLab:
-git@gitlab.com:gitlab-org/gitlab-runner.git:
- # Ignore the `/main_test.go` file.
- - "/main_test.go"
- # Ignore any files with names beginning `server` or `session`, anywhere in this repository.
- - "{server,session}*"
- # Ignore any files with names ending `.md` or `.mk`, anywhere in this repository.
- - "*.m[dk]"
- # Ignore files directly within directories such as `packages` or `packaged`, anywhere in this repository.
- - "**/package?/*"
- # Ignore files in or below any `security` directories, anywhere in this repository.
- - "**/security/**"
-```
-
-## Reviewing changes to the content exclusion settings
-
-If you are an organization owner, you can check any changes that have been made to content exclusions.
-
-1. Open the "Content exclusion" page in the settings for your organization ([described here](#configuring-content-exclusions-for-your-organization)), or the settings for a repository ([described here](#configuring-content-exclusions-for-your-repository)).
-1. Scroll to the bottom of the page.
-
- You will see the name of the person who last changed the settings, and information about when they made this change.
-
-1. Click the time of the last change.
-
- 
-
- {% note %}
-
- **Note**: The time of the last change is only a link if you are an organization owner.
-
- {% endnote %}
-
- The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
-
- If you clicked through from a repository settings page, the audit log is filtered to show only changes to content exclusions for that repository.
-
-1. Click the ellipsis (...) at the end of each entry to see more details.
-
- If the "excluded_paths" entry is truncated, hover over the truncated value to show the full entry. This displays the content of the exclusion settings after the change was saved.
-
- 
-
-## Checking the effect of a settings change
-
-When you change {% data variables.product.prodname_copilot_short %}'s content exclusions you can check that the setting blocks {% data variables.product.prodname_copilot_short %} from suggesting code in the specified files.
-
-To confirm that {% data variables.product.prodname_copilot_short %} is disabled for a file, open the file in the editor and start typing a line of code, such as a comment. Normally, you would see a code completion suggestion from {% data variables.product.prodname_copilot_short %} as you type. If {% data variables.product.prodname_copilot_short %} is disabled by a content exclusion, code completion suggestions will not be offered, and the file's contents will not be used to generate suggestions in other files.
-
-### Checking settings changes in your IDE
-
-If you are working in {% data variables.product.prodname_vs %}, {% data variables.product.prodname_vscode_shortname %}, or a supported JetBrains IDE, the {% data variables.product.prodname_copilot_short %} icon indicates when {% data variables.product.prodname_copilot_short %} has been disabled by a content exclusion.
-
-1. Open a file that you expect to be affected by your content exclusions.
-
- If a {% data variables.product.prodname_copilot_short %} content exclusion applies to this file, the {% data variables.product.prodname_copilot_short %} icon in the status bar has a diagonal line through it.
-
-1. Hover over this icon. A popup message tells you whether an organization or the parent repository disabled {% data variables.product.prodname_copilot_short %} for this file.
-
- 
-
-{% note %}
-
-**Note**: In {% data variables.product.prodname_vs %} and {% data variables.product.prodname_vscode_shortname %} you can display the log for the {% data variables.product.prodname_copilot_short %} extension to see details of content exclusions without having to hover over the {% data variables.product.prodname_copilot_short %} icon. For more information, see "[AUTOTITLE](/copilot/troubleshooting-github-copilot/viewing-logs-for-github-copilot-in-your-environment?tool=vscode)."
-
-{% endnote %}
-
-### Propagating content exclusion changes to your IDE
-
-If you are working in Neovim, content exclusions are fetched from {% data variables.product.prodname_dotcom %} each time you open a file. However, if you are working in {% data variables.product.prodname_vs %}, {% data variables.product.prodname_vscode_shortname %}, or a supported JetBrains IDE, you may have to wait up to 30 minutes to see the effect of a settings change. Alternatively, you can manually reload the content exclusion settings into your IDE.
-
-To reload content exclusions into {% data variables.product.prodname_vs %}, close and reopen the application.
-
-To reload content exclusions into {% data variables.product.prodname_vscode_shortname %}:
-
-1. Access the Command Palette. For example, by pressing Shift+Command+P (Mac) / Ctrl+Shift+P (Windows/Linux).
-1. Type: `reload`.
-1. Select **Developer: Reload Window**.
-
-To reload content exclusions into your JetBrains IDE, either close and reopen the application, or log out of {% data variables.product.prodname_dotcom %} and then log back in, as follows.
-
-1. Click the {% data variables.product.prodname_copilot_short %} icon in the status bar and select **Logout from {% data variables.product.prodname_dotcom %}**.
-1. The {% data variables.product.prodname_copilot_short %} icon in the status bar will now have a diagonal line through it. Click it and select **Login to {% data variables.product.prodname_dotcom %}**.
-1. The "Sign in to {% data variables.product.prodname_dotcom %}" message is displayed showing a device code. Click **Copy and Open**.
-1. On the "Device Activation" page, paste in the device code and click **Continue**.
-1. On the next page, click **Authorize {% data variables.product.prodname_copilot %} Plugin**.
-
-### Azure DevOps `REPOSITORY-REFERENCE` support
-
-Both the new (dev.azure.com) and old (visualstudio.com) formats for Azure DevOps are treated as equivalent in the `REPOSITORY-REFERENCE` syntax. You can use either host when specifying `REPOSITORY-REFERENCE`, and {% data variables.product.prodname_copilot_short %} will match them regardless of which host was used to clone the repository locally.
-
-## Further reading
-
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business)"
-* "[AUTOTITLE](/enterprise-cloud@latest/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot#github-copilot-content-exclusions-are-not-being-applied)"
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md
new file mode 100644
index 000000000000..8e7da918aebe
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md
@@ -0,0 +1,33 @@
+---
+title: Configuring your proxy server or firewall for Copilot
+intro: 'You should allow certain traffic through your firewall or proxy server for {% data variables.product.prodname_copilot_short %} to work as intended.'
+permissions: 'Proxy server maintainers or firewall maintainers'
+product: '{% data reusables.gated-features.copilot %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+shortTitle: Allow Copilot traffic
+---
+
+If your company employs security measures like a firewall or proxy server, you should add the following URLs, ports, and protocols to an allowlist to ensure {% data variables.product.prodname_copilot_short %} works as expected:
+
+| Domain and/or URL | Purpose |
+| :------------------------------------- | :--------------------------------- |
+| `https://github.com/login/*` | Authentication |
+| `https://api.github.com/user` | User Management |
+| `https://api.github.com/copilot_internal/*` | User Management |
+| `https://copilot-telemetry.githubusercontent.com/telemetry` | Telemetry |
+| `https://default.exp-tas.com/` | Telemetry |
+| `https://copilot-proxy.githubusercontent.com/` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://origin-tracker.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://*.githubcopilot.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+
+Depending on the security policies and editors your organization uses, you may need to allowlist additional domains and URLs. For more information on specific editors, see "[Further reading](#further-reading)."
+
+Every user of the proxy server or firewall also needs to configure their own environment to connect to {% data variables.product.prodname_copilot_short %}. See "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot)."
+
+## Further reading
+
+* [Network Connections in {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/docs/setup/network) in the {% data variables.product.prodname_vs %} documentation
+* [Install and use {% data variables.product.prodname_vs %} and Azure Services behind a firewall or proxy server](https://learn.microsoft.com/en-us/visualstudio/install/install-and-use-visual-studio-behind-a-firewall-or-proxy-server) in the Microsoft documentation
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot.md
new file mode 100644
index 000000000000..376e9e3a4c6f
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot.md
@@ -0,0 +1,166 @@
+---
+title: Creating a custom model for GitHub Copilot
+shortTitle: Create a custom model
+intro: "You can fine-tune {% data variables.product.prodname_copilot_short %} code completion by creating a custom model based on code in your organization's repositories."
+permissions: "Owners of organizations enrolled in the limited public beta."
+product: "The organization must belong to an enterprise with a {% data variables.product.prodname_copilot_enterprise_short %} subscription."
+versions:
+ feature: copilot-custom-models
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot
+---
+
+> [!NOTE] Custom models for {% data variables.product.prodname_copilot_enterprise %} is in limited public beta and is subject to change. During the limited public beta, there is no additional cost to {% data variables.product.prodname_copilot_enterprise_short %} customers enrolled on the beta for creating or using a custom model.
+
+## Prerequisite
+
+The code on which you want to train a custom model must be hosted in repositories owned by your organization on {% data variables.product.prodname_dotcom_the_website %}.
+
+## Limitations
+
+* For the limited public beta, an enterprise can deploy one custom model in a single organization.
+* Code completion suggestions based on the custom model are only available to managed users who get a {% data variables.product.prodname_copilot_enterprise_short %} subscription from the organization in which the custom model is deployed. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users)."
+* The custom model is not used for code suggested in responses by {% data variables.product.prodname_copilot_chat %}.
+
+## About {% data variables.product.prodname_copilot_short %} custom models
+
+By default {% data variables.product.prodname_copilot %} uses a large language model that has been trained on a large number of public code repositories, so that it can provide code completion for a wide range of programming languages in many different contexts. You can use this model as the basis for creating a custom large language model that you train specifically on your own code. This process is often known as fine-tuning.
+
+By creating a custom model you enable {% data variables.product.prodname_copilot %} to show you code completion suggestions that are:
+
+* Based on code in your own designated repositories.
+* Created for proprietary or less publicly represented programming languages.
+* Tailored according to your organization's coding style and guidelines.
+
+This provides:
+
+* **Personalization** - {% data variables.product.prodname_copilot_short %} has a detailed knowledge of your codebase, including available modules, functions, and internal libraries. A custom model may be particularly beneficial if your code is not typical of the wide range of code used to train the base model.
+* **Efficiency and quality** - {% data variables.product.prodname_copilot_short %} is better equipped to help you write code faster and with fewer errors.
+* **Privacy** - The custom model’s training process, hosting and inferencing are secure and private to your organization. Your data always remains yours, is never used to train another customer’s model, and your custom model is never shared.
+
+### About model creation
+
+Currently, in the limited public beta, only one organization in an enterprise is permitted to create a custom model.
+
+As an owner of the organization that's permitted to create a custom model, you can choose which of your organization's repositories to use to train the model. You can train the model on one, several, or all of the repositories in the organization. The model is trained on the content of the default branches of the selected repositories. Optionally, you can specify that only code written in certain programming languages should be used for training. The custom model will be used for generating code completion suggestions in all file types, irrespective of whether that type of file was used for training.
+
+You can also choose whether telemetry data (such as the prompts entered by users and the suggestions generated by {% data variables.product.prodname_copilot_short %}) should be used when training the model. For more information, see "[Telemetry data collection and usage for custom models](#telemetry-data-collection-and-usage-for-custom-models)," later in this article.
+
+Once initiated, custom model creation will take many hours to complete. You can check the progress of the training in your organization's settings. When model creation completes - or if it fails to complete - the person who initiated the model training will be notified by email.
+
+If model creation fails, {% data variables.product.prodname_copilot_short %} will continue to use the current model for generating code completion suggestions.
+
+### About model usage
+
+As soon as the custom model is successfully created, all managed users in your enterprise who get {% data variables.product.prodname_copilot_enterprise_short %} access from the organization in which the custom model is deployed will start to see {% data variables.product.prodname_copilot_short %} code completion suggestions that are generated using the custom model. The custom model will always be used for any code these users edit, irrespective of where the code resides. Users cannot choose which model is used to generate the code completion suggestions they see.
+
+## When you can benefit from a custom model
+
+The value of a custom model is most pronounced in environments with:
+
+* **Proprietary or less publicly represented programming languages**
+* **Internal libraries or custom frameworks**
+* **Custom standards and company-specific coding practices**
+
+However, even in standardized environments, fine-tuning offers an opportunity to align {% data variables.product.prodname_copilot_short %} code completion more closely with your organization’s established coding practices and standards.
+
+## Assess the effectiveness of a custom model
+
+While some coding environments are more likely to benefit from fine-tuning, there is no guaranteed correlation between specific behaviors in a codebase and the quality of the results you get from a custom model. It is advisable to assess the use and satisfaction levels of {% data variables.product.prodname_copilot %} code completion suggestions before and after the implementation of a custom model.
+
+* Use the {% data variables.product.prodname_dotcom %} API to assess the usage of {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/rest/copilot/copilot-usage?apiVersion=2022-11-28#get-a-summary-of-copilot-usage-for-an-enterprise-team)."
+* Survey developers to assess their level of satisfaction with {% data variables.product.prodname_copilot %} code completion suggestions.
+
+Comparing results from the API and developer survey, from before and after the implementation of a custom model, will give you an indication of the effectiveness of the custom model.
+
+## Creating a custom model
+
+You can use your organization settings to create a custom large language model.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Custom model**.
+1. On the "Custom models" page, click **Train a new custom model**.
+1. Under "Select repositories," choose either **Selected repositories** or **All repositories**.
+
+1. If you chose **Selected repositories**, select the repositories you want to use for training then click **Apply**.
+1. Optionally, if you want to train your model only on code written in certain programming languages, under "Specify languages," start typing the name of a language you want to include. Select the required language from the list that's displayed. Repeat the process for each language you want to include.
+1. To improve the performance of your model, select the checkbox labeled **Include data from prompts and suggestions**.
+
+ > [!NOTE]
+ > If the checkbox isn't available to select it indicates that the **Telemetry data collection** policy for custom models has been disabled in your organization's settings. For information on how to change policies for your organization, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization)."
+
+ By selecting this option you allow {% data variables.product.prodname_copilot_short %} to collect data for prompts that user submitted and the code completion suggestions that were generated. Once sufficient data has been collected, {% data variables.product.prodname_copilot_short %} will use this as part of the model training process, allowing it to produce a more effective model.
+
+ For more information, see "[Telemetry data collection and usage for custom models](#telemetry-data-collection-and-usage-for-custom-models)," later in this article.
+
+1. Click **Create new custom model**.
+
+## Checking the progress of model creation
+
+You can check in your organization settings for an indication of how model creation is progressing.
+
+1. Go to your organization's settings for {% data variables.product.prodname_copilot_short %} custom models. See "[Creating a custom model](#creating-a-custom-model)" above.
+1. The first time you train a model, the page that's displayed shows the training results.
+
+ If this is not the first training, the current and previous training attempts are listed. To see details of the current training process, click the first ellipsis button (**...**), then click **Training details**.
+
+## Reasons for training failure
+
+Model training may fail for a variety of reasons, including:
+
+* Not enough data or non-representative data. Lack of data provided for training, or too much replication in the data, may make the fine-tuning unstable.
+* Non-differentiated data. If the data is not sufficiently different from the public data on which the base model was trained, training may fail or the quality of code completion suggestions from the custom model may be only marginally improved.
+* A data preprocessing step may encounter unexpected files types and formats which causes it to fail. A solution may be to specify only certain file types for training.
+
+## Retraining or deleting the custom model
+
+As an organization owner, you can update or delete the custom model from your organization's settings page.
+
+Retraining the model updates it to include any new code that has been added to the repositories you selected for training. You can retrain the model once a week.
+
+1. Go to your organization's settings for {% data variables.product.prodname_copilot_short %} custom models. See "[Creating a custom model](#creating-a-custom-model)" above.
+1. On the model training page, click the first ellipsis button (**...**), then click either **Retrain model** or **Delete model**.
+
+If you retrain the model, {% data variables.product.prodname_copilot_short %} will continue to use the current model to generate code completion suggestions until the new model is ready. Once the new model is ready, it will be automatically be used for code completion suggestions for all managed users who get a {% data variables.product.prodname_copilot_enterprise_short %} subscription from the organization.
+
+If you delete the custom model, {% data variables.product.prodname_copilot_short %} will use the base model for generating code completion suggestions for all users who get a {% data variables.product.prodname_copilot_short %} subscription from the organization.
+
+## Telemetry data collection and usage for custom models
+
+When you create a custom model, you can choose to allow {% data variables.product.company_short %} to collect telemetry data for the purposes of training the model. This data is used to improve the quality of the code completion suggestions the model can generate.
+
+### What telemetry data is collected?
+
+* **Prompts**: This includes all the information sent to the {% data variables.product.prodname_copilot %} language model by the {% data variables.product.prodname_copilot_short %} extension, including context from your open files.
+* **Suggestions**: The code completion suggestions that {% data variables.product.prodname_copilot_short %} generates.
+* **Code snippet**: A snapshot of the code 30 seconds after a suggestion is accepted, capturing how the suggestion was integrated into the codebase. This helps determine whether the suggestion was accepted as is or modified by the user before final integration.
+
+### How is telemetry data used?
+
+Telemetry data is primarily used to fine-tune the {% data variables.product.prodname_copilot_short %} custom model to better understand and predict your organization’s coding patterns. Specifically, it helps:
+
+* **Enhance model accuracy**: By analyzing the collected telemetry, {% data variables.product.prodname_copilot_short %} refines your custom model to increase the relevance and accuracy of future coding suggestions.
+* **Monitor performance**: Telemetry data allows {% data variables.product.company_short %} to monitor how well custom models are performing compared to the base model, enabling ongoing improvements.
+* **Feedback loops**: The data helps {% data variables.product.company_short %} create feedback loops where the model learns from real-world usage, adapting to your specific coding environment over time.
+
+### Data storage and retention
+
+* **Data storage**: All telemetry data collected is stored in the {% data variables.product.prodname_copilot_short %} Data Store, a secure and restricted environment. The data is encrypted and isolated to prevent unauthorized access.
+* **Retention period**: Telemetry data is retained for a rolling 28-day period. After this period, the data is automatically deleted from {% data variables.product.company_short %}'s systems, ensuring that only recent and relevant data is used for model training and improvement.
+
+### Privacy and data security
+
+{% data variables.product.company_short %} is committed to ensuring that your organization’s data remains private and secure.
+
+* **Exclusive use**: The telemetry data collected from your organization is used exclusively for training your custom model and is never shared with other organizations or used to train other customers’ models.
+* **Data leakage prevention**: {% data variables.product.company_short %} implements strict data isolation protocols to prevent cross-contamination between different organizations’ data. This means that your proprietary code and information are protected from exposure to other organizations or individuals.
+
+### Important considerations
+
+* **Opt-in for telemetry**: Participation in telemetry data collection is optional and controlled via your organization’s admin policies. Telemetry data is only collected when explicitly enabled for training custom models.
+* **Potential risks**: Although {% data variables.product.company_short %} takes extensive measures to prevent data leakage, there are scenarios where sensitive data, such as internal links or names, could be included in the telemetry and subsequently used in training. We recommend reviewing and filtering the data you submit for training to minimize these risks.
+
+ For more details about our data-handling practices, see the [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center) or review {% data variables.product.company_short %}’s [data protection agreement](https://github.com/customer-terms/github-data-protection-agreement).
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/extending-the-capabilities-of-github-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/extending-the-capabilities-of-github-copilot-in-your-organization.md
new file mode 100644
index 000000000000..c3e670dfbc69
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/extending-the-capabilities-of-github-copilot-in-your-organization.md
@@ -0,0 +1,44 @@
+---
+title: Extending the capabilities of GitHub Copilot in your organization
+shortTitle: Install extensions
+intro: 'You can add additional functionality to {% data variables.product.prodname_copilot_short %} in your organization, by installing certain {% data variables.product.prodname_github_apps %} from {% data variables.product.prodname_marketplace %}.'
+product: 'Organization owners can install {% data variables.product.prodname_copilot_extensions %} for an organization.'
+versions:
+ feature: copilot-extensions
+topics:
+ - Copilot
+type: how_to
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/extending-the-capabilities-of-github-copilot-in-your-organization
+ - /copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/installing-github-copilot-extensions-for-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/installing-github-copilot-extensions-for-your-organization
+---
+
+{% data reusables.copilot.copilot-extensions.beta-note %}
+
+## About {% data variables.product.prodname_copilot_extensions %} for your organization
+
+{% data reusables.copilot.copilot-extensions.copilot-extensions-on-marketplace %}
+
+Before you install any {% data variables.product.prodname_copilot_extensions_short %} in your organization, you should set a usage policy for {% data variables.product.prodname_copilot_extensions_short %} at the {% ifversion ghec %}enterprise or {% endif %}organization level. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions)."
+
+Any organization owner can install {% data variables.product.prodname_copilot_extensions_short %} for their organization, but your organization must meet the following criteria to use an installed {% data variables.product.prodname_copilot_extension_short %}:
+
+* Your organization is enrolled in the limited public beta for {% data variables.product.prodname_copilot_extensions_short %}.
+* Your organization has an active {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription.
+
+> [!NOTE] Anyone can install a {% data variables.product.prodname_copilot_extension_short %} on their personal account. However, if they get access to {% data variables.product.prodname_copilot_short %} through a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, they will only be able to use the extension if it is installed at the organization level.
+
+## Installing {% data variables.product.prodname_copilot_extensions %} for your organization
+
+1. Open [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=apps&copilot_app=true).
+1. In the left sidebar, click {% octicon "copilot" aria-hidden="true" %} **{% data variables.product.prodname_copilot_short %}**.
+1. In the list of {% data variables.product.prodname_copilot_extensions_short %}, locate an app you'd like to install.
+1. To install the {% data variables.product.prodname_copilot_extension_short %} on an organization with a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, see "[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations)."
+
+## Next steps
+
+After installing a {% data variables.product.prodname_copilot_extension_short %} for your organization, developers in your organization can start using the extension. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions)."
+
+You can also manage the permissions of installed {% data variables.product.prodname_copilot_extensions_short %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#managing-permissions-for-a-github-copilot-extension-in-your-organization)."
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/index.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/index.md
new file mode 100644
index 000000000000..1f8ea0304815
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/index.md
@@ -0,0 +1,16 @@
+---
+title: Customizing Copilot for your organization
+shortTitle: Customize Copilot
+intro: 'Organization owners can customize {% data variables.product.prodname_copilot %} in their organization.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /extending-the-capabilities-of-github-copilot-in-your-organization
+ - /indexing-repositories-for-copilot-chat
+ - /managing-copilot-knowledge-bases
+ - /creating-a-custom-model-for-github-copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization
+---
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md
new file mode 100644
index 000000000000..bf3cc10b9e40
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md
@@ -0,0 +1,38 @@
+---
+title: Indexing repositories for Copilot Chat
+shortTitle: Index repositories
+intro: 'You can improve the responses {% data variables.product.prodname_copilot_chat %} is able to provide by indexing your repositories.'
+permissions: '{% data reusables.copilot.indexing-who-can-do-this %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/indexing-repositories-for-copilot-chat
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat
+---
+
+## About indexing repositories
+
+{% data variables.product.prodname_copilot %}'s ability to answer natural language questions, in the context of a {% data variables.product.prodname_dotcom %} repository, is improved when the repository has been indexed for semantic code search.
+
+Indexing repositories is not a requirement and will not affect responses to questions about information in knowledge bases, pull requests, issues, discussions, or commits. However, indexing can help {% data variables.product.prodname_copilot_chat_short %} answer questions that relate directly to the code within a repository.
+
+The indexing status of a repository is displayed on {% data variables.product.prodname_dotcom_the_website %} when you start a conversation that has a repository context. You can index the repository if it has not been indexed yet.
+
+After you index a repository it is automatically re-indexed every time a change is pushed to the repository.
+
+## Indexing a repository
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, browse to the repository you want to index.
+1. On any page, click the **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** icon in the upper-right corner.
+
+ If the repository has been indexed, this is shown near top of the {% data variables.product.prodname_copilot_short %} Chat panel.
+
+ 
+
+1. If the repository has not been indexed, an **Index REPOSITORY NAME** button is displayed. Click this button to start the indexing process.
+
+ 
+
+ Initial indexing can take up to 30 minutes for a large repository. Once a repository has been indexed for the first time, re-indexing is much quicker and the index will typically be automatically updated within 5 minutes of each push to the repository.
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-copilot-knowledge-bases.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md
similarity index 87%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-copilot-knowledge-bases.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md
index a6528bb5a257..dc722a38d8f4 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-copilot-knowledge-bases.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md
@@ -7,11 +7,14 @@ versions:
topics:
- Copilot
redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/managing-copilot-knowledge-bases
- /copilot/github-copilot-enterprise/copilot-docset-management/creating-private-docsets
- /copilot/github-copilot-enterprise/copilot-docset-management
- /copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases
- /copilot/github-copilot-chat/copilot-chat-in-github/managing-copilot-knowledge-bases
- /copilot/github-copilot-enterprise/managing-copilot-knowledge-bases
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-copilot-knowledge-bases
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-copilot-knowledge-bases
---
{% ifversion fpt %}
@@ -22,7 +25,7 @@ redirect_from:
## About knowledge bases
-Organization owners can create knowledge bases, bringing together Markdown documentation across one or more repositories. Organization members can then specify that knowledge base as the context for {% data variables.product.prodname_copilot_chat_dotcom_short %} and {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}.
+Organization owners can create knowledge bases, bringing together Markdown documentation across one or more repositories. Organization members can then specify that knowledge base as the context for {% data variables.product.prodname_copilot_chat_dotcom_short %}, {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}, and {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %}.
When you ask a question in {% data variables.product.prodname_copilot_chat %} with a knowledge base selected, {% data variables.product.prodname_copilot %} will search the knowledge base for relevant information and synthesize a response.
@@ -63,7 +66,7 @@ Knowledge bases you create will be accessible by all organization members with a
## Updating a knowledge base
-Organization owners can delete a knowledge base created in their organization.
+Organization owners can update a knowledge base created in their organization.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/index.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/index.md
index b79afdd3b273..8a5da15b3b71 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/index.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/index.md
@@ -1,7 +1,7 @@
---
title: Managing GitHub Copilot in your organization
shortTitle: Manage for organization
-intro: "Organization owners can grant and revoke access to {% data variables.product.prodname_copilot %}, manage {% data variables.product.prodname_copilot_short %} related policies and features, as well as reviewing audit logs and usage data."
+intro: 'Organization owners can subscribe to {% data variables.product.prodname_copilot_short %}, manage {% data variables.product.prodname_copilot_short %} for their organization, and control {% data variables.product.prodname_copilot_short %} policies.'
versions:
feature: copilot
redirect_from:
@@ -10,15 +10,10 @@ redirect_from:
topics:
- Copilot
children:
- - /subscribing-to-copilot-for-your-organization
- - /granting-access-to-copilot-for-members-of-your-organization
- - /managing-copilot-knowledge-bases
- - /managing-requests-for-copilot-access-in-your-organization
- - /revoking-access-to-copilot-for-members-of-your-organization
- - /reviewing-usage-data-for-github-copilot-in-your-organization
- - /managing-policies-and-features-for-copilot-in-your-organization
- - /configuring-content-exclusions-for-github-copilot
- - /reviewing-audit-logs-for-copilot-business
- - /canceling-copilot-for-your-organization
+ - /managing-the-copilot-subscription-for-your-organization
+ - /setting-policies-for-copilot-in-your-organization
+ - /configuring-your-proxy-server-or-firewall-for-copilot
+ - /managing-access-to-github-copilot-in-your-organization
+ - /customizing-copilot-for-your-organization
+ - /reviewing-activity-related-to-github-copilot-in-your-organization
---
-
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization.md
similarity index 89%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization.md
index 05d3599e0058..77fab3ecd09b 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization.md
@@ -11,6 +11,7 @@ redirect_from:
- /copilot/managing-copilot-for-business/managing-access-for-copilot-for-business-in-your-organization
- /copilot/managing-copilot-business/managing-access-for-copilot-business-in-your-organization
- /copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization
topics:
- Copilot
---
@@ -37,11 +38,9 @@ Billing for {% data variables.product.prodname_copilot %} starts when you grant
## Granting access to {% data variables.product.prodname_copilot %} for specific users in your organization
{% ifversion ghec %}
-{% note %}
-**Note:** You can automatically enable access for every member of a group in your identity provider (IdP) by synchronizing that group with a {% data variables.product.prodname_dotcom %} team, then giving that team access to {% data variables.product.prodname_copilot %}. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group)."
+> [!NOTE] You can automatically enable access for every member of a group in your identity provider (IdP) by synchronizing that group with a {% data variables.product.prodname_dotcom %} team, then giving that team access to {% data variables.product.prodname_copilot %}. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group)."
-{% endnote %}
{% endif %}
{% data reusables.profile.access_org %}
@@ -69,11 +68,7 @@ Billing for {% data variables.product.prodname_copilot %} starts when you grant
To add members in bulk, click **Choose CSV to upload**, and then upload a CSV file including either the username or email address for each member you want to add, separated by a comma. The file can contain a mixture of usernames and email addresses.
- {% warning %}
-
- **Warning:** When you upload a CSV file, unless you're using {% data variables.product.prodname_emus %}, {% data variables.product.prodname_copilot %} will search all users on {% data variables.product.prodname_dotcom_the_website %} for matches. If the CSV includes users who are not members of your organization, they will be invited to join your organization when you click **Continue to purchase** followed by **Purchase seats**. This warning does not apply to accounts using {% data variables.product.prodname_emus %}.
-
- {% endwarning %}
+ > [!WARNING] When you upload a CSV file, unless you're using {% data variables.product.prodname_emus %}, {% data variables.product.prodname_copilot %} will search all users on {% data variables.product.prodname_dotcom_the_website %} for matches. If the CSV includes users who are not members of your organization, they will be invited to join your organization when you click **Continue to purchase** followed by **Purchase seats**. This warning does not apply to accounts using {% data variables.product.prodname_emus %}.
Review the list of users generated from your CSV file. Clear the selection of any users you do not want to add.
@@ -86,6 +81,6 @@ You can use {% data variables.product.prodname_dotcom %}'s REST API to grant acc
## Further reading
* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center)
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization)"
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization)"
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization)"
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/index.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/index.md
new file mode 100644
index 000000000000..388564a4e7f6
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/index.md
@@ -0,0 +1,17 @@
+---
+title: Managing access to GitHub Copilot in your organization
+shortTitle: Manage access
+intro: 'Organization owners can grant and revoke {% data variables.product.prodname_copilot_short %} access for members of their organization.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /granting-access-to-copilot-for-members-of-your-organization
+ - /managing-requests-for-copilot-business-in-your-organization
+ - /revoking-access-to-copilot-for-members-of-your-organization
+ - /managing-github-copilot-access-to-your-organizations-network
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization
+---
+
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-github-copilot-access-to-your-organizations-network.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-github-copilot-access-to-your-organizations-network.md
new file mode 100644
index 000000000000..8f1bb4e12e2b
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-github-copilot-access-to-your-organizations-network.md
@@ -0,0 +1,13 @@
+---
+title: Managing GitHub Copilot access to your organization's network
+intro: 'Learn how to use subscription-based network routing to control {% data variables.product.prodname_copilot_short %} access to your network.'
+permissions: Organization owners
+product: '{% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+shortTitle: Manage network access
+---
+
+{% data reusables.copilot.sku-isolation %}
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-requests-for-copilot-business-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-requests-for-copilot-business-in-your-organization.md
new file mode 100644
index 000000000000..7efb99cb4176
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-requests-for-copilot-business-in-your-organization.md
@@ -0,0 +1,25 @@
+---
+title: Managing requests for Copilot Business in your organization
+shortTitle: Manage requests for access
+intro: 'Approve or deny requests for {% data variables.product.prodname_copilot_short %} access in your organization.'
+permissions: Organization owners
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-requests-for-copilot-access-in-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-requests-for-copilot-access-in-your-organization
+product: 'Organizations with a subscription to {% data variables.product.prodname_copilot_for_business %} and organizations owned by an enterprise with a subscription to {% data variables.product.prodname_copilot_for_business %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+---
+
+As an organization owner, you can manage requests for {% data variables.product.prodname_copilot_for_business %} from your organization's settings. Additionally, {% data variables.product.prodname_dotcom %} sends you a weekly email with a summary of all pending requests.
+
+If your organization is owned by an enterprise, before you can approve a request, you may need to request that the enterprise owners enable {% data variables.product.prodname_copilot_for_business %} for your organization by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get Copilot from an organization."
+
+{% data reusables.profile.access_org %}
+{% data reusables.organizations.org-list %}
+1. In the "Access" section of the sidebar, click {% octicon "bell" aria-label="The notifications bell" %} **Requests from members**.
+1. To accept the request and grant the member access to {% data variables.product.prodname_copilot_for_business %}, click **Buy {% data variables.product.prodname_copilot_business_short %}**.
+
+All requests for {% data variables.product.prodname_copilot_for_business %} are grouped together under "{% data variables.product.prodname_copilot_business_short %}."
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization.md
similarity index 91%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization.md
index d5c130845f9e..1bda7a076ae0 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization.md
@@ -9,6 +9,7 @@ topics:
- Copilot
redirect_from:
- /copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization
---
## How revoking access affects billing
@@ -45,4 +46,4 @@ You can use {% data variables.product.prodname_dotcom %}'s REST API to revoke ac
* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center)
* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization)"
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-requests-for-copilot-access-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-requests-for-copilot-access-in-your-organization.md
deleted file mode 100644
index 136f4bf9526a..000000000000
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-requests-for-copilot-access-in-your-organization.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-title: Managing requests for Copilot access in your organization
-shortTitle: Manage requests for access
-intro: 'Approve or deny requests for {% data variables.product.prodname_copilot_short %} access in your organization.'
-permissions: Organization owners
-product: '{% data variables.product.prodname_copilot_business_short %}'
-versions:
- feature: copilot
-topics:
- - Copilot
----
-
-As an owner of an organization, you can manage requests for {% data variables.product.prodname_copilot_for_business %} from your organization's settings. Additionally, {% data variables.product.prodname_dotcom %} sends you a weekly email with a summary of all pending requests.
-
-{% data reusables.profile.access_org %}
-{% data reusables.organizations.org-list %}
-1. In the "Access" section of the sidebar, click {% octicon "bell" aria-label="The notifications bell" %} **Requests from members**.
-1. To accept the request and grant the member access to {% data variables.product.prodname_copilot_for_business %}, click **Buy {% data variables.product.prodname_copilot_business_short %}**.
-
-All requests for {% data variables.product.prodname_copilot_for_business %} are grouped together under "{% data variables.product.prodname_copilot_business_short %}."
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md
new file mode 100644
index 000000000000..213869a1791b
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md
@@ -0,0 +1,57 @@
+---
+title: About billing for GitHub Copilot in your organization
+shortTitle: About billing
+intro: 'Learn about pricing and billing cycles for {% data variables.product.prodname_copilot_short %} in your organization.'
+permissions: 'Organization owners'
+product: '{% data variables.product.prodname_copilot_for_business %}'
+versions:
+ feature: copilot
+type: overview
+topics:
+ - Copilot
+---
+
+## About pricing for {% data variables.product.prodname_copilot_short %} in your organization
+
+Subscriptions to {% data variables.product.prodname_copilot_business_short %} are available on a monthly cycle. The subscriptions are billed at the end of each cycle, at {% data variables.copilot.cfb_price_per_month %} per user per month.
+
+## About the billing cycle for {% data variables.product.prodname_copilot_short %} in your organization
+
+Billed users are calculated at the end of each billing cycle, based on the number of {% data variables.product.prodname_copilot %} seats that are assigned. You can add or remove seats at any time during the billing cycle.
+
+* **Any seat assigned part way through the billing cycle** will be prorated based on the number of days remaining in the cycle.
+* **Any seat assignment removed during a billing cycle** will take effect from the beginning of the next cycle. The person will still be able to use {% data variables.product.prodname_copilot %} until the end of the cycle. If a user's access to the organization itself is removed, they will lose access immediately.
+
+If your organization belongs to an enterprise, your enterprise will be charged on whichever payment method you’ve set up for the organization account, such as a credit card or a Microsoft Azure subscription.
+
+{% ifversion billing-auth-and-capture %}
+
+{% data reusables.billing.authorization-charge %}
+
+{% endif %}
+
+> [!NOTE] {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
+
+### About seat assignment for {% data variables.product.prodname_copilot_short %} in your organization
+
+A {% data variables.product.prodname_copilot %} seat is a license to use {% data variables.product.prodname_copilot %}, which is granted to a unique user account through an organization's {% data variables.product.prodname_copilot_for_business %} subscription. Each month, the organization is charged for the number of assigned seats.
+
+Removing all assigned {% data variables.product.prodname_copilot %} seats in your organization will cancel your organization's {% data variables.product.prodname_copilot_short %} subscription.
+
+Seat assignment is managed by organization owners. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
+
+If you are a member of an organization with a {% data variables.product.prodname_copilot %} subscription, to use the subscription, you will need to be assigned a seat by an organization owner.
+
+{% data reusables.copilot.copilot-one-account %}
+
+### About billing through Azure
+
+When you connect an Azure subscription to your organization account and enable metered billing via Azure, metered usage will start to be sent to Azure. You will be billed through {% data variables.product.prodname_dotcom %} for usage from the start of the current billing cycle to when you enabled metered billing via Azure, on your next billing date. The period between the date you connected your Azure subscription and enabled metered billing via Azure, and the end of the calendar month will be charged in Azure on the first of the month. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)."
+
+> [!NOTE] Usage data is sent to Azure daily, but you are billed at the end of the month based on the number of seats used. This means that although you can track your daily spending (number of seats in this case), actual payments are processed monthly.
+
+## Further reading
+
+* "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)"
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization)"
+* "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-information-to-your-receipts)"
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/canceling-copilot-for-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/canceling-copilot-for-your-organization.md
similarity index 87%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/canceling-copilot-for-your-organization.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/canceling-copilot-for-your-organization.md
index 5913fb79b1ba..1a1954ebbb62 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/canceling-copilot-for-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/canceling-copilot-for-your-organization.md
@@ -1,6 +1,6 @@
---
title: Canceling Copilot for your organization
-shortTitle: Cancel subscription
+shortTitle: Cancel
intro: 'Removing all assigned {% data variables.product.prodname_copilot %} seats in your organization will cancel your organization''s {% data variables.product.prodname_copilot_short %} subscription.'
permissions: Organization owners
product: '{% data variables.product.prodname_copilot_business_short %}'
@@ -8,6 +8,8 @@ versions:
feature: copilot
topics:
- Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/canceling-copilot-for-your-organization
---
{% ifversion ghec %}
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/index.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/index.md
new file mode 100644
index 000000000000..77376fe6c64c
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/index.md
@@ -0,0 +1,13 @@
+---
+title: Managing the Copilot subscription for your organization
+shortTitle: Manage subscription
+intro: 'Organization owners can manage the {% data variables.product.prodname_copilot_short %} subscription for their organization.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /about-billing-for-github-copilot-in-your-organization
+ - /subscribing-to-copilot-for-your-organization
+ - /canceling-copilot-for-your-organization
+---
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/subscribing-to-copilot-for-your-organization.md
similarity index 71%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/subscribing-to-copilot-for-your-organization.md
index 6d9016d5ca29..fae125cfc9e7 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/subscribing-to-copilot-for-your-organization.md
@@ -1,6 +1,6 @@
---
title: Subscribing to Copilot for your organization
-shortTitle: Subscribe organization
+shortTitle: Subscribe
intro: 'Organization owners can set up a {% data variables.product.prodname_copilot_business_short %} subscription for their organization.'
permissions: Organization owners
versions:
@@ -10,7 +10,9 @@ topics:
redirect_from:
- /billing/managing-billing-for-github-copilot/managing-your-github-copilot-business-subscription
- /billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-organization-or-enterprise
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization
---
+
{% ifversion ghec %}
>[!NOTE]
> If your organization is part of an enterprise, you can gain {% data variables.product.prodname_copilot_short %} through your enterprise instead. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise)" and "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)."
@@ -20,6 +22,5 @@ redirect_from:
## Next steps
-* Configure policies for {% data variables.product.prodname_copilot_short %} in your organization. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization)."
-* Grant {% data variables.product.prodname_copilot_short %} access to some or all members of the organization. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)."
+* To finish setting up {% data variables.product.prodname_copilot_short %} for your organization, see "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-organization)."
* For billing information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#about-billing-for-github-copilot-business-and-github-copilot-enterprise)" and "[AUTOTITLE](/billing/managing-your-github-billing-settings)."
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/index.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/index.md
new file mode 100644
index 000000000000..80d45c51de75
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/index.md
@@ -0,0 +1,13 @@
+---
+title: Reviewing activity related to GitHub Copilot in your organization
+shortTitle: Review activity
+intro: 'Organization owners can review {% data variables.product.prodname_copilot_short %} usage in their organization.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /reviewing-user-activity-data-for-copilot-in-your-organization
+ - /reviewing-audit-logs-for-copilot-business
+ - /reviewing-changes-to-content-exclusions-for-github-copilot
+---
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business.md
similarity index 88%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business.md
index 40ace6e580b8..df9f380dcaa4 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business.md
@@ -7,6 +7,9 @@ redirect_from:
- /copilot/managing-copilot-business/reviewing-your-organization-or-enterprises-audit-logs-for-copilot-business
- /copilot/managing-github-copilot-in-your-organization/reviewing-your-organization-or-enterprises-audit-logs-for-copilot-business
- /copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization/reviewing-audit-logs-for-copilot-business
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business
versions:
feature: copilot
product: '{% data reusables.gated-features.copilot-audit-logs %}'
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md
new file mode 100644
index 000000000000..9d4e45228c23
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md
@@ -0,0 +1,46 @@
+---
+title: Reviewing changes to content exclusions for GitHub Copilot
+shortTitle: Content exclusion changes
+intro: You can monitor changes to content exclusions in your repositories and organizations.
+permissions: Organization owners
+product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot
+---
+
+{% data reusables.copilot.content-exclusions-availability-and-beta-note %}
+
+## Reviewing changes in your repository
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+
+1. In the "Code & automation" section of the side bar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**.
+{% data reusables.copilot.view-last-change-content-exclusions %}
+1. Click the time of the last change.
+
+ 
+
+ The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action in the repository.
+{% data reusables.copilot.more-details-content-exclusion-logs %}
+
+## Reviewing changes in your organization
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+
+1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Content exclusion**.
+{% data reusables.copilot.view-last-change-content-exclusions %}
+1. Click the time of the last change.
+
+ 
+
+ The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
+
+{% data reusables.copilot.more-details-content-exclusion-logs %}
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md
new file mode 100644
index 000000000000..5727d0b84ad2
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md
@@ -0,0 +1,79 @@
+---
+title: Reviewing user activity data for Copilot in your organization
+shortTitle: User activity data
+intro: 'Review {% data variables.product.prodname_copilot %} usage in your organization to make informed decisions about seat assignment.'
+permissions: Organization owners
+product: 'Organizations with a subscription to {% ifversion ghec %}{% data variables.product.prodname_copilot_enterprise_short %} or{% endif %} {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization
+ - /billing/managing-billing-for-github-copilot/viewing-your-github-copilot-usage
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization
+---
+
+## Reviewing user activity data for {% data variables.product.prodname_copilot_short %}
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.copilot.access-settings %}
+1. At the top of the page, under "{% data variables.product.prodname_copilot %}," you can see an overview of your organization's {% data variables.product.prodname_copilot %} usage. You can see the number seats assigned through your {% ifversion ghec %}{% data variables.product.prodname_copilot_enterprise_short %} or {% endif %}{% data variables.product.prodname_copilot_business_short %} subscription, and the estimated monthly cost.
+
+ {% ifversion ghec %}
+ 
+ {% else %}
+ 
+ {% endif %}
+
+1. For more detailed information, next to "Access management," click **Get report**.
+
+ {% data variables.product.prodname_dotcom %} generates a report for you, which you can download as a CSV file.
+
+1. Alternatively, under "Access management," you can use the **Sort** options to sort the list of users by when they last used {% data variables.product.prodname_copilot %}.
+
+## Using the API to retrieve assignment information
+
+You can use {% data variables.product.prodname_dotcom %}'s REST API to get details about the assignment of {% data variables.product.prodname_copilot %} seats in your organization. See "[Get Copilot seat information and settings for an organization](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#get-copilot-seat-information-and-settings-for-an-organization)," "[List all Copilot seat assignments for an organization](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#list-all-copilot-seat-assignments-for-an-organization)," and "[Get Copilot seat assignment details for a user](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#get-copilot-seat-assignment-details-for-a-user)."
+
+## Understanding the `last_activity_at` calculation
+
+> [!NOTE] This data is in public beta and subject to change.
+
+To align the `last_activity_at` data point with _actual usage_, the system returns the timestamp of a user's most recent interaction with Copilot functionality. These interactions are:
+
+* Receiving a code suggestion in an IDE
+* Chatting with Copilot Chat in an IDE
+{%- ifversion ghec %}
+* Creating or updating a knowledge base
+* Creating a pull request summary
+* Interacting with Copilot Chat on GitHub.com
+{%- endif %}
+* Interacting with Copilot on a mobile device
+* Interacting with Copilot Chat for CLI
+
+The `last_activity_at` date is consistent across the CSV generated via `Get Report` in Copilot Access settings as well as through {% data variables.product.prodname_dotcom %}'s REST API. The events which are tracked come from both client, and server-side telemetry. This allows the timestamp to be durable in the event that network conditions would impact client-telemetry.
+
+### Troubleshooting `last_activity_at` data
+
+Processing new telemetry events and updating a user's `last_activity_at` date can take up to 24 hours. Users must have telemetry enabled in their IDE for their usage to be reflected in `last_activity_at`.
+
+If you believe a user's `last_activity_at` date should be more recent than shown in the CSV or API report, please wait 24 hours and check again. If their recent Copilot usage is still not reflected in their `last_activity_at` date, have the user check that telemetry is enabled in their IDE settings.
+
+For more information about enabling telemetry in various IDEs, see:
+
+* "[Enable or disable usage data collection for Azure Data Studio](https://learn.microsoft.com/azure-data-studio/usage-data-collection)" in the Microsoft documentation
+* "[Data Sharing](https://www.jetbrains.com/help/idea/settings-usage-statistics.html)" in the JetBrains documentation
+* "[Telemetry](https://code.visualstudio.com/docs/getstarted/telemetry)" in the {% data variables.product.prodname_vscode_shortname %} documentation
+
+## Further reading
+
+{% ifversion ghec%}
+* "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise)"{% endif %}
+* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center)
+* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization)"
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization.md
deleted file mode 100644
index 4a485d3b4b3e..000000000000
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Reviewing usage data for GitHub Copilot in your organization
-shortTitle: Usage data
-intro: 'Review {% data variables.product.prodname_copilot %} usage in your organization to make informed decisions about seat assignment.'
-permissions: 'Organization owners for organizations with a subscription to {% ifversion ghec %}{% data variables.product.prodname_copilot_enterprise_short %} or{% endif %} {% data variables.product.prodname_copilot_business_short %}.'
-versions:
- feature: copilot
-topics:
- - Copilot
-redirect_from:
- - /copilot/managing-github-copilot-in-your-organization/reviewing-usage-data-for-github-copilot-in-your-organization
- - /billing/managing-billing-for-github-copilot/viewing-your-github-copilot-usage
----
-
-## Reviewing usage data for {% data variables.product.prodname_copilot %} in your organization
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-{% data reusables.copilot.access-settings %}
-1. At the top of the page, under "{% data variables.product.prodname_copilot %}," you can see an overview of your organization's {% data variables.product.prodname_copilot %} usage. You can see the number seats assigned through your {% ifversion ghec %}{% data variables.product.prodname_copilot_enterprise_short %} or {% endif %}{% data variables.product.prodname_copilot_business_short %} subscription, and the estimated monthly cost.
-
- {% ifversion ghec %}
- 
- {% else %}
- 
- {% endif %}
-
-1. For more detailed information, next to "Access management," click **Get report**.
-
- {% data variables.product.prodname_dotcom %} generates a report for you, which you can download as a CSV file.
-
-1. Alternatively, under "Access management," you can use the **Sort** options to sort the list of users by when they last used {% data variables.product.prodname_copilot %}.
-
-## Using the API to retrieve assignment information
-
-You can use {% data variables.product.prodname_dotcom %}'s REST API to get details about the assignment of {% data variables.product.prodname_copilot %} seats in your organization. See "[Get Copilot seat information and settings for an organization](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#get-copilot-seat-information-and-settings-for-an-organization)," "[List all Copilot seat assignments for an organization](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#list-all-copilot-seat-assignments-for-an-organization)," and "[Get Copilot seat assignment details for a user](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#get-copilot-seat-assignment-details-for-a-user)."
-
-## Further reading
-
-{% ifversion ghec%}
-* "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise)"{% endif %}
-* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center)
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
-* "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/revoking-access-to-copilot-for-members-of-your-organization)"
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md
new file mode 100644
index 000000000000..6c88bc291761
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md
@@ -0,0 +1,202 @@
+---
+title: Excluding content from GitHub Copilot
+shortTitle: Exclude content from Copilot
+intro: 'You can prevent {% data variables.product.prodname_copilot_short %} from accessing certain content.'
+permissions: '{% data reusables.copilot.content-exclusion-permissions %}'
+product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
+layout: inline
+versions:
+ feature: copilot
+redirect_from:
+ - /copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot
+ - /copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/about-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/testing-changes-to-content-exclusions-in-your-ide
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/configuring-content-exclusions-for-github-copilot
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/testing-changes-to-content-exclusions-in-your-ide
+topics:
+ - Copilot
+---
+
+## About content exclusions for {% data variables.product.prodname_copilot_short %}
+
+{% data reusables.copilot.content-exclusion-note %}
+
+You can use content exclusions to configure {% data variables.product.prodname_copilot_short %} to ignore certain files. When you exclude content from {% data variables.product.prodname_copilot_short %}:
+
+* Code completion will not be available in the affected files.
+* The content in affected files will not inform code completion suggestions in other files.
+* The content in affected files will not inform {% data variables.product.prodname_copilot_chat %}'s responses.
+
+{% data reusables.copilot.content-exclusions-scope %}
+
+### Availability of content exclusions
+
+| Tool | Code completion support | {% data variables.product.prodname_copilot_chat_short %} support |
+|--------|:--------:|:--------:|
+| {% data variables.product.prodname_vs %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% data variables.product.prodname_vscode %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| JetBrains IDEs | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Vim/Neovim | {% octicon "check" aria-label="Supported" %} | Not applicable |
+| Azure Data Studio | {% octicon "x" aria-label="Not supported" %} | Not applicable |
+| {% data variables.product.prodname_dotcom_the_website %} | Not applicable | {% octicon "x" aria-label="Not supported" %} |
+
+### Limitations of content exclusions
+
+{% data reusables.copilot.content-exclusion-limitations %}
+
+### Data sent to {% data variables.product.prodname_dotcom %}
+
+After you configure content exclusion, the client (for example, the {% data variables.product.prodname_copilot_short %} extension for {% data variables.product.prodname_vscode_shortname %}) sends the current repository URL to the {% data variables.product.prodname_dotcom %} server so that the server can return the correct policy to the client. These URLs are not logged anywhere.
+
+## Configuring content exclusions for your repository
+
+You can use your repository settings to specify content in your repository that {% data variables.product.prodname_copilot %} should ignore.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+
+1. In the "Code & automation" section of the side bar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**.
+
+ If your repository inherits any exclusions from {%ifversion fpt %}its parent organization{% else %} organizations in the same enterprise{% endif %}, you'll see {%ifversion ghec %}one or more{% else %} a{% endif %} gray box{%ifversion ghec %}es{% endif %} at the top of the page containing details of these exclusions. You cannot edit these settings.
+
+1. In the box following "Paths to exclude in this repository," enter the paths to files from which {% data variables.product.prodname_copilot_short %} should be excluded.
+
+ Use the format: `- "/PATH/TO/DIRECTORY/OR/FILE"`, with each path on a separate line. You can add comments by starting a line with `#`.
+
+ > [!TIP] {% data reusables.copilot.content-exclusion-fnmatch-tip %}
+
+### Example of paths specified in the repository settings
+
+```yaml annotate
+# Ignore the `/src/some-dir/kernel.rs` file in this repository.
+- "/src/some-dir/kernel.rs"
+
+# Ignore files called `secrets.json` anywhere in this repository.
+- "secrets.json"
+
+# Ignore all files whose names begin with `secret` anywhere in this repository.
+- "secret*"
+
+# Ignore files whose names end with `.cfg` anywhere in this repository.
+- "*.cfg"
+
+# Ignore all files in or below the `/scripts` directory of this repository.
+- "/scripts/**"
+```
+
+## Configuring content exclusions for your organization
+
+You can use your organization settings to specify files that {% data variables.product.prodname_copilot %} should ignore. The files can be within a Git repository or anywhere on the file system that is not under Git control.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+
+1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Content exclusion**.
+1. In the box following "Repositories and paths to exclude," enter the details of files from which {% data variables.product.prodname_copilot_short %} should be excluded.
+
+ To exclude files located anywhere (within a Git repository or elsewhere), enter `"*":` followed by the path to the file, or files, you want to exclude. If you want to specify multiple file path patterns, list each pattern on a separate line.
+
+ To exclude files in a Git repository from {% data variables.product.prodname_copilot_short %}, enter a reference to the repository on one line, followed by paths to locations within the repository, with each path on a separate line. Use the following format, replacing `REPOSITORY-REFERENCE` with a reference to the repository that contains the files you'd like to exclude:
+
+ ```yaml
+ REPOSITORY-REFERENCE:
+ - "/PATH/TO/DIRECTORY/OR/FILE"
+ - "/PATH/TO/DIRECTORY/OR/FILE"
+ - ...
+ ```
+
+ Repositories can be referenced using various protocols. You can use any of the following syntaxes for `REPOSITORY-REFERENCE` and {% data variables.product.prodname_copilot_short %} will match them regardless of how the repository was cloned locally:
+
+ ```text
+ http[s]://host.xz[:port]/path/to/repo.git/
+
+ git://host.xz[:port]/path/to/repo.git/
+
+ [user@]host.xz:path/to/repo.git/
+
+ ssh://[user@]host.xz[:port]/path/to/repo.git/
+ ```
+
+ The `user@` and `:port` parts of the `REPOSITORY-REFERENCE` are ignored in the calculation of which paths to ignore for a repository.
+
+ For Azure DevOps, you can use the new (dev.azure.com) or old (visualstudio.com) host format when specifying `REPOSITORY-REFERENCE`, and {% data variables.product.prodname_copilot_short %} will match them regardless of which host was used to clone the repository locally.
+
+ > [!TIP] {% data reusables.copilot.content-exclusion-fnmatch-tip %}
+
+### Example of repositories and paths in organization settings
+
+```yaml annotate
+# Ignore all `.env` files from all file system roots (Git and non-Git).
+# For example, this excludes `REPOSITORY-PATH/.env` and also `/.env`.
+# This could also have been written on a single line as:
+#
+# "*": ["**/.env"]
+"*":
+ - "**/.env"
+
+# In the `octo-repo` repository in this organization:
+octo-repo:
+ # Ignore the `/src/some-dir/kernel.rs` file.
+ - "/src/some-dir/kernel.rs"
+
+# In the `primer/react` repository on {% data variables.product.prodname_dotcom %}:
+https://github.com/primer/react.git:
+ # Ignore files called `secrets.json` anywhere in this repository.
+ - "secrets.json"
+ # Ignore files called `temp.rb` in or below the `/src` directory.
+ - "/src/**/temp.rb"
+
+# In the `copilot` repository of any {% data variables.product.prodname_dotcom %} organization:
+git@github.com:*/copilot:
+ # Ignore any files in or below the `/__tests__` directory.
+ - "/__tests__/**"
+ # Ignore any files in the `/scripts` directory.
+ - "/scripts/*"
+
+# In the `gitlab-org/gitlab-runner` repository on GitLab:
+git@gitlab.com:gitlab-org/gitlab-runner.git:
+ # Ignore the `/main_test.go` file.
+ - "/main_test.go"
+ # Ignore any files with names beginning with `server` or `session` anywhere in this repository.
+ - "{server,session}*"
+ # Ignore any files with names ending with `.md` or `.mk` anywhere in this repository.
+ - "*.m[dk]"
+ # Ignore files directly within directories such as `packages` or `packaged` anywhere in this repository.
+ - "**/package?/*"
+ # Ignore files in or below any `security` directories, anywhere in this repository.
+ - "**/security/**"
+```
+
+## Testing changes to content exclusions
+
+You can use your IDE to confirm that your changes to content exclusions are working as expected.
+
+### Propagate content exclusion changes to your IDE
+
+After you add or change content exclusions, it can take up to 30 minutes to take effect in IDEs where the settings are already loaded. If you don't want to wait, you can manually reload the content exclusion settings using the following instructions.
+
+* **For JetBrains IDEs and {% data variables.product.prodname_vs %}**, reload the content exclusion settings by closing and reopening the application.
+* **For {% data variables.product.prodname_vscode %}**, use the following steps to reload the content exclusion settings:
+ 1. Access the Command Palette. For example, by pressing Shift+Command+P (Mac) / Ctrl+Shift+P (Windows/Linux).
+ 1. Type: `reload`.
+ 1. Select **Developer: Reload Window**.
+* **For Vim/Neovim**, content exclusions are automatically fetched from {% data variables.product.prodname_dotcom %} each time you open a file.
+
+### Test your content exclusions
+
+There are a few different ways to test your content exclusions, depending on which IDE you're using.
+
+1. Open a file that you expect to be affected by your content exclusions.
+1. Use one or more of the following techniques to test if content is being excluded:
+ * **In JetBrains IDEs, {% data variables.product.prodname_vs %}, and {% data variables.product.prodname_vscode %}**, check the {% data variables.product.prodname_copilot_short %} icon in the status bar. If a {% data variables.product.prodname_copilot_short %} content exclusion applies to the file, the {% data variables.product.prodname_copilot_short %} icon will have a diagonal line through it. Hover over the icon to see whether an organization or the parent repository disabled {% data variables.product.prodname_copilot_short %} for the file.
+ * **In JetBrains IDEs, {% data variables.product.prodname_vs %} and {% data variables.product.prodname_vscode %}**, you can also test content exclusions in {% data variables.product.prodname_copilot_chat_short %}. Open the {% data variables.product.prodname_copilot_chat_short %} window, and ask {% data variables.product.prodname_copilot_chat_short %} a question about the excluded file. If your content is excluded successfully, {% data variables.product.prodname_copilot_short %} will be unable to answer your question, and will explain that some files were excluded from the conversation due to content exclusion rules.
+ * **In Vim/Neovim**, begin typing in the file. If {% data variables.product.prodname_copilot %} no longer provides inline suggestions as you type, the file is excluded.
+
+## Further reading
+
+* "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot)"
+* [Configuring content exclusion for {% data variables.product.prodname_vs %} in the Microsoft Learn documentation](https://learn.microsoft.com/en-us/visualstudio/ide/visual-studio-github-copilot-admin?view=vs-2022#configure-content-exclusion)
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/index.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/index.md
new file mode 100644
index 000000000000..e5d01f518b5d
--- /dev/null
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/index.md
@@ -0,0 +1,15 @@
+---
+title: Setting policies for Copilot in your organization
+shortTitle: Set policies
+intro: 'Organization owners can set policies for {% data variables.product.prodname_copilot %} in their organization.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /managing-policies-for-copilot-in-your-organization
+ - /excluding-content-from-github-copilot
+redirect_from:
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization
+---
+
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md
similarity index 54%
rename from content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization.md
rename to content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md
index 36ff82d733f7..480e5eeecfa1 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md
@@ -1,5 +1,5 @@
---
-title: Managing policies and features for Copilot in your organization
+title: Managing policies for Copilot in your organization
intro: 'Learn how to manage policies for {% data variables.product.prodname_copilot %} in your organization.'
permissions: Organization owners
product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
@@ -10,6 +10,10 @@ redirect_from:
- /copilot/managing-copilot-for-business/managing-policies-for-copilot-for-business-in-your-organization
- /copilot/managing-copilot-business/managing-policies-for-copilot-business-in-your-organization
- /copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization
+ - /copilot/github-copilot-chat/copilot-chat-in-github-mobile/enabling-github-copilot-chat-for-github-mobile
+ - /copilot/github-copilot-chat/github-copilot-extensions/managing-github-copilot-extensions
+ - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization
topics:
- Copilot
shortTitle: Managing policies
@@ -55,12 +59,42 @@ If an organization member is assigned a seat by multiple organizations with diff
1. If your organization has a {% data variables.product.prodname_copilot_enterprise_short %} subscription and you enable {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}, two additional options are displayed. Depending on your enterprise settings, you may be able to change the settings for these options.
- {% data reusables.copilot.policies-for-dotcom %}
+ {% data reusables.copilot.policies-for-dotcom %}
{% endif %}
+## Setting a policy for {% data variables.product.prodname_copilot_extensions %} in your organization
+
+{% data reusables.copilot.copilot-extensions.beta-note %}
+
+{% data variables.product.prodname_copilot_extensions %} integrate external tools with {% data variables.product.prodname_copilot_chat %}. See "[AUTOTITLE](/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat)."
+
+Before you install {% data variables.product.prodname_copilot_extensions_short %} in your organization, you should set a usage policy for your organization. Setting a usage policy allows you to enable or disable {% data variables.product.prodname_copilot_extensions_short %} for all members of your organization, limiting your security risk.
+
+{% ifversion ghec %}
+If {% data variables.product.prodname_copilot_extensions_short %} have not been enabled or disabled at the enterprise level, you can set a {% data variables.product.prodname_copilot_extensions_short %} policy for your organization.
+{% endif %}
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.copilot.policy-settings %}
+1. In the "{% data variables.product.prodname_copilot_extensions_short %}" section, select the dropdown menu, then enable or disable {% data variables.product.prodname_copilot_extensions_short %} for your organization.
+
+### Managing permissions for a {% data variables.product.prodname_copilot_extension %} in your organization
+
+After you have installed a {% data variables.product.prodname_copilot_extension_short %} in your organization, you can view the permissions the extension has in your organization, and why those permissions are necessary. If you do not want the {% data variables.product.prodname_copilot_extension_short %} to have the listed permissions, you can suspend or uninstall the extension.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.apps.access-org-app-settings %}
+1. Optionally, to filter your installed {% data variables.product.prodname_github_apps %} for {% data variables.product.prodname_copilot_extensions_short %}, select the **Filter:** dropdown menu, then click **{% data variables.product.prodname_copilot_extensions_short %}**.
+1. Next to the {% data variables.product.prodname_copilot_extension_short %} you want to review or modify, click **Configure**.
+1. In the "Permissions" section, review the permissions listed for the {% data variables.product.prodname_copilot_extension_short %}. Optionally, you can block the {% data variables.product.prodname_copilot_extension_short %}'s access to your organization in one of two ways:
+ * To indefinitely suspend the {% data variables.product.prodname_copilot_extension_short %}'s access to resources in your organization while keeping the extension installed, in the "Danger zone" section, click **Suspend**.
+ * To uninstall a {% data variables.product.prodname_copilot_extension_short %} completely, in the "Danger zone" section, click **Uninstall**.
+
## Further reading
* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center)
* "[AUTOTITLE](/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions)"{% ifversion ghec %}
-* "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)"{% endif %}
+* "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise)"{% endif %}
diff --git a/content/copilot/quickstart.md b/content/copilot/quickstart.md
index 887df3c59cfa..4469b0b99bb3 100644
--- a/content/copilot/quickstart.md
+++ b/content/copilot/quickstart.md
@@ -14,7 +14,7 @@ topics:
{% ifversion ghec %}
{% webui %}
-You can use {% data variables.product.prodname_copilot_chat_dotcom %} to get answers to coding-related questions, such as how best to code something, how to fix a bug, or how someone else's code works. For full details of what {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot)."
+You can use {% data variables.product.prodname_copilot_chat_dotcom %} to get answers to coding-related questions, such as how best to code something, how to fix a bug, or how someone else's code works. For full details of what {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)."
Instructions for using {% data variables.product.prodname_copilot_short %} differ depending on whether you are in an editor or on {% data variables.product.prodname_dotcom_the_website %}. This version of the quickstart is for {% data variables.product.prodname_dotcom_the_website %}. Click the tabs above for instructions on using {% data variables.product.prodname_copilot_short %} in an editor.
diff --git a/content/copilot/responsible-use-of-github-copilot-features/index.md b/content/copilot/responsible-use-of-github-copilot-features/index.md
new file mode 100644
index 000000000000..3b10423b028e
--- /dev/null
+++ b/content/copilot/responsible-use-of-github-copilot-features/index.md
@@ -0,0 +1,16 @@
+---
+title: Responsible use of GitHub Copilot features
+shortTitle: Responsible use
+intro: 'Learn how to use {% data variables.product.prodname_copilot %} features responsibly by understanding their purposes, capabilities, and limitations.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /responsible-use-of-github-copilot-chat-in-your-ide
+ - /responsible-use-of-github-copilot-chat-in-githubcom
+ - /responsible-use-of-github-copilot-chat-in-github-mobile
+ - /responsible-use-of-github-copilot-in-the-cli
+ - /responsible-use-of-github-copilot-pull-request-summaries
+ - /responsible-use-of-github-copilot-text-completion
+---
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/about-github-copilot-chat-in-github-mobile.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github-mobile.md
similarity index 78%
rename from content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/about-github-copilot-chat-in-github-mobile.md
rename to content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github-mobile.md
index 3a91c22c6b44..df2956793d23 100644
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/about-github-copilot-chat-in-github-mobile.md
+++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github-mobile.md
@@ -1,21 +1,22 @@
---
-title: About GitHub Copilot Chat in GitHub Mobile
-intro: '{% data variables.product.prodname_copilot_chat %} can help you by providing answers to coding related questions directly within {% data variables.product.prodname_mobile %}.'
+title: Responsible use of GitHub Copilot Chat in GitHub Mobile
+shortTitle: Chat in GitHub Mobile
+intro: 'Learn how to use {% data variables.product.prodname_copilot_chat %} responsibly by understanding its purposes, capabilities, and limitations.'
redirect_from:
- /early-access/copilot/about-github-copilot-chat-in-github-mobile
- /copilot/github-copilot-chat/about-github-copilot-chat-in-github-mobile
+ - /copilot/github-copilot-chat/copilot-chat-in-github-mobile/about-github-copilot-chat-in-github-mobile
versions:
feature: copilot-chat-for-mobile
topics:
- Copilot
- Mobile
-shortTitle: About Copilot Chat
type: rai
---
## About {% data variables.product.prodname_copilot_mobile %}
-{% data variables.product.prodname_copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. In addition to {% data variables.product.prodname_mobile %}, {% data variables.product.prodname_copilot_chat_short %} is currently supported in {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and the JetBrains suite of IDEs. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)," "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)," and "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)."
+{% data variables.product.prodname_copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. In addition to {% data variables.product.prodname_mobile %}, {% data variables.product.prodname_copilot_chat_short %} is currently supported in {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and the JetBrains suite of IDEs. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)."
{% data variables.product.prodname_copilot_chat %} can answer a wide range of coding-related questions on topics including syntax, programming concepts, test cases, debugging, and more. {% data variables.product.prodname_copilot_chat %} is not designed to answer non-coding questions or provide general information on topics outside of coding.
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github/about-github-copilot-chat-in-githubcom.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-githubcom.md
similarity index 94%
rename from content/copilot/github-copilot-chat/copilot-chat-in-github/about-github-copilot-chat-in-githubcom.md
rename to content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-githubcom.md
index a2586b1ee1f6..ac8e0516bb44 100644
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github/about-github-copilot-chat-in-githubcom.md
+++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-githubcom.md
@@ -1,10 +1,10 @@
---
-title: About GitHub Copilot Chat in GitHub.com
-shortTitle: About Copilot Chat
-intro: '{% data variables.product.prodname_copilot_chat_dotcom %} can help you by providing answers to coding related questions directly within {% data variables.product.prodname_dotcom_the_website %}.'
+title: Responsible use of GitHub Copilot Chat in GitHub.com
+shortTitle: Chat in GitHub.com
+intro: 'Learn how to use {% data variables.product.prodname_copilot_chat_dotcom %} responsibly by understanding its purposes, capabilities, and limitations.'
product: 'Owners of organizations {% ifversion ghec %}or enterprises {% endif %}with a {% data variables.product.prodname_copilot_enterprise %} subscription can decide whether to grant access to the {% data variables.product.prodname_copilot_enterprise_short %} functionality for an organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)."'
versions:
- feature: 'copilot-on-dotcom'
+ feature: copilot-on-dotcom
fpt: '*'
topics:
- Copilot
@@ -13,6 +13,7 @@ redirect_from:
- /copilot/github-copilot-enterprise/copilot-chat-in-github/about-github-copilot-chat
- /copilot/github-copilot-enterprise/copilot-docset-management/about-copilot-docset-management
- /copilot/github-copilot-enterprise/copilot-chat-in-github/about-github-copilot-chat-in-githubcom
+ - /copilot/github-copilot-chat/copilot-chat-in-github/about-github-copilot-chat-in-githubcom
---
{% ifversion fpt %}
@@ -27,11 +28,7 @@ redirect_from:
The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums.
-{% note %}
-
-**Note**: {% data variables.product.prodname_copilot_chat_short %} is also available in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and the JetBrains suite of IDEs. However, features available in these IDEs differ from features available on {% data variables.product.prodname_dotcom_the_website %}.
-
-{% endnote %}
+> [!NOTE] {% data variables.product.prodname_copilot_chat_short %} is also available in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and the JetBrains suite of IDEs. However, features available in these IDEs differ from features available on {% data variables.product.prodname_dotcom_the_website %}.
{% data variables.product.prodname_copilot_chat %} can answer a wide range of coding-related questions on topics including syntax, programming concepts, test cases, debugging, and more. {% data variables.product.prodname_copilot_chat %} is not designed to answer non-coding questions or provide general information on topics outside of coding.
@@ -91,9 +88,9 @@ By generating explanations and suggesting related documentation, {% data variabl
However, it's important to note that {% data variables.product.prodname_copilot_chat_short %}'s answers and summaries may not always be accurate or complete, so you'll need to review {% data variables.product.prodname_copilot_chat_short %}'s output for accuracy.
-### Finding out about releases and commits
+### Finding out about releases, discussions, and commits
-{% data variables.product.prodname_copilot_chat_short %} can help you find out what changed in a specific release and it can explain the changes in a specific commit. This can be useful if, for example, you are new to a project, or you need to work on code that someone else wrote. However, it's important to note that {% data variables.product.prodname_copilot_chat_short %}'s summaries of releases and commits may not always be accurate or complete.
+{% data variables.product.prodname_copilot_chat_short %} can help you find out what changed in a specific release, it can summarize the information in a discussion on {% data variables.product.prodname_dotcom_the_website %}, and it can explain the changes in a specific commit. This can be useful if, for example, you are new to a project, you want to quickly get the gist of a discussion, or you need to work on code that someone else wrote. However, it's important to note that {% data variables.product.prodname_copilot_chat_short %}'s summaries of releases, discussions, and commits may not always be accurate or complete.
## Improving performance for {% data variables.product.prodname_copilot_chat_short %}
@@ -151,7 +148,7 @@ One of the limitations of {% data variables.product.prodname_copilot_chat_short
### Leveraging a web search to answer a question
-Depending on the question you ask, {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_dotcom_the_website %} can optionally use a Bing search to help answer your question. {% data variables.product.prodname_copilot_short %} will use Bing for queries about recent events, new trends or technologies, highly specific subjects, or when a web search is explicitly requested by the user. Your {% data variables.product.prodname_enterprise %} administrator can enable Bing for your whole enterprise, or can delegate this decision to the organizational administrator. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-features-on-githubcom)."
+Depending on the question you ask, {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_dotcom_the_website %} can optionally use a Bing search to help answer your question. {% data variables.product.prodname_copilot_short %} will use Bing for queries about recent events, new trends or technologies, highly specific subjects, or when a web search is explicitly requested by the user. Your {% data variables.product.prodname_enterprise %} administrator can enable Bing for your whole enterprise, or can delegate this decision to the organizational administrator. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)."
When leveraging Bing, {% data variables.product.prodname_copilot_short %} will use the content of your prompt, as well as additional available context, to generate a Bing search query on your behalf that is sent to the Bing Search API. {% data variables.product.prodname_copilot_short %} will provide a link to the search results with its response. The search query sent to Bing is governed by [Microsoft's Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement).
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide.md
similarity index 93%
rename from content/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide.md
rename to content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide.md
index a66000d65fe3..3dd0c483518d 100644
--- a/content/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide.md
+++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide.md
@@ -1,16 +1,17 @@
---
-title: About GitHub Copilot Chat in your IDE
-intro: '{% data variables.product.prodname_copilot_chat %} can help you by providing answers to coding related questions {% ifversion ghec %}on {% data variables.product.prodname_dotcom_the_website %} or{% endif %} directly within a supported IDE.'
+title: Responsible use of GitHub Copilot Chat in your IDE
+shortTitle: Chat in your IDE
+intro: 'Learn how to use {% data variables.product.prodname_copilot_chat %} responsibly by understanding its purposes, capabilities, and limitations.'
redirect_from:
- /early-access/copilot/github-copilot-chat-transparency-note
- /early-access/copilot/github-copilot-chat-technical-preview-license-terms
- /copilot/github-copilot-chat/about-github-copilot-chat
+ - /copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide
product: '{% data reusables.gated-features.copilot-chat-callout %}'
versions:
feature: copilot
topics:
- Copilot
-shortTitle: About Copilot Chat
type: rai
---
diff --git a/content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-the-cli.md
similarity index 96%
rename from content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md
rename to content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-the-cli.md
index 86a5a0f71f6a..9715d2b29647 100644
--- a/content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md
+++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-the-cli.md
@@ -1,14 +1,16 @@
---
-title: About GitHub Copilot in the CLI
-intro: "{% data variables.product.prodname_copilot_cli %} can help you by providing either command suggestions or explanations of given commands."
-product: "{% data reusables.gated-features.copilot-in-cli %}"
+title: Responsible use of GitHub Copilot in the CLI
+shortTitle: Copilot in the CLI
+intro: 'Learn how to use {% data variables.product.prodname_copilot_cli %} responsibly by understanding its purposes, capabilities, and limitations.'
+product: '{% data reusables.gated-features.copilot-in-cli %}'
versions:
feature: copilot-in-the-cli
type: rai
topics:
- Copilot
- CLI
-shortTitle: About Copilot in the CLI
+redirect_from:
+ - /copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli
---
## About {% data variables.product.prodname_copilot_cli %}
diff --git a/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-pull-request-summaries.md
similarity index 93%
rename from content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md
rename to content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-pull-request-summaries.md
index 5fdd8defcac6..36b4db122784 100644
--- a/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md
+++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-pull-request-summaries.md
@@ -1,13 +1,15 @@
---
-title: About Copilot pull request summaries
-shortTitle: About PR summaries
-intro: 'With {% data variables.product.prodname_copilot_for_prs %}, you can create an AI-generated description for a pull request.'
+title: Responsible use of GitHub Copilot pull request summaries
+shortTitle: Pull request summaries
+intro: 'Learn how to use {% data variables.product.prodname_copilot_for_prs %} responsibly by understanding its purposes, capabilities, and limitations.'
versions:
feature: copilot
-permissions: 'Members of an enterprise with a subscription to [{% data variables.product.prodname_copilot_enterprise %}](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)'
+permissions: 'Members of an enterprise with a subscription to {% data variables.product.prodname_copilot_enterprise %}'
topics:
- Copilot
type: rai
+redirect_from:
+ - /copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries
---
{% ifversion fpt %}
diff --git a/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-text-completion.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-text-completion.md
new file mode 100644
index 000000000000..0d7799d15154
--- /dev/null
+++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-text-completion.md
@@ -0,0 +1,59 @@
+---
+title: Responsible use of GitHub Copilot text completion
+shortTitle: Copilot text completion
+intro: 'Learn how to use {% data variables.product.prodname_copilot_autocomplete_pr %} responsibly by understanding its purposes, capabilities, and limitations.'
+versions:
+ feature: copilot
+permissions: 'Members of an enterprise with a subscription to {% data variables.product.prodname_copilot_enterprise %}'
+topics:
+ - Copilot
+type: rai
+---
+
+{% ifversion fpt %}
+
+{% data reusables.rai.copilot.enterprise-fpt-link %}
+
+{% endif %}
+
+## About {% data variables.product.prodname_copilot_autocomplete_pr %}
+
+{% data variables.product.prodname_copilot_autocomplete_pr %} is an AI-powered feature that allows users to more easily write pull request descriptions by suggesting text as you type.
+
+When you pause briefly while typing a summary, {% data variables.product.prodname_copilot_short %} scans through the pull request and provides suggested prose, attempting to finish your thought.
+
+The only supported language for {% data variables.product.prodname_copilot_autocomplete_pr %} is English.
+
+{% data variables.product.prodname_copilot_autocomplete_pr %} uses a simple-prompt flow leveraging the {% data variables.product.prodname_copilot_short %} API, utilizing the generic large language model, with no additional trained models.
+
+When you pause during typing the pull request description, a call is generated to the {% data variables.product.prodname_copilot_short %} API to generate suggested text to insert into the description at the current cursor position. The text complete request includes information from the pull request, including the pull request title, any text already in the description, the pull request commit titles, partial raw diffs, and recently viewed pull request and issue titles in a prompt that requests {% data variables.product.prodname_copilot_short %} to generate a suggestion for the next words you are likely to type. The response is then displayed as grayed out text following the cursor. You can accept the suggested text by pressing the tab key, or reject the suggestion by simply continuing to type, or moving the cursor focus out of the description field.
+
+## Use case for pull request text complete
+
+The goal of {% data variables.product.prodname_copilot_autocomplete_pr %} is to help the pull request author to quickly provide context to the human reviewers of the pull request. When reviewing a pull request it is valuable to understand context such as why changes are being requested and how the pull request makes those changes. It may help increase developer productivity by reducing the time taken to open a pull request.
+
+## Improving the performance of pull request text complete
+
+The feature is intended to supplement rather than replace a human's work adding context to pull requests. The quality of the text complete suggestions will depend on the quality of the title, the commit messages, and the text already added to the description. We encourage you to continue adding useful context and let {% data variables.product.prodname_copilot_short %} suggest as you go. It remains your responsibility to review and assess the accuracy of information in the pull requests you create.
+
+## Limitations of pull request text complete
+
+Currently, our team is aware that there are limitations to this feature. Many of them are expected in leveraging our {% data variables.product.prodname_copilot_short %} API; however, there are a few that are specific to {% data variables.product.prodname_copilot_autocomplete_pr %} which pertain to limited scope for very large pull requests, and potentially inaccurate responses. We also note that users should expect terms used in their pull request to appear in the AI-generated suggestions.
+
+This feature has been subject to RAI Red Teaming and we will continue to monitor the efficacy and safety of the feature over time. For more information, see "[Microsoft AI Red Team building future of safer AI](https://www.microsoft.com/en-us/security/blog/2023/08/07/microsoft-ai-red-team-building-future-of-safer-ai/)" on the Microsoft security blog.
+
+### Limited scope
+
+It is possible for very large pull requests, that some of the pull request content that the {% data variables.product.prodname_copilot_short %} API relies upon for automatically suggesting text will not fit into the API call, and so for very large pull requests, some of the suggestions you might expect may not occur.
+
+### Inaccurate responses
+
+The more inputs and context that {% data variables.product.prodname_copilot_short %} has to work from, the better the text complete suggestions will be. However, since the feature is quite new, it will take time to reach exact precision with the text complete suggestions that are generated. In the meantime, there may be cases where a generated text complete is less accurate and requires the user to make modifications before saving and publishing their pull request with this description. In addition, there is a risk of "hallucination," where {% data variables.product.prodname_copilot_short %} generates statements that are inaccurate. For these reasons, reviewing is a requirement, and careful review of the output is highly recommended.
+
+### Replication of pull request content
+
+Because a text complete suggestion is drawn from changes that were made in a pull request, if harmful or offensive terms are within the content of the pull request, there is potential for the suggestion to also include those terms.
+
+## Further reading
+
+* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)
diff --git a/content/copilot/setting-up-github-copilot/index.md b/content/copilot/setting-up-github-copilot/index.md
new file mode 100644
index 000000000000..27d88d13abc6
--- /dev/null
+++ b/content/copilot/setting-up-github-copilot/index.md
@@ -0,0 +1,13 @@
+---
+title: Setting up GitHub Copilot
+shortTitle: Set up
+intro: "Learn how to set up {% data variables.product.prodname_copilot %}."
+topics:
+ - Copilot
+versions:
+ feature: copilot
+children:
+ - /setting-up-github-copilot-for-your-enterprise
+ - /setting-up-github-copilot-for-your-organization
+ - /setting-up-github-copilot-for-yourself
+---
diff --git a/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise.md b/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise.md
new file mode 100644
index 000000000000..de1efb4661f8
--- /dev/null
+++ b/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise.md
@@ -0,0 +1,39 @@
+---
+title: 'Setting up GitHub Copilot for your enterprise'
+shortTitle: Set up for enterprise
+intro: "Follow these steps to set up {% data variables.product.prodname_copilot %} in your enterprise."
+permissions: Enterprise owners
+product: 'Enterprises with a subscription to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot-enterprise
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/github-copilot-enterprise/enabling-github-copilot-enterprise-features
+ - /copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise
+ - /copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features
+---
+
+## 1. Subscribe your enterprise to {% data variables.product.prodname_copilot %}
+
+Set up a subscription to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} for your enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise)."
+
+## 2. Set policies
+
+Control which {% data variables.product.prodname_copilot_short %} features are available in your enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)."
+
+## 3. Set up networking (if necessary)
+
+If your enterprise users connect through an HTTP proxy server or firewall, ensure that key URLs are added to the allowlist for the proxy server or firewall. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
+
+You may also need to install custom SSL certificates on your users' machines. See "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot#installing-custom-certificates)."
+
+## 4. Grant access to organizations
+
+Enable {% data variables.product.prodname_copilot_short %} for some or all organizations in your enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-access-to-copilot-in-your-enterprise/enabling-copilot-for-organizations-in-your-enterprise)." Each organization owner can then grant {% data variables.product.prodname_copilot_short %} access to some or all of the members of their organization.
+
+## 5. Share onboarding material
+
+* **Share onboarding material**: Share onboarding material with each organization that you granted {% data variables.product.prodname_copilot_short %} access to. See "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-organization)."
+* **Encourage adoption**: Encouragement from leadership can help drive adoption of {% data variables.product.prodname_copilot_short %} in your enterprise. Consider messaging your support of {% data variables.product.prodname_copilot_short %} and how it can help your enterprise.
+* **Set up training sessions or workshops**: Training sessions or workshops can help members learn how to use {% data variables.product.prodname_copilot_short %} effectively.
diff --git a/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-organization.md b/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-organization.md
new file mode 100644
index 000000000000..ca76fb1ecf7f
--- /dev/null
+++ b/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-organization.md
@@ -0,0 +1,65 @@
+---
+title: 'Setting up GitHub Copilot for your organization'
+shortTitle: Set up for organization
+intro: "Follow these steps to set up {% data variables.product.prodname_copilot %} in your organization."
+permissions: Organization owners
+product: 'Organizations with a subscription to {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+redirect_from:
+ - /copilot/copilot-business/enabling-and-setting-up-github-copilot-business
+ - /copilot/overview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business
+ - /copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-for-business
+ - /copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-business
+---
+
+## 1. Subscribe your organization to {% data variables.product.prodname_copilot %}
+
+Set up a subscription to {% data variables.product.prodname_copilot_business_short %} for your organization. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization)."
+
+If your organization is part of an enterprise that has a {% data variables.product.prodname_copilot_enterprise_short %} or {% data variables.product.prodname_copilot_business_short %} subscription, your enterprise owner can instead enable {% data variables.product.prodname_copilot_short %} for your organization. You can request access from your enterprise owner by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get Copilot from an organization."
+
+## 2. Set policies
+
+Control which {% data variables.product.prodname_copilot_short %} features are available in your organization. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization)."
+
+## 3. Set up networking (if necessary)
+
+If your organization members connect through an HTTP proxy server or firewall, ensure that key URLs are added to the allowlist for the proxy server or firewall. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
+
+You may also need to install custom SSL certificates on your members' machines. See "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot#-installing-custom-certificates)."
+
+## 4. Grant access to members
+
+Enable {% data variables.product.prodname_copilot_short %} for some or all members of your organization. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)."
+
+To help drive adoption of {% data variables.product.prodname_copilot_short %} in your organization, think about what teams or members are most excited about {% data variables.product.prodname_copilot_short %} or could benefit the most from {% data variables.product.prodname_copilot_short %}. You may want to enable {% data variables.product.prodname_copilot_short %} for those members before enabling {% data variables.product.prodname_copilot_short %} for your whole organization. This can help you discover blockers, demonstrate early success, and set your organization up for a successful {% data variables.product.prodname_copilot_short %} rollout.
+
+Alternatively, you can set up a self-serve workflow using the API. See "[Add teams to the Copilot subscription for an organization](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#add-teams-to-the-copilot-subscription-for-an-organization)" and "[Add users to the Copilot subscription for an organization](/rest/copilot/copilot-user-management?apiVersion=2022-11-28#add-users-to-the-copilot-subscription-for-an-organization)" in the REST API documentation.
+
+## 5. Share onboarding material
+
+* **Share onboarding material**: Share onboarding material with each member that you granted {% data variables.product.prodname_copilot_short %} access to. See "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-yourself)" and "[AUTOTITLE](/copilot/using-github-copilot/best-practices-for-using-github-copilot)."
+* **Encourage adoption**: Encouragement from leadership can help drive adoption of {% data variables.product.prodname_copilot_short %} in your organization. Consider messaging your support of {% data variables.product.prodname_copilot_short %} and how it can help your organization.
+* **Set up training sessions or workshops**: Training sessions or workshops can help members learn how to use {% data variables.product.prodname_copilot_short %} effectively.
+
+## 6. Enhance the {% data variables.product.prodname_copilot_short %} experience
+
+Enhance the {% data variables.product.prodname_copilot_short %} experience for your organization by:
+
+* **Indexing repositories** to improve {% data variables.product.prodname_copilot_short %}'s responses relating to {% data variables.product.prodname_dotcom %} repositories _({% data variables.product.prodname_copilot_enterprise_short %} only)_. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)."
+* **Setting up knowledge bases** for use with {% data variables.product.prodname_copilot_chat_short %} _({% data variables.product.prodname_copilot_enterprise_short %} only)_. See "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-copilot-knowledge-bases)."
+* **Fine tuning {% data variables.product.prodname_copilot_short %}** by creating a custom large language model. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot)."
+* **Installing {% data variables.product.prodname_copilot_extensions_short %}** to integrate other tools with {% data variables.product.prodname_copilot_chat_short %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/installing-github-copilot-extensions-for-your-organization)."
+
+## 7. Drive adoption
+
+To help your organization get the most out of {% data variables.product.prodname_copilot_short %}, reach out to users who have not used {% data variables.product.prodname_copilot_short %} recently. (You can use the API to identify users who have not used {% data variables.product.prodname_copilot_short %} recently.) To help those users, consider:
+
+* Sharing resources to help them get started, such as "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-yourself)," "[AUTOTITLE](/copilot/using-github-copilot/best-practices-for-using-github-copilot)," and "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)"
+* Learning about their barriers to using {% data variables.product.prodname_copilot_short %}
+* Addressing any concerns they have about using {% data variables.product.prodname_copilot_short %}
+* Giving them ideas for how to incorporate {% data variables.product.prodname_copilot_short %} into their work
+* Pairing them with a mentor who can help them understand how to take advantage of {% data variables.product.prodname_copilot_short %}
diff --git a/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-yourself.md b/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-yourself.md
new file mode 100644
index 000000000000..17ab7813779a
--- /dev/null
+++ b/content/copilot/setting-up-github-copilot/setting-up-github-copilot-for-yourself.md
@@ -0,0 +1,48 @@
+---
+title: 'Setting up GitHub Copilot for yourself'
+shortTitle: Set up for self
+intro: "Follow these steps to start using Copilot."
+permissions: Individuals
+product: 'Individual user accounts with access to a {% data variables.product.prodname_copilot_enterprise_short %}, {% data variables.product.prodname_copilot_business_short %}, or {% data variables.product.prodname_copilot_individuals_short %} subscription'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+---
+
+## 1. Get access to {% data variables.product.prodname_copilot %}
+
+There are a few ways that you can get access to {% data variables.product.prodname_copilot %}:
+
+* _Sign up for a subscription to {% data variables.product.prodname_copilot_for_individuals %}_. You can try {% data variables.product.prodname_copilot %} for free with a one-time 30-day trial. After the free trial, you will need a paid subscription for continued use.
+* _If you are a member of an organization or enterprise_ that has a subscription to {% data variables.product.prodname_copilot %}, you can request access to {% data variables.product.prodname_copilot_short %} by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get Copilot from an organization."
+* _If you are a verified student, teacher, or maintainer of a popular open source project_, {% data variables.product.prodname_copilot %} is free to use. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)."
+
+## 2. Install the {% data variables.product.prodname_copilot_short %} extension for your IDE
+
+If you want to use {% data variables.product.prodname_copilot_short %} in your IDE, install the {% data variables.product.prodname_copilot_short %} extension for your IDE. See "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment)."
+
+## 3. Install the {% data variables.product.prodname_copilot_short %} extension for the command line
+
+If you want to use {% data variables.product.prodname_copilot_short %} in the command line, install the {% data variables.product.prodname_copilot_short %} extension for the {% data variables.product.prodname_cli %}. See "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/installing-github-copilot-in-the-cli)."
+
+## 4. Set up networking (if necessary)
+
+If you connect through an HTTP proxy server or firewall, ensure that key URLs are added to the allowlist for the proxy server or firewall. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
+
+You may also need to install a custom SSL certificate on your machine. See "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/configuring-network-settings-for-github-copilot#installing-custom-certificates)."
+
+## 5. Configure settings (optional)
+
+All users can configure {% data variables.product.prodname_copilot_short %} settings in their IDE or in the CLI. See "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment)" and "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-the-cli)."
+
+If you have your own subscription to {% data variables.product.prodname_copilot_short %} (instead of using your organization or enterprise's subscription), you can:
+
+* **Install {% data variables.product.prodname_copilot_extensions_short %}** to integrate other tools with {% data variables.product.prodname_copilot_chat_short %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/installing-github-copilot-extensions-for-your-personal-account)."
+* **Manage policies**. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber)."
+
+## 6. Start using {% data variables.product.prodname_copilot_short %}
+
+Start using {% data variables.product.prodname_copilot_short %} to help you write code faster and more efficiently. For all the ways you can use {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/using-github-copilot)." {% data variables.product.prodname_copilot_short %} code suggestions and {% data variables.product.prodname_copilot_chat_short %} in your IDE is a great place to start.
+
+To learn how to best use {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/using-github-copilot/best-practices-for-using-github-copilot)" and "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)."
diff --git a/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md b/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md
index bb556f8b2165..35a8a1e37321 100644
--- a/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md
+++ b/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md
@@ -31,18 +31,14 @@ When a file is affected by a content exclusion setting, {% data variables.produc
## {% data variables.product.prodname_copilot %} content exclusions are not being applied
-{% data reusables.copilot.content-exclusions-scope %}
-
-{% data reusables.copilot.content-exclusions-delay %} For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot#propagating-content-exclusion-changes-to-your-ide)."
-
-{% note %}
+{% data reusables.copilot.content-exclusion-note %}
-**Notes:**
+{% data reusables.copilot.content-exclusions-scope %}
-{% data reusables.copilot.content-exclusion-note %}
-{% data reusables.copilot.content-exclusion-limitations %}
+{% data reusables.copilot.content-exclusions-delay %} For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/testing-changes-to-content-exclusions-in-your-ide#propagating-content-exclusion-changes-to-your-ide)."
-{% endnote %}
+> [!NOTE]
+> {% data reusables.copilot.content-exclusion-limitations %}
## Error: "{% data variables.product.prodname_copilot %} could not connect to server. Extension activation failed"
diff --git a/content/copilot/troubleshooting-github-copilot/troubleshooting-firewall-settings-for-github-copilot.md b/content/copilot/troubleshooting-github-copilot/troubleshooting-firewall-settings-for-github-copilot.md
index d46e0fadeff0..57eaacd6c52b 100644
--- a/content/copilot/troubleshooting-github-copilot/troubleshooting-firewall-settings-for-github-copilot.md
+++ b/content/copilot/troubleshooting-github-copilot/troubleshooting-firewall-settings-for-github-copilot.md
@@ -8,30 +8,13 @@ topics:
- Networking
versions:
feature: copilot
-shortTitle: Firewall settings
+shortTitle: Connectivity security settings
---
-If you or your organization employs security measures like a firewall or proxy server, it may be beneficial to include certain domain URLs in an "allowlist" and open specific ports and protocols. Doing so will enhance your installation and usage of {% data variables.product.prodname_copilot_short %} for an optimal experience.
+## About the problem
-## URLs to add to an allowlist
+If you or your company uses a firewall, {% data variables.product.prodname_copilot_short %} may not function as expected. {% data variables.product.prodname_copilot_short %} interacts with a remote machine learning model and checks for updates, and a firewall may block important traffic and degrade the user experience.
-Due to {% data variables.product.prodname_copilot_short %}'s interaction with a remote machine learning model and its update-checking functionality, it is recommended to include the following domain URLs in the allowlist, marking them as trusted either in the user interface or within your deployment scripts.
+## Solving the problem
-| Domain and/or URL | Purpose |
-| :------------------------------------- | :--------------------------------- |
-| `https://github.com/login/*` | Authentication |
-| `https://api.github.com/user` | User Management |
-| `https://api.github.com/copilot_internal/*` | User Management |
-| `https://copilot-telemetry.githubusercontent.com/telemetry` | Telemetry |
-| `https://default.exp-tas.com/` | Telemetry |
-| `https://copilot-proxy.githubusercontent.com/` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://origin-tracker.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://*.githubcopilot.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-
-Additional domains and URLs may require allowlisting, depending on your organization's security policies and the editors in use. For more information about specific editors, see "[Further reading](#further-reading)."
-
-## Further reading
-
-* [Network Connections in {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/docs/setup/network)
-* [Install and use Visual Studio and Azure Services behind a firewall or proxy server](https://learn.microsoft.com/en-us/visualstudio/install/install-and-use-visual-studio-behind-a-firewall-or-proxy-server)
-* "[AUTOTITLE](/get-started/using-github/troubleshooting-connectivity-problems)"
+For an optimal {% data variables.product.prodname_copilot_short %} experience, you should create an "allowlist" that lets certain URLs, ports, and protocols through your firewall. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
diff --git a/content/copilot/troubleshooting-github-copilot/troubleshooting-issues-with-github-copilot-chat-in-ides.md b/content/copilot/troubleshooting-github-copilot/troubleshooting-issues-with-github-copilot-chat-in-ides.md
index c45a20b1ef63..552dc96eb44f 100644
--- a/content/copilot/troubleshooting-github-copilot/troubleshooting-issues-with-github-copilot-chat-in-ides.md
+++ b/content/copilot/troubleshooting-github-copilot/troubleshooting-issues-with-github-copilot-chat-in-ides.md
@@ -18,6 +18,16 @@ If you need help with {% data variables.product.prodname_copilot_chat %} and can
If you can't find {% data variables.product.prodname_copilot_chat %} in your editor, make sure you have checked the "[Prerequisites](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide#prerequisites)" section.
+{% vscode %}
+
+## Troubleshooting issues caused by version incompatibility
+
+{% data reusables.copilot.vscode-version-compatibility %}
+
+To use {% data variables.product.prodname_copilot_chat %}, make sure you are using the [latest version of {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/updates).
+
+{% endvscode %}
+
## Troubleshooting authentication issues in your editor
You can use {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}. You can use the tabs at the top of this article for troubleshooting information relevant to the editor you're using.
diff --git a/content/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot.md b/content/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot.md
index 08c72b39ce7d..06f75212a53b 100644
--- a/content/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot.md
+++ b/content/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot.md
@@ -47,6 +47,8 @@ If there is a problem with your proxy setup, you may see the following error: `{
If you know you are connecting via a proxy, make sure the proxy is configured correctly in your environment. For more information, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot#configuring-proxy-settings-for-github-copilot)."
+> [!NOTE] If you are an employee of a company with a proxy server, your company must also configure proxy settings for {% data variables.product.prodname_copilot_short %} at the company level. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
+
{% data variables.product.prodname_copilot %} uses custom code to connect to proxies. This means a proxy setup supported by your editor is not necessarily supported by {% data variables.product.prodname_copilot %}. Some common causes for errors related to proxies are:
* If your proxy's URL starts `https://`, it is not currently supported by {% data variables.product.prodname_copilot %}.
@@ -66,11 +68,7 @@ Some possible ways to resolve certificate-related errors are:
* On Linux, {% data variables.product.prodname_copilot_short %} checks the standard OpenSSL files `/etc/ssl/certs/ca-certificates.crt` and `/etc/ssl/certs/ca-bundle.crt`.
* Configure {% data variables.product.prodname_copilot %} to ignore certificate errors. In your proxy settings, you can deselect **Proxy Strict SSL** in {% data variables.product.prodname_vscode %}, or select **Accept non-trusted certificates automatically** in a JetBrains IDE. For more information, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot#configuring-proxy-settings-for-github-copilot)."
- {% warning %}
-
- **Warning:** Ignoring certificate errors can cause security issues and is not recommended.
-
- {% endwarning %}
+ > [!WARNING] Ignoring certificate errors can cause security issues and is not recommended.
### Troubleshooting security software-related certificate errors
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/using-github-copilot-chat-in-github-mobile.md b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md
similarity index 65%
rename from content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/using-github-copilot-chat-in-github-mobile.md
rename to content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md
index ceaba864d932..2640fec5786c 100644
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github-mobile/using-github-copilot-chat-in-github-mobile.md
+++ b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md
@@ -1,14 +1,16 @@
---
-title: Using GitHub Copilot Chat in GitHub Mobile
-intro: 'You can use {% data variables.product.prodname_copilot_mobile %} to answer general questions about software development{% ifversion ghec %}, or specific questions about the code in a repository{% endif %}.'
+title: Asking GitHub Copilot questions in GitHub Mobile
+intro: 'You can use {% data variables.product.prodname_copilot_mobile %} to answer general questions about software development, or specific questions about the code in a repository{% ifversion ghec %}. With {% data variables.product.prodname_copilot_enterprise_short %} you can also ask specific questions about a pull request, issue, or discussion{% endif %}.'
topics:
- Copilot
- Mobile
versions:
feature: copilot-chat-for-mobile
-shortTitle: Use Copilot Chat
+shortTitle: Chat in Mobile
redirect_from:
- /copilot/github-copilot-chat/using-github-copilot-chat-in-github-mobile
+ - /copilot/github-copilot-chat/copilot-chat-in-github-mobile/using-github-copilot-chat-in-github-mobile
+ - /copilot/github-copilot-chat/copilot-chat-in-github-mobile
---
## Overview
@@ -17,19 +19,25 @@ redirect_from:
{% data variables.product.prodname_copilot_mobile_short %} can help you with a variety of coding-related tasks, like offering you code suggestions, providing natural language descriptions of a piece of code's functionality and purpose, generating unit tests for your code, and proposing fixes for bugs in your code. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github-mobile/about-github-copilot-chat-in-github-mobile)."
-{% ifversion ghec %}
In {% data variables.product.prodname_mobile %}, you can use {% data variables.product.prodname_copilot_chat_short %} to ask:
* General software-related questions, without a particular context. For more information, see "[Asking a general question about software development](#asking-a-general-question-about-software-development)."
* Questions asked in the context of your project. For more information, see "[Asking questions about a specific repository](#asking-exploratory-questions-about-a-repository)."
-* Questions about a specific file or specified lines of code within a file. For more information, see "[Asking questions about specific pieces of code](#asking-questions-about-specific-pieces-of-code)."{% endif %}
+* Questions about a specific file or specified lines of code within a file. For more information, see "[Asking questions about specific pieces of code](#asking-questions-about-specific-pieces-of-code)."{% ifversion ghec %}
+
+With {% data variables.product.prodname_copilot_enterprise_short %}, you can also ask:
+
+* Questions about a specific pull request. For more information, see "[Asking questions about a specific pull request](#asking-questions-about-a-specific-pull-request)."
+* Questions about a specific issue. For more information, see "[Asking questions about a specific issue](#asking-questions-about-a-specific-issue)."
+* Questions about a specific discussion. For more information, see "[Asking questions about a specific discussion](#asking-questions-about-a-specific-discussion)."
+{% endif %}
## Limitations
The following {% ifversion fpt%}limitation applies{% else %} limitations apply{% endif %} to {% data variables.product.prodname_copilot_mobile_short %}:
{% ifversion ghec%}
-* Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. Anyone who gets access to {% data variables.product.prodname_copilot_short %} from the organization that owns a repository can index that repository.{% endif %}
+* Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. {% data reusables.copilot.indexing-who-can-do-this %}{% endif %}
* The quality of the results from {% data variables.product.prodname_copilot_chat_short %} may, in some situations, be degraded if very large files, or a large number of files, are used as a context for a question.
## Prerequisites
@@ -40,8 +48,8 @@ To use {% data variables.product.prodname_copilot_mobile_short %} you will need
If you do not have a {% data variables.product.prodname_copilot %} subscription, you can purchase a {% data variables.product.prodname_copilot_individuals_short %} subscription directly in the iOS version of {% data variables.product.prodname_mobile %}, or in the Google Play Store for the Android version of {% data variables.product.prodname_mobile %}.
-* **Access to {% data variables.product.prodname_copilot_mobile_short %}**: If you are part of an organization{% ifversion ghec %} or enterprise{% endif %} with a {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}{% endif %} subscription, the organization{% ifversion ghec %} or enterprise{% endif %} owner will need to grant you access to {% data variables.product.prodname_copilot_cli_short %}. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github-mobile/enabling-github-copilot-chat-for-github-mobile)."
-* **Enable {% data variables.product.prodname_copilot_short %} features for your device**: {% data variables.product.prodname_copilot_short %} needs to be enabled from within {% data variables.product.prodname_mobile %}. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot#enabling-or-disabling-copilot-in-github-mobile)."
+* **Access to {% data variables.product.prodname_copilot_mobile_short %}**: If you are part of an organization{% ifversion ghec %} or enterprise{% endif %} with a {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}{% endif %} subscription, the organization{% ifversion ghec %} or enterprise{% endif %} owner will need to grant you access to {% data variables.product.prodname_copilot_mobile_short %}. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github-mobile/enabling-github-copilot-chat-for-github-mobile)."
+* **Enable {% data variables.product.prodname_copilot_short %} features for your device**: {% data variables.product.prodname_copilot_short %} needs to be enabled from within {% data variables.product.prodname_mobile %}. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot#enabling-or-disabling-copilot-in-github-mobile)." If you cannot see the {% data variables.product.prodname_copilot_short %} logo in the {% data variables.product.prodname_mobile %} home page, you may need to update your app version.
## Asking a general question about software development
@@ -68,8 +76,6 @@ You can ask a general question about software development{% ifversion ghec %} th
{% data reusables.copilot.chat-mobile-conversation-buttons %}
-{% ifversion ghec %}
-
## Asking exploratory questions about a repository
You can ask questions about a specific repository, to get help with understanding the code, or to get help with a specific task you're working on.
@@ -86,9 +92,9 @@ You can ask questions about a specific repository, to get help with understandin
* Are there any specific environment requirements for working on this project?
> [!IMPORTANT]
- > {% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions like these in a repository context is improved when the repository has been indexed for semantic code search. However, only members of an enterprise with a {% data variables.product.prodname_copilot_enterprise %} subscription can index a repository for semantic code search. Without indexing, {% data variables.product.prodname_copilot_mobile_short %} may not be able to provide the most relevant answers to your questions.
+ > {% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions like these in a repository context is improved when the repository has been indexed for semantic code search. {% data reusables.copilot.indexing-who-can-do-this %} Without indexing, {% data variables.product.prodname_copilot_mobile_short %} may not be able to provide the most relevant answers to your questions.
>
- > Additionally, indexing a repository is not possible in {% data variables.product.prodname_mobile %}. To index a repository, you must use {% data variables.product.prodname_copilot_chat_short %} in a web browser. For more information, see step 6 of "[Asking a question about a specific repository, file or symbol](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)."
+ > You can't index a repository from {% data variables.product.prodname_mobile %}. Instead you must use {% data variables.product.prodname_copilot_chat_short %} in a web browser. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)."
{% data reusables.copilot.chat-mobile-conversation-buttons %}
@@ -119,6 +125,62 @@ You can chat with {% data variables.product.prodname_copilot_short %} about a fi
1. You can continue the conversation by asking a follow-up question. For example, you could type "tell me more" to get {% data variables.product.prodname_copilot_short %} to expand on its last comment.
+{% ifversion ghec %}
+
+## Asking questions about a specific pull request
+
+You can ask questions about a specific pull request in a repository.
+
+1. In {% data variables.product.prodname_mobile %}, navigate to a pull request in a repository, and tap the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon in the bottom right corner of the screen.
+1. At the bottom of the page, use the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and send the message.
+
+ For example, you could ask:
+
+ * What is the purpose of this pull request?
+ * What changes are being made in this pull request?
+ * Are there any potential issues with this pull request?
+ * What is the status of this pull request?
+
+ {% data variables.product.prodname_copilot_short %} responds to your request in the panel.
+
+1. You can continue the conversation by asking a follow-up question. For example, you could type "tell me more" to get {% data variables.product.prodname_copilot_short %} to expand on its last comment.
+
+## Asking questions about a specific issue
+
+You can ask questions about a specific issue in a repository.
+
+1. In {% data variables.product.prodname_mobile %}, navigate to an issue in a repository, and tap the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon in the bottom right corner of the screen.
+1. At the bottom of the page, use the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and send the message.
+
+ For example, you could ask:
+
+ * What is the purpose of this issue?
+ * What is the status of this issue?
+ * What are the steps to reproduce this issue?
+ * Are there any potential solutions to this issue?
+
+ {% data variables.product.prodname_copilot_short %} responds to your request in the panel.
+
+1. You can continue the conversation by asking a follow-up question. For example, you could type "tell me more" to get {% data variables.product.prodname_copilot_short %} to expand on its last comment.
+
+## Asking questions about a specific discussion
+
+You can ask questions about a specific discussion in a repository.
+
+1. In {% data variables.product.prodname_mobile %}, navigate to a discussion in a repository, and tap the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon in the bottom right corner of the screen.
+1. At the bottom of the page, use the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and send the message.
+
+ For example, you could ask:
+
+ * What is the purpose of this discussion?
+ * What are the main points of this discussion?
+ * What are the next steps for this discussion?
+ * Are there any potential issues with this discussion?
+
+ {% data variables.product.prodname_copilot_short %} responds to your request in the panel.
+
+1. You can continue the conversation by asking a follow-up question. For example, you could type "tell me more" to get {% data variables.product.prodname_copilot_short %} to expand on its last comment.
+
{% endif %}
## Sharing feedback about {% data variables.product.prodname_copilot_mobile %}
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom.md b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom.md
similarity index 68%
rename from content/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom.md
rename to content/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom.md
index f3187a692a91..6c27af2e439f 100644
--- a/content/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom.md
+++ b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom.md
@@ -1,24 +1,23 @@
---
-title: Using GitHub Copilot Chat in GitHub.com
-shortTitle: Use Copilot Chat
+title: Asking GitHub Copilot questions in GitHub.com
+shortTitle: Chat in GitHub.com
intro: 'You can use {% data variables.product.prodname_copilot_chat_dotcom %} to answer general questions about software development, or specific questions about the issues or code in a repository.'
versions:
- feature: 'copilot-on-dotcom'
+ feature: copilot-on-dotcom
+permissions: 'Members of an enterprise with a subscription to {% data variables.product.prodname_copilot_enterprise %}'
topics:
- Copilot
redirect_from:
- /copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom
+ - /copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom
+ - /copilot/github-copilot-chat/copilot-chat-in-github
---
## Overview
{% data variables.product.prodname_copilot_chat_dotcom %} is a chat interface that lets you ask and receive answers to coding-related questions on {% data variables.product.prodname_dotcom_the_website %}.
-{% note %}
-
-**Note**: {% data variables.product.prodname_copilot_chat_short %} is also available in selected IDEs. For information on using {% data variables.product.prodname_copilot_chat %} in an IDE, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide)."
-
-{% endnote %}
+> [!NOTE] {% data variables.product.prodname_copilot_chat_short %} is also available in selected IDEs. For information on using {% data variables.product.prodname_copilot_chat %} in an IDE, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide)."
{% data variables.product.prodname_copilot_chat_short %} can help you with a variety of coding-related tasks, like offering you code suggestions, providing natural language descriptions of a piece of code's functionality and purpose, generating unit tests for your code, and proposing fixes for bugs in your code. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/about-github-copilot-chat-in-githubcom)."
@@ -29,12 +28,12 @@ On {% data variables.product.prodname_dotcom_the_website %}, you can use {% data
* Questions asked in the context of a specific repository, file or symbol. For more information, see "[Asking a question about a specific file or symbol](#asking-a-question-about-a-specific-file-or-symbol)."
* Questions asked in the context of a knowledge base (that is, Markdown documentation across one or more repositories). For more information, see "[Asking a question about a knowledge base](#asking-a-question-about-a-knowledge-base)."
* Questions about a specific file or specified lines of code within a file. For more information, see "[Asking questions about specific pieces of code](#asking-questions-about-specific-pieces-of-code)."
-* Questions about a pull request diff. For more information, see "[Finding out about the changes in a pull request](#finding-out-about-the-changes-in-a-pull-request)."
-* Questions about a specific issue. For more information, see "[Asking a question about a specific issue](#asking-a-question-about-a-specific-issue)."
+* Questions about a pull request diff. For more information, see "[Finding out about the changes in a pull request](#asking-questions-about-a-specific-pull-request)."
+* Questions about a specific issue. For more information, see "[Asking a question about a specific issue or discussion](#asking-a-question-about-a-specific-issue-or-discussion)."
### Limitations
-* Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. Anyone who gets access to {% data variables.product.prodname_copilot_short %} from the organization that owns a repository can index that repository. For more information, see "[Asking exploratory questions about a repository](#asking-exploratory-questions-about-a-repository)."
+* Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. {% data reusables.copilot.indexing-who-can-do-this %} For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)."
* The quality of the results from {% data variables.product.prodname_copilot_chat_short %} may, in some situations, be degraded if very large files, or a large number of files, are used as a context for a question.
## Prerequisites
@@ -57,12 +56,14 @@ The skills you can use in {% data variables.product.prodname_copilot_chat_dotcom
| Skill | Description | Enabled by default? | Example question |
| ----- | ----------- | ------------------- | ---------------- |
-| **Bing web search** (in beta and subject to change) | Searches the web using the Bing search engine. This skill is useful for teaching {% data variables.product.prodname_copilot_short %} about recent events, new developments, trends, technologies, or extremely specific, detailed, or niche subjects. | No (requires admin approval - see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)")| _What are some recent articles about SAT tokens securing against vulnerabilities in Node?_ |
-| **Code search** | Natural language code search in the default branch of the Git repository. This skill is useful when you want to know where or how certain functionality has been implemented in the code. Note: this requires indexing to be enabled for the repository (see the note about indexing [below](#repo-indexing-note)). | Yes | _Where is the logic that controls the user session management, and how does it work?_ |
+| **Bing web search** (in beta and subject to change) | Searches the web using the Bing search engine. This skill is useful for teaching {% data variables.product.prodname_copilot_short %} about recent events, new developments, trends, technologies, or extremely specific, detailed, or niche subjects. | No (requires admin approval - see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)")| _What are some recent articles about SAT tokens securing against vulnerabilities in Node?_ |
+| **Code search** | Natural language code search in the default branch of the Git repository. This skill is useful when you want to know where or how certain functionality has been implemented in the code. Note: this requires indexing to be enabled for the repository (see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)"). | Yes | _Where is the logic that controls the user session management, and how does it work?_ |
| **Commit details** | Retrieves a list of commits, or the contents of a specific commit, to provide answers to commit-related questions. | Yes | _Explain the changes in the code of this commit_ |
+| **Discussion details** | Retrieves a specific {% data variables.product.prodname_dotcom %} discussion. This is useful for quickly getting the gist of the conversation in a discussion. | Yes | _Summarize this discussion_ |
| **Issue details** | Retrieves a specific {% data variables.product.prodname_dotcom %} issue, including the issue's title, number, author, status, body, linked pull requests, comments, and timestamps. | Yes | _Summarize the conversation on this issue and suggest next steps_ |
-| **Path search** | Retrieves a specific file in the default branch of the Git repository. This skill is useful when you provide the exact path of a file in the repository. | Yes | _What logic does user_auth.js encapsulate?_ |
-| **Release details** | Retrieve the latest, or specified, release. This allows you to find out who created a release, when it happened, and information included in the release notes. | Yes | _When was the latest release?_ |
+| **File details** | Retrieves a specific file in the default branch of the Git repository, allowing you to ask questions about the file and the recent changes made to it. This skill is useful when you provide the exact path of a file in the repository. | Yes | _What logic does user_auth.js encapsulate?_
_What is the file history of user_auth.js?_ |
+| **Pull request details** | Retrieves a specific pull request. This allows you to ask questions about the pull request, including getting a summary of the pull request, its comments, or the code it changes. | Yes | _Summarize this PR for me_
_Summarize the changes in this PR_ |
+| **Release details** | Retrieves the latest, or specified, release. This allows you to find out who created a release, when it happened, and information included in the release notes. | Yes | _When was the latest release?_ |
| **Repository details** | Retrieves a specific {% data variables.product.prodname_dotcom %} repository. This is useful for finding out details such as the repository owner and the main language used. | Yes | _Tell me about this repo_ |
| **Symbol definition** | Retrieves the lines of code that define a specific code symbol (function, class, or struct) in the default branch of the Git repository. This skill is useful when you have the exact name of a symbol, and want to understand it. | Yes | _Write unit tests for the AuthUser method_ |
@@ -70,13 +71,9 @@ The skills you can use in {% data variables.product.prodname_copilot_chat_dotcom
You can ask a general question about software development that is not focused on a particular context, such as a repository or a knowledge base.
-Depending on the question you ask, and your enterprise and organization settings, {% data variables.product.prodname_copilot_short %} may respond using information based on the results of a Bing search. By using Bing search, {% data variables.product.prodname_copilot_short %} can answer a broad range of tech-related questions with up-to-date details based on information currently available on the internet. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-features-on-githubcom)."
-
-{% note %}
-
-**Note:** Bing search integration into {% data variables.product.prodname_copilot_chat_dotcom_short %} is currently in beta and is subject to change.
+Depending on the question you ask, and your enterprise and organization settings, {% data variables.product.prodname_copilot_short %} may respond using information based on the results of a Bing search. By using Bing search, {% data variables.product.prodname_copilot_short %} can answer a broad range of tech-related questions with up-to-date details based on information currently available on the internet. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)."
-{% endnote %}
+> [!NOTE] Bing search integration into {% data variables.product.prodname_copilot_chat_dotcom_short %} is currently in beta and is subject to change.
{% data reusables.copilot.go-to-copilot-page %}
@@ -109,36 +106,40 @@ Depending on the question you ask, and your enterprise and organization settings
{% data variables.product.prodname_copilot_short %} allows you to use natural language questions to explore repositories on {% data variables.product.prodname_dotcom %}. This can help you get a better understanding of where specific aspects of a codebase are implemented.
-{% data reusables.copilot.go-to-copilot-page %}
-
-{% data reusables.copilot.ask-copilot-not-displayed %}
+1. On the {% data variables.product.prodname_dotcom %} website, go to the repository you want to chat about.
-
+1. Click the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon at the top right of the page.
- {% note %}
+ The {% data variables.product.prodname_copilot_chat %} panel is displayed. To resize the panel, click and drag the top or left edge.
- **Note:**
+1. The heading at the top of the panel should read "Chatting about" followed by the name of the current repository.
- {% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions like these in a repository context is improved when the repository has been indexed for semantic code search. The indexing status of the repository is displayed when you start a conversation that has a repository context.
+ If the wrong repository name is displayed, because you were previously chatting about another repository, click **All repositories** then choose the repository you want to chat about.
- If you get access to {% data variables.product.prodname_copilot_short %} from the organization that owns the repository, and the repository has not been indexed, an **Index REPOSITORY NAME** button is displayed. Click this button to start the indexing process.
-
- 
-
- {% endnote %}
+ 
-1. In the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press Enter.
+1. In the "Ask {% data variables.product.prodname_copilot_short %}" box, at the bottom of the chat panel, type a question and press Enter.
For example, you could ask:
* When was the most recent release?
* Where is rate limiting implemented in our API?
* How does the WidgetFactory class work?
- * Where is the code for converting an organization member to be an outside collaborator?
+ * Where is the code for updating a phone number?
* Where are SAT tokens generated?
+ * Show the most recently updated issues assigned to USERNAME
+ * List open issues about SUBJECT
+ * What was the last merged PR by USERNAME
+ * What are the latest commits to the main branch by USERNAME
{% data variables.product.prodname_copilot_short %} replies in the chat panel.
+
+
+ > [!NOTE]
+ >
+ > {% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions like these in a repository context is improved when the repository has been indexed for semantic code search. The indexing status of the repository is displayed when you start a conversation that has a repository context. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)."
+
{% data reusables.copilot.stop-response-generation %}
{% data reusables.copilot.chat-conversation-buttons %}
@@ -146,11 +147,7 @@ Depending on the question you ask, and your enterprise and organization settings
You can ask {% data variables.product.prodname_copilot_short %} about a specific file or symbol within a repository.
-{% note %}
-
-**Note:** A "symbol" is a named entity in code. This could be a variable, function, class, module, or any other identifier that's part of a codebase.
-
-{% endnote %}
+> [!NOTE] A "symbol" is a named entity in code. This could be a variable, function, class, module, or any other identifier that's part of a codebase.
{% data reusables.copilot.go-to-copilot-page %}
@@ -164,6 +161,10 @@ You can ask {% data variables.product.prodname_copilot_short %} about a specific
{% data variables.product.prodname_copilot_short %} replies in the chat panel.
+ > [!NOTE]
+ >
+ > {% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions in the context of a repository is improved when the repository has been indexed for semantic code search. The indexing status of the repository is displayed when you start a conversation that has a repository context. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)."
+
{% data reusables.copilot.stop-response-generation %}
{% data reusables.copilot.chat-conversation-buttons %}
@@ -258,56 +259,98 @@ You can chat with {% data variables.product.prodname_copilot_short %} about a fi
-## Finding out about the changes in a pull request
+## Asking questions about a specific pull request
+
+You can ask {% data variables.product.prodname_copilot_short %} to summarize a pull request, or explain what has changed within specific files or lines of code in a pull request.
-You can ask {% data variables.product.prodname_copilot_short %} to explain what's changed in any of the files in a pull request.
+### Get a summary of a pull request
1. On {% data variables.product.prodname_dotcom_the_website %}, navigate to a pull request in a repository.
-1. Click the **Files changed** tab.
-1. Do one of the following:
- * To ask a question about a file that's being changed by a pull request, click {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, then click **Ask {% data variables.product.prodname_copilot_short %} about this diff**.
- * To ask a question about specific lines within a file in the pull request:
+{% data reusables.copilot.open-copilot %}
+
+1. At the bottom of the {% data variables.product.prodname_copilot_chat_short %} panel, in the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press Enter.
- 1. Select the lines by clicking the line number for the first line you want to select, holding down Shift and clicking the line number for the last line you want to select.
- 1. To ask your own question about the selected lines, click the {% data variables.product.prodname_copilot_short %} icon ({% octicon "copilot" aria-hidden="true" %}) to the right of your selection.
- This displays the {% data variables.product.prodname_copilot_chat %} panel with the selected lines indicated as the context of your question.
- 1. To ask a predefined question, click the downward-pointing button beside the {% data variables.product.prodname_copilot_short %} icon and click **Explain**.
+ For example, you could ask:
-1. If you clicked the {% data variables.product.prodname_copilot_short %} icon, or you chose **Ask {% data variables.product.prodname_copilot_short %} about this diff**, type a question in the "Ask {% data variables.product.prodname_copilot_short %}" box at the bottom of the chat panel and press Enter. For example, you could enter:
+ * Summarize this PR for me.
+ * Summarize the comments in this PR.
+ * Summarize the changes in this PR.
+
+{% data reusables.copilot.stop-response-generation %}
+
+### Ask about changes to a specific file in a pull request
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, navigate to a pull request in a repository.
+1. Click the **Files changed** tab.
+1. Click {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, then click **Ask {% data variables.product.prodname_copilot_short %} about this diff**.
+1. Type a question in the "Ask {% data variables.product.prodname_copilot_short %}" box at the bottom of the chat panel and press Enter.
+
+ For example, you could ask:
- * Why has this module been included?
- * What is `actorData` in this line?
- * Explain this `do..end` block.
* What's the purpose of this file?
+ * Why has this module been included?
{% data reusables.copilot.stop-response-generation %}
-## Asking a question about a specific issue
+### Ask about specific lines within a file in a pull request
-You can ask {% data variables.product.prodname_copilot_short %} to summarize or answer questions about a specific issue.
+1. On {% data variables.product.prodname_dotcom_the_website %}, navigate to a pull request in a repository.
+1. Click the **Files changed** tab.
+1. Click the line number for the first line you want to select, then hold down Shift and click the line number for the last line you want to select.
+1. Ask {% data variables.product.prodname_copilot_short %} a question, or choose from a list of predefined questions.
+ * _To ask your own question about the selected lines_, to the right of your selection, click the {% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %} icon.
+ This displays the {% data variables.product.prodname_copilot_chat %} panel with the selected lines indicated as the context of your question.
-{% note %}
+ For example, you could ask:
-**Note:** The quality of {% data variables.product.prodname_copilot_chat_short %}'s responses may be degraded when working with issues that have very long bodies or large numbers of comments. Where this happens, {% data variables.product.prodname_copilot_short %} will warn you so you can double check its output.
+ * What is `actorData` in this line?
+ * Explain this `do..end` block.
-{% endnote %}
+ * _To ask a predefined question_, to the right of your selection, beside the {% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %} icon, click {% octicon "triangle-down" aria-label="Copilot menu" %}, then click **Explain**.
+
+{% data reusables.copilot.stop-response-generation %}
-1. Navigate to an issue on {% data variables.product.prodname_dotcom_the_website %}.
+### Ask why a workflow has failed
+
+> [!NOTE]This feature is currently in beta and subject to change.
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, navigate to a pull request in a repository.
+1. Scroll to the bottom of the page, then, next to one of the failing checks, click **Details**.
+
+{% data reusables.copilot.open-copilot %}
+
+1. At the bottom of the {% data variables.product.prodname_copilot_chat_short %} panel, in the "Ask {% data variables.product.prodname_copilot_short %}" box, ask {% data variables.product.prodname_copilot_short %} why the pull request has failed and press Enter.
+
+ For example, you could ask:
+
+ * Tell me why this job failed
+ * Suggest a fix for this error
+
+{% data variables.product.prodname_copilot_short %} will respond with information about why the pull request failed. {% data variables.product.prodname_copilot_short %} may also provide suggestions for how to fix the issue.
+
+1. If {% data variables.product.prodname_copilot_short %} has provided steps to fix the issue, you can follow the steps to resolve the problem.
+{% data reusables.copilot.stop-response-generation %}
+
+## Asking a question about a specific issue or discussion
+
+You can ask {% data variables.product.prodname_copilot_short %} to summarize or answer questions about a specific issue or discussion.
+
+> [!NOTE] The quality of {% data variables.product.prodname_copilot_chat_short %}'s responses may be degraded when working with issues or discussions that have very long bodies or a large number of comments. For example, this may occur if you ask {% data variables.product.prodname_copilot_short %} to summarize a long-running discussion. Where this happens, {% data variables.product.prodname_copilot_short %} will warn you so you can double check its output.
+
+1. Navigate to an issue or discussion on {% data variables.product.prodname_dotcom_the_website %}.
{% data reusables.copilot.open-copilot %}
1. At the bottom of the {% data variables.product.prodname_copilot_short %} chat panel, in the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press Enter. For example, you could enter:
* Explain this issue
+ * Summarize this discussion
* Recommend next steps for this issue
* What are the acceptance criteria for this issue?
+ * What are the main points made by PERSON in this discussion?
- {% tip %}
-
- **Tip:** Instead of navigating to an issue in your browser to ask a question, you can include the relevant URL in your message. For example, `Summarize https://github.com/monalisa/octokit/issues/1`.
-
- {% endtip %}
+ > [!TIP] Instead of navigating to an issue or discussion in your browser to ask a question, you can include the relevant URL in your message. For example, `Summarize https://github.com/monalisa/octokit/issues/1`.
{% data variables.product.prodname_copilot_short %} responds to your request in the panel.
diff --git a/content/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide.md b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide.md
similarity index 68%
rename from content/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide.md
rename to content/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide.md
index 7e56f7a48f58..e2658b183448 100644
--- a/content/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide.md
+++ b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide.md
@@ -1,15 +1,17 @@
---
-title: Using GitHub Copilot Chat in your IDE
+title: Asking GitHub Copilot questions in your IDE
intro: 'Use {% data variables.product.prodname_copilot_chat_short %} in your editor to give code suggestions, explain code, generate unit tests, and suggest code fixes.'
topics:
- Copilot
redirect_from:
- /copilot/github-copilot-chat/using-github-copilot-chat
- /copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide
+ - /copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide
+ - /copilot/github-copilot-chat/copilot-chat-in-ides
defaultTool: vscode
versions:
feature: copilot
-shortTitle: Use Copilot Chat
+shortTitle: Chat in IDE
---
{% vscode %}
@@ -33,7 +35,7 @@ You can ask {% data variables.product.prodname_copilot_chat_short %} to give cod
>
> For additional ways to access {% data variables.product.prodname_copilot_chat_short %}, including inline with your code, see [Additional ways to access {% data variables.product.prodname_copilot_chat_short %}](#additional-ways-to-access-copilot-chat) below.
-1. Enter a prompt in the prompt box, or click one of the suggested prompts. For example prompts, see "[Example prompts](#example-prompts)" below.
+1. Enter a prompt in the prompt box, or click one of the suggested prompts. For example prompts, see "[AUTOTITLE](/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat)."
1. Evaluate {% data variables.product.prodname_copilot_short %}'s response, and make a follow up request if needed.
@@ -41,20 +43,26 @@ You can ask {% data variables.product.prodname_copilot_chat_short %} to give cod
## Using keywords in your prompt
-You can use special keywords to help {% data variables.product.prodname_copilot_short %} understand your prompt.
+You can use special keywords to help {% data variables.product.prodname_copilot_short %} understand your prompt. For examples, see "[AUTOTITLE](/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat)."
### Chat participants
Use chat participants to scope your prompt to a specific domain. To use a chat participant, type `@` in the chat prompt box, followed by a chat participant name. Chat participants include:
-* `@workspace`: Has context about the code in your workspace. Use `@workspace` when you want {% data variables.product.prodname_copilot_short %} to consider the structure of your project, how different parts of your code interact, or design patterns in your project. See "[Ask questions about your project](#ask-questions-about-your-project)."
-* `@vscode`: Has context about {% data variables.product.prodname_vscode %} commands and features. Use `@vscode` when you want help with {% data variables.product.prodname_vscode %}. See "[Ask questions about {% data variables.product.prodname_vscode %}](#ask-questions-about-visual-studio-code)."
-* `@terminal`: Has context about the {% data variables.product.prodname_vscode %} terminal shell and its contents. Use `@terminal` when you want help creating or debugging terminal commands. See "[Ask questions about the command line](#ask-questions-about-the-command-line)."
+* `@workspace`: Has context about the code in your workspace. Use `@workspace` when you want {% data variables.product.prodname_copilot_short %} to consider the structure of your project, how different parts of your code interact, or design patterns in your project.
+* `@vscode`: Has context about {% data variables.product.prodname_vscode %} commands and features. Use `@vscode` when you want help with {% data variables.product.prodname_vscode %}.
+* `@terminal`: Has context about the {% data variables.product.prodname_vscode %} terminal shell and its contents. Use `@terminal` when you want help creating or debugging terminal commands.
{% ifversion ghec %}
* `@github`: Allows you to use {% data variables.product.prodname_dotcom %}-specific {% data variables.product.prodname_copilot_short %} skills. See "[Using {% data variables.product.prodname_dotcom %} skills for {% data variables.product.prodname_copilot_short %}](#using-github-skills-for-copilot)."
{% endif %}
-To see all available chat participants, type `@` in the chat prompt box. See also [Chat participants](https://code.visualstudio.com/docs/copilot/copilot-chat#_chat-participants) in the {% data variables.product.prodname_vscode %} documentation.
+In addition to the built-in {% data variables.product.prodname_vscode %} chat participants, you can also install {% data variables.product.prodname_copilot_extensions_short %} that provide chat participants. You can install these extensions from [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=apps&copilot_app=true) and from [{% data variables.product.prodname_vscode_marketplace %}](https://marketplace.visualstudio.com/search?target=VSCode&category=Chat&sortBy=Installs). For information about extensions from {% data variables.product.prodname_marketplace %} that provide chat participants, see "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/about-github-copilot-extensions)."
+
+{% data reusables.copilot.copilot-extensions.beta-note %}
+
+To see all available chat participants, type `@` in the chat prompt box.
+
+See also [Chat participants](https://code.visualstudio.com/docs/copilot/copilot-chat#_chat-participants) in the {% data variables.product.prodname_vscode %} documentation.
### Slash commands
@@ -77,105 +85,13 @@ Use chat variables to include specific context in your prompt. To use a chat var
To see all available chat variables, type `#` in the chat prompt box. See also [Chat variables](https://code.visualstudio.com/docs/copilot/copilot-chat#_chat-variables) in the {% data variables.product.prodname_vscode %} documentation.
-## Example prompts
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} specific questions about your project or general software questions. You can also ask {% data variables.product.prodname_copilot_chat_short %} to write code, fix errors, write tests, and document code.
-
-### Ask general software questions
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} general software questions. For example:
-
-* `tell me about nodejs web server frameworks`
-* `how to create an express app`
-* `@terminal how to update an npm package` (uses the @terminal [chat participant](#chat-participants))
-
-### Ask questions about your project
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} questions about your project.
-
-* `what sorting algorithm does this function use`
-* `@workspace how are notifications scheduled`
-* `#file:gameReducer.js #file:gameInit.js how are these files related`
-
-To give {% data variables.product.prodname_copilot_short %} the correct context, try some of these strategies:
-
-* Highlight relevant lines of code
-* Use chat variables like `#selection`, `#file`, `#editor`, `#codebase`, or `#git`
-* Use the `@workspace` chat participant
-
-### Write code
-
-You can ask {% data variables.product.prodname_copilot_short %} to write code for you. For example:
-
-* `write a function to sum all numbers in a list`
-* `add error handling to this function`
-* `@workspace add form validation, similar to the newsletter page`
-
-When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code, or to insert the code at your cursor, into a new file, or into the terminal.
-
-### Set up a new project
-
-Use the `/new` slash command to set up a new project. For example:
-
-* `/new react app with typescript`
-* `/new python django web application`
-* `/new node.js express server`
-
-Copilot will suggest a directory structure and provide a button to create the suggested files and contents. To preview a suggested file, select the file name in the suggested directory structure.
-
-Use the `/newNotebook` slash command to set up a new Jupyter notebook. For example:
-
-* `/newNotebook retrieve the titanic dataset and use Seaborn to plot the data`
-
-### Fix, improve, and refactor code
-
-If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.
-
-You can also make general requests to improve or refactor your code.
-
-* `how would you improve this code?`
-* `translate this code to C#`
-* `add error handling to this function`
-
-### Write tests
-
-Use the `/tests` slash command to ask {% data variables.product.prodname_copilot_short %} to write tests for the active file or selected code. For example:
-
-* `/tests`
-* `/tests using the Jest framework`
-* `/tests ensure the function rejects an empty list`
-
-The `/tests` slash command writes tests for existing code. If you prefer to write tests before writing code (test driven development), omit the `/tests` command. For example:
-
-* `Add tests for a JavaScript function that should sum a list of integers`
-
-### Ask questions about {% data variables.product.prodname_vscode %}
-
-Use the `@vscode` chat participant to ask specific questions about {% data variables.product.prodname_vscode %}. For example:
-
-* `@vscode tell me how to debug a node.js app`
-* `@vscode how do I change my {% data variables.product.prodname_vscode %} colors`
-* `@vscode how can I change key bindings`
-
-### Ask questions about the command line
-
-Use the `@terminal` chat participant to ask specific questions about the command line. For example:
-
-* `@terminal find the largest file in the src directory`
-* `@terminal #terminalLastCommand` to explain the last command and any errors
-
{% ifversion ghec %}
## Using {% data variables.product.prodname_dotcom %} skills for {% data variables.product.prodname_copilot_short %}
-{% note %}
-
-**Notes**:
-
-* This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
-* The `@github` chat participant is currently in beta and is subject to change.
-
-{% endnote %}
+> [!NOTE]
+> * This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
+> * The `@github` chat participant is currently in beta and is subject to change.
{% data variables.product.prodname_copilot_short %} has a collection of {% data variables.product.prodname_dotcom %}-specific skills that it can use to answer your questions. To access these skills in {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode_shortname %}, include `@github` in your question.
@@ -191,21 +107,17 @@ The skills you can use in {% data variables.product.prodname_copilot_chat_short
| Skill | Description | Enabled by default? | Example question |
| ------- | ----------- | ------------------- | -----------------|
-| **Code search** | Natural language code search in the default branch of the Git repository. This skill is useful when you want to know where or how certain functionality has been implemented in the code. Note: the repository must be indexed - see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-exploratory-questions-about-a-repository)." | Yes | `@github Where is the logic that controls the user session management, and how does it work?` |
+| **Code search** | Natural language code search in the default branch of the Git repository. This skill is useful when you want to know where or how certain functionality has been implemented in the code. Note: the repository must be indexed - see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)." | Yes | `@github Where is the logic that controls the user session management, and how does it work?` |
| **Path search** | Retrieves a specific file in the default branch of the Git repository. This skill is useful when you provide the exact path of a file in the repository. | Yes | `@github What logic does user_auth.js encapsulate?` |
| **Show symbol definition** | Retrieves the lines of code that define a specific code symbol (function, class, or struct) in the default branch of the Git repository. This skill is useful when you have the exact name of a symbol, and want to understand it. | Yes | `@github Write unit tests for the AuthUser method` |
| **Knowledge base search** | Tell {% data variables.product.prodname_copilot_chat_short %} to answer a question within the context of a knowledge base. To initiate a knowledge base search, first enter `@github #kb`. | Yes | Enter `@github #kb`, then choose your organization's style guide knowledge base, then ask: `What is our coding convention for indentation?` |
-| **Web search** | Searches the web using the Bing search engine. This skill is useful for teaching Copilot about recent events, new developments, trends, technologies, or extremely specific, detailed, or niche subjects. | No (requires admin approval - see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)")| `@github What are some recent articles about SAT tokens securing against vulnerabilities in Node?` |
+| **Web search** | Searches the web using the Bing search engine. This skill is useful for teaching Copilot about recent events, new developments, trends, technologies, or extremely specific, detailed, or niche subjects. | No (requires admin approval - see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)")| `@github What are some recent articles about SAT tokens securing against vulnerabilities in Node?` |
## Asking a question about a knowledge base
-{% note %}
-
-**Note**: This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
+> [!NOTE] This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
-{% endnote %}
-
-Organization owners can create knowledge bases, grouping together Markdown documentation across one or more repositories. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/managing-copilot-knowledge-bases)."
+Organization owners can create knowledge bases, grouping together Markdown documentation across one or more repositories. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-copilot-knowledge-bases)."
You can tell {% data variables.product.prodname_copilot_short %} to answer a question within the context of a knowledge base.
@@ -236,9 +148,9 @@ To leave feedback about the {% data variables.product.prodname_copilot_chat %} e
* "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)"
* [Using Copilot Chat in VS Code](https://code.visualstudio.com/docs/copilot/copilot-chat) and [Getting started with GitHub Copilot Chat in VS Code](https://code.visualstudio.com/docs/copilot/getting-started-chat) in the {% data variables.product.prodname_vscode %} documentation
-{% ifversion ghec %}
+{%- ifversion ghec %}
* "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"
-{% endif %}
+{%- endif %}
* "[AUTOTITLE](/copilot/github-copilot-chat/about-github-copilot-chat)"
* "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot)"{% ifversion ghec %}
* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center){% endif %}
@@ -263,7 +175,7 @@ To leave feedback about the {% data variables.product.prodname_copilot_chat %} e
You can ask {% data variables.product.prodname_copilot_chat_short %} to give code suggestions, explain code, generate unit tests, and suggest code fixes.
1. In the {% data variables.product.prodname_vs %} menu bar, click **View**, then click **{% data variables.product.prodname_copilot_chat %}**.
-1. In the {% data variables.product.prodname_copilot_chat_short %} window, enter a prompt, then press **Enter**. For example prompts, see "[Example prompts](#example-prompts)" below.
+1. In the {% data variables.product.prodname_copilot_chat_short %} window, enter a prompt, then press **Enter**. For example prompts, see "[AUTOTITLE](/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat)."
1. Evaluate {% data variables.product.prodname_copilot_short %}'s response, and submit a follow up prompt if needed.
The response often includes interactive elements. For example, the response may include buttons to copy, insert, or preview the result of a code block.
@@ -296,75 +208,13 @@ By default, {% data variables.product.prodname_copilot_chat_short %} will refere
See also [Reference](https://learn.microsoft.com/visualstudio/ide/copilot-chat-context#reference) in the {% data variables.product.prodname_vs %} documentation.
-## Example prompts
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} specific questions about your project or general software questions. You can also ask {% data variables.product.prodname_copilot_chat_short %} to write code, fix errors, write tests, and document code.
-
-### Ask general software questions
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} general software questions. For example:
-
-* `tell me about nodejs web server frameworks`
-* `how to create an express app`
-* `how to update an npm package`
-
-### Ask questions about your project
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} questions about your project. To give {% data variables.product.prodname_copilot_short %} the correct context, try some of these strategies:
-
-* Highlight relevant lines of code
-* Open the relevant file
-* Use `#file` to tell {% data variables.product.prodname_copilot_short %} to reference specific files
-* Use `#solution` to tell {% data variables.product.prodname_copilot_short %} to reference the active file
-
-For example:
-
-* `what sorting algorithm does this function use`
-* `#file:gameReducer.js what happens when a new game is requested`
-
-### Write code
-
-You can ask {% data variables.product.prodname_copilot_short %} to write code for you. For example:
-
-* `write a function to sum all numbers in a list`
-* `add error handling to this function`
-
-When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code, insert the code into a new file, or preview the code output.
-
-### Fix, improve, and refactor code
-
-If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.
-
-You can also make general requests to improve or refactor your code.
-
-* `how would you improve this code?`
-* `translate this code to C#`
-* `add error handling to this function`
-
-### Write tests
-
-Use the `/tests` slash command to ask {% data variables.product.prodname_copilot_short %} to write tests for the active file or selected code. For example:
-
-* `/tests`
-* `/tests using the Jest framework`
-* `/tests ensure the function rejects an empty list`
-
-The `/tests` slash command writes tests for existing code. If you prefer to write tests before writing code (test driven development), omit the `/tests` command. For example:
-
-* `Add tests for a JavaScript function that should sum a list of integers`
-
{% ifversion ghec %}
## Using {% data variables.product.prodname_dotcom %} skills for {% data variables.product.prodname_copilot_short %} (preview)
-{% note %}
-
-**Notes**:
-
-* This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
-* The `@github` chat participant is currently in preview, and only available in [{% data variables.product.prodname_vs %} 2022 Preview 2](https://visualstudio.microsoft.com/vs/preview/) onwards.
-
-{% endnote %}
+> [!NOTE]
+> * This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
+> * The `@github` chat participant is currently in preview, and only available in [{% data variables.product.prodname_vs %} 2022 Preview 2](https://visualstudio.microsoft.com/vs/preview/) onwards.
{% data variables.product.prodname_copilot_short %} has a collection of {% data variables.product.prodname_dotcom %}-specific skills that it can use to answer your questions. To access these skills in {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %}, include `@github` in your question.
@@ -378,10 +228,25 @@ The skills you can use in {% data variables.product.prodname_copilot_chat_short
| Skill | Description | Enabled by default? | Example question |
| ------- | ----------- | ------------------- | -----------------|
-| **Code search** | Natural language code search in the default branch of the Git repository. This skill is useful when you want to know where or how certain functionality has been implemented in the code. Note: the repository must be indexed - see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-exploratory-questions-about-a-repository)." | Yes | `@github Where is the logic that controls the user session management, and how does it work?` |
+| **Code search** | Natural language code search in the default branch of the Git repository. This skill is useful when you want to know where or how certain functionality has been implemented in the code. Note: the repository must be indexed - see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/indexing-repositories-for-copilot-chat)." | Yes | `@github Where is the logic that controls the user session management, and how does it work?` |
| **Path search** | Retrieves a specific file in the default branch of the Git repository. This skill is useful when you provide the exact path of a file in the repository. | Yes | `@github What logic does user_auth.js encapsulate?` |
| **Show symbol definition** | Retrieves the lines of code that define a specific code symbol (function, class, or struct) in the default branch of the Git repository. This skill is useful when you have the exact name of a symbol, and want to understand it. | Yes | `@github Write unit tests for the AuthUser method` |
-| **Web search** | Searches the web using the Bing search engine. This skill is useful for teaching Copilot about recent events, new developments, trends, technologies, or extremely specific, detailed, or niche subjects. | No (requires admin approval - see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features)")| `@github What are some recent articles about SAT tokens securing against vulnerabilities in Node?` |
+| **Web search** | Searches the web using the Bing search engine. This skill is useful for teaching Copilot about recent events, new developments, trends, technologies, or extremely specific, detailed, or niche subjects. | No (requires admin approval - see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)")| `@github What are some recent articles about SAT tokens securing against vulnerabilities in Node?` |
+| **Knowledge base search** | Tell {% data variables.product.prodname_copilot_chat_short %} to answer a question within the context of a knowledge base. To initiate a knowledge base search, first enter `@github`, then press **#**, then select a knowledge base. | Yes | Enter `@github #`, then choose your organization's style guide knowledge base, then ask: `What is our coding convention for indentation?` |
+
+## Asking a question about a knowledge base (preview)
+
+> [!NOTE]
+> * This feature is only available if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription.
+> * Support for knowledge bases is currently in preview, and only available in [{% data variables.product.prodname_vs %} 2022 Preview 3](https://visualstudio.microsoft.com/vs/preview/) onwards.
+
+Organization owners can create knowledge bases, grouping together Markdown documentation across one or more repositories. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/managing-copilot-knowledge-bases)."
+
+You can tell {% data variables.product.prodname_copilot_short %} to answer a question within the context of a knowledge base.
+
+1. At the bottom of the {% data variables.product.prodname_copilot_chat_short %} window, in the **Ask {% data variables.product.prodname_copilot_short %}: Type / for commands and # to reference** text box, type `@github`, press #, then select a knowledge base from the list.
+1. In the **Type / for commands and # to reference** text box, continue your message with your question, and then press **Enter**.
+1. {% data variables.product.prodname_copilot_chat_short %} will process your question and provide an answer, with citations from your knowledge base, in the chat window.
{% endif %}
@@ -408,9 +273,9 @@ To share feedback about {% data variables.product.prodname_copilot_chat_short %}
* "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)"
* [Using {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_vs %} in the Microsoft Learn documentation](https://learn.microsoft.com/visualstudio/ide/visual-studio-github-copilot-chat?view=vs-2022#use-copilot-chat-in-visual-studio)
* [Tips to improve {% data variables.product.prodname_copilot_chat %} results in the Microsoft Learn documentation](https://learn.microsoft.com/en-us/visualstudio/ide/copilot-chat-context?view=vs-2022)
-{% ifversion ghec %}
+{%- ifversion ghec %}
* "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"
-{% endif %}
+{%- endif %}
* "[AUTOTITLE](/copilot/github-copilot-chat/about-github-copilot-chat)"
* "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot)"{% ifversion ghec %}
* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center){% endif %}
@@ -426,7 +291,6 @@ To share feedback about {% data variables.product.prodname_copilot_chat_short %}
* **A compatible JetBrains IDE**. {% data variables.product.prodname_copilot %} is compatible with the following IDEs:
{% data reusables.copilot.jetbrains-compatible-ides %}
-
{% data reusables.copilot.jetbrains-plugin-prerequisites %}
{% data reusables.copilot.chat-access-denied %}
@@ -439,7 +303,7 @@ You can ask {% data variables.product.prodname_copilot_chat_short %} to give cod
-1. Enter a prompt in the prompt box. For example prompts, see "[Example prompts](#example-prompts)" below.
+1. Enter a prompt in the prompt box. For example prompts, see "[AUTOTITLE](/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat)."
1. Evaluate {% data variables.product.prodname_copilot_short %}'s response, and submit a follow up prompt if needed.
@@ -466,62 +330,6 @@ To see all available slash commands, type `/` in the chat prompt box.
By default, {% data variables.product.prodname_copilot_chat_short %} will reference the file that you have open or the code that you have selected. You can also tell {% data variables.product.prodname_copilot_chat_short %} which files to reference by dragging a file into the chat prompt box. Alternatively, you can right click on a file, select **GitHub Copilot**, then select **Reference File in Chat**.
-## Example prompts
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} specific questions about your project or general software questions. You can also ask {% data variables.product.prodname_copilot_chat_short %} to write code, fix errors, write tests, and document code.
-
-### Ask general software questions
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} general software questions. For example:
-
-* `tell me about nodejs web server frameworks`
-* `how to create an express app`
-* `how to update an npm package`
-
-### Ask questions about your project
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} questions about your project. To give {% data variables.product.prodname_copilot_short %} the correct context, try some of these strategies:
-
-* Highlight relevant lines of code.
-* Open the relevant file.
-* Add the file as a reference. See [File references](#file-references).
-
-For example:
-
-* `what sorting algorithm does this function use`
-* `how are these files related` (with references to the files in question)
-
-### Write code
-
-You can ask {% data variables.product.prodname_copilot_short %} to write code for you. For example:
-
-* `write a function to sum all numbers in a list`
-* `add error handling to this function`
-
-When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code or to insert the code at your cursor.
-
-### Fix, improve, and refactor code
-
-If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.
-
-You can also make general requests to improve or refactor your code.
-
-* `how would you improve this code?`
-* `translate this code to C#`
-* `add error handling to this function`
-
-### Write tests
-
-Use the `/tests` slash command to ask {% data variables.product.prodname_copilot_short %} to write tests for the active file or selected code. For example:
-
-* `/tests`
-* `/tests using the Jest framework`
-* `/tests ensure the function rejects an empty list`
-
-The `/tests` slash command writes tests for existing code. If you prefer to write tests before writing code (test driven development), omit the `/tests` command. For example:
-
-* `Add tests for a JavaScript function that should sum a list of integers`
-
## Additional ways to access {% data variables.product.prodname_copilot_chat_short %}
In addition to submitting prompts through the chat window, you can submit built-in requests by right clicking in a file, selecting **GitHub Copilot**, then selecting one of the options.
@@ -541,7 +349,8 @@ To share feedback about {% data variables.product.prodname_copilot_chat_short %}
## Further reading
* "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)"
-{% ifversion ghec %}- "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"{% endif %}
+{%- ifversion ghec %}
+* "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"{% endif %}
* "[AUTOTITLE](/copilot/github-copilot-chat/about-github-copilot-chat)"
* "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-terms)"
* "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot) "{% ifversion ghec %}
diff --git a/content/copilot/using-github-copilot/best-practices-for-using-github-copilot.md b/content/copilot/using-github-copilot/best-practices-for-using-github-copilot.md
new file mode 100644
index 000000000000..e76ce4bce98c
--- /dev/null
+++ b/content/copilot/using-github-copilot/best-practices-for-using-github-copilot.md
@@ -0,0 +1,85 @@
+---
+title: Best practices for using GitHub Copilot
+intro: 'Learn how to get the most out of {% data variables.product.prodname_copilot_short %}.'
+topics:
+ - Copilot
+versions:
+ feature: copilot
+shortTitle: Best practices
+---
+
+## Understand {% data variables.product.prodname_copilot_short %}'s strengths and weaknesses
+
+{% data variables.product.prodname_copilot %} is an AI coding assistant that helps you write code faster and with less effort, allowing you to focus more energy on problem solving and collaboration. Before you start working with {% data variables.product.prodname_copilot_short %}, it's important to understand when you should and shouldn't use it.
+
+**Some of the things {% data variables.product.prodname_copilot_short %} does best include**:
+
+* Writing tests and repetitive code
+* Debugging and correcting syntax
+* Explaining and commenting code
+* Generating regular expressions
+
+**{% data variables.product.prodname_copilot_short %} is not designed to**:
+
+* Respond to prompts unrelated to coding and technology
+* Replace your expertise and skills. Remember that you are in charge, and {% data variables.product.prodname_copilot_short %} is a powerful tool at your service.
+
+## Choose the right {% data variables.product.prodname_copilot_short %} tool for the job
+
+While {% data variables.product.prodname_copilot_short %} code completions and {% data variables.product.prodname_copilot_chat_short %} share some functionality, the two tools are best used in different circumstances.
+
+**Code completions work best for**:
+
+* Completing code snippets, variable names, and functions as you write them
+* Generating repetitive code
+* Generating code from inline comments in natural language
+* Generating tests for test-driven development
+
+**Alternatively, {% data variables.product.prodname_copilot_chat_short %} is best suited for**:
+
+* Answering questions about code in natural language
+* Generating large sections of code, then iterating on that code to meet your needs
+* Accomplishing specific tasks with keywords and skills. {% data variables.product.prodname_copilot_chat_short %} has built-in keywords and skills designed to provide important context for prompts and accomplish common tasks quickly. Different types of keywords and skills are available in different {% data variables.product.prodname_copilot_chat_short %} platforms. See "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide#using-keywords-in-your-prompt){% ifversion fpt %}."{% else %}" and "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#powered-by-skills)."{% endif %}
+* Completing a task as a specific persona. For example, you can tell {% data variables.product.prodname_copilot_chat_short %} that it is a Senior C++ Developer who cares greatly about code quality, readability, and efficiency, then ask it to review your code.
+
+## Create thoughtful prompts
+
+Prompt engineering, or structuring your request so {% data variables.product.prodname_copilot_short %} can easily understand and respond to it, plays a critical role in {% data variables.product.prodname_copilot_short %}'s ability to generate a valuable response. Here are a few quick tips you should remember while crafting your prompts:
+
+* Break down complex tasks.
+* Be specific about your requirements.
+* Provide examples of things like input data, outputs, and implementations.
+* Follow good coding practices.
+
+To learn more, see "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)."
+
+## Check {% data variables.product.prodname_copilot_short %}'s work
+
+While {% data variables.product.prodname_copilot_short %} is very powerful, it is still a tool capable of making mistakes, and you should always validate the code it suggests. Use the following tips to ensure you are accepting accurate, secure suggestions:
+
+* **Understand suggested code before you implement it.** To ensure you fully understand {% data variables.product.prodname_copilot_short %}'s suggestion, you can ask {% data variables.product.prodname_copilot_chat_short %} to explain the code.
+* **Review {% data variables.product.prodname_copilot_short %}'s suggestions carefully.** Consider not just the functionality and security of the suggested code, but also the readability and maintainability of the code moving forward.
+* **Use automated tests and tooling to check {% data variables.product.prodname_copilot_short %}'s work.** With the help of tools like linting, {% data variables.product.prodname_code_scanning %}, and IP scanning, you can automate an additional layer of security and accuracy checks.
+
+> [!TIP] Optionally, you may want to check {% data variables.product.prodname_copilot_short %}'s work for similarities to existing public code. If you don't want to use similar code, you can turn off suggestions matching public code. See {% ifversion fpt %}"[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber#enabling-or-disabling-suggestions-matching-public-code)" or "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#policies-for-suggestion-matching)."{% else %}"[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber#enabling-or-disabling-suggestions-matching-public-code)," "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#policies-for-suggestion-matching)," or "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#suggestions-matching-public-code)."{% endif %}
+
+## Guide {% data variables.product.prodname_copilot_short %} towards helpful outputs
+
+There are several adjustments you can make to steer {% data variables.product.prodname_copilot_short %} towards more valuable responses:
+
+* **Provide {% data variables.product.prodname_copilot_short %} with helpful context**:
+ * If you are using {% data variables.product.prodname_copilot_short %} in your IDE, open relevant files and close irrelevant files.
+ * In {% data variables.product.prodname_copilot_chat_short %}, if a particular request is no longer helpful context, delete that request from the conversation. Alternatively, if none of the context of a particular conversation is helpful, start a new conversation.
+ * If you are using {% data variables.product.prodname_copilot_chat_dotcom_short %}, provide specific repositories, files, symbols, and more as context. See "[AUTOTITLE](/enterprise-cloud@latest/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+ * If you are using {% data variables.product.prodname_copilot_chat_short %} in your IDE, use keywords to focus {% data variables.product.prodname_copilot_short %} on a specific task or piece of context. See "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide#using-keywords-in-your-prompt)."
+* **Rewrite your prompts to generate different responses.** If {% data variables.product.prodname_copilot_short %} is not providing a helpful response, try rephrasing your prompt, or even breaking your request down into multiple smaller prompts.
+* **Pick the best available suggestion.** When you are using code completions, {% data variables.product.prodname_copilot_short %} might offer more than one suggestion. You can use keyboard shortcuts to quickly look through all available suggestions. For the default keyboard shortcuts for your operating system, see "[AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment#keyboard-shortcuts-for-github-copilot)."
+* **Provide feedback to improve future suggestions.** You can provide feedback in many ways:
+ * For code completions, accept or reject {% data variables.product.prodname_copilot_short %}'s suggestion.
+ * For individual responses in {% data variables.product.prodname_copilot_chat_short %}, click the thumbs up or thumbs down icons next to the response.
+ * For {% data variables.product.prodname_copilot_chat_short %} in your IDE, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide#sharing-feedback)" for instructions specific to your environment.
+ * For {% data variables.product.prodname_copilot_chat_dotcom_short %}, leave a comment on the [feedback discussion](https://github.com/orgs/community/discussions/110314).
+
+## Stay up-to-date on {% data variables.product.prodname_copilot_short %}'s features
+
+New features are regularly added to {% data variables.product.prodname_copilot_short %} to create new abilities, build on existing features, and improve the user experience. To stay up-to-date with {% data variables.product.prodname_copilot_short %}'s features, see the [changelog](https://github.blog/changelog/label/copilot/).
diff --git a/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot.md b/content/copilot/using-github-copilot/creating-a-pull-request-summary-with-github-copilot.md
similarity index 89%
rename from content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot.md
rename to content/copilot/using-github-copilot/creating-a-pull-request-summary-with-github-copilot.md
index 4c864b7a50a6..66099ab95772 100644
--- a/content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot.md
+++ b/content/copilot/using-github-copilot/creating-a-pull-request-summary-with-github-copilot.md
@@ -4,9 +4,12 @@ shortTitle: Create a PR summary
intro: 'You can generate a summary in the description of a pull request, or as a comment.'
versions:
feature: copilot-pr-summaries
-permissions: 'Members of an enterprise with a subscription to [{% data variables.product.prodname_copilot_enterprise %}](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)'
+permissions: 'Members of an enterprise with a subscription to {% data variables.product.prodname_copilot_enterprise %}'
topics:
- Copilot
+redirect_from:
+ - /copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot
+ - /copilot/github-copilot-enterprise/copilot-pull-request-summaries
---
## About {% data variables.product.prodname_copilot_for_prs %}
@@ -25,11 +28,7 @@ To learn more about {% data variables.product.prodname_copilot_for_prs %} and ho
1. On {% data variables.product.prodname_dotcom_the_website %}, create a pull request or navigate to an existing pull request.
- {% note %}
-
- **Note:** {% data variables.product.prodname_copilot %} does not take into account any existing content in the pull request description, so it is best to start with a blank description.
-
- {% endnote %}
+ > [!NOTE] {% data variables.product.prodname_copilot %} does not take into account any existing content in the pull request description, so it is best to start with a blank description.
1. Navigate to the text field where you want to add the pull request summary.
diff --git a/content/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat.md b/content/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat.md
new file mode 100644
index 000000000000..5684e6852169
--- /dev/null
+++ b/content/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat.md
@@ -0,0 +1,216 @@
+---
+title: Example prompts for Copilot Chat
+intro: 'Get example prompts and use cases for {% data variables.product.prodname_copilot_chat_short %}.'
+topics:
+ - Copilot
+defaultTool: vscode
+versions:
+ feature: copilot
+shortTitle: Example prompts for chat
+---
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} specific questions about your project or general software questions. You can also ask {% data variables.product.prodname_copilot_chat_short %} to write code, fix errors, write tests, and document code.
+
+Use the tabs above to select the environment where you are using {% data variables.product.prodname_copilot_chat_short %}.
+
+{% vscode %}
+
+Some of the following example prompts use chat participants (preceded by `@`), slash commands (preceded by `/`), or chat variables (preceded by `#`). For more information on keywords in prompts, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide#using-keywords-in-your-prompt)."
+
+## Ask general software questions
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} general software questions. For example:
+
+* `tell me about nodejs web server frameworks`
+* `how to create an express app`
+* `@terminal how to update an npm package`
+
+## Ask questions about your project
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} questions about your project.
+
+* `what sorting algorithm does this function use`
+* `@workspace how are notifications scheduled`
+* `#file:gameReducer.js #file:gameInit.js how are these files related`
+
+To give {% data variables.product.prodname_copilot_short %} the correct context, try some of these strategies:
+
+* Highlight relevant lines of code
+* Use chat variables like `#selection`, `#file`, `#editor`, `#codebase`, or `#git`
+* Use the `@workspace` chat participant
+
+## Write code
+
+You can ask {% data variables.product.prodname_copilot_short %} to write code for you. For example:
+
+* `write a function to sum all numbers in a list`
+* `add error handling to this function`
+* `@workspace add form validation, similar to the newsletter page`
+
+When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code, or to insert the code at your cursor, into a new file, or into the terminal.
+
+## Set up a new project
+
+Use the `/new` slash command to set up a new project. For example:
+
+* `/new react app with typescript`
+* `/new python django web application`
+* `/new node.js express server`
+
+Copilot will suggest a directory structure and provide a button to create the suggested files and contents. To preview a suggested file, select the file name in the suggested directory structure.
+
+Use the `/newNotebook` slash command to set up a new Jupyter notebook. For example:
+
+* `/newNotebook retrieve the titanic dataset and use Seaborn to plot the data`
+
+## Fix, improve, and refactor code
+
+If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.
+
+You can also make general requests to improve or refactor your code.
+
+* `how would you improve this code?`
+* `translate this code to C#`
+* `add error handling to this function`
+
+## Write tests
+
+Use the `/tests` slash command to ask {% data variables.product.prodname_copilot_short %} to write tests for the active file or selected code. For example:
+
+* `/tests`
+* `/tests using the Jest framework`
+* `/tests ensure the function rejects an empty list`
+
+The `/tests` slash command writes tests for existing code. If you prefer to write tests before writing code (test driven development), omit the `/tests` command. For example:
+
+* `Add tests for a JavaScript function that should sum a list of integers`
+
+## Ask questions about {% data variables.product.prodname_vscode %}
+
+Use the `@vscode` chat participant to ask specific questions about {% data variables.product.prodname_vscode %}. For example:
+
+* `@vscode tell me how to debug a node.js app`
+* `@vscode how do I change my {% data variables.product.prodname_vscode %} colors`
+* `@vscode how can I change key bindings`
+
+## Ask questions about the command line
+
+Use the `@terminal` chat participant to ask specific questions about the command line. For example:
+
+* `@terminal find the largest file in the src directory`
+* `@terminal #terminalLastCommand` to explain the last command and any errors
+
+{% endvscode %}
+
+{% visualstudio %}
+
+## Ask general software questions
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} general software questions. For example:
+
+* `tell me about nodejs web server frameworks`
+* `how to create an express app`
+* `how to update an npm package`
+
+## Ask questions about your project
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} questions about your project. To give {% data variables.product.prodname_copilot_short %} the correct context, try some of these strategies:
+
+* Highlight relevant lines of code
+* Open the relevant file
+* Use `#file` to tell {% data variables.product.prodname_copilot_short %} to reference specific files
+* Use `#solution` to tell {% data variables.product.prodname_copilot_short %} to reference the active file
+
+For example:
+
+* `what sorting algorithm does this function use`
+* `#file:gameReducer.js what happens when a new game is requested`
+
+## Write code
+
+You can ask {% data variables.product.prodname_copilot_short %} to write code for you. For example:
+
+* `write a function to sum all numbers in a list`
+* `add error handling to this function`
+
+When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code, insert the code into a new file, or preview the code output.
+
+## Fix, improve, and refactor code
+
+If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.
+
+You can also make general requests to improve or refactor your code.
+
+* `how would you improve this code?`
+* `translate this code to C#`
+* `add error handling to this function`
+
+## Write tests
+
+Use the `/tests` slash command to ask {% data variables.product.prodname_copilot_short %} to write tests for the active file or selected code. For example:
+
+* `/tests`
+* `/tests using the Jest framework`
+* `/tests ensure the function rejects an empty list`
+
+The `/tests` slash command writes tests for existing code. If you prefer to write tests before writing code (test driven development), omit the `/tests` command. For example:
+
+* `Add tests for a JavaScript function that should sum a list of integers`
+
+{% endvisualstudio %}
+
+{% jetbrains %}
+
+## Ask general software questions
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} general software questions. For example:
+
+* `tell me about nodejs web server frameworks`
+* `how to create an express app`
+* `how to update an npm package`
+
+## Ask questions about your project
+
+You can ask {% data variables.product.prodname_copilot_chat_short %} questions about your project. To give {% data variables.product.prodname_copilot_short %} the correct context, try some of these strategies:
+
+* Highlight relevant lines of code.
+* Open the relevant file.
+* Add the file as a reference. For information about how to use file references, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide?tool=jetbrains#file-references)."
+
+For example:
+
+* `what sorting algorithm does this function use`
+* `how are these files related` (with references to the files in question)
+
+## Write code
+
+You can ask {% data variables.product.prodname_copilot_short %} to write code for you. For example:
+
+* `write a function to sum all numbers in a list`
+* `add error handling to this function`
+
+When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code or to insert the code at your cursor.
+
+## Fix, improve, and refactor code
+
+If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.
+
+You can also make general requests to improve or refactor your code.
+
+* `how would you improve this code?`
+* `translate this code to C#`
+* `add error handling to this function`
+
+## Write tests
+
+Use the `/tests` slash command to ask {% data variables.product.prodname_copilot_short %} to write tests for the active file or selected code. For example:
+
+* `/tests`
+* `/tests using the Jest framework`
+* `/tests ensure the function rejects an empty list`
+
+The `/tests` slash command writes tests for existing code. If you prefer to write tests before writing code (test driven development), omit the `/tests` command. For example:
+
+* `Add tests for a JavaScript function that should sum a list of integers`
+
+{% endjetbrains %}
diff --git a/content/copilot/using-github-copilot/example-use-cases/index.md b/content/copilot/using-github-copilot/example-use-cases/index.md
new file mode 100644
index 000000000000..011f2d9a22b7
--- /dev/null
+++ b/content/copilot/using-github-copilot/example-use-cases/index.md
@@ -0,0 +1,11 @@
+---
+title: Example use cases
+shortTitle: Examples
+intro: 'Learn about good use cases for {% data variables.product.prodname_copilot %}, and get example prompts.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+children:
+ - /example-prompts-for-copilot-chat
+---
diff --git a/content/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions.md b/content/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions.md
index 8c0348da5826..4a2faf0ade29 100644
--- a/content/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions.md
+++ b/content/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions.md
@@ -10,11 +10,7 @@ versions:
feature: copilot
---
-{% note %}
-
-**Note:** {% data variables.product.prodname_copilot %} code referencing is in public beta and is subject to change.
-
-{% endnote %}
+> [!NOTE] {% data variables.product.prodname_copilot %} code referencing is in public beta and is subject to change.
## About code referencing in {% data variables.product.prodname_copilot %}
@@ -26,15 +22,10 @@ When you accept a code completion suggestion that matches code in a public {% da
The linked web page includes details of any license identified for the repository where the matching code was found. Having reviewed the references, you can decide how to proceed. For example, you can decide what attribution to use, or whether you want to remove this code from your project.
-{% note %}
-
-**Notes**:
-
-* Code referencing does not currently apply to code completion suggestions that you add to your code using {% data variables.product.prodname_copilot_chat %}.
-* Code referencing currently only looks for matches of accepted {% data variables.product.prodname_copilot_short %} suggestions. Matches to code you have written, or {% data variables.product.prodname_copilot_short %} suggestions you have altered, is not checked for matches to public code.
-* Typically, matches to public code occur in less than one percent of {% data variables.product.prodname_copilot_short %} suggestions, so you should not expect to see code references for many of the suggestions you accept.
-
-{% endnote %}
+> [!NOTE]
+> * Code referencing does not currently apply to code completion suggestions that you add to your code using {% data variables.product.prodname_copilot_chat %}.
+> * Code referencing currently only looks for matches of accepted {% data variables.product.prodname_copilot_short %} suggestions. Matches to code you have written, or {% data variables.product.prodname_copilot_short %} suggestions you have altered, is not checked for matches to public code.
+> * Typically, matches to public code occur in less than one percent of {% data variables.product.prodname_copilot_short %} suggestions, so you should not expect to see code references for many of the suggestions you accept.
### How code referencing finds matching code
@@ -66,11 +57,7 @@ You can access code references from one of the {% data variables.product.prodnam
- {% note %}
-
- **Note:** The {% data variables.product.prodname_copilot %} log is flushed when you close the editor.
-
- {% endnote %}
+ > [!NOTE] The {% data variables.product.prodname_copilot %} log is flushed when you close the editor.
1. In the log entry, Ctrl+click (Windows/Linux) or Command+click (Mac) the link to view the code references on {% data variables.product.prodname_dotcom_the_website %}.
@@ -82,11 +69,7 @@ You can access code references from one of the {% data variables.product.prodnam
You should review all license information within a repository to verify that it applies to the matching code, as repositories may contain multiple licenses and these licenses are subject to human and non-human error.
- {% note %}
-
- **Note**: The web page displaying the full set of details will remain available for three months.
-
- {% endnote %}
+ > [!NOTE] The web page displaying the full set of details will remain available for three months.
### Verifying the code referencing functionality
diff --git a/content/copilot/using-github-copilot/using-github-copilot-code-suggestions-in-your-editor.md b/content/copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot.md
similarity index 98%
rename from content/copilot/using-github-copilot/using-github-copilot-code-suggestions-in-your-editor.md
rename to content/copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot.md
index 6652efd92fa8..2c77d955dfac 100644
--- a/content/copilot/using-github-copilot/using-github-copilot-code-suggestions-in-your-editor.md
+++ b/content/copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot.md
@@ -1,5 +1,5 @@
---
-title: Using GitHub Copilot code suggestions in your editor
+title: Getting code suggestions in your IDE with GitHub Copilot
shortTitle: Get code suggestions
intro: 'Use {% data variables.product.prodname_copilot %} to get code suggestions in your editor.'
redirect_from:
@@ -13,6 +13,7 @@ redirect_from:
- /copilot/getting-started-with-github-copilot/getting-started-with-github-copilot-in-neovim
- /copilot/getting-started-with-github-copilot/getting-started-with-github-copilot-in-visual-studio
- /copilot/using-github-copilot/getting-started-with-github-copilot
+ - /copilot/using-github-copilot/using-github-copilot-code-suggestions-in-your-editor
versions:
feature: copilot
defaultTool: vscode
@@ -412,5 +413,4 @@ If you want to accept the next line of the suggestion, you will need to set a cu
* **Learn how to write effective prompts** - See "[AUTOTITLE](/copilot/using-github-copilot/prompt-engineering-for-github-copilot)."
* **Configure {% data variables.product.prodname_copilot_short %} in your editor** - You can enable or disable {% data variables.product.prodname_copilot %} from within your editor, and create your own preferred keyboard shortcuts for {% data variables.product.prodname_copilot_short %}. See "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-github-copilot-in-your-environment)."
* **Get started with {% data variables.product.prodname_copilot_chat %}** - Learn how to ask {% data variables.product.prodname_copilot_short %} for information and assistance, using {% data variables.product.prodname_copilot_chat %}. See "[AUTOTITLE](/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide)"{% ifversion ghec %} and "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"{% endif %}.
-* **Use {% data variables.product.prodname_copilot_short %} like a pro** - Learn how to write effective prompts for {% data variables.product.prodname_copilot %}. See "[How to use GitHub Copilot: Prompts, tips, and use cases](https://github.blog/2023-06-20-how-to-write-better-prompts-for-github-copilot/)" in {% data variables.product.prodname_blog %}.
* **Troubleshoot issues** - Learn more about how to troubleshoot common issues with {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/copilot/troubleshooting-github-copilot)."
diff --git a/content/copilot/using-github-copilot/index.md b/content/copilot/using-github-copilot/index.md
index e800e5782561..6a282704dc49 100644
--- a/content/copilot/using-github-copilot/index.md
+++ b/content/copilot/using-github-copilot/index.md
@@ -7,7 +7,19 @@ versions:
topics:
- Copilot
children:
- - /using-github-copilot-code-suggestions-in-your-editor
+ - /best-practices-for-using-github-copilot
+ - /getting-code-suggestions-in-your-ide-with-github-copilot
+ - /asking-github-copilot-questions-in-your-ide
+ - /asking-github-copilot-questions-in-githubcom
+ - /asking-github-copilot-questions-in-github-mobile
+ - /creating-a-pull-request-summary-with-github-copilot
+ - /using-copilot-text-completion
+ - /using-github-copilot-in-the-command-line
- /prompt-engineering-for-github-copilot
+ - /using-extensions-to-integrate-external-tools-with-copilot-chat
- /finding-public-code-that-matches-github-copilot-suggestions
+ - /example-use-cases
+redirect_from:
+ - /copilot/github-copilot-chat
+ - /copilot/github-copilot-in-the-cli
---
diff --git a/content/copilot/using-github-copilot/using-copilot-text-completion.md b/content/copilot/using-github-copilot/using-copilot-text-completion.md
new file mode 100644
index 000000000000..dea253b3005f
--- /dev/null
+++ b/content/copilot/using-github-copilot/using-copilot-text-completion.md
@@ -0,0 +1,38 @@
+---
+title: Using Copilot text completion
+shortTitle: Text completion
+intro: 'You can use {% data variables.product.prodname_copilot_autocomplete_pr %} to help you write pull request descriptions more quickly and accurately.'
+versions:
+ feature: copilot-enterprise
+permissions: 'Members of an enterprise with a subscription to [{% data variables.product.prodname_copilot_enterprise %}](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)'
+topics:
+ - Copilot
+---
+
+>[!NOTE]
+> {% data variables.product.prodname_copilot_autocomplete_pr %} is currently in beta and subject to change. To participate in the beta, an administrator of your enterprise must opt in to the use of previews of {% data variables.product.prodname_copilot_short %} features.
+
+## About {% data variables.product.prodname_copilot_autocomplete_pr %}
+
+With {% data variables.product.prodname_copilot_autocomplete_pr %}, you can use AI-generated autocompletions to help you write pull request descriptions quickly and accurately. Accurate descriptions help reviewers understand the changes you're proposing, and help you communicate the purpose of your pull request more effectively.
+
+When you are creating a new pull request, {% data variables.product.prodname_copilot_autocomplete_pr %} will scan through the pull request and provide suggestions as you write, based on the context of the pull request.
+
+## Using {% data variables.product.prodname_copilot_autocomplete_pr %}
+
+You can use {% data variables.product.prodname_copilot_autocomplete_pr %} in the description of a new pull request you're creating.
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, create a pull request.
+1. In the description field, start typing your description.
+1. As you type, {% data variables.product.prodname_copilot_short %} will provide in-line suggestions based on the context of the pull request.
+1. Review the suggestions, which will be shown in grey.
+ * To accept a suggestion, press `Tab`.
+ * To ignore a suggestion, press `Esc` or continue typing. {% data variables.product.prodname_copilot_short %} will provide new suggestions as you type, based on the additional context.
+1. When you're happy with the description, click **Create pull request**.
+
+## Disabling or enabling {% data variables.product.prodname_copilot_autocomplete_pr %}
+
+You can disable or enable {% data variables.product.prodname_copilot_autocomplete_pr %} for your pull request descriptions. Your preference will be saved for future pull requests.
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, create a pull request.
+1. At the top of the description field, select {% octicon "copilot" aria-hidden="true" %} then hover over **Autocomplete (Beta)**, and click **Disabled** or **Enabled**.
diff --git a/content/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions.md b/content/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat.md
similarity index 54%
rename from content/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions.md
rename to content/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat.md
index 443d2f1e5176..772b9642c920 100644
--- a/content/copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions.md
+++ b/content/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat.md
@@ -1,5 +1,5 @@
---
-title: Using GitHub Copilot Extensions
+title: Using extensions to integrate external tools with Copilot Chat
intro: 'You can use {% data variables.product.prodname_copilot_extensions %} to interact with external tools in {% data variables.product.prodname_copilot_chat %}.'
product: '{% data reusables.gated-features.copilot-extensions %}'
versions:
@@ -8,26 +8,50 @@ topics:
- Copilot
shortTitle: Use Copilot Extensions
type: how_to
+redirect_from:
+ - /copilot/github-copilot-chat/github-copilot-extensions/about-github-copilot-extensions
+ - /copilot/github-copilot-chat/github-copilot-extensions/using-github-copilot-extensions
+ - /copilot/github-copilot-chat/github-copilot-extensions
---
{% data reusables.copilot.copilot-extensions.beta-note %}
+## About {% data variables.product.prodname_copilot_extensions %}
+
+{% data reusables.copilot.copilot-extensions.copilot-extensions-intro %}
+
+> [!NOTE] {% data variables.product.prodname_copilot_extensions %} are not the same as _the {% data variables.product.prodname_copilot %} extension_, which you install in an external application to access {% data variables.product.prodname_copilot_short %} within that application. For more information on _the {% data variables.product.prodname_copilot %} extension_, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot)."
+
+After you install a {% data variables.product.prodname_copilot_extension_short %} from {% data variables.product.prodname_marketplace %}, you can interact with that extension in a {% data variables.product.prodname_copilot_chat_short %} conversation, asking questions and authorizing actions that combine the capabilities of the external tool and {% data variables.product.prodname_dotcom %}. For example, if you install the Sentry extension for {% data variables.product.prodname_copilot %}, you can use the extension to get information about Sentry issues, then create and assign related tracking issues on {% data variables.product.prodname_dotcom %}.
+
+{% data variables.product.prodname_copilot_extensions_short %} provide several benefits, including:
+
+* Interaction with external tools using natural language
+* Reduced context switching
+* Customization of your {% data variables.product.prodname_copilot_chat_short %} experience for your developer flow
+
+**{% data variables.product.prodname_copilot_extensions_short %} are included in all {% data variables.product.prodname_copilot_short %} subscriptions**, and can be used with:
+
+{% data reusables.copilot.copilot-extensions.compatible-chat-interfaces %}
+
## About using {% data variables.product.prodname_copilot_extensions %}
-{% data variables.product.prodname_copilot_extensions_short %} **work the same way across all {% data variables.product.prodname_copilot_chat_short %} interfaces where {% data variables.product.prodname_copilot_extensions_short %} are available**. {% data variables.product.prodname_copilot_extensions_short %} are available in:
+{% data variables.product.prodname_copilot_extensions_short %} work the same way across all {% data variables.product.prodname_copilot_chat_short %} interfaces where {% data variables.product.prodname_copilot_extensions_short %} are available. {% data variables.product.prodname_copilot_extensions_short %} are available in:
{% data reusables.copilot.copilot-extensions.compatible-chat-interfaces %}
-If you have a {% data variables.product.prodname_copilot_individuals_short %} subscription, you need to install a {% data variables.product.prodname_copilot_extension_short %} before you can use the extension in {% data variables.product.prodname_copilot_chat_short %}. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account)."
+**If you have a {% data variables.product.prodname_copilot_individuals_short %} subscription**, you need to install a {% data variables.product.prodname_copilot_extension_short %} before you can use the extension in {% data variables.product.prodname_copilot_chat_short %}. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-personal-account)."
-If you have access to {% data variables.product.prodname_copilot_short %} through a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription, an organization owner needs to install {% data variables.product.prodname_copilot_extensions_short %} for your organization. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization)."
+**If you have access to {% data variables.product.prodname_copilot_short %} through a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription**:
+ 1. An organization owner or enterprise owner needs to enable the {% data variables.product.prodname_copilot_extensions_short %} policy for your organization or enterprise. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#setting-a-policy-for-github-copilot-extensions-in-your-organization)" and "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#configuring-policies-for-github-copilot)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+ 1. An organization owner needs to install {% data variables.product.prodname_copilot_extensions_short %} for your organization. See "[AUTOTITLE](/copilot/github-copilot-chat/github-copilot-extensions/installing-github-copilot-extensions-for-your-organization)."
## Using {% data variables.product.prodname_copilot_extensions %}
1. To start using a {% data variables.product.prodname_copilot_extension_short %}, open any of the following {% data variables.product.prodname_copilot_chat_short %} interfaces:
* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}. See "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide?tool=vscode#asking-your-first-question)."
* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %}. See "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide?tool=visualstudio#asking-your-first-question-1)."{% ifversion ghec %}
- * {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_dotcom_the_website %} (if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription). See "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-a-general-question-about-software-development)."{% endif %}
+ * {% data variables.product.prodname_copilot_chat_dotcom_short %} (if you have a {% data variables.product.prodname_copilot_enterprise_short %} subscription). See "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-a-general-question-about-software-development)."{% endif %}
1. To see a list of all {% data variables.product.prodname_copilot_extensions_short %} available in your {% data variables.product.prodname_copilot_chat_short %} conversation, in the {% data variables.product.prodname_copilot_chat_short %} text box, type `@`.
> [!NOTE] If you are using {% data variables.product.prodname_copilot_chat_short %} in an IDE, and you or your organization owner install a {% data variables.product.prodname_copilot_extension_short %} while your IDE is open, you need to restart your IDE to begin using the {% data variables.product.prodname_copilot_extension_short %}.
diff --git a/content/copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli.md b/content/copilot/using-github-copilot/using-github-copilot-in-the-command-line.md
similarity index 88%
rename from content/copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli.md
rename to content/copilot/using-github-copilot/using-github-copilot-in-the-command-line.md
index 31d80554b6e2..9ae996f4defe 100644
--- a/content/copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli.md
+++ b/content/copilot/using-github-copilot/using-github-copilot-in-the-command-line.md
@@ -1,5 +1,5 @@
---
-title: Using GitHub Copilot in the CLI
+title: Using GitHub Copilot in the command line
intro: 'You can use {% data variables.product.prodname_copilot_short %} with the {% data variables.product.prodname_cli %} to get suggestions and explanations for the command line.'
versions:
feature: copilot-in-the-cli
@@ -7,6 +7,9 @@ topics:
- Copilot
- CLI
shortTitle: Use Copilot in the CLI
+redirect_from:
+ - /copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli
+ - /copilot/using-github-copilot/using-github-copilot-in-the-cli
---
## Prerequisites
@@ -15,7 +18,7 @@ shortTitle: Use Copilot in the CLI
* **{% data variables.product.prodname_cli %} installed**. {% data reusables.cli.cli-installation %}
* **{% data variables.product.prodname_copilot_cli_short %} extension installed**. See "[AUTOTITLE](/copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli)."
-If you have access to {% data variables.product.prodname_copilot %} via your organization or enterprise, you cannot use {% data variables.product.prodname_copilot_cli_short %} if your organization owner or enterprise administrator has disabled {% data variables.product.prodname_copilot_cli_short %}. See "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-policies-and-features-for-copilot-in-your-organization)."
+If you have access to {% data variables.product.prodname_copilot %} via your organization or enterprise, you cannot use {% data variables.product.prodname_copilot_cli_short %} if your organization owner or enterprise administrator has disabled {% data variables.product.prodname_copilot_cli_short %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization)."
## Getting command explanations
diff --git a/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md b/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md
index c4aff37b0822..4c5c386b7ed1 100644
--- a/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md
+++ b/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md
@@ -56,3 +56,9 @@ You can install {% data variables.product.prodname_desktop %} on {% data variabl
1. {% data variables.product.prodname_desktop %} will launch after installation is complete.
{% endwindows %}
+
+{% linux %}
+
+Linux is not yet supported
+
+{% endlinux %}
diff --git a/content/desktop/overview/github-desktop-keyboard-shortcuts.md b/content/desktop/overview/github-desktop-keyboard-shortcuts.md
index ad4f8c5c24d2..96a8b908e4ba 100644
--- a/content/desktop/overview/github-desktop-keyboard-shortcuts.md
+++ b/content/desktop/overview/github-desktop-keyboard-shortcuts.md
@@ -30,6 +30,7 @@ GitHub Desktop keyboard shortcuts on macOS
|Command+8 | Decrease active pane width
|Command+9 | Increase active pane width
|Option+Command+I | Toggle Developer Tools
+|Shift+F10 | Open context menu of selected component
## Repositories
diff --git a/content/discussions/guides/finding-your-discussions.md b/content/discussions/guides/finding-your-discussions.md
index 04c7d9eee548..b0bc67d98923 100644
--- a/content/discussions/guides/finding-your-discussions.md
+++ b/content/discussions/guides/finding-your-discussions.md
@@ -11,12 +11,12 @@ redirect_from:
## Finding discussions
{% ifversion global-nav-update %}
-1. In the top-left corner of {% data variables.location.product_location %}, select {% octicon "three-bars" aria-label="Open global navigation menu" %}, then click {% octicon "comment-discussion" aria-hidden="true" %} **Discussions**.
+1. In the top-left corner of {% data variables.product.prodname_dotcom %}, select {% octicon "three-bars" aria-label="Open global navigation menu" %}, then click {% octicon "comment-discussion" aria-hidden="true" %} **Discussions**.
{% else %}
-1. In the top-right corner of {% data variables.location.product_location %}, click your profile photo, then click **Your discussions**.
+1. In the top-right corner of {% data variables.product.prodname_dotcom %}, click your profile photo, then click **Your discussions**.
diff --git a/content/discussions/managing-discussions-for-your-community/managing-categories-for-discussions.md b/content/discussions/managing-discussions-for-your-community/managing-categories-for-discussions.md
index 094b1fadd1ab..b11d886ac8c8 100644
--- a/content/discussions/managing-discussions-for-your-community/managing-categories-for-discussions.md
+++ b/content/discussions/managing-discussions-for-your-community/managing-categories-for-discussions.md
@@ -34,7 +34,7 @@ Each category must have a unique name and emoji pairing, and can be accompanied
## Creating a category
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to create a category.
+1. Navigate to the main page of the repository or organization where you want to create a category.
{% data reusables.discussions.discussions-tab %}
{% data reusables.discussions.edit-categories %}
1. Click **New category**.
@@ -50,7 +50,7 @@ Each category must have a unique name and emoji pairing, and can be accompanied
## Creating a section
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to create a category.
+1. Navigate to the main page of the repository or organization where you want to create a category.
{% data reusables.discussions.discussions-tab %}
{% data reusables.discussions.edit-categories %}
1. Click **New section**.
@@ -64,7 +64,7 @@ Each category must have a unique name and emoji pairing, and can be accompanied
You can edit a category to change the category's emoji, title, description, and discussion format.
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to edit a category.
+1. Navigate to the main page of the repository or organization where you want to edit a category.
{% data reusables.discussions.discussions-tab %}
{% data reusables.discussions.edit-categories %}
1. To the right of a category in the list, click {% octicon "pencil" aria-label="The pencil icon" %}.
@@ -79,7 +79,7 @@ You can edit a category to change the category's emoji, title, description, and
You can edit a section to change the section's emoji and title, and to add and remove categories from the section.
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to edit a section.
+1. Navigate to the main page of the repository or organization where you want to edit a section.
{% data reusables.discussions.discussions-tab %}
{% data reusables.discussions.edit-categories %}
1. To the right of a section in the list, click {% octicon "pencil" aria-label="The pencil icon" %}.
@@ -93,7 +93,7 @@ When you delete a category, {% data variables.product.product_name %} will move
{% ifversion discussions-category-section %}When you delete a section, all categories within the section will no longer belong to a section.{% endif %}
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to delete a category.
+1. Navigate to the main page of the repository or organization where you want to delete a category.
{% data reusables.discussions.discussions-tab %}
1. To the right of a category in the list, click {% octicon "trash" aria-label="The trash icon" %}.
1. Select the dropdown menu, and click a new category for any discussions in the category you're deleting.
@@ -105,7 +105,7 @@ When you delete a category, {% data variables.product.product_name %} will move
When you delete a section, all categories within the section will no longer belong to a section.
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to delete a section.
+1. Navigate to the main page of the repository or organization where you want to delete a section.
{% data reusables.discussions.discussions-tab %}
1. To the right of a section in the list, click {% octicon "trash" aria-label="The trash icon" %}.
1. In the dialog box, review the information about deleting a section, then click **Delete**.
diff --git a/content/discussions/managing-discussions-for-your-community/managing-discussions.md b/content/discussions/managing-discussions-for-your-community/managing-discussions.md
index 479c1ab3ed17..6e3d9269b9a2 100644
--- a/content/discussions/managing-discussions-for-your-community/managing-discussions.md
+++ b/content/discussions/managing-discussions-for-your-community/managing-discussions.md
@@ -186,7 +186,7 @@ To transfer a discussion, you must have permissions to create discussions in the
You can convert all issues with the same label to discussions in bulk. Future issues with this label will also automatically convert to the discussion and category you configure.
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or, for organization discussions, the source repository.
+1. Navigate to the main page of the repository or, for organization discussions, the source repository.
{% data reusables.repositories.sidebar-issues %}
{% data reusables.project-management.labels %}
1. Next to the label you want to convert to issues, click **Convert issues**.
diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md
index a310fa93dc72..892aaa1a4f6e 100644
--- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md
+++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md
@@ -34,7 +34,7 @@ Once you are a verified {% data variables.product.prodname_global_campus %} stud
* Discover student-created repositories from {% data variables.product.prodname_community_exchange %}. For more information, see "[AUTOTITLE](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/about-github-community-exchange)."
{% data variables.product.prodname_global_campus %} students also receive the following {% data variables.product.prodname_dotcom %} benefits.
-* **{% data variables.product.prodname_copilot %}**: Verified students receive a free subscription for {% data variables.product.prodname_copilot %}. You will be automatically notified about the free subscription when you visit the {% data variables.product.prodname_copilot %} subscription page in your account settings. For more information about subscribing to and using {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user)."
+* **{% data variables.product.prodname_copilot %}**: Verified students receive a free subscription for {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)."
* **{% data variables.product.prodname_github_codespaces %}**: {% data reusables.education.student-codespaces-benefit %} For more information on getting started with {% data variables.product.prodname_github_codespaces %}, see "[AUTOTITLE](/codespaces/overview)."
{% note %}
diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md
index 100be03c1b78..8806eafbcf4f 100644
--- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md
+++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md
@@ -10,7 +10,7 @@ redirect_from:
- /education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/apply-to-github-global-campus-as-a-student
versions:
fpt: '*'
-shortTitle: Apply to Github Education
+shortTitle: Apply to GitHub Education
---
{% data reusables.education.about-github-education-link %}
diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/about-github-education-for-teachers.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/about-github-education-for-teachers.md
index 34f4cb5db2d9..1445d5d823fa 100644
--- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/about-github-education-for-teachers.md
+++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/about-github-education-for-teachers.md
@@ -29,7 +29,7 @@ Before applying for an individual discount, check if your learning community is
* Stay in the know on what the student community is interested in by rewatching recent [Campus TV](https://www.twitch.tv/githubeducation) episodes. Campus TV is created by {% data variables.product.prodname_dotcom %} and student community leaders and can be watched live or on demand.
* Request a {% data variables.product.prodname_dotcom %} swag bag with educational materials and goodies for your students.
-A free subscription for {% data variables.product.prodname_copilot %} is available to verified teachers with {% data variables.product.prodname_education %}. You will be automatically notified about the free subscription when you visit the {% data variables.product.prodname_copilot %} subscription page in your account settings. For more information about subscribing to and using {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/subscribing-to-copilot-as-an-individual-user)" and "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)."
+A free subscription for {% data variables.product.prodname_copilot %} is available to verified teachers with {% data variables.product.prodname_education %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)."
## Further reading
diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md
index 4c73a023cbe8..cac0a9790bcc 100644
--- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md
+++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md
@@ -34,7 +34,7 @@ To become a {% data variables.product.prodname_student_leader_program_singular %
### Submitting your application form
In the application form, we’re looking for students to tell us about the challenges their student community faces, what opportunities they want to build for their peers, and the potential they see for growth.
-1. Go to [https://education.github.com/experts](https://education.github.com/experts).
+1. Go to [https://education.github.com/campus_experts](https://education.github.com/campus_experts).
1. To learn if applications are open, click **Become a Campus Expert** {% octicon "arrow-right" aria-label="The right arrow icon" %}.
1. If applications are open, a new page will appear titled “Your journey starts here”. To start your application, click **Apply Now**.
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md
index 0615d2fb985c..a7e67d4078bb 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md
@@ -9,8 +9,6 @@ versions:
fpt: '*'
---
-{% data reusables.classroom.note-on-assignment-changes %}
-
## About assignments in {% data variables.product.prodname_classroom %}
Assignments are coursework created for students in {% data variables.product.prodname_classroom %}. You can use assignments to test and grade your students, or to help your students practice their learnings.
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md
index 2205956ae1e1..a94ccb2a595a 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md
@@ -9,8 +9,6 @@ redirect_from:
- /education/manage-coursework-with-github-classroom/create-a-group-assignment
---
-{% data reusables.classroom.note-on-assignment-changes %}
-
## About group assignments
{% data reusables.classroom.assignments-group-definition %} Students can work together on a group assignment in a shared repository, like a team of professional developers.
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-assignment-from-a-template-repository.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-assignment-from-a-template-repository.md
index a8ee8561314c..9ea2ac0f9ab3 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-assignment-from-a-template-repository.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-assignment-from-a-template-repository.md
@@ -10,17 +10,13 @@ redirect_from:
shortTitle: Template repository
---
-{% data reusables.classroom.note-on-assignment-changes %}
-
You can use a template repository on {% data variables.product.product_name %} as starter code for an assignment on {% data variables.product.prodname_classroom %}. Your template repository can contain boilerplate code, documentation, and other resources for your students. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-template-repository)."
To use the template repository for your assignment, the template repository must be owned by your organization, or the visibility of the template repository must be public.
-{% note %}
-
-**Note:** All branches from the template repository are copied into student repositories derived from the template repository, even branches you use to store solutions.
+When you create your assignment, {% data variables.product.prodname_classroom %} creates a new repository from the template in your organization with the visibility you select (for more information on creating repositories from templates, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template)").
-{% endnote %}
+Student assignment repositories will be forks of this created repository. You can choose whether all branches are included in student assignment repositories, or just the default branch.
You can reuse an existing assignment, even if it uses a template repository, in any other classroom that you have admin access to, including classrooms in a different organization. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/reuse-an-assignment)."
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-individual-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-individual-assignment.md
index 67d2de256f45..f1d5c9ee5078 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-individual-assignment.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-individual-assignment.md
@@ -10,8 +10,6 @@ redirect_from:
shortTitle: Individual assignment
---
-{% data reusables.classroom.note-on-assignment-changes %}
-
## About individual assignments
{% data reusables.classroom.assignments-individual-definition %}
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md
index 6107042921f7..f23abb6ba326 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md
@@ -65,6 +65,8 @@ After creating an assignment, you can edit many aspects of the assignment to bet
* To choose a template repository, begin typing the repository name in the text field, then click the repository in the search results.
* To remove a template repository, delete any text in the text field.
+ You cannot change the template repository after a student has accepted the assignment. If you wish to provide updates to the starter code after students have accepted the assignment, see "[Making changes to assignment starter code](#making-changes-to-assignment-starter-code)."
+
{% note %}
**Note:** By default, an assignment will create an empty repository for each student on the roster for the classroom.
@@ -95,6 +97,22 @@ After creating an assignment, you can edit many aspects of the assignment to bet
{% data reusables.classroom.update-assignment %}
+## Making changes to assignment starter code
+
+If you need to update the starter code for your assignment after students have already accepted it, you can do so by modifying the original repository. Since student assignments are based on forks of this repository, you can make changes to the starter code and then create pull requests for students to merge these updates into their assignments. See, "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-assignment-from-a-template-repository)."
+
+{% data reusables.classroom.sign-into-github-classroom %}
+{% data reusables.classroom.click-classroom-in-list %}
+
+1. Select the assignment that has a starter code repository.
+1. Below the title of the assignment, click the link to your starter code repository.
+1. Make the necessary changes to your starter code's content.
+1. Return to the assignment overview page.
+1. Click **Sync assignments**. If changes are detected, an **Assignments are out of date** button will be shown.
+1. To open pull requests in all of your students' assignment repositories, click **Assignments are out of date**.
+
+The pull requests will be titled "{% data variables.product.prodname_classroom %}: Sync Assignment". Ask your students to merge these pull requests.
+
## Further reading
* "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-individual-assignment)"
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/reuse-an-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/reuse-an-assignment.md
index 0cabe6e5aa27..933ebcf11268 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/reuse-an-assignment.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/reuse-an-assignment.md
@@ -7,8 +7,6 @@ permissions: 'Organization owners who are admins for a classroom can reuse assig
shortTitle: Reuse an assignment
---
-{% data reusables.classroom.note-on-assignment-changes %}
-
## About reusing assignments
You can reuse an existing individual or group assignment in any other classroom you have access to, including classrooms in a different organization. You can also reuse multiple assignments at once from a classroom. If you choose to reuse an assignment, {% data variables.product.prodname_classroom %} will copy the assignment to the classroom you choose. If the assignment uses a template repository and you choose to reuse it in a classroom from a different organization, {% data variables.product.prodname_classroom %} will create a copy of the repository and its contents in the target organization.
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-autograding.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-autograding.md
index 34f600424026..1177bdaf7c66 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-autograding.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-autograding.md
@@ -51,7 +51,7 @@ A Python test runs a setup command, then runs `pytest`. The number of points awa
| Setting | Description |
| :- | :- |
| **Test name** | The name of the test, to identify the test in logs |
-| **Setup command** | _Optional_. A command to run before tests, such as compilation or installation. [Some dependencies are already installed](https://github.com/education/autograding-python-grader/blob/main/requirements.txt), but you can install more if needed. You do not need to use `sudo`, and should use `pip` instead of `pip3`. |
+| **Setup command** | _Optional_. A command to run before tests, such as compilation or installation. [Some dependencies are already installed](https://github.com/classroom-resources/autograding-python-grader/blob/main/requirements.txt), but you can install more if needed. You do not need to use `sudo`, and should use `pip` instead of `pip3`. |
| **Run command** | The command to run the test and generate an exit code for evaluation |
| **Timeout** | In minutes, how long a test should run before resulting in failure |
| **Points** | _Optional_. The total number of points the entire `pytest` suite is worth. Each test will be worth `Points / number_of_tests` |
diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-the-git-and-github-starter-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-the-git-and-github-starter-assignment.md
index 183f9491ce3e..fb1b67c2a4d0 100644
--- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-the-git-and-github-starter-assignment.md
+++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-the-git-and-github-starter-assignment.md
@@ -9,8 +9,6 @@ redirect_from:
shortTitle: Starter assignment
---
-{% data reusables.classroom.note-on-assignment-changes %}
-
The Git & {% data variables.product.company_short %} starter assignment is a pre-made course that summarizes the basics of Git and {% data variables.product.company_short %} and links students to resources to learn more about specific topics.
## Prerequisites
diff --git a/content/get-started/accessibility/github-command-palette.md b/content/get-started/accessibility/github-command-palette.md
index 394500837e65..be2c9ab3da76 100644
--- a/content/get-started/accessibility/github-command-palette.md
+++ b/content/get-started/accessibility/github-command-palette.md
@@ -10,6 +10,8 @@ redirect_from:
{% data reusables.command-palette.beta-note %}
+{% data reusables.command-palette.default %}
+
## About the {% data variables.product.prodname_command_palette %}
You can navigate, search, and run commands on {% data variables.product.product_name %} with the {% data variables.product.prodname_command_palette %}. The command palette is an on-demand way to show suggestions based on your current context and resources you've used recently. You can open the command palette with a keyboard shortcut from anywhere on {% data variables.product.product_name %}, which saves you time and keeps your hands on the keyboard.
@@ -68,7 +70,7 @@ You can use the command palette to navigate to any page that you have access to
## Searching with the {% data variables.product.prodname_command_palette %}
-You can use the command palette to search for anything on {% data variables.location.product_location %}.
+You can use the command palette to search for anything on {% data variables.product.prodname_dotcom %}.
{% data reusables.command-palette.open-palette %}
diff --git a/content/get-started/accessibility/keyboard-shortcuts.md b/content/get-started/accessibility/keyboard-shortcuts.md
index 838b1cc6bf3f..ce90bda789ed 100644
--- a/content/get-started/accessibility/keyboard-shortcuts.md
+++ b/content/get-started/accessibility/keyboard-shortcuts.md
@@ -22,68 +22,74 @@ Typing ? on {% data variables.product.prodname_dotcom %} brings up a
You can disable character key shortcuts, while still allowing shortcuts that use modifier keys, in your accessibility settings. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings)."{% endif %}
{% ifversion command-palette %}
-The {% data variables.product.prodname_command_palette %} also gives you quick access to a wide range of actions, without the need to remember keyboard shortcuts. For more information, see "[AUTOTITLE](/get-started/accessibility/github-command-palette)."{% endif %}
+The {% data variables.product.prodname_command_palette %} also gives you quick access to a wide range of actions, without the need to remember keyboard shortcuts. For more information, see "[AUTOTITLE](/get-started/accessibility/github-command-palette)."
-The following sections list some of the available keyboard shortcuts, organized by the pages where you can use them on {% data variables.location.product_location %}.
+{% endif %}
+
+The following sections list some of the available keyboard shortcuts, organized by the pages where you can use them on {% data variables.product.prodname_dotcom %}.
## Site wide shortcuts
-| Keyboard shortcut | Description
-|-----------|------------
+| Keyboard shortcut | Description |
+|-----------|------------|
|S or / | Focus the search bar. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)."
|GN | Go to your notifications. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications)."
+|Option+↑ (Mac) or Alt+↑ (Windows/Linux) | Move focus from an element to its hovercard |
|Esc | When focused on a user, issue, or pull request hovercard, closes the hovercard and refocuses on the element the hovercard is in
-{% ifversion command-palette %}|Command+K (Mac) or Ctrl+K (Windows/Linux) | Opens the {% data variables.product.prodname_command_palette %}. If you are editing Markdown text, open the command palette with Command+Option+K or Ctrl+Alt+K. For more information, see "[AUTOTITLE](/get-started/accessibility/github-command-palette)."{% endif %}
## Repositories
-| Keyboard shortcut | Description
-|-----------|------------
+| Keyboard shortcut | Description |
+|-----------|------------ |
|GC | Go to the **Code** tab
|GI | Go to the **Issues** tab. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/about-issues)."
|GP | Go to the **Pull requests** tab. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)."
|GA | Go to the **Actions** tab. For more information, see "[AUTOTITLE](/actions/learn-github-actions)."
|GB | Go to the **Projects** tab. For more information, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)."
-|GW | Go to the **Wiki** tab. For more information, see "[AUTOTITLE](/communities/documenting-your-project-with-wikis/about-wikis)."{% ifversion discussions %}
-|GG | Go to the **Discussions** tab. For more information, see "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)."{% endif %}
+|GW | Go to the **Wiki** tab. For more information, see "[AUTOTITLE](/communities/documenting-your-project-with-wikis/about-wikis)." |
+| {% ifversion discussions %} |
+|GG | Go to the **Discussions** tab. For more information, see "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)."
+| {% endif %} |
## Source code editing
-| Keyboard shortcut | Description
-|-----------|------------{% ifversion fpt or ghec %}
+| Keyboard shortcut | Description |
+|-----------|------------|
+| {% ifversion fpt or ghec %} |
|. | Opens a repository or pull request in the {% data variables.codespaces.serverless %} editor, in the same browser tab. You must be signed in to use the editor. For more information, see "[AUTOTITLE](/codespaces/the-githubdev-web-based-editor)."
-|> | Opens a repository or pull request in the {% data variables.codespaces.serverless %} editor, in a new browser tab. You must be signed in to use the editor. For more information, see "[AUTOTITLE](/codespaces/the-githubdev-web-based-editor)."{% endif %}
-|Command+B (Mac) or Ctrl+B (Windows/Linux) | Inserts Markdown formatting for bolding text
-|Command+I (Mac) or Ctrl+I (Windows/Linux) | Inserts Markdown formatting for italicizing text
-|Command+K (Mac) or Ctrl+K (Windows/Linux) | Inserts Markdown formatting for creating a link
-|Command+Shift+7 (Mac) or Ctrl+Shift+7 (Windows/Linux) | Inserts Markdown formatting for an ordered list
-|Command+Shift+8 (Mac) or Ctrl+Shift+8 (Windows/Linux) | Inserts Markdown formatting for an unordered list
-|Command+Shift+. (Mac) or Ctrl+Shift+. (Windows/Linux) | Inserts Markdown formatting for a quote
-|E | Open source code file in the **Edit file** tab
-|Command+F (Mac) or Ctrl+F (Windows/Linux) | Start searching in file editor
-|Command+G (Mac) or Ctrl+G (Windows/Linux) | Find next
-|Command+Shift+G (Mac) or Ctrl+Shift+G (Windows/Linux) | Find previous
-|Command+Option+F (Mac) or Ctrl+Shift+F (Windows/Linux) | Replace
-|Command+Shift+Option+F (Mac) or Ctrl+Shift+R (Windows/Linux) | Replace all
-|Alt+G | Jump to line
-|Command+Z (Mac) or Ctrl+Z (Windows/Linux) | Undo
-|Command+Y (Mac) or Ctrl+Y (Windows/Linux) | Redo
-|Command+Shift+P | Toggles between the **Edit file** and **Preview changes** tabs
-|Command+S (Mac) or Ctrl+S (Windows/Linux) | Write a commit message
+|> | Opens a repository or pull request in the {% data variables.codespaces.serverless %} editor, in a new browser tab. You must be signed in to use the editor. For more information, see "[AUTOTITLE](/codespaces/the-githubdev-web-based-editor)." |
+| {% endif %} |
+|Command+B (Mac) or Ctrl+B (Windows/Linux) | Inserts Markdown formatting for bolding text |
+|Command+I (Mac) or Ctrl+I (Windows/Linux) | Inserts Markdown formatting for italicizing text |
+|Command+K (Mac) or Ctrl+K (Windows/Linux) | Inserts Markdown formatting for creating a link |
+|Command+Shift+7 (Mac) or Ctrl+Shift+7 (Windows/Linux) | Inserts Markdown formatting for an ordered list |
+|Command+Shift+8 (Mac) or Ctrl+Shift+8 (Windows/Linux) | Inserts Markdown formatting for an unordered list |
+|Command+Shift+. (Mac) or Ctrl+Shift+. (Windows/Linux) | Inserts Markdown formatting for a quote |
+|E | Open source code file in the **Edit file** tab |
+|Command+F (Mac) or Ctrl+F (Windows/Linux) | Start searching in file editor |
+|Command+G (Mac) or Ctrl+G (Windows/Linux) | Find next |
+|Command+Shift+G (Mac) or Ctrl+Shift+G (Windows/Linux) | Find previous |
+|Command+Option+F (Mac) or Ctrl+Shift+F (Windows/Linux) | Replace |
+|Command+Shift+Option+F (Mac) or Ctrl+Shift+R (Windows/Linux) | Replace all |
+|Alt+G | Jump to line |
+|Command+Z (Mac) or Ctrl+Z (Windows/Linux) | Undo |
+|Command+Y (Mac) or Ctrl+Y (Windows/Linux) | Redo |
+|Command+Shift+P | Toggles between the **Edit file** and **Preview changes** tabs |
+|Command+S (Mac) or Ctrl+S (Windows/Linux) | Write a commit message |
For more keyboard shortcuts, see the [CodeMirror documentation](https://codemirror.net/doc/manual.html#commands).
## Source code browsing
-| Keyboard shortcut | Description
-|-----------|------------
-|t | Activates the file finder
-|l | Jump to a line in your code
-|w | Switch to a new branch or tag
-|y | Expand a URL to its canonical form. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/getting-permanent-links-to-files)."
-|i | Show or hide comments on diffs. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)."
-|a | Show or hide annotations on diffs
-|b | Open blame view. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/viewing-a-file)."
+| Keyboard shortcut | Description |
+|-----------|------------|
+|t | Activates the file finder |
+|l | Jump to a line in your code |
+|w | Switch to a new branch or tag |
+|y | Expand a URL to its canonical form. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/getting-permanent-links-to-files)." |
+|i | Show or hide comments on diffs. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)." |
+|a | Show or hide annotations on diffs |
+|b | Open blame view. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/viewing-a-file)." |
{% ifversion code-view-ui %}
@@ -91,8 +97,8 @@ For more keyboard shortcuts, see the [CodeMirror documentation](https://codemirr
If you view a code file in a repository using the **Code** view and click on any line in the file, you will see a cursor. You can then navigate within the content of the file, also known as a blob (binary large object), using keyboard shortcuts.
-| Keyboard shortcut | Description
-|-----------|------------
+| Keyboard shortcut | Description |
+|-----------|------------|
|Shift+J| Highlights the line that is currently selected by the cursor within the code file
|Shift+Option+C (Mac) or Shift+Alt+C (Windows/Linux) | If a line of code is currently selected, this shortcut opens the line menu for that line, appearing under {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} to the left of the line
| {% ifversion code-search-upgrade %} |
@@ -103,57 +109,61 @@ If you view a code file in a repository using the **Code** view and click on any
## Comments
-| Keyboard shortcut | Description
-|-----------|------------
-|Command+B (Mac) or Ctrl+B (Windows/Linux) | Inserts Markdown formatting for bolding text
-|Command+I (Mac) or Ctrl+I (Windows/Linux) | Inserts Markdown formatting for italicizing text
-|Command+E (Mac) or Ctrl+E (Windows/Linux) | Inserts Markdown formatting for code or a command within a line
-|Command+K (Mac) or Ctrl+K (Windows/Linux) | Inserts Markdown formatting for creating a link
-|Command+V (Mac) or Ctrl+V (Windows/Linux) | Creates a Markdown link when applied over highlighted text
-|Command+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux) | Toggles between the **Write** and **Preview** comment tabs
-|Command+Shift+V (Mac) or Ctrl+Shift+V (Windows/Linux) | Pastes HTML link as plain text
-|Command+Shift+Option+V (Mac) or Ctrl+Shift+Alt+V (Windows/Linux) | Pastes HTML link as plain text
-|Command+Shift+7 (Mac) or Ctrl+Shift+7 (Windows/Linux) | Inserts Markdown formatting for an ordered list
-|Command+Shift+8 (Mac) or Ctrl+Shift+8 (Windows/Linux) | Inserts Markdown formatting for an unordered list
-|Command+Enter (Mac) or Ctrl+Enter (Windows/Linux) | Submits a comment
-|Ctrl+. and then Ctrl+[saved reply number] | Opens saved replies menu and then autofills comment field with a saved reply. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-saved-replies/about-saved-replies)."
-|Command+Shift+. (Mac) or Ctrl+Shift+. (Windows/Linux) | Inserts Markdown formatting for a quote{% ifversion fpt or ghec %}
-|Command+G (Mac) or Ctrl+G (Windows/Linux) | Insert a suggestion. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request)." |{% endif %}
+| Keyboard shortcut | Description |
+|-----------|------------|
+|Command+B (Mac) or Ctrl+B (Windows/Linux) | Inserts Markdown formatting for bolding text |
+|Command+I (Mac) or Ctrl+I (Windows/Linux) | Inserts Markdown formatting for italicizing text |
+|Command+E (Mac) or Ctrl+E (Windows/Linux) | Inserts Markdown formatting for code or a command within a line |
+|Command+K (Mac) or Ctrl+K (Windows/Linux) | Inserts Markdown formatting for creating a link |
+|Command+V (Mac) or Ctrl+V (Windows/Linux) | Creates a Markdown link when applied over highlighted text |
+|Command+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux) | Toggles between the **Write** and **Preview** comment tabs |
+|Command+Shift+V (Mac) or Ctrl+Shift+V (Windows/Linux) | Pastes HTML link as plain text |
+|Command+Shift+Option+V (Mac) or Ctrl+Shift+Alt+V (Windows/Linux) | Pastes HTML link as plain text |
+|Command+Shift+7 (Mac) or Ctrl+Shift+7 (Windows/Linux) | Inserts Markdown formatting for an ordered list |
+|Command+Shift+8 (Mac) or Ctrl+Shift+8 (Windows/Linux) | Inserts Markdown formatting for an unordered list |
+|Command+Enter (Mac) or Ctrl+Enter (Windows/Linux) | Submits a comment |
+|Ctrl+. and then Ctrl+[saved reply number] | Opens saved replies menu and then autofills comment field with a saved reply. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-saved-replies/about-saved-replies)." |
+|Command+Shift+. (Mac) or Ctrl+Shift+. (Windows/Linux) | Inserts Markdown formatting for a quote |
+| {% ifversion fpt or ghec %} |
+|Command+G (Mac) or Ctrl+G (Windows/Linux) | Insert a suggestion. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request)." |
+| {% endif %} |
|R | Quote the selected text in your reply. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-text)." |
## Issue and pull request lists
-| Keyboard shortcut | Description
-|-----------|------------
+| Keyboard shortcut | Description |
+|-----------|------------ |
|C | Create an issue
-|Command+/ (Mac) or Ctrl+/ (Windows/Linux) | Focus your cursor on the issues or pull requests search bar. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)."||
-|U | Filter by author
-|L | Filter by or edit labels. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)."
-|Alt and click | While filtering by labels, exclude labels. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)."
-|M | Filter by or edit milestones. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/filtering-issues-and-pull-requests-by-milestone)."
-|A | Filter by or edit assignee. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)."
-|O or Enter | Open issue
+|Command+/ (Mac) or Ctrl+/ (Windows/Linux) | Focus your cursor on the issues or pull requests search bar. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)."|
+|U | Filter by author |
+|L | Filter by or edit labels. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)." |
+|Alt and click | While filtering by labels, exclude labels. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)." |
+|M | Filter by or edit milestones. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/filtering-issues-and-pull-requests-by-milestone)." |
+|A | Filter by or edit assignee. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests)." |
+|O or Enter | Open issue |
## Issues and pull requests
-| Keyboard shortcut | Description
-|-----------|------------
-|Q | Request a reviewer. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review)."
-|M | Set a milestone. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/associating-milestones-with-issues-and-pull-requests)."
-|L | Apply a label. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/managing-labels#applying-a-label)."
-|A | Set an assignee. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/assigning-issues-and-pull-requests-to-other-github-users)."
-|X | Link an issue or pull request from the same repository. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)."
-|Command+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux) | Toggles between the **Write** and **Preview** tabs{% ifversion fpt or ghec %}
-|Alt and click | When creating an issue from a task list, open the new issue form in the current tab by holding Alt and clicking the {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)."
-|Shift and click | When creating an issue from a task list, open the new issue form in a new tab by holding Shift and clicking the {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)."
-|Command and click (Mac) or Ctrl+Shift and click (Windows/Linux) | When creating an issue from a task list, open the new issue form in the new window by holding Command or Ctrl+Shift and clicking the {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)."{% endif %}
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Q | Request a reviewer. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review)." |
+|M | Set a milestone. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/associating-milestones-with-issues-and-pull-requests)." |
+|L | Apply a label. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/managing-labels#applying-a-label)." |
+|A | Set an assignee. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/assigning-issues-and-pull-requests-to-other-github-users)." |
+|X | Link an issue or pull request from the same repository. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)." |
+|Command+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux) | Toggles between the **Write** and **Preview** tabs |
+| {% ifversion fpt or ghec %} |
+|Alt and click | When creating an issue from a task list, open the new issue form in the current tab by holding Alt and clicking the {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)." |
+|Shift and click | When creating an issue from a task list, open the new issue form in a new tab by holding Shift and clicking the {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)." |
+|Command and click (Mac) or Ctrl+Shift and click (Windows/Linux) | When creating an issue from a task list, open the new issue form in the new window by holding Command or Ctrl+Shift and clicking the {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)." |
+| {% endif %} |
## "Files changed" tab in pull requests
-| Keyboard shortcut | Description
-|-----------|------------
-|C | Open the **Commits** dropdown menu to filter which commits are shown in the diffs
-|T | Move your cursor to the "Filter changed files" field
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|C | Open the **Commits** dropdown menu to filter which commits are shown in the diffs |
+|T | Move your cursor to the "Filter changed files" field |
|Command+Shift+Enter (Mac) or Ctrl+Shift+Enter (Windows/Linux) | Submit a review comment |
|Option and click (Mac) or Alt and click (Windows/Linux) | Toggle between collapsing and expanding all outdated or resolved review comments in a pull request (for example, by holding down Alt and clicking **Show outdated** or **Hide outdated**) |
|Click, then Shift and click | Comment on multiple lines of a pull request by clicking a line number, holding Shift, then clicking another line number. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request#adding-line-comments-to-a-pull-request)."|
@@ -164,44 +174,44 @@ If you view a code file in a repository using the **Code** view and click on any
### Navigating a project
-| Keyboard shortcut | Description
-|-----------|------------
-|Command+f (Mac) or Ctrl+f (Windows/Linux) | Focus filter field
-|← | Move focus to the left
-|→ | Move focus to the right
-|↑ | Move focus up
-|↓ | Move focus down
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Command+f (Mac) or Ctrl+f (Windows/Linux) | Focus filter field |
+|← | Move focus to the left |
+|→ | Move focus to the right |
+|↑ | Move focus up |
+|↓ | Move focus down |
### Manipulating a project
-| Keyboard shortcut | Description
-|-----------|------------
-|Enter | Toggle edit mode for the focused cell
-|Escape | Cancel editing for the focused cell
-|Command+Shift+\ (Mac) or Ctrl+Shift+\ (Windows/Linux) | Open row actions menu
-|Shift+Space | Select item
-|Shift+↓ | Add cell{% ifversion projects-v2-board-keyboard-shorts %} or card{% endif %} below to selection
-|Shift+↑ | Add cell {% ifversion projects-v2-board-keyboard-shorts %}or card{% endif %} above to selection
-|Space | Open selected item
-|e | Archive selected items
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Enter | Toggle edit mode for the focused cell |
+|Escape | Cancel editing for the focused cell |
+|Command+Shift+\ (Mac) or Ctrl+Shift+\ (Windows/Linux) | Open row actions menu |
+|Shift+Space | Select item |
+|Shift+↓ | Add cell {% ifversion projects-v2-board-keyboard-shorts %} or card{% endif %} below to selection |
+|Shift+↑ | Add cell {% ifversion projects-v2-board-keyboard-shorts %}or card{% endif %} above to selection |
+|Space | Open selected item |
+|e | Archive selected items |
{% ifversion projects-v2-board-keyboard-shorts %}
### Moving cards on the board layout
-| Keyboard shortcut | Description
-|-----------|------------
-|Enter or Shift+Space | Start moving the selected card(s)
-|Esc | Cancel the move in progress
-|Enter | Complete the move in progress
-|↓ | Move a single card down
-|Command+↓ or Ctrl+↓ (Windows/Linux) | Move a single card to the bottom of the column
-|↑ | Move a single card up
-|Command+↑ (Mac) or Ctrl+↑ (Windows/Linux) | Move a single card to the top of the column
-|← | Move card(s) left
-|Command+← (Mac) or Ctrl+← (Windows/Linux) | Move card(s) to the leftmost column
-|→ | Move card(s) right
-|Command+→ (Mac) or Ctrl+→ (Windows/Linux) | Move card(s) to the rightmost column
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Enter or Shift+Space | Start moving the selected card(s) |
+|Esc | Cancel the move in progress |
+|Enter | Complete the move in progress |
+|↓ | Move a single card down |
+|Command+↓ or Ctrl+↓ (Windows/Linux) | Move a single card to the bottom of the column |
+|↑ | Move a single card up |
+|Command+↑ (Mac) or Ctrl+↑ (Windows/Linux) | Move a single card to the top of the column |
+|← | Move card(s) left |
+|Command+← (Mac) or Ctrl+← (Windows/Linux) | Move card(s) to the leftmost column |
+|→ | Move card(s) right |
+|Command+→ (Mac) or Ctrl+→ (Windows/Linux) | Move card(s) to the rightmost column |
{% endif %}
@@ -213,41 +223,41 @@ If you view a code file in a repository using the **Code** view and click on any
### Moving a column
-| Keyboard shortcut | Description
-|-----------|------------
-|Enter or Space | Start moving the focused column
-|Esc | Cancel the move in progress
-|Enter | Complete the move in progress
-|← or H | Move column to the left
-|Command+← or Command+H (Mac) or Ctrl+← or Ctrl+H (Windows/Linux) | Move column to the leftmost position
-|→ or L | Move column to the right
-|Command+→ or Command+L (Mac) or Ctrl+→ or Ctrl+L (Windows/Linux) | Move column to the rightmost position
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Enter or Space | Start moving the focused column |
+|Esc | Cancel the move in progress |
+|Enter | Complete the move in progress |
+|← or H | Move column to the left |
+|Command+← or Command+H (Mac) or Ctrl+← or Ctrl+H (Windows/Linux) | Move column to the leftmost position |
+|→ or L | Move column to the right |
+|Command+→ or Command+L (Mac) or Ctrl+→ or Ctrl+L (Windows/Linux) | Move column to the rightmost position |
### Moving a card
-| Keyboard shortcut | Description
-|-----------|------------
-|Enter or Space | Start moving the focused card
-|Esc | Cancel the move in progress
-|Enter | Complete the move in progress
-|↓ or J | Move card down
-|Command+↓ or Command+J (Mac) or Ctrl+↓ or Ctrl+J (Windows/Linux) | Move card to the bottom of the column
-|↑ or K | Move card up
-|Command+↑ or Command+K (Mac) or Ctrl+↑ or Ctrl+K (Windows/Linux) | Move card to the top of the column
-|← or H | Move card to the bottom of the column on the left
-|Shift+← or Shift+H | Move card to the top of the column on the left
-|Command+← or Command+H (Mac) or Ctrl+← or Ctrl+H (Windows/Linux) | Move card to the bottom of the leftmost column
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Enter or Space | Start moving the focused card |
+|Esc | Cancel the move in progress |
+|Enter | Complete the move in progress |
+|↓ or J | Move card down |
+|Command+↓ or Command+J (Mac) or Ctrl+↓ or Ctrl+J (Windows/Linux) | Move card to the bottom of the column |
+|↑ or K | Move card up |
+|Command+↑ or Command+K (Mac) or Ctrl+↑ or Ctrl+K (Windows/Linux) | Move card to the top of the column |
+|← or H | Move card to the bottom of the column on the left |
+|Shift+← or Shift+H | Move card to the top of the column on the left |
+|Command+← or Command+H (Mac) or Ctrl+← or Ctrl+H (Windows/Linux) | Move card to the bottom of the leftmost column |
|Command+Shift+← or Command+Shift+H (Mac) or Ctrl+Shift+← or Ctrl+Shift+H (Windows/Linux) | Move card to the top of the leftmost column
-|→ | Move card to the bottom of the column on the right
-|Shift+→ or Shift+L | Move card to the top of the column on the right
-|Command+→ or Command+L (Mac) or Ctrl+→ or Ctrl+L (Windows/Linux) | Move card to the bottom of the rightmost column
-|Command+Shift+→ or Command+Shift+L (Mac) or Ctrl+Shift+→ or Ctrl+Shift+L (Windows/Linux) | Move card to the bottom of the rightmost column
+|→ | Move card to the bottom of the column on the right |
+|Shift+→ or Shift+L | Move card to the top of the column on the right |
+|Command+→ or Command+L (Mac) or Ctrl+→ or Ctrl+L (Windows/Linux) | Move card to the bottom of the rightmost column |
+|Command+Shift+→ or Command+Shift+L (Mac) or Ctrl+Shift+→ or Ctrl+Shift+L (Windows/Linux) | Move card to the bottom of the rightmost column |
### Previewing a card
-| Keyboard shortcut | Description
-|-----------|------------
-|Esc | Close the card preview pane
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Esc | Close the card preview pane |
{% endif %}
@@ -255,34 +265,34 @@ If you view a code file in a repository using the **Code** view and click on any
## {% data variables.product.prodname_actions %}
-| Keyboard shortcut | Description
-|-----------|------------
-|Command+Space (Mac) or Ctrl+Space (Windows/Linux) | In the workflow editor, get suggestions for your workflow file.
-|GF | Go to the workflow file
-|Shift+T or T | Toggle timestamps in logs
-|Shift+F or F | Toggle full-screen logs
-|Esc | Exit full-screen logs
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|Command+Space (Mac) or Ctrl+Space (Windows/Linux) | In the workflow editor, get suggestions for your workflow file. |
+|GF | Go to the workflow file |
+|Shift+T or T | Toggle timestamps in logs |
+|Shift+F or F | Toggle full-screen logs |
+|Esc | Exit full-screen logs |
{% endif %}
## Notifications
-| Keyboard shortcut | Description
-|-----------|------------
-|E | Mark as done
-|Shift+U| Mark as unread
-|Shift+I| Mark as read
-|Shift+M | Unsubscribe
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|E | Mark as done |
+|Shift+U| Mark as unread |
+|Shift+I| Mark as read |
+|Shift+M | Unsubscribe |
## Network graph
-| Keyboard shortcut | Description
-|-----------|------------
-|← or H | Scroll left
-|→ or L | Scroll right
-|↑ or K | Scroll up
-|↓ or J | Scroll down
-|Shift+← (Mac) or Shift+H (Windows/Linux) | Scroll all the way left
-|Shift+→ (Mac) or Shift+L (Windows/Linux) | Scroll all the way right
-|Shift+↑ (Mac) or Shift+K (Windows/Linux) | Scroll all the way up
-|Shift+↓ (Mac) or Shift+J (Windows/Linux) | Scroll all the way down
+| Keyboard shortcut | Description |
+|-----------|------------ |
+|← or H | Scroll left |
+|→ or L | Scroll right |
+|↑ or K | Scroll up |
+|↓ or J | Scroll down |
+|Shift+← (Mac) or Shift+H (Windows/Linux) | Scroll all the way left |
+|Shift+→ (Mac) or Shift+L (Windows/Linux) | Scroll all the way right |
+|Shift+↑ (Mac) or Shift+K (Windows/Linux) | Scroll all the way up |
+|Shift+↓ (Mac) or Shift+J (Windows/Linux) | Scroll all the way down |
diff --git a/content/get-started/exploring-integrations/about-building-integrations.md b/content/get-started/exploring-integrations/about-building-integrations.md
index 05a1e9ce3782..5be98d820fa5 100644
--- a/content/get-started/exploring-integrations/about-building-integrations.md
+++ b/content/get-started/exploring-integrations/about-building-integrations.md
@@ -24,3 +24,5 @@ Your integration can use {% data variables.product.company_short %}'s API to fet
Your integration can use webhooks to learn when specific events happen on {% data variables.product.company_short %}. For more information, see "[AUTOTITLE](/webhooks/about-webhooks)."
{% ifversion fpt or ghec %} If your integration is a {% data variables.product.prodname_github_app %} or custom action, you can publish your integration on {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps)" and "[AUTOTITLE](/actions/creating-actions/publishing-actions-in-github-marketplace)."{% endif %}
+
+If your integration uses generative AI, you can find and experiment with AI models for free on {% data variables.product.company_short %}. See "[AUTOTITLE](/github-models/prototyping-with-ai-models)."
diff --git a/content/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github.md b/content/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github.md
index 8579cae2cc23..8395e650952d 100644
--- a/content/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github.md
+++ b/content/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github.md
@@ -1,6 +1,6 @@
---
title: Finding ways to contribute to open source on GitHub
-intro: 'You can find ways to contribute to open source projects on {% data variables.location.product_location %} that are relevant to you.'
+intro: 'You can find ways to contribute to open source projects on {% data variables.product.prodname_dotcom %} that are relevant to you.'
permissions: '{% data reusables.enterprise-accounts.emu-permission-interact %}'
redirect_from:
- /articles/where-can-i-find-open-source-projects-to-work-on
@@ -22,7 +22,7 @@ shortTitle: Contribute to open source
If there's a particular topic that interests you, visit `github.com/topics/`. For example, if you are interested in machine learning, you can find relevant projects and good first issues by visiting https://github.com/topics/machine-learning. You can browse popular topics by visiting [Topics](https://github.com/topics). You can also search for repositories that match a topic you're interested in. For more information, see "[AUTOTITLE](/search-github/searching-on-github/searching-for-repositories#search-by-topic)."
-If you've been active on {% data variables.location.product_location %}, you can find personalized recommendations for projects and good first issues based on your past contributions, stars, and other activities in [Explore {% data variables.product.prodname_dotcom %}](https://github.com/explore).
+If you've been active on {% data variables.product.prodname_dotcom %}, you can find personalized recommendations for projects and good first issues based on your past contributions, stars, and other activities in [Explore {% data variables.product.prodname_dotcom %}](https://github.com/explore).
Keep up with recent activity from repositories you watch, as well as people and organizations you follow, with your personal dashboard. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard)."
diff --git a/content/get-started/getting-started-with-git/about-remote-repositories.md b/content/get-started/getting-started-with-git/about-remote-repositories.md
index 6aecf772ebc3..fd0d255c066e 100644
--- a/content/get-started/getting-started-with-git/about-remote-repositories.md
+++ b/content/get-started/getting-started-with-git/about-remote-repositories.md
@@ -42,7 +42,7 @@ You can use the command `git remote set-url` to [change a remote's URL](/get-sta
## Choosing a URL for your remote repository
-There are several ways to clone repositories available on {% data variables.location.product_location %}.
+There are several ways to clone repositories available on {% data variables.product.prodname_dotcom %}.
When you view a repository while signed in to your account, the URLs you can use to clone the project onto your computer are available below the repository details.
@@ -68,7 +68,7 @@ When you `git clone`, `git fetch`, `git pull`, or `git push` to a remote reposit
## Cloning with SSH URLs
-SSH URLs provide access to a Git repository via SSH, a secure protocol. To use these URLs, you must generate an SSH keypair on your computer and add the **public** key to your account on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh)."
+SSH URLs provide access to a Git repository via SSH, a secure protocol. To use these URLs, you must generate an SSH keypair on your computer and add the **public** key to your account on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh)."
When you `git clone`, `git fetch`, `git pull`, or `git push` to a remote repository using SSH URLs, you'll be prompted for a password and must provide your SSH key passphrase. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases)."
diff --git a/content/get-started/getting-started-with-git/associating-text-editors-with-git.md b/content/get-started/getting-started-with-git/associating-text-editors-with-git.md
index 82a28185866d..9cbdde3654a5 100644
--- a/content/get-started/getting-started-with-git/associating-text-editors-with-git.md
+++ b/content/get-started/getting-started-with-git/associating-text-editors-with-git.md
@@ -111,7 +111,7 @@ shortTitle: Associate text editors
## Using Notepad++ as your editor
-1. Install Notepad++ from https://notepad-plus-plus.org/. For more information, see "[Getting started](https://npp-user-manual.org/docs/getting-started/)" in the Notepad++ documentation.
+1. Install Notepad++ from https://notepad-plus-plus.org/. For more information, see "[Getting started](https://github.com/notepad-plus-plus/npp-usermanual/blob/master/content/docs/getting-started.md)" in the Notepad++ documentation.
{% data reusables.command_line.open_the_multi_os_terminal %}
1. Type this command:
diff --git a/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md b/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md
index 85b63f044b35..4787e4c8c468 100644
--- a/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md
+++ b/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md
@@ -42,7 +42,7 @@ protocol=https
> [Press Return]
```
-If it's successful, nothing will print out. To test that it works, try and clone a private repository from {% data variables.location.product_location %}. If you are prompted for a password, the keychain entry was deleted.
+If it's successful, nothing will print out. To test that it works, try and clone a private repository. If you are prompted for a password, the keychain entry was deleted.
## Further reading
diff --git a/content/get-started/learning-about-github/about-github-advanced-security.md b/content/get-started/learning-about-github/about-github-advanced-security.md
index 5fc906387833..6aeed745e55d 100644
--- a/content/get-started/learning-about-github/about-github-advanced-security.md
+++ b/content/get-started/learning-about-github/about-github-advanced-security.md
@@ -38,7 +38,7 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
* **{% data variables.product.prodname_codeql_cli %}** - Run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli)."
-* **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %}private repositories{% else %} the repository{% endif %}. If push protection is enabled, {% data variables.product.prodname_dotcom %} also detects secrets when they are pushed to your repository. {% ifversion secret-scanning-enable-by-default-for-public-repos %}{% data variables.secret-scanning.user_alerts_caps %} and push protection are available and free of charge for all {% ifversion ghec %}user-owned {% endif %}public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."
+* **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %}private repositories{% else %} the repository{% endif %}. If push protection is enabled, {% data variables.product.prodname_dotcom %} also detects secrets when they are pushed to your repository. {% ifversion secret-scanning-enable-by-default-for-public-repos %}{% data variables.secret-scanning.user_alerts_caps %} and push protection are available and free of charge for all {% ifversion ghec %}user-owned {% endif %}public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
{% ifversion dependabot-auto-triage-rules %}
@@ -88,11 +88,7 @@ To learn about what you need to know to plan your {% data variables.product.prod
{% ifversion security-configurations %}
{% data reusables.security-configurations.enable-security-features-with-gh-config %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
{% endif %}
{%- ifversion ghes %}
diff --git a/content/get-started/learning-about-github/github-language-support.md b/content/get-started/learning-about-github/github-language-support.md
index 0cc995bdaa93..c9d0a63da329 100644
--- a/content/get-started/learning-about-github/github-language-support.md
+++ b/content/get-started/learning-about-github/github-language-support.md
@@ -25,7 +25,7 @@ Core languages for {% data variables.product.prodname_dotcom %} features include
Some features are supported for additional languages or package managers. If you want to know whether another language is supported for a feature or to request support for a language, visit {% data variables.contact.community_support_forum %}.
-| Language {% data reusables.supported-languages.products-table-header %}
+{% data reusables.supported-languages.products-table-header %}
{% data reusables.supported-languages.C %}
{% data reusables.supported-languages.Cpp %}
{% data reusables.supported-languages.Cs %}
@@ -37,9 +37,7 @@ Some features are supported for additional languages or package managers. If you
{% data reusables.supported-languages.ruby %}
{% data reusables.supported-languages.rust %}
{% data reusables.supported-languages.scala %}
-{%- ifversion codeql-swift-beta or supply-chain-features-swift-support %}
{% data reusables.supported-languages.swift %}
-{%- endif %}
{% data reusables.supported-languages.typescript %}
{% note %}
@@ -48,6 +46,6 @@ Some features are supported for additional languages or package managers. If you
{% ifversion fpt or ghec %}- The language support for {% data variables.product.prodname_copilot %} varies depending on the volume and diversity of training data for that language.{% endif %}
* The support of Gradle for the dependency graph and {% data variables.product.prodname_dependabot_alerts %} is limited to the upload of data obtained using the {% data variables.dependency-submission-api.name %}.
-* PHP and Scala are supported for {% data variables.product.prodname_code_scanning %} by third-party actions.
+* PHP, Rust, and Scala are supported for {% data variables.product.prodname_code_scanning %} by third-party actions.
{% endnote %}
diff --git a/content/get-started/onboarding/getting-started-with-github-enterprise-server.md b/content/get-started/onboarding/getting-started-with-github-enterprise-server.md
index bf80116fc770..adbfe2eda97e 100644
--- a/content/get-started/onboarding/getting-started-with-github-enterprise-server.md
+++ b/content/get-started/onboarding/getting-started-with-github-enterprise-server.md
@@ -40,7 +40,7 @@ You can use the default network settings used by {% data variables.product.produ
### 5. Configuring high availability
-You can configure {% data variables.location.product_location %} for high availability to minimize the impact of hardware failures and network outages. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability)."
+You can configure {% data variables.location.product_location %} for high availability to minimize the impact of hardware failures and network outages. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability)."
### 6. Setting up a staging instance
diff --git a/content/get-started/onboarding/getting-started-with-your-github-account.md b/content/get-started/onboarding/getting-started-with-your-github-account.md
index f95383311202..d6c06cec5ba7 100644
--- a/content/get-started/onboarding/getting-started-with-your-github-account.md
+++ b/content/get-started/onboarding/getting-started-with-your-github-account.md
@@ -23,7 +23,7 @@ The first steps in starting with {% data variables.product.product_name %} are t
### 1. Creating an account
-To sign up for an account on {% data variables.location.product_location %}, navigate to https://github.com/ and follow the prompts.
+To sign up for an account, navigate to https://github.com/ and follow the prompts.
To keep your {% data variables.product.prodname_dotcom %} account secure you should use a strong and unique password. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-strong-password)."
@@ -52,7 +52,7 @@ The administrator of your {% data variables.product.product_name %} instance wil
Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. We strongly urge you to configure 2FA for the safety of your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication)."
-{% ifversion passkeys %}Optionally, after you have configured 2FA, add a passkey to your account to enable a secure, passwordless login. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."{% endif %}
+{% ifversion passkeys %}Optionally, after you have configured 2FA, add a passkey to your account to enable a secure, passwordless login. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."{% endif %}
### {% ifversion fpt or ghec %}5.{% elsif ghes %}3.{% else %}2.{% endif %} Viewing your {% data variables.product.prodname_dotcom %} profile and contribution graph
diff --git a/content/get-started/using-git/about-git-rebase.md b/content/get-started/using-git/about-git-rebase.md
index 86029ffdfcce..df0b98cadbd8 100644
--- a/content/get-started/using-git/about-git-rebase.md
+++ b/content/get-started/using-git/about-git-rebase.md
@@ -21,7 +21,7 @@ Typically, you would use `git rebase` to:
{% warning %}
-**Warning**: Because changing your commit history can make things difficult for everyone else using the repository, it's considered bad practice to rebase commits when you've already pushed to a repository. To learn how to safely rebase on {% data variables.location.product_location %}, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges)."
+**Warning**: Because changing your commit history can make things difficult for everyone else using the repository, it's considered bad practice to rebase commits when you've already pushed to a repository. To learn how to safely rebase, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges)."
{% endwarning %}
diff --git a/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md b/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md
index 971d82426878..337d3a57f6cc 100644
--- a/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md
+++ b/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md
@@ -67,7 +67,7 @@ If you create a new clone of the repository, you won't lose any of your Git hist
1. [Create a new repository](/repositories/creating-and-managing-repositories/creating-a-new-repository) on {% data variables.product.product_name %}.
-1. At the top of your new repository on {% data variables.location.product_location %}'s Quick Setup page, click {% octicon "copy" aria-label="Copy to clipboard" %} to copy the remote repository URL.
+1. At the top of your new repository on {% data variables.product.prodname_dotcom %}'s Quick Setup page, click {% octicon "copy" aria-label="Copy to clipboard" %} to copy the remote repository URL.
diff --git a/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md b/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md
index d847bdf51684..3480678f3198 100644
--- a/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md
+++ b/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md
@@ -9,7 +9,7 @@ shortTitle: Allow network access
## About access to {% data variables.product.product_name %} from a restricted network
-In rare cases, an institution's network access policy may restrict access to specific domain names for end users. For example, the policy may use DNS filtering to deny access to sites like {% data variables.location.product_location %}. If your institution requires this level of control, but you still want to permit access to services on {% data variables.location.product_location %}, you can create exceptions in your policy to allow access to the necessary domains.
+In rare cases, an institution's network access policy may restrict access to specific domain names for end users. For example, the policy may use DNS filtering to deny access to sites like {% data variables.product.prodname_dotcom %}. If your institution requires this level of control, but you still want to permit access to services on {% data variables.product.prodname_dotcom %}, you can create exceptions in your policy to allow access to the necessary domains.
## Retrieving {% data variables.product.company_short %}'s domain names using the REST API
@@ -17,7 +17,7 @@ You can use the REST API to retrieve a list of {% data variables.product.company
{% warning %}
-**Warning**: The list of domains from the REST API is not intended to be comprehensive. If you block access to services using DNS, but selectively allow access to {% data variables.product.company_short %}'s domain names, any or all of {% data variables.location.product_location %} and related services may not function properly or at all for your end users.
+**Warning**: The list of domains from the REST API is not intended to be comprehensive. If you block access to services using DNS, but selectively allow access to {% data variables.product.company_short %}'s domain names, any or all of {% data variables.product.prodname_dotcom %} and related services may not function properly or at all for your end users.
{% endwarning %}
diff --git a/content/get-started/using-github/connecting-to-github.md b/content/get-started/using-github/connecting-to-github.md
index 1d46deb97f9a..c2e70f2e7883 100644
--- a/content/get-started/using-github/connecting-to-github.md
+++ b/content/get-started/using-github/connecting-to-github.md
@@ -19,7 +19,7 @@ topics:
There are many ways to work with {% data variables.product.prodname_dotcom %}, and you can choose a method that suits your level of experience, personal preferences, and the repositories you work with. For example, you can choose whether you want to work in the browser or from your desktop, how you want to use Git, and what capabilities you need from your editor and other software. You may choose to work with different repositories in different ways.
-If you're new to {% data variables.product.prodname_dotcom %}, a good way to start contributing is to make changes in the browser on {% data variables.location.product_location %}. As you become more familiar with {% data variables.product.prodname_dotcom %} and start contributing larger changes, you may want to start working with other tools. This article explains how to progress through these stages and helps you choose the best tool for your requirements at each stage. To quickly compare all the tools available for working with {% data variables.product.prodname_dotcom %}, see "[Comparison of tools for connecting to GitHub](#comparison-of-tools-for-connecting-to-github)."
+If you're new to {% data variables.product.prodname_dotcom %}, a good way to start contributing is to make changes in the browser on {% data variables.location.product_location %}. As you become more familiar with {% data variables.product.prodname_dotcom %} and start contributing larger changes, you may want to start working with other tools. This article explains how to progress through these stages and helps you choose the best tool for your requirements at each stage. To quickly compare all the tools available for working with {% data variables.product.prodname_dotcom %}, see "[Comparison of tools for connecting to {% data variables.product.prodname_dotcom %}](#comparison-of-tools-for-connecting-to-github)."
## Getting started
@@ -60,7 +60,7 @@ There are several tools you can use to connect to {% data variables.product.prod
* If you'd prefer to use a visual interface, you can use a visual Git client such as {% data variables.product.prodname_desktop %}. With {% data variables.product.prodname_desktop %}, you can visualize the changes you're making and access most Git commands through a visual interface, so you don't need to memorize any commands. For more information, see "[AUTOTITLE](/desktop/overview/about-github-desktop)."
* If you want to work in one place, you can often do most things from your editor. An editor such as {% data variables.product.prodname_vscode_shortname %} includes an integrated terminal and buttons for common Git commands, so you can edit files and push your changes to {% data variables.product.prodname_dotcom %} all from one place. You can also install an extension to work directly with pull requests and issues on {% data variables.product.prodname_dotcom %}. To get started, see [Download {% data variables.product.prodname_vscode_shortname %}](https://code.visualstudio.com/download).
-## Comparison of tools for connecting to GitHub
+## Comparison of tools for connecting to {% data variables.product.prodname_dotcom %}
The following table provides a comparison between the tools you can use to work with repositories on {% data variables.product.prodname_dotcom %}, both in your browser and from your desktop.
diff --git a/content/get-started/using-github/github-mobile.md b/content/get-started/using-github/github-mobile.md
index e5d025e48128..4a396f62721d 100644
--- a/content/get-started/using-github/github-mobile.md
+++ b/content/get-started/using-github/github-mobile.md
@@ -54,7 +54,7 @@ You can be simultaneously signed into mobile with multiple accounts on {% data v
You must install {% data variables.product.prodname_mobile %} 1.4 or later on your device to use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}.
-To use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, {% data variables.location.product_location %} must be version 3.0 or greater, and your enterprise owner must enable mobile support for your enterprise. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/release-notes)" and {% endif %}"[Managing {% data variables.product.prodname_mobile %} for your enterprise]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/configuration/configuring-your-enterprise/managing-github-mobile-for-your-enterprise){% ifversion not ghes %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% else %}."{% endif %}
+To use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, {% data variables.product.prodname_dotcom %} must be version 3.0 or greater, and your enterprise owner must enable mobile support for your enterprise. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/release-notes)" and {% endif %}"[Managing {% data variables.product.prodname_mobile %} for your enterprise]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/configuration/configuring-your-enterprise/managing-github-mobile-for-your-enterprise){% ifversion not ghes %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% else %}."{% endif %}
During the beta for {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, you must be signed in with a personal account on {% data variables.product.prodname_dotcom_the_website %}.
diff --git a/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md b/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md
index 03a1fc993d61..a982a49cc630 100644
--- a/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md
+++ b/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md
@@ -55,11 +55,8 @@ Quoted text is indented, with a different type color.
-{% note %}
-
-**Note:** When viewing a conversation, you can automatically quote text in a comment by highlighting the text, then typing R. You can quote an entire comment by clicking {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}, then **Quote reply**. For more information about keyboard shortcuts, see "[AUTOTITLE](/get-started/accessibility/keyboard-shortcuts)."
-
-{% endnote %}
+> [!NOTE]
+> When viewing a conversation, you can automatically quote text in a comment by highlighting the text, then typing R. You can quote an entire comment by clicking {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}, then **Quote reply**. For more information about keyboard shortcuts, see "[AUTOTITLE](/get-started/accessibility/keyboard-shortcuts)."
## Quoting code
@@ -106,14 +103,9 @@ Here are the currently supported color models.
| RGB | \`rgb(R,G,B)\` | \`rgb(9, 105, 218)\` |  |
| HSL | \`hsl(H,S,L)\` | \`hsl(212, 92%, 45%)\` |  |
-{% note %}
-
-**Notes:**
-
-* A supported color model cannot have any leading or trailing spaces within the backticks.
-* The visualization of the color is only supported in issues, pull requests, and discussions.
-
-{% endnote %}
+> [!NOTE]
+> * A supported color model cannot have any leading or trailing spaces within the backticks.
+> * The visualization of the color is only supported in issues, pull requests, and discussions.
## Links
@@ -125,11 +117,8 @@ You can also create a Markdown hyperlink by highlighting the text and using the
-{% note %}
-
-**Note:** {% data variables.product.product_name %} automatically creates links when valid URLs are written in a comment. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls)."
-
-{% endnote %}
+> [!NOTE]
+> {% data variables.product.product_name %} automatically creates links when valid URLs are written in a comment. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls)."
## Section links
@@ -149,11 +138,8 @@ You can display an image by adding ! and wrapping the alt text in `[
{% data variables.product.product_name %} supports embedding images into your issues, pull requests{% ifversion fpt or ghec %}, discussions{% endif %}, comments and `.md` files. You can display an image from your repository, add a link to an online image, or upload an image. For more information, see "[Uploading assets](#uploading-assets)."
-{% note %}
-
-**Note:** When you want to display an image that is in your repository, use relative links instead of absolute links.
-
-{% endnote %}
+> [!NOTE]
+> When you want to display an image that is in your repository, use relative links instead of absolute links.
Here are some examples for using relative links to display an image.
@@ -165,11 +151,8 @@ Here are some examples for using relative links to display an image.
| In a `.md` file in another repository | `/../../../../github/docs/blob/main/assets/images/electrocat.png` |
| In issues, pull requests and comments of another repository | `../../../github/docs/blob/main/assets/images/electrocat.png?raw=true` |
-{% note %}
-
-**Note**: The last two relative links in the table above will work for images in a private repository only if the viewer has at least read access to the private repository that contains these images.
-
-{% endnote %}
+> [!NOTE]
+> The last two relative links in the table above will work for images in a private repository only if the viewer has at least read access to the private repository that contains these images.
For more information, see "[Relative Links](#relative-links)."
@@ -217,11 +200,8 @@ To create a nested list using the web editor on {% data variables.product.produc
- Second nested list item
```
-{% note %}
-
-**Note**: In the web-based editor, you can indent or dedent one or more lines of text by first highlighting the desired lines and then using Tab or Shift+Tab respectively.
-
-{% endnote %}
+> [!NOTE]
+> In the web-based editor, you can indent or dedent one or more lines of text by first highlighting the desired lines and then using Tab or Shift+Tab respectively.
@@ -229,7 +209,7 @@ To create a nested list using the web editor on {% data variables.product.produc
To create a nested list in the comment editor on {% data variables.product.product_name %}, which doesn't use a monospaced font, you can look at the list item immediately above the nested list and count the number of characters that appear before the content of the item. Then type that number of space characters in front of the nested list item.
-In this example, you could add a nested list item under the list item `100. First list item` by indenting the nested list item a minimum of five spaces, since there are five characters (`100 .`) before `First list item`.
+In this example, you could add a nested list item under the list item `100. First list item` by indenting the nested list item a minimum of five spaces, since there are five characters (`100. `) before `First list item`.
```markdown
100. First list item
@@ -242,8 +222,8 @@ You can create multiple levels of nested lists using the same method. For exampl
```markdown
100. First list item
- - First nested list item
- - Second nested list item
+ - First nested list item
+ - Second nested list item
```
@@ -264,11 +244,8 @@ For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-wi
You can mention a person or [team](/organizations/organizing-members-into-teams) on {% data variables.product.product_name %} by typing @ plus their username or team name. This will trigger a notification and bring their attention to the conversation. People will also receive a notification if you edit a comment to mention their username or team name. For more information about notifications, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications)."
-{% note %}
-
-**Note:** A person will only be notified about a mention if the person has read access to the repository and, if the repository is owned by an organization, the person is a member of the organization.
-
-{% endnote %}
+> [!NOTE]
+> A person will only be notified about a mention if the person has read access to the repository and, if the repository is owned by an organization, the person is a member of the organization.
`@github/support What do you think about these updates?`
@@ -328,13 +305,8 @@ The footnote will render like this:
-{% note %}
-
-**Note**: The position of a footnote in your Markdown does not influence where the footnote will be rendered. You can write a footnote right after your reference to the footnote, and the footnote will still render at the bottom of the Markdown.
-
-Footnotes are not supported in wikis.
-
-{% endnote %}
+> [!NOTE]
+> The position of a footnote in your Markdown does not influence where the footnote will be rendered. You can write a footnote right after your reference to the footnote, and the footnote will still render at the bottom of the Markdown. Footnotes are not supported in wikis.
{% ifversion markdown-alerts %}
@@ -387,11 +359,8 @@ You can tell {% data variables.product.product_name %} to ignore (or escape) Mar
For more information on backslashes, see Daring Fireball's "[Markdown Syntax](https://daringfireball.net/projects/markdown/syntax#backslash)."
-{% note %}
-
-**Note**: The Markdown formatting will not be ignored in the title of an issue or a pull request.
-
-{% endnote %}
+> [!NOTE]
+> The Markdown formatting will not be ignored in the title of an issue or a pull request.
## Disabling Markdown rendering
diff --git a/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/quickstart-for-writing-on-github.md b/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/quickstart-for-writing-on-github.md
index 7f05fee0aa86..19d79dd0f9be 100644
--- a/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/quickstart-for-writing-on-github.md
+++ b/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/quickstart-for-writing-on-github.md
@@ -18,7 +18,7 @@ If you already have a profile README, you can follow this guide by adding some f
## Creating or editing your profile README
-Your profile README lets you share information about yourself with the community on {% data variables.location.product_location %}. The README is displayed at the top of your profile page.
+Your profile README lets you share information about yourself with the community on {% data variables.product.prodname_dotcom %}. The README is displayed at the top of your profile page.
If you don't already have a profile README, you can add one.
diff --git a/content/github-cli/index.md b/content/github-cli/index.md
index ad85a790f2d1..122f56226c64 100644
--- a/content/github-cli/index.md
+++ b/content/github-cli/index.md
@@ -16,7 +16,7 @@ featuredLinks:
startHere:
- /github-cli/github-cli/creating-github-cli-extensions
- /github-cli/github-cli/using-github-cli-extensions
- - /actions/using-workflows/using-github-cli-in-workflows
+ - /actions/writing-workflows/choosing-what-your-workflow-does/using-github-cli-in-workflows
- /codespaces/developing-in-a-codespace/using-github-codespaces-with-github-cli
popular:
- /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request
diff --git a/content/github-models/index.md b/content/github-models/index.md
new file mode 100644
index 000000000000..6d6e9ce83700
--- /dev/null
+++ b/content/github-models/index.md
@@ -0,0 +1,11 @@
+---
+title: GitHub Models
+intro: 'Find and experiment with AI models for free.'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+children:
+ - /prototyping-with-ai-models
+ - /responsible-use-of-github-models
+---
diff --git a/content/github-models/prototyping-with-ai-models.md b/content/github-models/prototyping-with-ai-models.md
new file mode 100644
index 000000000000..2f69071fe104
--- /dev/null
+++ b/content/github-models/prototyping-with-ai-models.md
@@ -0,0 +1,157 @@
+---
+title: Prototyping with AI models
+intro: 'Find and experiment with AI models for free.'
+versions:
+ feature: github-models
+---
+
+If you want to develop a generative AI application, you can use {% data variables.product.prodname_github_models %} to find and experiment with AI models for free. Once you are ready to bring your application to production, you can switch to a token from a paid Azure account. See the [Azure AI](https://ai.azure.com/github/model/docs) documentation.
+
+See also "[AUTOTITLE](/github-models/responsible-use-of-github-models)."
+
+## Finding AI models
+
+To find AI models, go to [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace/models), then click {% octicon "ai-model" aria-hidden="true" %} **Models** in the sidebar.
+
+To view details about a model, click on the model's name.
+
+## Experimenting with AI models in the playground
+
+>[!NOTE]
+>
+> The playground is in limited public beta and subject to change. To request access, [join the waitlist](https://github.com/marketplace/models/waitlist).
+
+{% data variables.product.prodname_marketplace %} provides a free playground where you can adjust model parameters and submit prompts to see how the model responds.
+
+To open the playground, go to [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace/models), then click {% octicon "ai-model" aria-hidden="true" %} **Models** in the sidebar. Click on a model's name, then click {% octicon "command-palette" aria-hidden="true" %} **Playground**.
+
+To adjust parameters for the model, select the **Parameters** tab in the sidebar. To see code that corresponds to the parameters that you selected, switch from the **Chat** tab to the **Code** tab.
+
+The playground is rate limited. See [Rate limits](#rate-limits) below.
+
+## Experimenting with AI models using the API
+
+>[!NOTE]
+>
+> The free API usage is in limited public beta and subject to change. To request access, [join the waitlist](https://github.com/marketplace/models/waitlist).
+
+{% data variables.product.company_short %} provides free API usage so that you can experiment with AI models in your own application.
+
+To learn how to use a model in your application, go to [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace/models), then click {% octicon "ai-model" aria-hidden="true" %} **Models** in the sidebar. Click on a model's name, then click {% octicon "code" aria-hidden="true" %} **Code**.
+
+The steps to use each model are similar. In general, you will need to:
+
+1. Optionally, use the language dropdown to select the programming language.
+1. Optionally, use the SDK dropdown to select which SDK to use.
+
+ All models can be used with the Azure AI Inference SDK, and some models support additional SDKs. If you want to easily switch between models, you should select "Azure AI Inference SDK". If you selected "REST" as the language, you won't use an SDK. Instead, you will use the API endpoint directly.
+1. Either open a codespace, or set up your local environment:
+ * To run in a codespace, click {% octicon "codespaces" aria-hidden="true" %} **Run codespace**, then click **Create new codespace**.
+ * To run locally:
+ * Create a {% data variables.product.company_short %} {% data variables.product.pat_generic %}. The token should not have any scopes or permissions. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)."
+ * Save your token as an environment variable.
+ * Install the dependencies for the SDK, if required.
+1. Use the example code to make a request to the model.
+
+The free API usage is rate limited. See [Rate limits](#rate-limits) below.
+
+## Going to production
+
+The rate limits for the playground and free API usage are intended to help you experiment with models and develop your AI application. Once you are ready to bring your application to production, you can use a token from a paid Azure account instead of your {% data variables.product.company_short %} {% data variables.product.pat_generic %}. You don't need to change anything else in your code. For more information, see the [Azure AI](https://ai.azure.com/github/model/docs) documentation.
+
+## Rate limits
+
+The playground and free API usage are rate limited by requests per minute, requests per day, tokens per request, and concurrent requests. If you get rate limited, you will need to wait for the rate limit that you hit to reset before you can make more requests.
+
+Low, high, and embedding models have different rate limits. To see which type of model you are using, refer to the model's information in {% data variables.product.prodname_marketplace %}.
+
+
+
+
Rate limit tier
+
Rate limits
+
Free and Copilot Individual
+
Copilot Business
+
Copilot Enterprise
+
+
+
Low
+
Requests per minute
+
15
+
15
+
20
+
+
+
Requests per day
+
150
+
300
+
450
+
+
+
Tokens per request
+
8000 in, 4000 out
+
8000 in, 4000 out
+
8000 in, 8000 out
+
+
+
Concurrent requests
+
5
+
5
+
8
+
+
+
High
+
Requests per minute
+
10
+
10
+
15
+
+
+
Requests per day
+
50
+
100
+
150
+
+
+
Tokens per request
+
8000 in, 4000 out
+
8000 in, 4000 out
+
16000 in, 8000 out
+
+
+
Concurrent requests
+
2
+
2
+
4
+
+
+
Embedding
+
Requests per minute
+
15
+
15
+
20
+
+
+
Requests per day
+
150
+
300
+
450
+
+
+
Tokens per request
+
64000
+
64000
+
64000
+
+
+
Concurrent requests
+
5
+
5
+
8
+
+
+
+These limits are subject to change without notice.
+
+## Leaving feedback
+
+To leave feedback about {% data variables.product.prodname_github_models %}, start a new discussion or comment on an existing discussion in the [GitHub Community](https://github.com/orgs/community/discussions/categories/models).
diff --git a/content/github-models/responsible-use-of-github-models.md b/content/github-models/responsible-use-of-github-models.md
new file mode 100644
index 000000000000..0ab3b65fe139
--- /dev/null
+++ b/content/github-models/responsible-use-of-github-models.md
@@ -0,0 +1,12 @@
+---
+title: Responsible use of GitHub Models
+shortTitle: Responsible use
+intro: 'Learn how to use {% data variables.product.prodname_github_models %} responsibly by understanding its purposes, capabilities, and limitations.'
+versions:
+ feature: github-models
+type: rai
+---
+
+With {% data variables.product.prodname_github_models %}, you build your understanding of AI model capabilities by experimenting with model settings and sending prompts through a chat interface. Additionally, you can directly interact with models through an SDK. Refer to a model's "Getting Started" tab for more information about how to use the SDK. Refer to a model’s "README" tab for more information on the model. Remember when interacting with a model you are experimenting with AI, so content mistakes are possible.
+
+{% data variables.product.prodname_github_models %} is designed to allow for learning, experimentation and proof-of-concept activities. The feature is subject to various limits (including requests per minute, requests per day, tokens per request, and concurrent requests) and is not designed for production use cases. {% data variables.product.prodname_github_models %} employs a number of [content filters](https://azure.microsoft.com/en-us/products/ai-services/ai-content-safety). These filters cannot be turned off as part of the {% data variables.product.prodname_github_models %} experience. If you decide to employ models through [Azure AI](https://ai.azure.com/github/model/docs) or a paid service, please configure your content filters to meet your requirements.
diff --git a/content/graphql/guides/managing-enterprise-accounts.md b/content/graphql/guides/managing-enterprise-accounts.md
index 2a9d81711f5e..cfd3d851df95 100644
--- a/content/graphql/guides/managing-enterprise-accounts.md
+++ b/content/graphql/guides/managing-enterprise-accounts.md
@@ -203,8 +203,6 @@ For more information about getting started with GraphQL, see "[AUTOTITLE](/graph
## GraphQL fields and types for the Enterprise Accounts API
-Here's an overview of the new queries, mutations, and schema defined types available for use with the Enterprise Accounts API.
-
For more details about the new queries, mutations, and schema defined types available for use with the Enterprise Accounts API, see the sidebar with detailed GraphQL definitions from any [GraphQL reference page](/graphql).
You can access the reference docs from within the GraphQL explorer on GitHub. For more information, see "[AUTOTITLE](/graphql/guides/using-the-explorer#accessing-the-sidebar-docs)."
diff --git a/content/index.md b/content/index.md
index 7178513cb77e..f07db6050ed3 100644
--- a/content/index.md
+++ b/content/index.md
@@ -9,7 +9,7 @@ featuredLinks:
popular:
- /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests
- /authentication
- - /copilot/using-github-copilot/using-github-copilot-code-suggestions-in-your-editor
+ - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot
- /get-started/getting-started-with-git/managing-remote-repositories
- /pages
redirect_from:
@@ -82,6 +82,7 @@ children:
- support
- video-transcripts
- contributing
+ - github-models
childGroups:
- name: Get started
octicon: RocketIcon
@@ -133,6 +134,7 @@ childGroups:
- rest
- graphql
- webhooks
+ - github-models
- name: Enterprise and Teams
octicon: OrganizationIcon
children:
@@ -169,4 +171,3 @@ externalProducts:
href: 'https://docs.npmjs.com/'
external: true
---
-
diff --git a/content/issues/managing-your-tasks-with-tasklists/creating-a-tasklist.md b/content/issues/managing-your-tasks-with-tasklists/creating-a-tasklist.md
index 6acad2b66577..ab9f11e783f6 100644
--- a/content/issues/managing-your-tasks-with-tasklists/creating-a-tasklist.md
+++ b/content/issues/managing-your-tasks-with-tasklists/creating-a-tasklist.md
@@ -62,7 +62,7 @@ When you create a new tasklist, the default title is "Tasks." You can modify the
1. In the top-right of the issue body, select {% octicon "kebab-horizontal" aria-label="Show options" %} and click **Edit**.
-1. In the fenced code block that starts with ````[tasklist]`, add a header with your new title, such as `### My new title`.
+1. In the fenced code block that starts with `` ```[tasklist] ``, add a header with your new title, such as `### My new title`.
diff --git a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards.md b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards.md
index a4d1cb91b09f..73cd81bac9bc 100644
--- a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards.md
+++ b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards.md
@@ -20,7 +20,7 @@ allowTitleToDifferFromFilename: true
{% data variables.projects.projects_v1_board_caps %} cards contain relevant metadata for issues and pull requests, like labels, assignees, the status, and who opened it. {% data reusables.project-management.edit-in-project %}
-You can create notes within columns to serve as task reminders, references to issues and pull requests from any repository on {% data variables.location.product_location %}, or to add information related to the {% data variables.projects.projects_v1_board %}. You can create a reference card for another {% data variables.projects.projects_v1_board %} by adding a link to a note. If the note isn't sufficient for your needs, you can convert it to an issue. For more information on converting notes to issues, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board)."
+You can create notes within columns to serve as task reminders, references to issues and pull requests from any repository, or to add information related to the {% data variables.projects.projects_v1_board %}. You can create a reference card for another {% data variables.projects.projects_v1_board %} by adding a link to a note. If the note isn't sufficient for your needs, you can convert it to an issue. For more information on converting notes to issues, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board)."
Types of {% data variables.projects.projects_v1_boards %}:
diff --git a/content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md b/content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md
index dfb450a87d82..31280a1da70a 100644
--- a/content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md
+++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md
@@ -2,7 +2,9 @@
title: Adding items automatically
intro: 'You can configure your project''s built-in workflows to automatically add items from {% ifversion projects-v2-duplicate-auto-add %}repositories{% else%}a repository{% endif %} that match a filter.'
versions:
- feature: projects-v2-auto-add
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
type: tutorial
topics:
- Projects
@@ -79,6 +81,4 @@ Once you have duplicated a workflow, you can click **Edit** to start making chan
## Further reading
* "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project)"
-{%- ifversion projects-v2-workflows %}
* "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)"
-{%- endif %}
diff --git a/content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md b/content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md
index 0368c189aa41..c4617ccaa99b 100644
--- a/content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md
+++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md
@@ -3,7 +3,9 @@ title: Archiving items automatically
shortTitle: Archiving items automatically
intro: You can configure your project's built-in workflows to automatically archive items that match a filter.
versions:
- feature: projects-v2-auto-archive
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
type: tutorial
topics:
- Projects
@@ -51,6 +53,4 @@ Projects also have a limit on the number of archived items they can contain. You
## Further reading
* "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project)"
-{%- ifversion projects-v2-workflows %}
* "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)"
-{%- endif %}
diff --git a/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations.md b/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations.md
index 32b876981a61..b2eff4db3839 100644
--- a/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations.md
+++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations.md
@@ -3,7 +3,9 @@ title: Using the built-in automations
shortTitle: Using built-in automations
intro: You can use built-in workflows to automate your projects.
versions:
- feature: projects-v2-workflows
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
type: tutorial
topics:
- Projects
diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view.md
index 716007f71851..340070bba2a7 100644
--- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view.md
+++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view.md
@@ -1,7 +1,7 @@
---
title: Changing the layout of a view
shortTitle: Changing the layout
-intro: 'You can view your project as a high-density table{% ifversion projects-v2-roadmaps %}, as a kanban board, or as a timeline-style roadmap{% else %} or as a kanban board{% endif %}.'
+intro: 'You can view your project as a high-density table, as a kanban board, or as a timeline-style roadmap.'
versions:
feature: projects-v2
redirect_from:
@@ -24,21 +24,16 @@ topics:
-{% ifversion projects-v2-roadmaps %}
-
## About the roadmap layout
{% data reusables.projects.about-roadmap-layout %} For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout)."
-{% endif %}
-
## Changing the project layout
You can set each view in your project to a different layout.
{% data reusables.projects.open-view-menu %}
-1. Under "Layout", click either **Table**{% ifversion projects-v2-roadmaps %}, **Board** or **Roadmap**{% else %} or **Board**{% endif %}.
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Switch layout."
+1. Under "Layout", click either **Table**, **Board** or **Roadmap**.
diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md
index 719cc1356f77..a59f7ba12912 100644
--- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md
+++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md
@@ -44,8 +44,6 @@ In the board layout, you choose any single select or iteration field for your co
1. Click {% octicon "columns" aria-hidden="true" %} **Column field**.
1. Click the field you want to use.
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Column field by."
-
{% ifversion projects-v2-column-visibility %}
## Showing and hiding columns in board layout
diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout.md
index 074494593026..829b670e53d5 100644
--- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout.md
+++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout.md
@@ -3,7 +3,9 @@ title: Customizing the roadmap layout
shortTitle: Customizing roadmaps
intro: You can use the roadmap layout to view your project's items on a timeline.
versions:
- feature: projects-v2-roadmaps
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
type: tutorial
topics:
- Projects
diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views.md
index 58a96535aa4e..9e369bcebe3f 100644
--- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views.md
+++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views.md
@@ -22,8 +22,6 @@ To add a new view:
{% data reusables.projects.new-view %}
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "New view."
-
The new view is automatically saved.
## Duplicating a view
@@ -44,8 +42,6 @@ If you don't want to save the changes, you can ignore this indicator. No one els
{% data reusables.projects.save-view %}
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Save view."
-
## Reordering saved views
To change the order of the tabs that contain your saved views, click and drag a tab to a new location. The new tab order is automatically saved.
@@ -65,5 +61,3 @@ You can rename your saved views. The name change is automatically saved.
1. Switch to the view you want to delete.
{% data reusables.projects.open-view-menu %}
1. Click {% octicon "trash" aria-hidden="true" %} **Delete view**.
-
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Delete view."
diff --git a/content/issues/planning-and-tracking-with-projects/index.md b/content/issues/planning-and-tracking-with-projects/index.md
index c232de9adf86..064cb44d9231 100644
--- a/content/issues/planning-and-tracking-with-projects/index.md
+++ b/content/issues/planning-and-tracking-with-projects/index.md
@@ -21,8 +21,6 @@ redirect_from:
- /issues/trying-out-the-new-projects-experience
---
-{% data reusables.projects.projects-beta %}
-
-A project is an adaptable collection of items that you can view as a table{% ifversion projects-v2-roadmaps %}, a kanban board, or a roadmap{% else %} or a kanban board{% endif %} and that stays up-to-date with {% data variables.product.company_short %} data. Your projects can track issues, pull requests, and ideas that you note down.
+A project is an adaptable collection of items that you can view as a table, a kanban board, or a roadmap and that stays up-to-date with {% data variables.product.company_short %} data. Your projects can track issues, pull requests, and ideas that you note down.
You can create and customize multiple views by filtering, sorting, and grouping issues and pull requests,{% ifversion projects-v2-insights %} visualize work with configurable charts,{% endif %} and add custom fields to track metadata specific to your team. Rather than enforcing a specific methodology, a project provides flexible features you can customize to your team’s needs and processes.
diff --git a/content/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects.md b/content/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects.md
index fa3ba76e9c78..11479c573611 100644
--- a/content/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects.md
@@ -11,8 +11,6 @@ topics:
- Projects
---
-{% data reusables.projects.projects-beta %}
-
## About {% data variables.product.prodname_projects_v2 %}
A project is an adaptable spreadsheet, task-board, and road map that integrates with your issues and pull requests on {% data variables.product.company_short %} to help you plan and track your work effectively. You can create and customize multiple views by filtering, sorting, grouping your issues and pull requests,{% ifversion projects-v2-insights %} visualize work with configurable charts,{% endif %} and add custom fields to track metadata specific to your team. Rather than enforcing a specific methodology, a project provides flexible features you can customize to your team’s needs and processes.
@@ -39,9 +37,9 @@ To learn more about the different fields you can add to a project, see "[AUTOTIT
### Automating your projects
-{% ifversion projects-v2-workflows %}There are a number of ways you can add automation to your project. Built-in workflows allow you to automatically set fields when items are added or changed{% ifversion projects-v2-auto-archive %}, and you can also configure your project to automatically archive items when they meet certain criteria{% ifversion projects-v2-auto-add %} and automatically add items from a repository when they match set criteria{% endif %}{% endif %}. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."{% endif %}
+There are a number of ways you can add automation to your project. Built-in workflows allow you to automatically set fields when items are added or changed, and you can also configure your project to automatically archive items when they meet certain criteria and automatically add items from a repository when they match set criteria. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."
-You can {% ifversion projects-v2-workflows %}also{% endif %} use the GraphQL API and {% data variables.product.prodname_actions %} to take {% ifversion projects-v2-workflows %}even greater{% endif %} control of your project. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects)" and "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions)."
+You can also use the GraphQL API and {% data variables.product.prodname_actions %} to take even greater control of your project. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects)" and "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions)."
{% ifversion projects-v2-tasklists %}
@@ -59,4 +57,4 @@ These relationships are displayed on the issue, as well as the Tracked by and Tr
Quickly answer your most pressing questions by tailoring your project view to give you the information you need. You can save these views, allowing you to quickly return to them as needed and make them available to your team. Views not only let you scope down the items listed but also offer two different layout options.
-You can view your project as a high-density table layout{% ifversion projects-v2-roadmaps %}, as a kanban board, or a timeline-style roadmap{% else %} or a kanban board{% endif %}. For more information about the different layout options, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view)."
+You can view your project as a high-density table layout, as a kanban board, or a timeline-style roadmap. For more information about the different layout options, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view)."
diff --git a/content/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects.md b/content/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects.md
index 2b15f4622ea3..b1b7647692d1 100644
--- a/content/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects.md
@@ -65,16 +65,13 @@ To prevent information from getting out of sync, maintain a single source of tru
You can automate tasks to spend less time on busy work and more time on the project itself. The less you need to remember to do manually, the more likely your project will stay up to date.
-{% ifversion projects-v2-workflows %}
+{% data variables.product.prodname_projects_v2 %} offers built-in workflows. For example, when an issue is closed, you can automatically set the status to "Done". You can also configure built-in workflows to automatically archive items when they meet certain criteria and to automatically add items from a repository when they match a filter.
-{% data variables.product.prodname_projects_v2 %} offers built-in workflows. For example, when an issue is closed, you can automatically set the status to "Done." {% ifversion projects-v2-auto-archive %}You can also configure built-in workflows to automatically archive items when they meet certain criteria{% ifversion projects-v2-auto-add %} and to automatically add items from a repository when they match a filter{% endif %}.{% endif %}
+Additionally, {% data variables.product.prodname_actions %} and the GraphQL API enable you to automate routine project management tasks. For example, to keep track of pull requests awaiting review, you can create a workflow that adds a pull request to a project and sets the status to "needs review"; this process can be automatically triggered when a pull request is marked as "ready for review."
-Additionally, {%endif %}{% data variables.product.prodname_actions %} and the GraphQL API enable you to automate routine project management tasks. For example, to keep track of pull requests awaiting review, you can create a workflow that adds a pull request to a project and sets the status to "needs review"; this process can be automatically triggered when a pull request is marked as "ready for review."
-
-{% ifversion projects-v2-workflows %}
-* For more information about the built-in workflows, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."{% ifversion projects-v2-auto-archive %}
-* For more information about automatically archiving items, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."{% endif %}{% ifversion projects-v2-auto-add %}
-* For more information about automatically adding items, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."{% endif %}{% endif %}
+* For more information about the built-in workflows, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."
+* For more information about automatically archiving items, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."
+* For more information about automatically adding items, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."
* For an example workflow, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions)."
* For more information about the API, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects)."
* For more information about {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions)."
diff --git a/content/issues/planning-and-tracking-with-projects/learning-about-projects/quickstart-for-projects.md b/content/issues/planning-and-tracking-with-projects/learning-about-projects/quickstart-for-projects.md
index 6ea83351c88c..81a085f1abbb 100644
--- a/content/issues/planning-and-tracking-with-projects/learning-about-projects/quickstart-for-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/learning-about-projects/quickstart-for-projects.md
@@ -125,12 +125,8 @@ To indicate the purpose of the view, give it a descriptive name.
1. Type the new name for your view.
1. To save changes, press Return.
-{% ifversion projects-v2-workflows %}
-
## Configure built-in automation
-{% ifversion projects-v2-auto-add %}
-
Next, configure the auto-add workflow to automatically add issues opened in a repository with a specific label to your project.
{% data reusables.projects.access-workflows %}
@@ -143,8 +139,6 @@ Next, configure the auto-add workflow to automatically add issues opened in a re
1. Next to the repository selection, type the filter criteria you want items to match before they are automatically added to your project. For example, to catch all issues and PRs opened with the label "bug", use `is:issue,pr label:bug`.
1. To enable the new workflow, click **Save and turn on workflow**.
-{% endif %}
-
Finally, add a built in workflow to set the status to **Todo** when an item is added to your project.
1. In the top-right, click {% octicon "kebab-horizontal" aria-label="The menu icon" %} to open the menu.
@@ -155,8 +149,6 @@ Finally, add a built in workflow to set the status to **Todo** when an item is a
1. Next to **Set**, select **Status:Todo**.
1. Click the **Disabled** toggle to enable the workflow.
-{% endif %}
-
## Further reading
* "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project)"
diff --git a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md
index 07b8f87493e4..3d5a2c8cdce2 100644
--- a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md
+++ b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md
@@ -12,13 +12,13 @@ allowTitleToDifferFromFilename: true
{% note %}
-**Note:** A project can contain a maximum of {% data variables.projects.item_limit %} items and {% data variables.projects.archived_item_limit %} archived items. {% ifversion projects-v2-auto-archive %}To learn more about automatically archiving items when they meet specific criteria, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."{% endif %}
+**Note:** A project can contain a maximum of {% data variables.projects.item_limit %} items and {% data variables.projects.archived_item_limit %} archived items. To learn more about automatically archiving items when they meet specific criteria, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."
{% endnote %}
## Adding issues and pull requests to a project
-You have several options for adding issues and pull requests to your project. You can add them individually{% ifversion projects-v2-auto-add %}, automatically, {% endif %} or in bulk. Furthermore, you can include issues and pull requests from any organization, and you also have the ability to add draft issues that can be converted into regular issues later on. For more information, see "[Creating draft issues](#creating-draft-issues)."
+You have several options for adding issues and pull requests to your project. You can add them individually, automatically, or in bulk. Furthermore, you can include issues and pull requests from any organization, and you also have the ability to add draft issues that can be converted into regular issues later on. For more information, see "[Creating draft issues](#creating-draft-issues)."
{% ifversion projects-v2-timeline-events %}
@@ -38,14 +38,10 @@ For more information about making bulk changes to your items after adding them,
{% endif %}
-{% ifversion projects-v2-auto-add %}
-
### Automatically adding issues and pull requests
You can configure a built-in workflow to automatically add issues and pull requests from a repository when they meet specific filter criteria. For more information about configuring a workflow, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."
-{% endif %}
-
### Pasting the URL of an issue or pull request
You can copy the URL of an issue or pull request into your clipboard and paste that into your project.
@@ -74,7 +70,7 @@ You can add multiple issues and pull requests from your project and use filters,
You can also add issues and pull requests to your project from a repository's issue and pull request lists.
-1. On {% data variables.location.product_location %}, navigate to the repository that contains the issues or pull requests you want to add to your project.
+1. On {% data variables.product.prodname_dotcom %}, navigate to the repository that contains the issues or pull requests you want to add to your project.
{% data reusables.repositories.sidebar-issue-pr %}
1. Select the issues or pull requests you want to add to your project.
diff --git a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md
index 7ff2540c614d..b784f010d573 100644
--- a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md
+++ b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md
@@ -18,7 +18,7 @@ allowTitleToDifferFromFilename: true
## Archiving items
-You can archive an item to keep the context about the item in the project but remove it from the project views. {% ifversion projects-v2-auto-archive %}You can also configure your project's built-in workflows to automatically archive items that meet certain criteria. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."{% endif %}
+You can archive an item to keep the context about the item in the project but remove it from the project views. You can also configure your project's built-in workflows to automatically archive items that meet certain criteria. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."
{% data reusables.projects.select-an-item %}
{% data reusables.projects.open-item-menu %}
@@ -31,7 +31,7 @@ You can archive an item to keep the context about the item in the project but re
1. In the top-right, click {% octicon "kebab-horizontal" aria-label="More options" %}.
-
+
1. In the menu, click {% octicon "archive" aria-hidden="true" %} **Archived items**.
1. Optionally, to filter the archived items displayed, type your filter into the text box above the list of items. For more information about the available filters, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects)."
1. To the left of each item title, select the items you would like to restore.
diff --git a/content/issues/planning-and-tracking-with-projects/managing-your-project/exporting-your-projects-data.md b/content/issues/planning-and-tracking-with-projects/managing-your-project/exporting-your-projects-data.md
new file mode 100644
index 000000000000..61f14a8dcdef
--- /dev/null
+++ b/content/issues/planning-and-tracking-with-projects/managing-your-project/exporting-your-projects-data.md
@@ -0,0 +1,22 @@
+---
+title: 'Exporting your {% data variables.projects.project_v2 %} data'
+shortTitle: 'Exporting your {% data variables.projects.project_v2 %} data'
+intro: 'Learn about exporting your {% data variables.projects.project_v2 %} data.'
+permissions: 'People who can access a project can export a view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-visibility-of-your-projects)" and "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects)."'
+versions:
+ feature: projects-v2
+type: tutorial
+topics:
+ - Projects
+allowTitleToDifferFromFilename: true
+---
+
+You can download a view as a _.tsv_ (tab-separated) file.
+
+1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of your repository.
+1. Click {% octicon "table" aria-hidden="true" %} **Projects**.
+ 
+
+{% data reusables.projects.open-view-menu %}
+
+1. Click {% ifversion ghes < 3.11 %}**Download**{% else %}**Export view data**{% endif %}.
diff --git a/content/issues/planning-and-tracking-with-projects/managing-your-project/index.md b/content/issues/planning-and-tracking-with-projects/managing-your-project/index.md
index d604164fe2d6..d17708b29c54 100644
--- a/content/issues/planning-and-tracking-with-projects/managing-your-project/index.md
+++ b/content/issues/planning-and-tracking-with-projects/managing-your-project/index.md
@@ -13,5 +13,6 @@ children:
- /closing-and-deleting-your-projects
- /adding-your-project-to-a-repository
- /adding-your-project-to-a-team
+ - /exporting-your-projects-data
allowTitleToDifferFromFilename: true
---
diff --git a/content/issues/planning-and-tracking-with-projects/managing-your-project/managing-visibility-of-your-projects.md b/content/issues/planning-and-tracking-with-projects/managing-your-project/managing-visibility-of-your-projects.md
index 8aab88541d7c..aa21ceae5fc5 100644
--- a/content/issues/planning-and-tracking-with-projects/managing-your-project/managing-visibility-of-your-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/managing-your-project/managing-visibility-of-your-projects.md
@@ -10,12 +10,12 @@ type: tutorial
topics:
- Projects
allowTitleToDifferFromFilename: true
-permissions: Organization owners can manage the visibility of {% data variables.projects.projects_v1_boards %} in their organization. Organization owners can also allow collaborators with admin permissions to manage project visibility. Visibility of user projects can be managed by the owner of the project and collaborators with admin permissions.
+permissions: Organization owners can manage the visibility of {% data variables.projects.projects_v2 %} in their organization. Organization owners can also allow collaborators with admin permissions to manage project visibility. Visibility of user projects can be managed by the owner of the project and collaborators with admin permissions.
---
## About project visibility
-Projects can be public or private. For public projects, everyone on the internet can view the project. For private projects, only users granted at least read access can see the project.
+Project visibility can be set to {% ifversion ghec %}private, internal when using an {% data variables.enterprise.prodname_emu_enterprise %}, or public if your enterprise does not use {% data variables.enterprise.prodname_managed_users %}{% else %}public or private{% endif %}. For public projects, everyone on the internet can view the project. For private projects, only users granted at least read access can see the project. {% ifversion ghec %} For internal projects, other members of your enterprise can see the project.{% endif %}
Only the project visibility is affected; to view an item on the project, someone must have the required permissions for the repository that the item belongs to. Only people with access to a private repository will be able to view project items from that private repository.
@@ -23,16 +23,18 @@ Only the project visibility is affected; to view an item on the project, someone
Project admins and organization owners can control project visibility. Organization owners{% ifversion project-visibility-policy %} and enterprise owners{% endif %} can restrict the ability to change project visibility to just organization owners.
-In public and private projects, insights are only visible to users with write permissions for the project.
+In public{% ifversion ghec %}, internal, {% endif %} and private projects, insights are only visible to users with write permissions for the project.
-In private, organization-owned projects, the avatars of users who are current making updates to the project are displayed in the project UI.
+In private{% ifversion ghec %} and internal{% endif %} organization-owned projects, the avatars of users who are current making updates to the project are displayed in the project UI.
Project admins can also manage write and admin access to their project and control read access for individual users. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects)."
## Changing project visibility
{% data reusables.projects.project-settings %}
-1. Next to **Visibility** in the "Danger zone", select **Private** or **Public**.
+1. Next to **Visibility** in the "Danger zone", {% ifversion ghec %}select the visibility.
+ * If using an {% data variables.enterprise.prodname_emu_enterprise %}, choose between **Private** and **Internal**.
+ * If your enterprise does not use {% data variables.enterprise.prodname_managed_users %}, choose between **Private** and **Public**.{% else %} select **Private** or **Public**.{% endif %}
## Further reading
diff --git a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-date-fields.md b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-date-fields.md
index 2b5b24868330..e7c8efd603f0 100644
--- a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-date-fields.md
+++ b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-date-fields.md
@@ -13,16 +13,10 @@ redirect_from:
You can filter for date values using the `YYYY-MM-DD` format, for example: `date:2022-07-01`. You can also use operators, such as `>`, `>=`, `<`, `<=`, and `..`. For example, `date:>2022-07-01` and `date:2022-07-01..2022-07-31`. You can also provide `@today` to represent the current day in your filter. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects)."
-{% ifversion projects-v2-roadmaps %}
-
If your project makes use of date fields, you can use the roadmap layout to view items on a timeline. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view)" and "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout)."
-{% endif %}
-
## Adding a date field
{% data reusables.projects.new-field %}
1. Select **Date**
1. Click **Save**.
-
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Create new field."
diff --git a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-iteration-fields.md b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-iteration-fields.md
index 1a8f0f62f98e..edb5bc5af899 100644
--- a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-iteration-fields.md
+++ b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-iteration-fields.md
@@ -18,12 +18,8 @@ You can filter for iterations by specifying the iteration name or `@current` for
When you first create an iteration field, three iterations are automatically created. You can add additional iterations and make other changes on your project's settings page.
-{% ifversion projects-v2-roadmaps %}
-
If your project makes use of iteration fields, you can use the roadmap layout to view items on a timeline. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view)" and "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout)."
-{% endif %}
-
## Adding an iteration field
{% data reusables.projects.new-field %}
@@ -32,8 +28,6 @@ If your project makes use of iteration fields, you can use the roadmap layout to
1. To change the duration of each iteration, type a new number, then select the dropdown and click either **days** or **weeks**.
1. Click **Save**.
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Create new field."
-
## Adding new iterations
{% data reusables.projects.project-settings %}
diff --git a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields.md b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields.md
index f34140d61fc9..bc8792e454ae 100644
--- a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields.md
+++ b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields.md
@@ -23,8 +23,6 @@ Single select fields can contain up to 50 options.
* To add additional options, click **Add option**.
1. Click **Save**.
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Create new field."
-
## Editing a single select field
{% ifversion projects-v2-colorful-selects %}
diff --git a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-text-and-number-fields.md b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-text-and-number-fields.md
index 989c3d3875b6..260a2d7072bc 100644
--- a/content/issues/planning-and-tracking-with-projects/understanding-fields/about-text-and-number-fields.md
+++ b/content/issues/planning-and-tracking-with-projects/understanding-fields/about-text-and-number-fields.md
@@ -23,12 +23,8 @@ Number fields can also be used in filters. You can use `>`, `>=`, `<`, `<=`, and
1. Select **Text**.
1. Click **Save**.
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Create new field."
-
## Adding a number field
{% data reusables.projects.new-field %}
1. Select **Number**.
1. Click **Save**.
-
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Create new field."
diff --git a/content/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests.md b/content/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests.md
index 17c3d3f08ef2..79de3901eb5e 100644
--- a/content/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests.md
+++ b/content/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests.md
@@ -193,6 +193,7 @@ For pull requests, you can also use search to:
* Filter pull requests that someone has asked you directly to review: `state:open type:pr user-review-requested:@me`
* Filter pull requests by the team requested for review: `state:open type:pr team-review-requested:github/docs`
* Filter for pull requests that are linked to an issue that the pull request may close: `linked:issue`
+* Filter pull requests by state of [merging](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges): `is:merged` or `is:unmerged`
## Sorting issues and pull requests
diff --git a/content/migrations/index.md b/content/migrations/index.md
index d0e3f1732cac..e68aa8eb5b1f 100644
--- a/content/migrations/index.md
+++ b/content/migrations/index.md
@@ -9,7 +9,7 @@ featuredLinks:
startHere:
- /migrations/importing-source-code/using-github-importer/about-github-importer
- /migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer
- - /actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer#about-github-actions-importer
+ - /actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/automating-migration-with-github-actions-importer#about-github-actions-importer
popular:
- /migrations/importing-source-code/using-github-importer/importing-a-repository-with-github-importer
- /migrations/importing-source-code/using-the-command-line-to-import-source-code/adding-locally-hosted-code-to-github
diff --git a/content/migrations/overview/migration-paths-to-github.md b/content/migrations/overview/migration-paths-to-github.md
index 9631909469a5..ac451be32da1 100644
--- a/content/migrations/overview/migration-paths-to-github.md
+++ b/content/migrations/overview/migration-paths-to-github.md
@@ -8,7 +8,7 @@ versions:
ghec: '*'
---
-## About migration paths to GitHub
+## About migration paths to {% data variables.product.prodname_dotcom %}
{% data reusables.migrations.about-migrations %}
@@ -27,7 +27,7 @@ You can review the scope and tooling for your migration to {% data variables.pro
* [{% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_dotcom_the_website %}](#githubcom-to-githubcom)
* [Azure DevOps Services (Azure DevOps Cloud) to {% data variables.product.prodname_dotcom_the_website %}](#azure-devops-services-azure-devops-cloud-to-githubcom)
* [Azure DevOps Server to {% data variables.product.prodname_dotcom_the_website %}](#azure-devops-server-to-githubcom)
-* [Bitbucket Cloud (Bitbucket.org-to-githubcom) to {% data variables.product.prodname_dotcom_the_website %}](#bitbucket-cloud-bitbucketorg-to-githubcom)
+* [Bitbucket Cloud (Bitbucket.org) to {% data variables.product.prodname_dotcom_the_website %}](#bitbucket-cloud-bitbucketorg-to-githubcom)
* [Bitbucket Server or Bitbucket Data Center to {% data variables.product.prodname_dotcom_the_website %}](#bitbucket-server-or-bitbucket-data-center-to-githubcom)
* [GitLab to {% data variables.product.prodname_dotcom_the_website %}](#gitlab-to-githubcom)
* [Any Git repository to {% data variables.product.prodname_dotcom_the_website %}](#any-git-repository-to-githubcom)
diff --git a/content/migrations/overview/programmatically-importing-repositories.md b/content/migrations/overview/programmatically-importing-repositories.md
index 8a6337f1a8a0..d03d3d305d4e 100644
--- a/content/migrations/overview/programmatically-importing-repositories.md
+++ b/content/migrations/overview/programmatically-importing-repositories.md
@@ -1,7 +1,7 @@
---
title: Programmatically importing repositories
shortTitle: Programmatic repository imports
-intro: 'You can programmatically import repositories to {% data variables.product.prodname_dotcom_the_website %}.'
+intro: 'You can programmatically import repositories to {% data variables.product.prodname_dotcom %}.'
versions:
feature: source-imports-api-deprecation
type: tutorial
@@ -9,7 +9,7 @@ type: tutorial
## About programmatic import of repositories
-In the following guide, you can learn how to programmatically run "source and history" migrations of Git repositories to {% data variables.product.prodname_dotcom_the_website %}. Different options are available depending on where the repository is stored.
+In the following guide, you can learn how to programmatically run "source and history" migrations of Git repositories to {% data variables.product.prodname_dotcom %}. Different options are available depending on where the repository is stored.
To learn more about "source and history" and other types of migrations, see "[AUTOTITLE](/migrations/overview/planning-your-migration-to-github)."
@@ -17,7 +17,7 @@ The term "source repository" refers to the repository you're importing, and "imp
## Using forks
-If the source repository is on {% data variables.product.prodname_dotcom_the_website %}, you may be able to use a fork instead of importing the repository. {% data reusables.repositories.about-forks %} For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks)."
+If the source repository is on {% data variables.product.prodname_dotcom %}, you may be able to use a fork instead of importing the repository. {% data reusables.repositories.about-forks %} For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks)."
You can programmatically fork a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/forks)."
@@ -28,7 +28,7 @@ If your use case meets any of the following criteria, you can't use forking inst
## Using repository templates
-If the source repository is on {% data variables.product.prodname_dotcom_the_website %}, you may be able to use repository templates. {% data reusables.repositories.about-template-repositories %} For more details, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-template-repository)."
+If the source repository is on {% data variables.product.prodname_dotcom %}, you may be able to use repository templates. {% data reusables.repositories.about-template-repositories %} For more details, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-template-repository)."
To use repository templates, you must either have read access to an existing repository that's a template, or you must have access to create a template.
@@ -36,7 +36,7 @@ You can programmatically create a repository from a repository template using th
## Using {% data variables.product.prodname_importer_proper_name %}
-If the source repository is hosted on {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_ghe_server %}, Azure DevOps Services, Bitbucket Server, or Bitbucket Data Center, you can import the repository using {% data variables.product.prodname_importer_proper_name %}. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer)."
+If the source repository is hosted on {% data variables.product.prodname_dotcom %}, {% data variables.product.prodname_ghe_server %}, Azure DevOps Services, Bitbucket Server, or Bitbucket Data Center, you can import the repository using {% data variables.product.prodname_importer_proper_name %}. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer)."
In addition to your source and version control history, {% data variables.product.prodname_importer_proper_name %} also migrates issues, pull requests, settings, and more.
@@ -46,9 +46,9 @@ You can programmatically import repositories with {% data variables.product.prod
## Using the Git CLI
-If the source repository is a Git repository, you can call the Git CLI programmatically from your code. You can programmatically create a repository using {% data variables.product.prodname_dotcom %}'s REST API, then use commands like `git clone` and `git push` to import the repository to {% data variables.product.prodname_dotcom_the_website %}.
+If the source repository is a Git repository, you can call the Git CLI programmatically from your code. You can programmatically create a repository using {% data variables.product.prodname_dotcom %}'s REST API, then use commands like `git clone` and `git push` to import the repository to {% data variables.product.prodname_dotcom %}.
-How you call the Git CLI differs depending on your code's language. For example, in Node.js, you can use the `child_process` module, or in Ruby, you can use the `open3` module. For more information, see [Child process](https://nodejs.org/api/child_process.html) in the Node.js documentation or the [ruby/open3 repository](https://github.com/ruby/open3) on {% data variables.product.prodname_dotcom_the_website %}.
+How you call the Git CLI differs depending on your code's language. For example, in Node.js, you can use the `child_process` module, or in Ruby, you can use the `open3` module. For more information, see [Child process](https://nodejs.org/api/child_process.html) in the Node.js documentation or the [ruby/open3 repository](https://github.com/ruby/open3) on {% data variables.product.prodname_dotcom %}.
To use the Git CLI, you must have access to install Git on the system that hosts your application. For more information, see [Getting Started - Installing Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) in the Git documentation.
diff --git a/content/migrations/using-ghe-migrator/index.md b/content/migrations/using-ghe-migrator/index.md
index fa5f9e8ee071..065d4c5714de 100644
--- a/content/migrations/using-ghe-migrator/index.md
+++ b/content/migrations/using-ghe-migrator/index.md
@@ -1,6 +1,6 @@
---
title: Using ghe-migrator
-intro: "You can use ghe-migrator to migrate user, organization, and repository data to {% data variables.location.product_location_enterprise %} from {% data variables.product.prodname_dotcom_the_website %} or another {% data variables.product.prodname_ghe_server %} instance."
+intro: "You can use `ghe-migrator` to migrate user, organization, and repository data to {% data variables.location.product_location_enterprise %} from {% data variables.product.prodname_dotcom_the_website %} or another {% data variables.product.prodname_ghe_server %} instance."
redirect_from:
- /enterprise/admin/articles/moving-a-repository-from-github-com-to-github-enterprise
- /enterprise/admin/categories/migrations-and-upgrades
diff --git a/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md b/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md
index de2cfd9718ce..e5301231e1aa 100644
--- a/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md
+++ b/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md
@@ -270,6 +270,8 @@ After your migration is applied to your target instance and you have reviewed th
## Unlocking repositories on the source
+After your migration is complete, you should unlock the repositories on the source.
+
### Unlocking repositories from an organization on {% data variables.product.prodname_dotcom_the_website %}
To unlock the repositories on a {% data variables.product.prodname_dotcom_the_website %} organization, you'll send a `DELETE` request to [the migration unlock endpoint](/free-pro-team@latest/rest/migrations#unlock-an-organization-repository). You'll need:
diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md
index 86c65847c1b2..c6486ddff0f7 100644
--- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md
+++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md
@@ -85,7 +85,7 @@ If that doesn't work, we'd recommend upgrading to {% data variables.product.prod
1. Generate a migration archive for your repository. You must only export one repository at a time. For instructions, see "[Exporting migration data from your enterprise]({% ifversion fpt or ghec %}/enterprise-server@latest{% endif %}/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-your-enterprise){% ifversion ghes %}."{% else %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% endif %}
1. Upload your migration archive to your choice of blob storage provider.
-1. Generate a short-lived URL for your migration archive which is accessible to {% data variables.product.prodname_dotcom_the_website %}, such as an AWS S3 pre-signed URL or Azure Blob Storage SAS URL.
+1. Generate a short-lived URL for your migration archive which is accessible to {% data variables.product.prodname_dotcom %}, such as an AWS S3 pre-signed URL or Azure Blob Storage SAS URL.
1. Call the `migrate-repo` command with the `--git-archive-url` and `--metadata-archive-url` flags both set to the URL of your archive from the previous step.
### `cipher name is not supported` error
diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md
index a749c99dc288..410d9f7c355b 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md
@@ -8,7 +8,7 @@ versions:
ghec: '*'
---
-## About migrations between GitHub products
+## About migrations between {% data variables.product.company_short %} products
With {% data variables.product.prodname_importer_proper_name %}, you can migrate data from {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %}, or migrate data between accounts on {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer)."
@@ -16,6 +16,10 @@ If your migration source is another account on {% data variables.product.prodnam
The data that {% data variables.product.prodname_importer_proper_name %} migrates depends on the source of the migration and whether you are migrating a repository or organization.
+{% ifversion repo-rules-enterprise %}
+{% data reusables.enterprise-migration-tool.deploy-key-bypass %}
+{% endif %}
+
## Data that is migrated from {% data variables.product.prodname_ghe_server %}
To migrate from {% data variables.product.prodname_ghe_server %} (GHES), you must have GHES version 3.4.1 or higher. The data that is migrated depends on the version you're using.
diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md
index 0300a3824e6f..c88789189d12 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md
@@ -37,7 +37,8 @@ If you're migrating from {% data variables.product.prodname_ghe_server %} 3.8 or
{% note %}
**Notes:**
-* If you're migrating a repository between two organizations on {% data variables.product.prodname_dotcom_the_website %}, you can grant the migrator role to the same person or team for both organizations, but you must grant each separately.
+
+* If you're migrating a repository between two organizations, you can grant the migrator role to the same person or team for both organizations, but you must grant each separately.
* You cannot grant the migrator role for enterprise accounts. Therefore, you can only run an organization migration if you're an owner of the destination enterprise. However, you can grant the migrator role to that enterprise owner for the source organization.
* The {% data variables.product.prodname_cli %} does not support granting the migrator role for organizations on {% data variables.product.prodname_ghe_server %}, so you must be an organization owner of the source organization to migrate repositories from {% data variables.product.prodname_ghe_server %}.
diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md
index df55b35d897e..7e8b18c3c5cb 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md
@@ -25,11 +25,11 @@ To migrate your repositories from {% data variables.product.prodname_ghe_server
1. Create a {% data variables.product.pat_generic %} for both the source and destination organization
1. Fetch the `ownerId` of the destination organization on {% data variables.product.prodname_ghe_cloud %}
-1. Set up a migration source via {% data variables.product.prodname_dotcom_the_website %}'s GraphQL API to identify where you're migrating from
+1. Set up a migration source via {% data variables.product.prodname_dotcom %}'s GraphQL API to identify where you're migrating from
1. For each repository you want to migrate, repeat these steps.
* Use the REST API on {% data variables.location.product_location_enterprise %} to generate migration archives for your repository
- * Upload your migration archives to a location where they can be accessed by {% data variables.product.prodname_dotcom_the_website %}
- * Start your migration using the GraphQL API for {% data variables.product.prodname_dotcom_the_website %}, passing in your archive URLs
+ * Upload your migration archives to a location where they can be accessed by {% data variables.product.prodname_dotcom %}
+ * Start your migration using the GraphQL API for {% data variables.product.prodname_dotcom %}, passing in your archive URLs
* Check the status of your migration via the GraphQL API
* Validate your migration and check the error log
@@ -75,7 +75,7 @@ You must first set up blob storage with a supported cloud provider, then configu
{% note %}
-**Note**: You only need to configure blob storage if you use {% data variables.product.prodname_ghe_server %} versions 3.8 or higher. If you use {% data variables.product.prodname_ghe_server %} versions 3.7 or lower, skip to "[Step 4: Set up a migration source in GitHub Enterprise Cloud](#step-4-set-up-a-migration-source-in-github-enterprise-cloud)."
+**Note**: You only need to configure blob storage if you use {% data variables.product.prodname_ghe_server %} versions 3.8 or higher. If you use {% data variables.product.prodname_ghe_server %} versions 3.7 or lower, skip to "[Step 4: Set up a migration source in {% data variables.product.prodname_ghe_cloud %}](#step-4-set-up-a-migration-source-in-github-enterprise-cloud)."
Blob storage is required to migrate repositories with large Git source or metadata. If you use {% data variables.product.prodname_ghe_server %} versions 3.7 or lower, you will not be able to perform migrations where your Git source or metadata exports exceed 2GB. To perform these migrations, update to {% data variables.product.prodname_ghe_server %} versions 3.8 or higher.
@@ -235,9 +235,9 @@ After both migrations have completed and you have downloaded the archives, you c
## Step 6: Upload your migration archives
-To import your data into {% data variables.product.prodname_ghe_cloud %}, you must pass both archives for each repository (Git source and metadata) from your machine to {% data variables.product.prodname_dotcom_the_website %}, using our GraphQL API.
+To import your data into {% data variables.product.prodname_ghe_cloud %}, you must pass both archives for each repository (Git source and metadata) from your machine to {% data variables.product.prodname_dotcom %}, using our GraphQL API.
-If you're using {% data variables.product.prodname_ghe_server %} 3.7 or lower, you must first generate URLs for the archives that are accessible by {% data variables.product.prodname_dotcom_the_website %}. Most customers choose to upload the archives to a cloud provider's blob storage service, such as Amazon S3 or Azure Blob Storage, then generate a short-lived URL for each.
+If you're using {% data variables.product.prodname_ghe_server %} 3.7 or lower, you must first generate URLs for the archives that are accessible by {% data variables.product.prodname_dotcom %}. Most customers choose to upload the archives to a cloud provider's blob storage service, such as Amazon S3 or Azure Blob Storage, then generate a short-lived URL for each.
If you're using {% data variables.product.prodname_ghe_server %} 3.8 or higher, your instance uploads the archives and generates the URLs for you. The `Location` header in the previous step will return the short-lived URL.
diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md
index 63f41af36af0..b226951d6084 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md
@@ -24,6 +24,10 @@ redirect_from:
{% data reusables.enterprise-migration-tool.gei-tool-switcher-cli %}
{% endapi %}
+{% ifversion repo-rules-enterprise %}
+{% data reusables.enterprise-migration-tool.deploy-key-bypass %}
+{% endif %}
+
## Prerequisites
* {% data reusables.enterprise-migration-tool.github-trial-prerequisite %}
diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops.md b/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops.md
index 6a7244e7b099..4d689e081211 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops.md
@@ -16,7 +16,7 @@ To migrate a repository from Azure DevOps to GitHub, you need sufficient access
* A required role in the destination organization on {% data variables.product.prodname_dotcom %}
* A {% data variables.product.pat_generic %} that can access the destination organization on {% data variables.product.prodname_dotcom %}
* The {% data variables.product.pat_generic %} must have all the required scopes, which depend on your role and the task you want to complete.
- * If the destination organization uses SAML single sign-on for {% data variables.product.prodname_dotcom_the_website %}, you must authorize the {% data variables.product.pat_generic %} for SSO.
+ * If the destination organization uses SAML single sign-on for {% data variables.product.prodname_dotcom %}, you must authorize the {% data variables.product.pat_generic %} for SSO.
* A {% data variables.product.pat_generic %} that can access the source organization on Azure DevOps
Additionally, if you use IP allow lists with the source or destination, you may need to configure the allow lists to allow access by {% data variables.product.prodname_importer_proper_name %}.
@@ -47,7 +47,7 @@ For other tasks, such as downloading a migration log, you only need one {% data
Your Azure DevOps {% data variables.product.pat_generic %} must have `work item (read)`, `code (read)`, and `identity (read)` scopes.
-If you want to use the `--integrate-boards` or `--rewire-pipelines` flags when generating a migration script, you will also need `Build (Read)` scope.
+If you want to use the `--rewire-pipelines` flag when generating a migration script, you will also need `Build (Read)` scope. To use the `inventory-report` and `--integrate-boards` flags, you will need to grant full access to your {% data variables.product.pat_generic %}.
If you want to migrate from multiple organizations, allow the {% data variables.product.pat_generic %} to access all accessible organizations. For more information, see [Use {% data variables.product.pat_generic %}s](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page#create-a-pat) in Microsoft Docs.
@@ -64,7 +64,7 @@ You can grant the migrator role using either the {% data variables.product.prodn
To grant the migrator role using the CLI, you must have installed the {% data variables.product.prodname_ado2gh_cli %}. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/migrating-repositories-from-azure-devops-to-github-enterprise-cloud#step-1-install-the-ado2gh-extension-of-the-github-cli)."
-1. On {% data variables.product.prodname_dotcom_the_website %}, create and record a {% data variables.product.pat_generic %} that meets all the requirements for granting the migrator role. For more information, see "[Creating a {% data variables.product.pat_generic %} for {% data variables.product.prodname_dotcom %}](#creating-a-personal-access-token-for-github)."
+1. On {% data variables.product.prodname_dotcom %}, create and record a {% data variables.product.pat_generic %} that meets all the requirements for granting the migrator role. For more information, see "[Creating a {% data variables.product.pat_generic %} for {% data variables.product.prodname_dotcom %}](#creating-a-personal-access-token-for-github)."
{% data reusables.enterprise-migration-tool.grant-migrator-role-pat %}
1. Use the `gh ado2gh grant-migrator-role` command, replacing ORGANIZATION with the organization you want to grant the migrator role for, ACTOR with the user or team name, and TYPE with `USER` or `TEAM`.
diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md
index b6cd658108fc..c07aa3d81d07 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md
@@ -24,12 +24,16 @@ redirect_from:
{% data reusables.enterprise-migration-tool.gei-tool-switcher-cli %}
{% endapi %}
+{% ifversion repo-rules-enterprise %}
+{% data reusables.enterprise-migration-tool.deploy-key-bypass %}
+{% endif %}
+
## Prerequisites
* We strongly recommend that you perform a trial run of your migration and complete your production migration soon after. To learn more about trial runs, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/overview-of-a-migration-from-azure-devops-to-github-enterprise-cloud#running-your-migrations)."
* {% data reusables.enterprise-migration-tool.link-to-support-limitations %} For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/about-migrations-from-azure-devops-to-github-enterprise-cloud)."
* {% data reusables.enterprise-migration-tool.delta-migrations-not-supported %}
-* For the destination organization on {% data variables.product.prodname_dotcom_the_website %}, you need to be an organization owner or have the migrator role. For more information about the migrator role, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#about-the-migrator-role)."
+* For the destination organization on {% data variables.product.prodname_dotcom %}, you need to be an organization owner or have the migrator role. For more information about the migrator role, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#about-the-migrator-role)."
{% api %}
@@ -128,7 +132,7 @@ mutation startRepositoryMigration (
```
{% data reusables.enterprise-migration-tool.startRepositoryMigration-table-ec %}
-| `sourceRepositoryUrl` | The URL of your source repository, using the format `https://dev.azure.com/{organization}/_git/{repository}`.
+| `sourceRepositoryUrl` | The URL of your source repository, using the format `https://dev.azure.com/{organization}/{project}/_git/{repository}`.
For {% data variables.product.pat_generic %} requirements, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens)."
diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/about-migrations-from-bitbucket-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/about-migrations-from-bitbucket-server-to-github-enterprise-cloud.md
index 46f4ceebe1a0..89f3da85e3b1 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/about-migrations-from-bitbucket-server-to-github-enterprise-cloud.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/about-migrations-from-bitbucket-server-to-github-enterprise-cloud.md
@@ -19,6 +19,9 @@ We currently only support migrating the following repository data from Bitbucket
* Git source (including commit history)
* Pull requests (including comments, pull request reviews, pull request review comments at the file and line level, required reviewers, and attachments)
+ > [!NOTE]
+ > Users may receive a `500` error when attempting to view a pull request, if the pull request was merged and the head branch deleted on Bitbucket Server prior to migration. Bitbucket Server removes specific Git references to objects for such pull requests, and consequently those Git objects associated with the pull request are unable to be migrated.
+
## Data that is not migrated
Currently, the following data is **not** migrated.
diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/managing-access-for-a-migration-from-bitbucket-server.md b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/managing-access-for-a-migration-from-bitbucket-server.md
index e97cb35a549e..929c3897fbfb 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/managing-access-for-a-migration-from-bitbucket-server.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/managing-access-for-a-migration-from-bitbucket-server.md
@@ -85,7 +85,7 @@ You can grant the migrator role using either the {% data variables.product.prodn
To grant the migrator role using the CLI, you must have installed the {% data variables.product.prodname_bbs2gh_cli %}. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud#step-1-install-the-bbs2gh-extension-of-the-github-cli)."
-1. On {% data variables.product.prodname_dotcom_the_website %}, create and record a {% data variables.product.pat_generic %} that meets all the requirements for granting the migrator role. For more information, see "[Creating a {% data variables.product.pat_generic %} for {% data variables.product.prodname_importer_proper_name %}](#creating-a-personal-access-token-for-github-enterprise-importer)."
+1. On {% data variables.product.prodname_dotcom %}, create and record a {% data variables.product.pat_generic %} that meets all the requirements for granting the migrator role. For more information, see "[Creating a {% data variables.product.pat_generic %} for {% data variables.product.prodname_importer_proper_name %}](#creating-a-personal-access-token-for-github-enterprise-importer)."
{% data reusables.enterprise-migration-tool.grant-migrator-role-pat %}
1. Use the `gh bbs2gh grant-migrator-role` command, replacing ORGANIZATION with the organization you want to grant the migrator role for, ACTOR with the user or team name, and TYPE with `USER` or `TEAM`.
@@ -103,10 +103,10 @@ To grant the migrator role using the CLI, you must have installed the {% data va
## Configuring IP allow lists for migrations
-If the destination of your migration uses an IP allow list (either {% data variables.product.company_short %}'s IP allow list feature or your identity provider's (IdP) IP allow list restrictions), you need to configure IP allow lists on {% data variables.product.prodname_dotcom_the_website %}.
+If the destination of your migration uses an IP allow list (either {% data variables.product.company_short %}'s IP allow list feature or your identity provider's (IdP) IP allow list restrictions), you need to configure IP allow lists on {% data variables.product.prodname_dotcom %}.
* If you use {% data variables.product.company_short %}'s IP allow list feature, you must add the {% data variables.product.prodname_dotcom %} IP ranges below to the allow list for the destination organization.
-* If you use your IdP's IP allow list to restrict access to your enterprise on {% data variables.product.prodname_dotcom_the_website %}, you should disable these restrictions in your enterprise account settings until after your migration is complete.
+* If you use your IdP's IP allow list to restrict access to your enterprise on {% data variables.product.prodname_dotcom %}, you should disable these restrictions in your enterprise account settings until after your migration is complete.
For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list)."
diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md
index 727bd8c9adaf..62ee2417628b 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md
@@ -18,6 +18,10 @@ You can migrate individual repositories or all repositories from a BitBucket Ser
At this time, migrating from Bitbucket Server with the {% data variables.product.prodname_dotcom %} API is not supported.
+{% ifversion repo-rules-enterprise %}
+{% data reusables.enterprise-migration-tool.deploy-key-bypass %}
+{% endif %}
+
## Prerequisites
* We strongly recommend that you perform a trial run of your migration and complete your production migration soon after. To learn more about trial runs, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/overview-of-a-migration-from-bitbucket-server-to-github-enterprise-cloud#running-your-migrations)."
diff --git a/content/organizations/collaborating-with-groups-in-organizations/about-organizations.md b/content/organizations/collaborating-with-groups-in-organizations/about-organizations.md
index acfb500ecaba..6225f901b9bb 100644
--- a/content/organizations/collaborating-with-groups-in-organizations/about-organizations.md
+++ b/content/organizations/collaborating-with-groups-in-organizations/about-organizations.md
@@ -38,6 +38,13 @@ To learn how to use organizations most effectively, see "[AUTOTITLE](/organizati
## Organizations and enterprise accounts
+
+{% ifversion ghec %}
+> [!NOTE] Starting September 3, 2024, {% data variables.product.prodname_ghe_cloud %} customers who use a single organization will be automatically upgraded to an enterprise account at no additional cost. For details, see "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account#what-will-happen-after-i-upgrade-my-organization)."
+{% endif %}
+
+
+
{% ifversion fpt %}
Enterprise accounts are a feature of {% data variables.product.prodname_ghe_cloud %} that allow owners to centrally manage policy and billing for multiple organizations. For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/about-organizations).
{% else %}
diff --git a/content/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions.md b/content/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions.md
index abadf0e68efd..fe90f3cf87bb 100644
--- a/content/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions.md
+++ b/content/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions.md
@@ -8,25 +8,30 @@ versions:
feature: actions-usage-metrics
---
-{% data reusables.actions.actions-usage-metrics-beta-note %}
-
## About {% data variables.product.prodname_actions %} usage metrics
{% data reusables.actions.about-actions-usage-metrics %}
{% data reusables.actions.actions-usage-metrics-not-billing-metrics %}
-
+
## Enabling access to {% data variables.product.prodname_actions %} usage metrics
Organization owners can create custom organization roles to allow people to view {% data variables.product.prodname_actions %} usage metrics for their organization. To provide users with access, select the "View organization Actions usage metrics" role when creating a custom organization role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."
+## Understanding {% data variables.product.prodname_actions %} usage metrics aggregation
+
+{% data reusables.actions.about-actions-usage-metrics-aggregation %}
+
## Viewing {% data variables.product.prodname_actions %} usage metrics
+> [!NOTE]
+There may be a discrepancy between the **Workflows** tab's job count and the **Jobs** tab's count due to differences in how unique jobs are identified. This does not affect the total minutes calculated.
+
{% data reusables.profile.access_org %}
{% data reusables.user-settings.access_org %}
{% data reusables.organizations.insights %}
1. In the "Insights" navigation menu, click **Actions Usage Metrics**.
-1. Optionally, to select a time period to view usage metrics for, choose an option from the **Period** drop down menu at the top right of the page.
+1. Optionally, to select a time period to view usage metrics for, choose an option from the **Period** drop down menu at the top right of the page. For more information, see "[Understanding {% data variables.product.prodname_actions %} usage metrics aggregation](#understanding-github-actions-usage-metrics-aggregation)."
1. Click on the tab that contains the usage metrics you would like to view. For more information, see "[About {% data variables.product.prodname_actions %} usage metrics](#about-github-actions-usage-metrics)."
1. Optionally, to filter the data displayed in a tab, create a filter.
1. Click on the **{% octicon "filter" aria-hidden="true" %} Filter** button.
diff --git a/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/about-two-factor-authentication-and-saml-single-sign-on.md b/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/about-two-factor-authentication-and-saml-single-sign-on.md
index cb8d026c8bcb..6b845da2c9ee 100644
--- a/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/about-two-factor-authentication-and-saml-single-sign-on.md
+++ b/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/about-two-factor-authentication-and-saml-single-sign-on.md
@@ -12,12 +12,12 @@ topics:
shortTitle: 2FA & SAML single sign-on
---
-Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization owners limit the likelihood that a member's account on {% data variables.location.product_location %} could be compromised. For more information on 2FA, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication)."
+Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization owners limit the likelihood that a member's account on {% data variables.product.prodname_dotcom %} could be compromised. For more information on 2FA, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication)."
To add additional authentication measures, organization owners can also [enable SAML single sign-on (SSO)](/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization) so that organization members must use single sign-on to access an organization. For more information on SAML SSO, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)."
If both 2FA and SAML SSO are enabled, organization members must do the following:
-* Use 2FA to log in to their account on {% data variables.location.product_location %}
+* Use 2FA to log in to their account on {% data variables.product.prodname_dotcom %}
* Use single sign-on to access the organization
* Use an authorized token for API or Git access and use single sign-on to authorize the token
diff --git a/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization.md b/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization.md
index 12985ea6e942..02d4b6e3cc2d 100644
--- a/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization.md
+++ b/content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization.md
@@ -16,7 +16,7 @@ shortTitle: Manage SAML access
## About SAML access to your organization
-When you enable SAML single sign-on for your organization, each organization member can link their external identity on your identity provider (IdP) to their existing account on {% data variables.location.product_location %}. To access your organization's resources on {% data variables.product.product_name %}, the member must have an active SAML session in their browser. To access your organization's resources using the API or Git, the member must use a {% data variables.product.pat_generic %} or SSH key that the member has authorized for use with your organization.
+When you enable SAML single sign-on for your organization, each organization member can link their external identity on your identity provider (IdP) to their existing account on {% data variables.product.prodname_dotcom %}. To access your organization's resources on {% data variables.product.product_name %}, the member must have an active SAML session in their browser. To access your organization's resources using the API or Git, the member must use a {% data variables.product.pat_generic %} or SSH key that the member has authorized for use with your organization.
You can view and revoke each member's linked identity, active sessions, and authorized credentials on the same page.
diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md
index 730b2dde2a1b..64c0f0a4ac3e 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md
@@ -30,6 +30,8 @@ By default, authorized users can access your organization's resources from any I
{% endnote %}
{% endif %}
+{% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %}
+
## About IP allow list management
{% data reusables.identity-and-permissions.ip-allow-lists-enable %}
diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md
index 6048bd770c5d..43f88b03c434 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md
@@ -26,15 +26,13 @@ shortTitle: Manage security & analysis
{% ifversion security-configurations %}
{% data reusables.security-configurations.enable-security-features-with-gh-config %}
-{% note %}
-
-**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %}
-
-{% endnote %}
+{% data reusables.security-configurations.security-configurations-beta-note-short %}
{% endif %}
{% data reusables.security.security-and-analysis-features-enable-read-only %}
+{% ifversion security-configurations-beta-and-pre-beta %}
+
## Displaying the security and analysis settings
{% data reusables.profile.access_org %}
@@ -118,8 +116,16 @@ You can use security overview to find a set of repositories and enable or disabl
1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
1. Under "Code security and analysis", locate the feature, enable or disable the feature by default for new repositories{% ifversion fpt or ghec %}, or all new private repositories,{% endif %} in your organization.
+{% endif %}
+
## Allowing {% data variables.product.prodname_dependabot %} to access private{% ifversion ghec or ghes %} or internal{% endif %} dependencies
+{% ifversion security-configurations-ga %}
+
+You can use {% data variables.product.prodname_security_configurations %} to allow {% data variables.product.prodname_dependabot %} to access private{% ifversion ghec or ghes %} or internal{% endif %} dependencies. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#granting-dependabot-access-to-private-and-internal-repositories)."
+
+{% elsif security-configurations-beta-and-pre-beta %}
+
{% data variables.product.prodname_dependabot %} can check for outdated dependency references in a project and automatically generate a pull request to update them. To do this, {% data variables.product.prodname_dependabot %} must have access to all of the targeted dependency files. Typically, version updates will fail if one or more dependencies are inaccessible. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
By default, {% data variables.product.prodname_dependabot %} can't update dependencies that are located in private{% ifversion ghec or ghes %} or internal{% endif %} repositories, or private{% ifversion ghec or ghes %} or internal{% endif %} package registries. However, if a dependency is in a private{% ifversion ghec or ghes %} or internal{% endif %} {% data variables.product.prodname_dotcom %} repository within the same organization as the project that uses that dependency, you can allow {% data variables.product.prodname_dependabot %} to update the version successfully by giving it access to the host repository.
@@ -145,26 +151,18 @@ To allow {% data variables.product.prodname_dependabot %} to access a private{%
1. A list of matching repositories in the organization is displayed, click the repository you want to allow access to and this adds the repository to the allowed list.
1. Optionally, to remove a repository from the list, to the right of the repository, click {% octicon "x" aria-label="The X icon" %}.
-{% ifversion secret-scanning-validity-check-partner-patterns %}
-
-## Allowing validity checks for partner patterns in an organization
-
-{% data reusables.secret-scanning.validity-check-partner-patterns-beta %}
-{% data reusables.gated-features.partner-pattern-validity-check-ghas %}
-
-You can allow {% data variables.product.prodname_secret_scanning %} to automatically check the validity of a secret by sending it to the relevant partner. When you select the checkbox in the organization settings, the feature is enabled for all repositories in the organization. Alternatively, you can enable the validity check for a single repository, or at the enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)" and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-
-You can also use the REST API to enable validity checks for partner patterns for your organization. For more information, see "[AUTOTITLE](/rest/orgs/orgs#update-an-organization)."
-
-1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
-{% data reusables.secret-scanning.validity-check-auto-enable %}
-
{% endif %}
{% ifversion ghes or ghec %}
## Removing access to {% data variables.product.prodname_GH_advanced_security %} from individual repositories in an organization
+{% ifversion security-configurations-ga %}
+
+You can use {% data variables.product.prodname_security_configurations %} to remove access to {% data variables.product.prodname_GH_advanced_security %} from individual repositories in an organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage#turning-off-github-advanced-security-features-on-select-repositories-in-your-organization)."
+
+{% elsif security-configurations-beta-and-pre-beta %}
+
You can manage access to {% data variables.product.prodname_GH_advanced_security %} features for a repository from its "Settings" tab. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." However, you can also disable {% data variables.product.prodname_GH_advanced_security %} features for a repository from the "Settings" tab for the organization.
1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
@@ -180,11 +178,12 @@ You can manage access to {% data variables.product.prodname_GH_advanced_security
{% endnote %}
+{% endif %}
{% endif %}
## Further reading
* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %}
-* "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)"{% endif %}
+* "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)"{% endif %}
* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)"
* "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"
diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
index 94529e94b8b0..51be21c9ad68 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
@@ -86,7 +86,7 @@ To search for specific events, use the `action` qualifier in your query. Actions
| `org_secret_scanning_automatic_validity_checks` | Contains organization-level activities related to enabling and disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)."
| {% endif %} |
| {% ifversion secret-scanning-audit-log-custom-patterns %} |
-| `org_secret_scanning_custom_pattern` | Contains organization-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+| `org_secret_scanning_custom_pattern` | Contains organization-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)."
| {% endif %} |
| `organization_default_label` | Contains all activities related to default labels for repositories in your organization.
| `oauth_application` | Contains all activities related to {% data variables.product.prodname_oauth_apps %}.
@@ -107,16 +107,16 @@ To search for specific events, use the `action` qualifier in your query. Actions
| `repository_dependency_graph` | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
| {% endif %} |
| {% ifversion ghes or ghec %} |
-| `repository_secret_scanning` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+| `repository_secret_scanning` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
| {% endif %} |
| {% ifversion secret-scanning-validity-check-audit-log %} |
-| `repository_secret_scanning_automatic_validity_checks` | Contains repository-level activities related to enabling and disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories)."
+| `repository_secret_scanning_automatic_validity_checks` | Contains repository-level activities related to enabling and disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)."
| {% endif %} |
| {% ifversion secret-scanning-audit-log-custom-patterns %} |
-| `repository_secret_scanning_custom_pattern` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." |
+| `repository_secret_scanning_custom_pattern` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)." |
| {% endif %} |
| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
-| `repository_secret_scanning_custom_pattern_push_protection`| Contains repository-level activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
+| `repository_secret_scanning_custom_pattern_push_protection`| Contains repository-level activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
| {% endif %} |
| {% ifversion secret-scanning-audit-log-custom-patterns %} |
| `repository_secret_scanning_push_protection` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} push protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
@@ -129,7 +129,7 @@ To search for specific events, use the `action` qualifier in your query. Actions
| `role` | Contains all activities related to [custom repository roles](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization).
| {% endif %} |
| {% ifversion ghes or ghec %} |
-| `secret_scanning` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+| `secret_scanning` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
| `secret_scanning_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} for new repositories created in the organization.
| {% endif %} |
| {% ifversion fpt or ghec %} |
diff --git a/content/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities.md b/content/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities.md
index f7e0103b96a6..1519988deb05 100644
--- a/content/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities.md
+++ b/content/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities.md
@@ -1,6 +1,6 @@
---
title: About SSH certificate authorities
-intro: 'With an SSH certificate authority, your organization or enterprise account can provide SSH certificates that members can use to access your resources with Git.'
+intro: 'With an SSH certificate authority, your organization or enterprise account can provide SSH certificates that members and outside collaborators can use to access your resources with Git.'
redirect_from:
- /articles/about-ssh-certificate-authorities
- /github/setting-up-and-managing-organizations-and-teams/about-ssh-certificate-authorities
@@ -15,35 +15,35 @@ shortTitle: SSH certificate authorities
## About SSH certificate authorities
-An SSH certificate is a mechanism for one SSH key to sign another SSH key. If you use an SSH certificate authority (CA) to provide your organization members with signed SSH certificates, you can add the CA to your enterprise account or organization to allow organization members to use their certificates to access organization resources.
+An SSH certificate is a mechanism for one SSH key to sign another SSH key. If you use an SSH certificate authority (CA) to provide your organization members and outside collaborators with signed SSH certificates, you can add the CA to your enterprise account or organization to allow these organization contributors to use their certificates to access organization resources.
{% data reusables.organizations.ssh-ca-ghec-only %}
-After you add an SSH CA to your organization or enterprise account, you can use the CA to sign client SSH certificates for organization members. Organization members can use the signed certificates to access that organization's repositories.
+After you add an SSH CA to your organization or enterprise account, you can use the CA to sign client SSH certificates for organization members and outside collaborators. These organization contributors can use the signed certificates to access that organization's repositories.
Certificates added to your enterprise grant access to all organizations owned by your enterprise account. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise)."
{% data reusables.organizations.can-require-ssh-cert %}
-Optionally, you can require that members use SSH certificates to access organization resources. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)" and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise)."
+Optionally, you can require that members and outside collaborators use SSH certificates to access organization resources. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)" and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise)."
For example, you can build an internal system that issues a new certificate to your developers every morning. Each developer can use their daily certificate to work on your organization's repositories on {% data variables.product.product_name %}. At the end of the day, the certificate can automatically expire, protecting your repositories if the certificate is later compromised.
{% ifversion ghec %}
-Organization members can use their signed certificates for authentication even if you've enforced SAML single sign-on (SSO), without the need to authorize the signed certificates.
+Organization contributors can use their signed certificates for authentication even if you've enforced SAML single sign-on (SSO), without the need to authorize the signed certificates.
-Unless you make SSH certificates a requirement, organization members can continue to use other means of authentication to access your organization's resources with Git, including their username and password, {% data variables.product.pat_generic %}s, and their own SSH keys.
+Unless you make SSH certificates a requirement, organization members and outside collaborators can continue to use other means of authentication to access your organization's resources with Git, including their username and password, {% data variables.product.pat_generic %}s, and their own SSH keys.
{% endif %}
{% data reusables.emus.ssh-ca-support-for-emu %}
## About SSH URLs with SSH certificates
-If your organization requires SSH certificates, to prevent authentication errors, organization members should use a special URL that includes the organization ID when performing Git operations over SSH. This special URL allows the client and server to more easily negotiate which key on the member's computer should be used for authentication. If a member uses the normal URL, which starts with `git@github.com`, the SSH client might offer the wrong key, causing the operation to fail.
+If your organization requires SSH certificates, to prevent authentication errors, organization members and outside collaborators should use a special URL that includes the organization ID when performing Git operations over SSH. This special URL allows the client and server to more easily negotiate which key on the member's computer should be used for authentication. If a member uses the normal URL, which starts with `git@github.com`, the SSH client might offer the wrong key, causing the operation to fail.
Anyone with read access to the repository can find this URL by selecting the **Code** dropdown menu on the main page of the repository, then clicking **Use SSH**.
-If your organization doesn't require SSH certificates, members can continue to use their own SSH keys, or other means of authentication. In that case, either the special URL or the normal URL, which starts with `git@github.com`, will work.
+If your organization doesn't require SSH certificates, contributors can continue to use their own SSH keys, or other means of authentication. In that case, either the special URL or the normal URL, which starts with `git@github.com`, will work.
## Issuing certificates
diff --git a/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md b/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md
index ab826aeb2c7a..097493976bce 100644
--- a/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md
+++ b/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md
@@ -50,13 +50,13 @@ You can download a CSV or JSON file containing the membership information report
## Viewing members' email addresses
-You may be able to view the email addresses for members of your organization on either {% data variables.location.product_location %} or an external identity system. The visibility of the email addresses depends on the organization's authentication configuration, domains, and potentially the member's user profile configuration.
+You may be able to view the email addresses for members of your organization on either {% data variables.product.prodname_dotcom %} or an external identity system. The visibility of the email addresses depends on the organization's authentication configuration, domains, and potentially the member's user profile configuration.
* If SAML single sign-on (SSO) is configured for your organization and the `NameID` for your SAML configuration is an email address, you can view the `NameID` for each of your organization members.
* If you verify a domain for your organization, you can view members' email addresses for the verified domain.
-* If you don't configure SAML SSO, members access your organization's resources on {% data variables.location.product_location %} solely using a personal account. {% data reusables.saml.personal-accounts-determine-email-visibility %}
+* If you don't configure SAML SSO, members access your organization's resources on {% data variables.product.prodname_dotcom %} solely using a personal account. {% data reusables.saml.personal-accounts-determine-email-visibility %}
If SAML SSO is configured for your organization, or if you have verified a domain, you may be able to view the email addresses in one or more of the following ways.
diff --git a/content/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization.md b/content/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization.md
index 53a08ac550c0..cca395fe5760 100644
--- a/content/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization.md
+++ b/content/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization.md
@@ -1,6 +1,6 @@
---
title: Inviting users to join your organization
-intro: 'You can invite anyone to become a member of your organization using their username or email address for {% data variables.location.product_location %}.'
+intro: 'You can invite anyone to become a member of your organization using their username or email address for {% data variables.product.prodname_dotcom %}.'
permissions: Organization owners can invite users to join an organization.
redirect_from:
- /articles/adding-or-inviting-members-to-a-team-in-an-organization
@@ -15,6 +15,8 @@ topics:
shortTitle: Invite users to join
---
+> [!NOTE] This article does not apply to {% data variables.product.prodname_emus %}. {% data variables.enterprise.prodname_managed_users_caps %} are provisioned using SCIM, not invited.
+
## About organization invitations
When you invite someone to become a member of your organization, the person receives an email with an invitation link. To join the organization, the invitee clicks the invitation link in the email.
@@ -37,6 +39,8 @@ If your organization requires members to use two-factor authentication, users th
{% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% else %}You{% endif %} can implement SCIM to add, manage, and remove organization members' access to {% data variables.product.prodname_dotcom_the_website %} through an identity provider (IdP). For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+To prevent abuse, you can only create 50 organization invitations within a 24-hour period. If your organization is more than one month old or on a paid plan, the limit is 500 invitations per 24 hour period. {% ifversion ghec %} This limit does not apply to invitations created via SCIM provisioning.{% endif %}
+
## Inviting a user to join your organization
{% data reusables.profile.access_org %}
diff --git a/content/organizations/managing-organization-settings/deleting-an-organization-account.md b/content/organizations/managing-organization-settings/deleting-an-organization-account.md
index 9311e9f97cab..c46f739e579f 100644
--- a/content/organizations/managing-organization-settings/deleting-an-organization-account.md
+++ b/content/organizations/managing-organization-settings/deleting-an-organization-account.md
@@ -1,6 +1,6 @@
---
title: Deleting an organization account
-intro: 'You can delete your organization account on {% data variables.location.product_location %} at any time.'
+intro: 'You can delete your organization account at any time.'
permissions: Organization owners can delete an organization.
redirect_from:
- /articles/deleting-an-organization-account
diff --git a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
index b9f8cd187793..c20b9f13033c 100644
--- a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
@@ -1,7 +1,7 @@
---
title: Managing custom properties for repositories in your organization
intro: 'With custom properties, you can add metadata to repositories in your organization. You can use those properties to target repositories with rulesets.'
-permissions: 'Organization owners can add and set a custom property schema at the organization level. People with read permissions to a repository can view the values of custom properties for that repository.'
+permissions: 'Organization owners {% ifversion custom-org-roles %}and users with the "Manage the organization''s custom properties definitions" permission {% endif %}can add and set a custom property schema at the organization level.'
versions:
feature: repository-properties
topics:
@@ -43,7 +43,7 @@ You can add custom properties to your organization and set values for those prop
## Setting values for repositories in your organization
-You can set values for custom properties for repositories in your organization.
+You{% ifversion custom-org-roles %}, and any users with the "Edit custom properties values at the organization level" permission,{% endif %} can set values for custom properties for repositories in your organization.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
diff --git a/content/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization.md
index 47f6cb016d16..3ef548a149cc 100644
--- a/content/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization.md
@@ -1,6 +1,6 @@
---
title: Managing the default branch name for repositories in your organization
-intro: 'You can set the default branch name for repositories that members create in your organization on {% data variables.location.product_location %}.'
+intro: 'You can set the default branch name for repositories that members create in your organization on {% data variables.product.prodname_dotcom %}.'
redirect_from:
- /github/setting-up-and-managing-organizations-and-teams/managing-the-default-branch-name-for-repositories-in-your-organization
permissions: Organization owners can manage the default branch name for new repositories in the organization.
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md
index c37bdb516379..8a878d442c61 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md
@@ -1,55 +1,94 @@
---
title: About custom organization roles
-intro: "You can control access to your organization's settings with custom organization roles."
+intro: "You can control access to your {% ifversion org-custom-role-with-repo-permissions %}organization and repository's{% else %} organization's{% endif %} settings with custom organization roles."
versions:
feature: 'custom-org-roles'
topics:
- Organizations
shortTitle: Custom organization roles
+permissions: 'Organization owners and users with the "Manage custom organization roles" permission'
+product: 'Organizations on {% data variables.product.prodname_ghe_cloud %}{% ifversion ghes %} and {% data variables.product.prodname_ghe_server %}{% endif %}'
---
-{% data reusables.organizations.custom-org-roles-ghec-only %}
+{% data reusables.organizations.custom-org-roles-intro %}
-## About custom organization roles
+You can create and assign custom organization roles in your organization's settings. You can also manage custom roles using the REST API. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)."
-{% data reusables.organizations.custom-org-roles-intro %}
+{% ifversion org-custom-role-with-repo-permissions %}
-You can create and assign custom organization roles in your organization's settings. You can also manage custom roles using the REST API. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)."
+You can also create a custom organization role that includes permissions for repositories. Repository permissions grant access to all current and future repositories in the organization. There are several ways to combine permissions for repositories and organizations. You can create a custom organization role with:
-Organization permissions do not grant read, write, or administrator access to any repositories. Some permissions may implicitly grant visibility of repository metadata, as marked in the table below.
+You can create a role that includes permissions for organization settings, a base role for repository access, or both. If you add a base role for repository access, you can also include additional repository permissions. You can't create a role with repository permissions unless it includes a base repository role. Without repository permissions or a base repository role, the organization role doesn't grant access to any repositories.
+
+>[!NOTE] Adding repository permissions to a custom organization role is currently in public beta and subject to change.
+
+{% endif %}
-To granularly control access to your organization's repositories, you can create a custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles)."
+To grant access to **specific** repositories in your organization, you can create a custom repository role. See "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles)."
-## Permissions for custom roles
+## Permissions for organization access
When you include a permission in a custom organization role, any users with that role will have access to the corresponding settings via both the web browser and API. In the organization's settings in the browser, users will see only the pages for settings they can access.
+Organization permissions do not grant read, write, or administrator access to any repositories. Some permissions may implicitly grant visibility of repository metadata, as marked in the table below.
+
{% rowheaders %}
-Permission | Description | More information
------------- | -------------|--------------------
-Manage custom organization roles | Access to create, view, update, and delete custom organization roles within the organization. This permission does not allow a user to assign custom roles. | "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)"
-View organization roles | Access to view the organization's custom organization roles. | "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)"
-Manage custom repository roles | Access to create, view, update, and delete the organization's custom repository roles. |"[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)"
-View custom repository roles | Access to view the organization's custom repository roles. | "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)"
-Manage organization webhooks | Access to register and manage webhooks for the organization. Users with this permission will be able to view webhook payloads, which may contain metadata for repositories in the organization. | "[AUTOTITLE](/rest/orgs/webhooks#about-organization-webhooks)"
-{%- ifversion ghec %}
-Manage organization OAuth application policies | Access to the "OAuth application policy" settings for the organization. | "[AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions)"
-{%- endif %}
-{%- ifversion repository-properties %}
-Edit custom properties values at the organization level | Access to set custom property values on all repositories in the organization. | "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)"
-Manage the organization's custom properties definitions | Access to create and edit custom property definitions for the organization. | "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)"
-{%- endif %}
-{%- ifversion repo-rules-enterprise %}
-Manage organization ref update rules and rulesets | Access to manage rulesets and view ruleset insights at the organization level. | "[AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization)"
-{%- endif %}
-View organization audit log | Access to the audit log for the organization. The audit log may contain metadata for repositories in the organization. | "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)"
-Manage organization Actions policies | Access to manage all settings on the "Actions General" settings page, except for self-hosted runners settings. | "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)"
-Manage organization runners and runner groups | Access to create and manage GitHub-hosted runners, self-hosted runners, and runner groups, and control where self-hosted runners can be created. | "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#overview-of-github-hosted-runners)"
"[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)"
-Manage organization Actions secrets | Access to create and manage Actions organization secrets. | "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization)"
-Manage organization Actions variables | Access to create and manage Actions organization variables. | "[AUTOTITLE](/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization)"
-{%- ifversion actions-usage-metrics %}
-View organization Actions usage metrics | View {% data variables.product.prodname_actions %} usage metrics for your organization. | "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)"
-{%- endif %}
+| Permission | Description | More information |
+| ------------ | -------------|-------------------- |
+| Manage custom organization roles | Access to create, view, update, and delete custom organization roles within the organization. This permission does not allow a user to assign custom roles. | "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)" |
+| View organization roles | Access to view the organization's custom organization roles. | "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)" |
+| Manage custom repository roles | Access to create, view, update, and delete the organization's custom repository roles. |"[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)" |
+| View custom repository roles | Access to view the organization's custom repository roles. | "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)" |
+| Manage organization webhooks | Access to register and manage webhooks for the organization. Users with this permission will be able to view webhook payloads, which may contain metadata for repositories in the organization. | "[AUTOTITLE](/rest/orgs/webhooks#about-organization-webhooks)" |
+| {% ifversion ghec %} |
+Manage organization OAuth application policies | Access to the "OAuth application policy" settings for the organization. | "[AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions)" |
+| {% endif %} |
+| {% ifversion repository-properties %} |
+| Edit custom properties values at the organization level | Access to set custom property values on all repositories in the organization. | "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)" |
+| Manage the organization's custom properties definitions | Access to create and edit custom property definitions for the organization. | "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)" |
+| {% endif %} |
+| {% ifversion repo-rules-enterprise %} |
+| Manage organization ref update rules and rulesets | Access to manage rulesets and view ruleset insights at the organization level. | "[AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization)" |
+| {% endif %} |
+| View organization audit log | Access to the audit log for the organization. The audit log may contain metadata for repositories in the organization. | "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)" |
+| Manage organization Actions policies | Access to manage all settings on the "Actions General" settings page, except for self-hosted runners settings. | "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)" |
+| Manage organization runners and runner groups | Access to create and manage GitHub-hosted runners, self-hosted runners, and runner groups, and control where self-hosted runners can be created. | "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#overview-of-github-hosted-runners)"
"[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" |
+| Manage organization Actions secrets | Access to create and manage Actions organization secrets. | "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization)" |
+| Manage organization Actions variables | Access to create and manage Actions organization variables. | "[AUTOTITLE](/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization)" |
+| {% ifversion actions-usage-metrics %} |
+| View organization Actions usage metrics | View {% data variables.product.prodname_actions %} usage metrics for your organization. | "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)" |
+| {% endif %} |
+| {% ifversion push-protection-bypass-fine-grained-permissions %} |
+| Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests | Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests for your organization. | "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection)" |
+| {% endif %} |
{% endrowheaders %}
+
+{% ifversion org-custom-role-with-repo-permissions %}
+
+## Base roles for repository access
+
+The base repository role determines the initial set of permissions included in the custom role. Repository access is granted across **all** current and future repositories in the organization.
+
+The base repository roles are:
+
+* **Read**: Grants read access to all repositories in the organization.
+* **Write**: Grants write access to all repositories in the organization.
+* **Triage**: Grants triage access to all repositories in the organization.
+* **Maintain**: Grants maintenance access to all repositories in the organization.
+* **Admin**: Grants admin access to all repositories in the organization.
+
+## Additional permissions for repository access
+
+After choosing a base repository role, you can select additional permissions for your custom organization role.
+
+You can only choose an additional permission if it's not already included in the base repository role. For example, if the base role offers **Write** access to a repository, then the "Close a pull request" permission will already be included in the base role.
+
+{% data reusables.organizations.additional-permissions %}
+
+## Precedence for different levels of access
+
+{% data reusables.organizations.precedence-for-different-levels %}
+
+{% endif %}
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization.md
index a32494c832bd..160b4e186f6a 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization.md
@@ -26,7 +26,7 @@ Members of your organization's Owners team can give _billing manager_ permission
Billing managers can:
-* Upgrade or downgrade the account
+* Upgrade or downgrade between {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_team %} plans
* Add, update, or remove payment methods
* View payment history
* Download receipts
@@ -37,6 +37,7 @@ In addition, all billing managers will receive billing receipts by email on the
Billing managers **are not** able to:
+* Upgrade to {% data variables.product.prodname_enterprise %} or downgrade an enterprise account
* Create or access repositories in your organizations
* See private members of your organization
* Be seen in the list of organization members
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md
index 2ee40b0b2e78..53adf95a2252 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md
@@ -14,6 +14,7 @@ topics:
- Teams
children:
- /roles-in-an-organization
+ - /using-organization-roles
- /about-custom-organization-roles
- /managing-custom-organization-roles
- /maintaining-ownership-continuity-for-your-organization
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md
index 5741b0aa263f..ba4714e3c75c 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md
@@ -6,84 +6,37 @@ versions:
topics:
- Organizations
shortTitle: Manage custom roles
+permissions: 'Organization owners and users with the "Manage custom organization roles" permission'
+product: 'Organizations on {% data variables.product.prodname_ghe_cloud %}{% ifversion ghes %} and {% data variables.product.prodname_ghe_server %}{% endif %}'
---
-
-{% data reusables.organizations.custom-org-roles-ghec-only %}
-
## About custom organization roles
{% data reusables.organizations.custom-org-roles-intro %} For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."
-If you are an organization owner or have a custom role with the "View organization roles" or "Manage custom organization roles" permissions, you can view custom roles for the organization. To find the "Custom roles" page, you can follow the first steps in "[Creating a custom role](#creating-a-custom-role)." The exact steps will vary depending on which other settings pages you have access to.
+If you are an organization owner or have a custom role with the "View organization roles" or "Manage custom organization roles" permissions, you can view custom roles for the organization. To find the "Custom roles" page, you can follow the first steps in "[Creating a custom role](#creating-a-custom-role)." The exact steps will vary depending on which other settings page you have access to.
+
+To{% ifversion org-pre-defined-roles %} view organization role permissions and{% endif %} manage organization role assignments, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles)"
## Creating a custom role
-Organization owners and users with the "Manage custom organization roles" permission can create a custom organization role. You can create up to 10 custom roles in an organization.
+Organization owners and users with the "Manage custom organization roles" permission can create up to 10 custom organization roles.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.custom-org-roles-settings-step %}
-1. Click **Create a role**.
-1. Type a name and description for the custom role.
-1. Under "Add permissions", click the text field, then select the permissions you want to add to the custom role. For more information about the available permissions, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#additional-permissions-for-custom-roles)."
-1. Click **Create role**.
-
-## Assigning an organization role
-
-Organization owners can assign a custom organization role to a user or team. The "Manage custom organization roles" permission does not allow a user to assign a custom role.
-
-A user or team can have multiple custom roles. However, you can only assign one role at a time. To assign multiple roles to the same user or team, repeat the following instructions for each role you want to assign.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Role assignments**.
-1. Click **New role assignment**.
-1. Search for users or teams that you want to assign a role to, then select the role you want to give to these users and teams.
-1. Click **Add new assignment**.
-
-## Viewing organization role assignments
-
-Organization owners can see which roles are assigned to users and teams.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Role assignments**.
-{% data reusables.organizations.custom-org-roles-filter %}
-1. To view role assignments, to the right of the user or team, click **NUMBER roles**.
-
-## Deleting organization role assignments
-
-Organization owners can delete a role assignment for a user or team.
-
-{% data reusables.profile.access_org %}
-{% data reusables.profile.org_settings %}
-1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Role assignments**.
-{% data reusables.organizations.custom-org-roles-filter %}
-1. To delete a role, to the right of the role, click **Remove**.
+{% data reusables.organizations.custom-org-roles-create-new-step %}
## Editing a custom role
-Organization owners and users with the "Manage custom organization roles" permission can edit a custom organization role.
-
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.custom-org-roles-settings-step %}
-1. Next to the role you want to edit, select {% octicon "kebab-horizontal" aria-label="Show custom role actions" %}, then click **Edit role**.
-
- 
-
-1. Change the role as required, then click **Update role**.
+{% data reusables.organizations.custom-org-roles-edit-role-step %}
## Deleting a custom role
-Organization owners and users with the "Manage custom organization roles" permission can delete a custom organization role.
-
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.custom-org-roles-settings-step %}
-1. Next to the role you want to edit, select {% octicon "kebab-horizontal" aria-label="Show custom role actions" %}, then click **Delete role**.
-
- 
-
-1. Read the details in the dialog to confirm you want to delete the role, then click **Delete role**.
+{% data reusables.organizations.custom-org-roles-delete-role-step %}
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
index 00dc9a32c76f..83c9d1026346 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
@@ -36,9 +36,14 @@ You can assign the security manager role to a maximum of 10 teams in your organi
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
+
+{% ifversion security-configurations-beta-and-pre-beta %}
{% data reusables.organizations.security-and-analysis %}
+{% else %}
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
+{% endif %}
-{% ifversion security-configurations %}
+{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on assigning the security manager role in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-security-managers-for-your-organization)."
{% endif %}
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
index e32a7d81bb91..35a8045586fc 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
@@ -26,6 +26,16 @@ Team-level roles are roles that give permissions to manage a team. You can give
Organization-level roles are sets of permissions that can be assigned to individuals or teams to manage an organization and the organization's repositories, teams, and settings. For more information about all the roles available at the organization level, see "[About organization roles](#about-organization-roles)."
+{% ifversion org-pre-defined-roles %}
+
+## About pre-defined organization roles
+
+{% data reusables.organizations.pre-defined-organization-roles %}
+
+For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles)."
+
+{% endif %}
+
## About organization roles
You can assign people to a variety of organization-level roles to control your members' access to your organization and its resources. For more details about the individual permissions included in each role, see "[Permissions for organization roles](#permissions-for-organization-roles)."
@@ -131,9 +141,11 @@ Some of the features listed below are limited to organizations using {% data var
| Set scheduled reminders (see "[AUTOTITLE](/organizations/organizing-members-into-teams/managing-scheduled-reminders-for-your-team)") | {% octicon "check" aria-label="Yes" %} |{% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Add collaborators to **all repositories** | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Access the organization audit log | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Edit the organization's profile page (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghec %}
+| Edit the organization's profile page (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghec %} |
| Verify the organization's domains (see "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Restrict email notifications to verified or approved domains (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Restrict email notifications to verified or approved domains (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Delete **all teams** | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Delete the organization account, including all repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Create teams (see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
@@ -141,27 +153,35 @@ Some of the features listed below are limited to organizations using {% data var
| Create projects (see "[AUTOTITLE](/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| See all organization members and teams | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| @mention any visible team | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
-| Can be made a _team maintainer_ | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghec %}
-| View organization insights (see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion team-discussions %}
+| Can be made a _team maintainer_ | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion ghec %} |
+| View organization insights (see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| {% ifversion team-discussions %} |
| View and post public team discussions to **all teams** (see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| View and post private team discussions to **all teams** (see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Edit and delete team discussions in **all teams** (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Disable team discussions for an organization (see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Disable team discussions for an organization (see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Hide comments on writable commits, pull requests, and issues (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| Hide comments on _all_ commits, pull requests, and issues (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| Block and unblock non-member contributors (see "[AUTOTITLE](/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% octicon "x" aria-label="No" %} |
-| Limit interactions for certain users in public repositories (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghec %}
-| Manage viewing of organization dependency insights (see "[AUTOTITLE](/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Limit interactions for certain users in public repositories (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghec %} |
+| Manage viewing of organization dependency insights (see "[AUTOTITLE](/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Set a team profile picture in **all teams** (see "[AUTOTITLE](/organizations/organizing-members-into-teams/setting-your-teams-profile-picture)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Sponsor accounts and manage the organization's sponsorships (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Manage email updates from sponsored accounts (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-updates-from-accounts-your-organization-sponsors)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Attribute your sponsorships to another organization (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/attributing-sponsorships-to-your-organization)" for details ) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Manage security and analysis settings (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
-| View security overview for the organization (see "[AUTOTITLE](/code-security/security-overview/about-security-overview)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghec %}
+| View security overview for the organization (see "[AUTOTITLE](/code-security/security-overview/about-security-overview)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion ghec %} |
| Enable and enforce [SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| [Manage a user's SAML access to your organization](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Manage an organization's SSH certificate authorities (see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Manage an organization's SSH certificate authorities (see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Transfer repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Purchase, install, manage billing for, and cancel {% data variables.product.prodname_marketplace %} apps | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| List apps in {% data variables.product.prodname_marketplace %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
@@ -172,13 +192,22 @@ Some of the features listed below are limited to organizations using {% data var
| Pull (read) _all repositories_ in the organization | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| Push (write) and clone (copy) _all repositories_ in the organization | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Convert organization members to {% ifversion repository-collaborators %}[outside collaborators or repository collaborators](#outside-collaborators-or-repository-collaborators){% else %}[outside collaborators](#outside-collaborators){% endif %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| [View people with access to an organization repository](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/viewing-people-with-access-to-your-repository) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghec %}
-| [Export a list of people with access to an organization repository](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/viewing-people-with-access-to-your-repository#exporting-a-list-of-people-with-access-to-your-repository) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| [View people with access to an organization repository](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/viewing-people-with-access-to-your-repository) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghec %} |
+| [Export a list of people with access to an organization repository](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/viewing-people-with-access-to-your-repository#exporting-a-list-of-people-with-access-to-your-repository) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Manage the default branch name (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Manage default labels (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghec %}
-| Enable team synchronization (see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
-| Manage pull request reviews in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion repo-rules-enterprise %}
-| Manage organization-level rulesets (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Manage default labels (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghec %} |
+| Enable team synchronization (see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
+| Manage pull request reviews in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion repo-rules-enterprise %} |
+| Manage organization-level rulesets (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
+| {% ifversion push-protection-bypass-fine-grained-permissions %} |
+| Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests (see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
{% endrowheaders %}
@@ -198,9 +227,11 @@ Some of the features listed below are limited to organizations using {% data var
| Configure code review assignments (see "[AUTOTITLE](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Add collaborators to **all repositories** | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Access the organization audit log | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Edit the organization's profile page (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghes %}
+| Edit the organization's profile page (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghes %} |
| Verify the organization's domains (see "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Restrict email notifications to verified or approved domains (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Restrict email notifications to verified or approved domains (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Delete **all teams** | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Delete the organization account, including all repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Create teams (see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
@@ -208,26 +239,38 @@ Some of the features listed below are limited to organizations using {% data var
| @mention any visible team | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Can be made a _team maintainer_ | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Transfer repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Manage security and analysis settings (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghes %}
-| View the security overview for the organization (see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion ghes %}
-| Manage {% data variables.product.prodname_dependabot_security_updates %} (see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| Manage security and analysis settings (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion ghes %} |
+| View the security overview for the organization (see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| {% ifversion ghes %} |
+| Manage {% data variables.product.prodname_dependabot_security_updates %} (see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| Manage an organization's SSH certificate authorities (see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Create {% data variables.projects.projects_v1_boards %} (see "[AUTOTITLE](/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion team-discussions %}
+| Create {% data variables.projects.projects_v1_boards %} (see "[AUTOTITLE](/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion team-discussions %} |
| View and post public team discussions to **all teams** (see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| View and post private team discussions to **all teams** (see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Edit and delete team discussions in **all teams** (for more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments)) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
-| Hide comments on commits, pull requests, and issues (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion team-discussions %}
-| Disable team discussions for an organization (see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
-| Set a team profile picture in **all teams** (see "[AUTOTITLE](/organizations/organizing-members-into-teams/setting-your-teams-profile-picture)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghes %}
-| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Edit and delete team discussions in **all teams** (for more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments)) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
+| Hide comments on commits, pull requests, and issues (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion team-discussions %} |
+| Disable team discussions for an organization (see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
+| Set a team profile picture in **all teams** (see "[AUTOTITLE](/organizations/organizing-members-into-teams/setting-your-teams-profile-picture)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghes %} |
+| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| [Move teams in an organization's hierarchy](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Pull (read) _all repositories_ in the organization | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| Push (write) and clone (copy) _all repositories_ in the organization | {% octicon "check" aria-label="Yes" %} |{% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Convert organization members to {% ifversion repository-collaborators %}[outside collaborators or repository collaborators](#outside-collaborators-or-repository-collaborators){% else %}[outside collaborators](#outside-collaborators){% endif %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| [View people with access to an organization repository](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/viewing-people-with-access-to-your-repository) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| [Export a list of people with access to an organization repository](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/viewing-people-with-access-to-your-repository#exporting-a-list-of-people-with-access-to-your-repository) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
-| Manage default labels (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% ifversion pull-request-approval-limit %}
-| Manage pull request reviews in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Manage default labels (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion pull-request-approval-limit %} |
+| Manage pull request reviews in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
{% endrowheaders %}
@@ -247,9 +290,11 @@ Some of the features listed below are limited to organizations using {% data var
| Configure code review assignments (see "[AUTOTITLE](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)")) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Add collaborators to **all repositories** | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Access the organization audit log | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
-| Edit the organization's profile page (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghes %}
+| Edit the organization's profile page (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghes %} |
| Verify the organization's domains (see "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
-| Restrict email notifications to verified or approved domains (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Restrict email notifications to verified or approved domains (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| Delete **all teams** | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Delete the organization account, including all repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Create teams (see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
@@ -258,14 +303,20 @@ Some of the features listed below are limited to organizations using {% data var
| Can be made a _team maintainer_ | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Transfer repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Manage an organization's SSH certificate authorities (see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
-| Create {% data variables.projects.projects_v1_boards %} (see "[AUTOTITLE](/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% ifversion team-discussions %}
+| Create {% data variables.projects.projects_v1_boards %} (see "[AUTOTITLE](/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion team-discussions %} |
| View and post public team discussions to **all teams** (see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| View and post private team discussions to **all teams** (see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
-| Edit and delete team discussions in **all teams** (for more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments)) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% endif %}
-| Hide comments on commits, pull requests, and issues (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion team-discussions %}
-| Disable team discussions for an organization (see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% endif %}
-| Set a team profile picture in **all teams** (see "[AUTOTITLE](/organizations/organizing-members-into-teams/setting-your-teams-profile-picture)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% ifversion ghes %}
-| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |{% endif %}
+| Edit and delete team discussions in **all teams** (for more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments)) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
+| Hide comments on commits, pull requests, and issues (see "[AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)") | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion team-discussions %} |
+| Disable team discussions for an organization (see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
+| Set a team profile picture in **all teams** (see "[AUTOTITLE](/organizations/organizing-members-into-teams/setting-your-teams-profile-picture)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% ifversion ghes %} |
+| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
+| {% endif %} |
| [Move teams in an organization's hierarchy](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Pull (read), push (write), and clone (copy) _all repositories_ in the organization | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
| Convert organization members to {% ifversion repository-collaborators %}[outside collaborators or repository collaborators](#outside-collaborators-or-repository-collaborators){% else %}[outside collaborators](#outside-collaborators){% endif %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} |
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md
new file mode 100644
index 000000000000..10217b1e1dd8
--- /dev/null
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md
@@ -0,0 +1,68 @@
+---
+title: Using organization roles
+intro: "Learn how to{% ifversion org-pre-defined-roles %} view organization role permissions and{% endif %} manage organization role assignments."
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.14'
+topics:
+ - Organizations
+ - Access management
+ - Administrator
+ - Permissions
+permissions: 'Organization owners{% ifversion ghec %} and users with the "Manage custom organization roles" permission{% endif %}'
+product: 'Organizations on {% data variables.product.prodname_free_team %}, {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}'
+shortTitle: Use organization roles
+---
+
+## About organization roles
+
+You can have more granular, scalable control over the access you grant to your organization's resources using organization roles. Organization roles grant an organization member or team the ability to take specific actions or manage some settings without granting full administrative control of the organization and its repositories.
+
+{% ifversion ghec or ghes %}
+
+In addition to pre-defined roles, you can also create up to 10 custom roles that define groups of permissions. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."
+
+{% endif %}
+
+{% ifversion org-pre-defined-roles %}
+
+## About pre-defined organization roles
+
+{% data reusables.organizations.pre-defined-organization-roles %}
+
+## Viewing organization role permissions
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the "Access" section of the left sidebar, click **Organization roles**. Then click **Role management**.
+1. To the right of any role, click **{% octicon "fold" aria-label="Show role permissions" %}**.
+1. Optionally, to hide the role permissions again, click **{% octicon "fold" aria-label="Hide role permissions" %}**.
+
+{% endif %}
+
+## Assigning an organization role
+
+{% ifversion ghec or ghes %}
+
+The "Manage custom organization roles" permission does not allow a user to assign an organization role.
+
+{% endif %}
+
+A user or team can have multiple organization roles. However, you can only assign one role at a time. To assign multiple roles to the same user or team, repeat the following instructions for each role you want to assign.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.custom-org-roles-assign-role-step %}
+
+## Viewing organization role assignments
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.custom-org-roles-view-assignments-step %}
+
+## Deleting an organization role assignment
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.custom-org-roles-remove-assignment-step %}
diff --git a/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md b/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md
index b31e8d0cff7f..836f7a775228 100644
--- a/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md
+++ b/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md
@@ -34,7 +34,7 @@ Members must periodically authenticate with your IdP to authenticate and gain ac
To access the organization's protected resources using the API and Git on the command line, members must authorize and authenticate with a {% data variables.product.pat_generic %} or SSH key. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."
-The first time a member uses SAML SSO to access your organization, {% data variables.product.prodname_dotcom %} automatically creates a record that links your organization, the member's account on {% data variables.location.product_location %}, and the member's account on your IdP. You can view and revoke the linked SAML identity, active sessions, and authorized credentials for members of your organization or enterprise account. For more information, see "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise)."
+The first time a member uses SAML SSO to access your organization, {% data variables.product.prodname_dotcom %} automatically creates a record that links your organization, the member's account on {% data variables.product.prodname_dotcom %}, and the member's account on your IdP. You can view and revoke the linked SAML identity, active sessions, and authorized credentials for members of your organization or enterprise account. For more information, see "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise)."
If members are signed in with a SAML SSO session when they create a new repository, the default visibility of that repository is private. Otherwise, the default visibility is public. For more information on repository visibility, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
diff --git a/content/organizations/managing-saml-single-sign-on-for-your-organization/configuring-saml-single-sign-on-and-scim-using-okta.md b/content/organizations/managing-saml-single-sign-on-for-your-organization/configuring-saml-single-sign-on-and-scim-using-okta.md
index 6982532fe4c0..2fc4edda84ca 100644
--- a/content/organizations/managing-saml-single-sign-on-for-your-organization/configuring-saml-single-sign-on-and-scim-using-okta.md
+++ b/content/organizations/managing-saml-single-sign-on-for-your-organization/configuring-saml-single-sign-on-and-scim-using-okta.md
@@ -1,6 +1,6 @@
---
title: Configuring SAML single sign-on and SCIM using Okta
-intro: 'You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on {% data variables.location.product_location %}.'
+intro: 'You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on {% data variables.product.prodname_dotcom %}.'
redirect_from:
- /github/setting-up-and-managing-organizations-and-teams/configuring-saml-single-sign-on-and-scim-using-okta
permissions: Organization owners can configure SAML SSO and SCIM using Okta for an organization.
@@ -14,20 +14,20 @@ shortTitle: Configure SAML & SCIM with Okta
## About SAML and SCIM with Okta
-You can control access to your organization on {% data variables.location.product_location %} and other web applications from one central interface by configuring the organization to use SAML SSO and SCIM with Okta, an Identity Provider (IdP).
+You can control access to your organization on {% data variables.product.prodname_dotcom %} and other web applications from one central interface by configuring the organization to use SAML SSO and SCIM with Okta, an Identity Provider (IdP).
{% data reusables.saml.ghec-only %}
-SAML SSO controls and secures access to organization resources like repositories, issues, and pull requests. SCIM automatically adds, manages, and removes members' access to your organization on {% data variables.location.product_location %} when you make changes in Okta. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)" and "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)."
+SAML SSO controls and secures access to organization resources like repositories, issues, and pull requests. SCIM automatically adds, manages, and removes members' access to your organization on {% data variables.product.prodname_dotcom %} when you make changes in Okta. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)" and "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)."
After you enable SCIM, the following provisioning features are available for any users that you assign your {% data variables.product.prodname_ghe_cloud %} application to in Okta.
| Feature | Description |
| --- | --- |
-| Push New Users | When you create a new user in Okta, the user will receive an email to join your organization on {% data variables.location.product_location %}. |
-| Push User Deactivation | When you deactivate a user in Okta, Okta will remove the user from your organization on {% data variables.location.product_location %}. |
-| Push Profile Updates | When you update a user's profile in Okta, Okta will update the metadata for the user's membership in your organization on {% data variables.location.product_location %}. |
-| Reactivate Users | When you reactivate a user in Okta, Okta will send an email invitation for the user to rejoin your organization on {% data variables.location.product_location %}. |
+| Push New Users | When you create a new user in Okta, the user will receive an email to join your organization on {% data variables.product.prodname_dotcom %}. |
+| Push User Deactivation | When you deactivate a user in Okta, Okta will remove the user from your organization on {% data variables.product.prodname_dotcom %}. |
+| Push Profile Updates | When you update a user's profile in Okta, Okta will update the metadata for the user's membership in your organization on {% data variables.product.prodname_dotcom %}. |
+| Reactivate Users | When you reactivate a user in Okta, Okta will send an email invitation for the user to rejoin your organization on {% data variables.product.prodname_dotcom %}. |
Alternatively, you can configure SAML SSO for an enterprise using Okta. SCIM for enterprise accounts is only available with Enterprise Managed Users. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta)" and "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)."
diff --git a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md
index dbeabca6b709..acbfe7611734 100644
--- a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md
+++ b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md
@@ -30,7 +30,9 @@ You can also use the REST API to create and manage custom repository roles. For
{% endif %}
{% ifversion custom-org-roles %}
-Custom repository roles manage access to repositories in your organization. To granularly control access to your organization's administration settings, you can use custom organization roles. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."
+Custom repository roles manage access to specific repositories in your organization. To {% ifversion org-custom-role-with-repo-permissions %}grant access to all repositories, and to {% endif %}control access to your organization's administration settings, you can use custom organization roles. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."
+
+Custom organization roles differ from repository roles by granting permissions across **all** current and future repositories in the organization. Custom repository roles, however, allow you to grant permissions to **specific** repositories within the organization.
{% endif %}
## About the inherited role
@@ -62,81 +64,8 @@ After choosing an inherited role, you can select additional permissions for your
You can only choose an additional permission if it's not already included in the inherited role. For example, if the inherited role offers **Write** access to a repository, then the "Close a pull request" permission will already be included in the inherited role.
-{% ifversion discussions %}
-
-### Discussions
-
-* Create a discussion category
-* Edit a discussion category
-* Delete a discussion category
-* Mark or unmark discussion answers
-* Hide or unhide discussion comments
-* Convert issues to discussions
-
-For more information, see "[AUTOTITLE](/discussions)."
-{% endif %}
-
-### Issue and Pull Requests
-
-* Assign or remove a user
-* Add or remove a label
-
-### Issue
-
-* Close an issue
-* Reopen a closed issue
-* Delete an issue
-* Mark an issue as a duplicate
-
-### Pull Request
-
-* Close a pull request
-* Reopen a closed pull request
-* Request a pull request review
-
-### Repository
-
-* Set milestones
-* Manage wiki settings
-* Manage project settings
-* Manage pull request merging settings
-* Manage {% data variables.product.prodname_pages %} settings (see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)")
-* Manage webhooks
-* Manage deploy keys
-* Edit repository metadata
-{%- ifversion ghec %}
-* Set interaction limits
-{%- endif %}
-* Set the social preview
-* Push commits to protected branches
- * Base role must be `write`
- * Branch protection rules will still apply
-* Create protected tags
-* Delete protected tags
-{%- ifversion bypass-branch-protections %}
-* Bypass branch protections
-{%- endif %}
-{%- ifversion edit-repository-rules %}
-* Edit repository rules
-{%- endif %}
-
-### Security
-
-* View {% data variables.product.prodname_code_scanning %} results
-* Dismiss or reopen {% data variables.product.prodname_code_scanning %} results
-* Delete {% data variables.product.prodname_code_scanning %} results
-* View {% data variables.product.prodname_dependabot_alerts %}
-* Dismiss or reopen {% data variables.product.prodname_dependabot_alerts %}
-* View {% data variables.product.prodname_secret_scanning %} results
-* Dismiss or reopen {% data variables.product.prodname_secret_scanning %} results
+{% data reusables.organizations.additional-permissions %}
## Precedence for different levels of access
-If a person is given different levels of access through different avenues, such as team membership and the base permissions for an organization, the highest access overrides the others. For example, if an organization owner gives an organization member a custom role that uses the "Read" inherited role, and then an organization owner sets the organization's base permission to "Write", then this custom role will have write access, along with any additional permissions included in the custom role.
-
-{% data reusables.organizations.mixed-roles-warning %}
-
-To resolve conflicting access, you can adjust your organization's base permissions or the team's access, or edit the custom role. For more information, see:
-* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/setting-base-permissions-for-an-organization)"
-* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)"
-* "[Editing a repository role](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization#editing-a-repository-role)"
+{% data reusables.organizations.precedence-for-different-levels %}
diff --git a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization.md b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization.md
index 12fcd5f6fde0..387151dd8425 100644
--- a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization.md
+++ b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization.md
@@ -1,7 +1,7 @@
---
title: Managing custom repository roles for an organization
-intro: 'You can create, edit, or delete custom repository roles for your organization.'
-permissions: Organization owners can manage custom repository roles.
+intro: 'Learn how to create, edit, or delete custom repository roles for your organization.'
+permissions: Organization owners.
versions:
feature: custom-repository-roles
topics:
diff --git a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
index f4b904573872..519a1897ea52 100644
--- a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
+++ b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
@@ -75,11 +75,15 @@ Some of the features listed below are limited to organizations using {% data var
| [Submit reviews on pull requests](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Approve or request changes to a pull request with required reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Apply suggested changes](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) to pull requests | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| View published releases | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion fpt or ghec %}
-| View [GitHub Actions workflow runs](/actions/managing-workflow-runs) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| View published releases | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
+| View [GitHub Actions workflow runs](/actions/managing-workflow-runs) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| Edit wikis in public repositories | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| Edit wikis in private repositories | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion fpt or ghec %}
-| [Report abusive or spammy content](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| Edit wikis in private repositories | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
+| [Report abusive or spammy content](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| Apply/dismiss labels | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Create, edit, delete labels | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Close, reopen, and assign all issues and pull requests | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
@@ -96,30 +100,40 @@ Some of the features listed below are limited to organizations using {% data var
| [Act as a designated code owner for a repository](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Mark a draft pull request as ready for review](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Convert a pull request to a draft](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| Create [status checks](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion fpt or ghec %}
-| Create, edit, run, re-run, and cancel [GitHub Actions workflows](/actions) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| Create [status checks](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
+| Create, edit, run, re-run, and cancel [GitHub Actions workflows](/actions) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| Create, update, and delete [GitHub Actions secrets](/actions/security-guides/using-secrets-in-github-actions) on GitHub.com | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| Create, update, and delete [GitHub Actions secrets](/rest/actions/secrets) using the REST API | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Create and edit releases | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| View draft releases | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| Edit a repository's description | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion fpt or ghec %}
+| Edit a repository's description | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
| [View and install packages](/packages/learn-github-packages) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Publish packages](/packages/learn-github-packages/publishing-a-package) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| [Delete and restore packages](/packages/learn-github-packages/deleting-and-restoring-a-package) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% endif %}
+| [Delete and restore packages](/packages/learn-github-packages/deleting-and-restoring-a-package) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| Manage [topics](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Enable wikis and restrict wiki editors | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Enable {% data variables.projects.projects_v1_boards %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Configure [pull request merges](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| Configure [a publishing source for {% data variables.product.prodname_pages %}](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion copilot %}
-| View [content exclusion settings](/copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot) for {% data variables.product.prodname_copilot %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
-| Manage [branch protection rules](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule){% ifversion repo-rules %} and [repository rulesets](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets){% endif %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion repo-rules %}
+| Configure [a publishing source for {% data variables.product.prodname_pages %}](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion copilot %} |
+| View [content exclusion settings](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot) for {% data variables.product.prodname_copilot %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| Manage [branch protection rules](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule){% ifversion repo-rules %} and [repository rulesets](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets){% endif %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion repo-rules %} |
| View [rulesets for a repository](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-{% endif %}| [Push to protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {%- endif %} |
+| [Push to protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Merge pull requests on protected branches, even if there are no approving reviews | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| Create tags that match a [tag protection rule](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Delete tags that match a [tag protection rule](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
-| [Create and edit repository social cards](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion fpt or ghec %}
-| Limit [interactions in a repository](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)| {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| [Create and edit repository social cards](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
+| Limit [interactions in a repository](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)| {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| Delete an issue (see "[AUTOTITLE](/issues/tracking-your-work-with-issues/deleting-an-issue)") | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| [Define code owners for a repository](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Add a repository to a team (see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository#giving-a-team-access-to-a-repository)" for details) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
@@ -135,9 +149,11 @@ Some of the features listed below are limited to organizations using {% data var
| [Manage the forking policy for a repository](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-forking-policy-for-your-repository) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| [Transfer repositories into the organization](/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| [Delete or transfer repositories out of the organization](/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
-| [Archive repositories](/repositories/archiving-a-github-repository/archiving-repositories) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion fpt or ghec %}
-| Display a sponsor button (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
-| Create autolink references to external resources, like Jira or Zendesk (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-autolinks-to-reference-external-resources)") | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion discussions %}
+| [Archive repositories](/repositories/archiving-a-github-repository/archiving-repositories) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
+| Display a sponsor button (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| Create autolink references to external resources, like Jira or Zendesk (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-autolinks-to-reference-external-resources)") | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| [Enable {% data variables.product.prodname_discussions %}](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/enabling-or-disabling-github-discussions-for-a-repository) in a repository | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Create and edit categories](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions) for {% data variables.product.prodname_discussions %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Move a discussion to a different category](/discussions/managing-discussions-for-your-community/managing-discussions) | {% octicon "x" aria-label="No" %} | {% ifversion discussions-moderators-control-who-can-report %}{% octicon "check" aria-label="Yes" %}{% endif %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} || [Transfer a discussion](/discussions/managing-discussions-for-your-community/managing-discussions) to a new repository| {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
@@ -146,9 +162,11 @@ Some of the features listed below are limited to organizations using {% data var
| [Lock and unlock discussions](/discussions/managing-discussions-for-your-community/moderating-discussions) | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Individually convert issues to discussions](/discussions/managing-discussions-for-your-community/moderating-discussions) | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [Create new discussions and comment on existing discussions](/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| [Delete a discussion](/discussions/managing-discussions-for-your-community/managing-discussions#deleting-a-discussion) | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion fpt or ghec %}
+| [Delete a discussion](/discussions/managing-discussions-for-your-community/managing-discussions#deleting-a-discussion) | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion fpt or ghec %} |
| [Create codespaces](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository?tool=webui) for private{% ifversion ghec %}/internal{% endif %} repositories | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| [Create codespaces](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository?tool=webui) for public repositories | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| [Create codespaces](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository?tool=webui) for public repositories | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
{% endrowheaders %}
@@ -166,18 +184,27 @@ In this section, you can find the access required for security features, such as
| Repository action | Read | Triage | Write | Maintain | Admin |
|:---|:---:|:---:|:---:|:---:|:---:|
-| Receive [{% data variables.product.prodname_dependabot_alerts %} for insecure dependencies](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) in a repository | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% ifversion dependabot-alerts-permissions-write-maintain %}{% octicon "check" aria-label="Yes" %}{% endif %} | {% ifversion dependabot-alerts-permissions-write-maintain %}{% octicon "check" aria-label="Yes" %}{% endif %} | {% octicon "check" aria-label="Yes" %} |
-| [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% ifversion dependabot-alerts-permissions-write-maintain %}{% octicon "check" aria-label="Yes" %}{% endif %} | {% ifversion dependabot-alerts-permissions-write-maintain %}{% octicon "check" aria-label="Yes" %}{% endif %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghes or ghec %}
-| [Designate additional people or teams to receive security alerts](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion fpt or ghec %}
+| Receive [{% data variables.product.prodname_dependabot_alerts %} for insecure dependencies](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) in a repository | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% ifversion ghes or ghec %}|
+| [Designate additional people or teams to receive security alerts](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
| Create [security advisories](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion ghes or ghec %}
| Manage access to {% data variables.product.prodname_GH_advanced_security %} features (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)") | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion fpt or ghec %}
-| [Enable the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository) for a private repository | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion ghes or ghec %}
-| [View dependency reviews](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| [Enable the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository) for a private repository | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| {% ifversion ghes or ghec %} |
+| [View dependency reviews](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [View and dismiss {% data variables.secret-scanning.alerts %} in a repository](/code-security/secret-scanning/managing-alerts-from-secret-scanning) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghes or ghec %}
-| [Resolve, revoke, or re-open {% data variables.secret-scanning.alerts %}](/code-security/secret-scanning/managing-alerts-from-secret-scanning) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}{% ifversion ghes or ghec %}
-| [Designate additional people or teams to receive {% data variables.secret-scanning.alerts %}](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) in repositories | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% endif %}
+| [Resolve, revoke, or re-open {% data variables.secret-scanning.alerts %}](/code-security/secret-scanning/managing-alerts-from-secret-scanning) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
+| {% ifversion ghes or ghec %} |
+| [Designate additional people or teams to receive {% data variables.secret-scanning.alerts %}](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) in repositories | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
{% endrowheaders %}
diff --git a/content/organizations/organizing-members-into-teams/creating-a-team.md b/content/organizations/organizing-members-into-teams/creating-a-team.md
index 788fe3a0458e..22e38721d186 100644
--- a/content/organizations/organizing-members-into-teams/creating-a-team.md
+++ b/content/organizations/organizing-members-into-teams/creating-a-team.md
@@ -35,7 +35,7 @@ topics:
{% ifversion ghec %}
1. Optionally, if your organization or enterprise account uses team synchronization or your enterprise uses {% data variables.product.prodname_emus %}, connect an identity provider group to your team.
* If your enterprise uses {% data variables.product.prodname_emus %}, use the "Identity Provider Groups" drop-down menu, and select a single identity provider group to connect to the new team. For more information, "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
- * If your organization or enterprise account uses team synchronization, under "Identity Provider Groups", select the **Select Groups** dropdown menu, and click up to five identity provider groups to connect to the new team. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group)."
+ * If your organization or enterprise account uses team synchronization, under "Identity Provider Groups," select the **Select Groups** dropdown menu, and click up to five identity provider groups to connect to the new team. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group)."
{% endif %}
{% data reusables.organizations.team_visibility %}
{% data reusables.organizations.team-notifications %}
@@ -66,7 +66,7 @@ You must be a site admin and an organization owner to create a team with LDAP sy
{% data reusables.user-settings.access_org %}
{% data reusables.organizations.new_team %}
{% data reusables.organizations.team_name %}
-1. Under "LDAP group", search for an LDAP group's DN to map the team to. If you don't know the DN, type the LDAP group's name. {% data variables.product.prodname_ghe_server %} will search for and autocomplete any matches.
+1. Under "LDAP group," search for an LDAP group's DN to map the team to. If you don't know the DN, type the LDAP group's name. {% data variables.product.prodname_ghe_server %} will search for and autocomplete any matches.
{% data reusables.organizations.team_description %}
{% data reusables.organizations.team_visibility %}
{% data reusables.organizations.create-team-choose-parent %}
diff --git a/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md b/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md
index 73d34fd124b7..beea5bb58b4c 100644
--- a/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md
+++ b/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md
@@ -6,7 +6,7 @@ redirect_from:
permissions: 'Organization owners and team maintainers can synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group.'
versions:
ghec: '*'
- feature: scim-for-ghes
+ ghes: '*'
topics:
- Organizations
- Teams
@@ -73,7 +73,7 @@ To avoid unintentionally removing team members, visit the administrative portal
You must authenticate using SAML SSO. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on)."
-{% elsif scim-for-ghes %}
+{% elsif ghes %}
You must configure user provisioning with SCIM for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)."
{% data reusables.scim.ghes-beta-note %}
diff --git a/content/packages/learn-github-packages/connecting-a-repository-to-a-package.md b/content/packages/learn-github-packages/connecting-a-repository-to-a-package.md
index 64671079380c..85584b02d6d6 100644
--- a/content/packages/learn-github-packages/connecting-a-repository-to-a-package.md
+++ b/content/packages/learn-github-packages/connecting-a-repository-to-a-package.md
@@ -98,3 +98,25 @@ When you publish a package that is scoped to a personal account or an organizati
```shell
docker push {% ifversion fpt or ghec %}ghcr.io{% elsif ghes %}{% data reusables.package_registry.container-registry-example-hostname %}{% endif %}/octocat/hello_docker:latest
```
+
+## Unlinking a repository from a package on GitHub
+
+> [!NOTE]
+> Unlinking a package from a repository will remove the repository information from the package's landing page and can affect the access pattern depending on whether the package inherits its access permissions from the repository. For more information, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#about-inheritance-of-access-permissions)". This behavior does not apply to Apache Maven packages, as outlined in "[AUTOTITLE](/packages/learn-github-packages/about-permissions-for-github-packages#granular-permissions-for-userorganization-scoped-packages)".
+
+1. On GitHub, navigate to the settings page of the Package you'd like to unlink.
+
+1. On the Package settings page, you will see a Repository source section. If this section is not present, then the Package is not currently linked to a repository.
+
+1. Click on the trash icon in the top right corner of the Repository source section.
+
+> It is possible that the Repository source section exists, but there is no trash icon present. This is because a repository source has been defined as part of the packaged code i.e. a `package.json` file, `.gemspec` file, however, it is not actually linked to a repository on GitHub. To link the package to a repository, you will need to follow the steps in the section above.
+
+1. Confirm that you would like to unlink the repository from the package with the dialogue.
+
+## Migrating a package to another repository
+
+If you currently have a package linked to a repository and you would like to link it to a different repository, this can be done by unlinking the package from the current repository and linking it to the new repository.
+
+1. Follow the steps to unlink it, see "[Unlinking a repository from a package on {% data variables.product.prodname_dotcom %}](/packages/learn-github-packages/connecting-a-repository-to-a-package#unlinking-a-repository-from-a-package-on-github)."
+1. Follow the steps to link the package to the new repository, see "[Connecting a repository to an organization-scoped package on {% data variables.product.prodname_dotcom %}](/packages/learn-github-packages/connecting-a-repository-to-a-package#connecting-a-repository-to-a-user-scoped-package-on-github)" or "[Connecting a repository to a user-scoped package on {% data variables.product.prodname_dotcom %}](/packages/learn-github-packages/connecting-a-repository-to-a-package#connecting-a-repository-to-an-organization-scoped-package-on-github)."
diff --git a/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md b/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md
index ab9740baf1cd..eb2ad3b7f726 100644
--- a/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md
+++ b/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md
@@ -37,6 +37,8 @@ dotnet nuget add source --username USERNAME --password {%raw%}${{ secrets.GITHUB
Replace `NAMESPACE` with the name of the personal account or organization {% ifversion packages-nuget-v2 %}to which your packages are scoped{% else %}that owns the repository where your packages are hosted{% endif %}.
+Replace `USERNAME` with the username to be used when connecting to an authenticated source.
+
{% ifversion packages-nuget-v2 %}{% else %}{% data reusables.package_registry.authenticate-packages-github-token %}{% endif %}
{% ifversion packages-nuget-v2 %}
@@ -101,7 +103,13 @@ If your instance has subdomain isolation disabled:
## Publishing a package
-You can publish a package to {% data variables.product.prodname_registry %} by authenticating with a _nuget.config_ file, or by using the `--api-key` command line option with your {% data variables.product.prodname_dotcom %} {% data variables.product.pat_v1 %}.
+You can publish a package to {% data variables.product.prodname_registry %} by authenticating with a _nuget.config_ file, using the `--api-key` command line option with your {% data variables.product.prodname_dotcom %} {% data variables.product.pat_v1 %} or by using command that can be run directly from the command line using the `dotnet` command-line interface (CLI).
+
+Replace `OWNER` with your username or company name, and `YOUR_GITHUB_PAT` with your {% data variables.product.pat_generic %}.
+
+```shell
+dotnet nuget add source --username OWNER --password {%raw%}YOUR_GITHUB_PAT{% endraw %} --store-password-in-clear-text --name github "https://{% ifversion fpt or ghec %}nuget.pkg.github.com{% else %}nuget.HOSTNAME{% endif %}/OWNER/index.json"
+```
{% ifversion packages-nuget-v2 %}
@@ -109,7 +117,7 @@ The NuGet registry stores packages within your organization or personal account,
{% data reusables.package_registry.publishing-user-scoped-packages %} For more information on linking a published package with a repository, see "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."
-If you specify a `RepositoryURL` in your `nuget.config` file, the published package will automatically be connected to the specified repository. For more information, see "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry#publishing-a-package-using-a-nugetconfig-file)." For information on linking an already-published package to a repository, see "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."
+If you specify a `RepositoryURL` in your project's _.csproj_ file, the published package will automatically be connected to the specified repository. For more information, see "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry#publishing-a-package-using-a-nugetconfig-file)." For information on linking an already-published package to a repository, see "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."
{% endif %}
diff --git a/content/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages.md b/content/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages.md
index a4388413f7cb..46da08ad9416 100644
--- a/content/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages.md
+++ b/content/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages.md
@@ -24,7 +24,7 @@ It's also possible to verify a domain for your organization{% ifversion ghec %}
### Verifying a domain that is already taken
-If you are verifying a domain you own, which is currently in use by another user or organization, to make it available for your {% data variables.product.prodname_pages %} website; note that the process to release the domain from its current location will take 7 days to complete. If you are attempting to verify an already verified domain (verified by another user or organization), the release process will not be successful.
+You may be verifying a domain you own, which is currently in use by another user or organization, to make it available for your {% data variables.product.prodname_pages %} website. In this case, the domain will be immediately released from {% data variables.product.prodname_pages %} websites which are owned by other users or organizations. If you are attempting to verify an already verified domain (verified by another user or organization), the release process will not be successful.
## Verifying a domain for your user site
diff --git a/content/pages/getting-started-with-github-pages/about-github-pages.md b/content/pages/getting-started-with-github-pages/about-github-pages.md
index 04bf6e193fd5..98738533c886 100644
--- a/content/pages/getting-started-with-github-pages/about-github-pages.md
+++ b/content/pages/getting-started-with-github-pages/about-github-pages.md
@@ -1,6 +1,6 @@
---
title: About GitHub Pages
-intro: 'You can use {% data variables.product.prodname_pages %} to host a website about yourself, your organization, or your project directly from a repository on {% data variables.location.product_location %}.'
+intro: 'You can use {% data variables.product.prodname_pages %} to host a website about yourself, your organization, or your project directly from a repository on {% data variables.product.prodname_dotcom %}.'
redirect_from:
- /articles/what-are-github-pages
- /articles/what-is-github-pages
@@ -91,7 +91,7 @@ For more information about {% data variables.product.prodname_emus %}, see "[AUT
{% data variables.product.prodname_pages %} publishes any static files that you push to your repository. You can create your own static files or use a static site generator to build your site for you. You can also customize your own build process locally or on another server.
-If you use a custom build process or a static site generator other than Jekyll, you can write a {% data variables.product.prodname_actions %} to build and publish your site. {% data variables.product.product_name %} provides starter workflows for several static site generators. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)."
+If you use a custom build process or a static site generator other than Jekyll, you can write a {% data variables.product.prodname_actions %} to build and publish your site. {% data variables.product.product_name %} provides workflow templates for several static site generators. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)."
If you publish your site from a source branch, {% data variables.product.prodname_pages %} will use Jekyll to build your site by default. If you want to use a static site generator other than Jekyll, we recommend that you write a {% data variables.product.prodname_actions %} to build and publish your site instead. Otherwise, disable the Jekyll build process by creating an empty file called `.nojekyll` in the root of your publishing source, then follow your static site generator's instructions to build your site locally.
diff --git a/content/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site.md b/content/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site.md
index a7c613059a0a..c9f7d625f46a 100644
--- a/content/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site.md
+++ b/content/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site.md
@@ -59,7 +59,7 @@ To configure your site to publish with {% data variables.product.prodname_action
{% data reusables.repositories.sidebar-settings %}
{% data reusables.pages.sidebar-pages %}
1. Under "Build and deployment", under "Source", select **{% data variables.product.prodname_actions %}**.
-1. {% data variables.product.product_name %} will suggest several starter workflows. If you already have a workflow to publish your site, you can skip this step. Otherwise, choose one of the options to create a {% data variables.product.prodname_actions %} workflow. For more information about creating your custom workflow, see "[Creating a custom {% data variables.product.prodname_actions %} workflow to publish your site](#creating-a-custom-github-actions-workflow-to-publish-your-site)."
+1. {% data variables.product.product_name %} will suggest several workflow templates. If you already have a workflow to publish your site, you can skip this step. Otherwise, choose one of the options to create a {% data variables.product.prodname_actions %} workflow. For more information about creating your custom workflow, see "[Creating a custom {% data variables.product.prodname_actions %} workflow to publish your site](#creating-a-custom-github-actions-workflow-to-publish-your-site)."
{% data variables.product.prodname_pages %} does not associate a specific workflow to the {% data variables.product.prodname_pages %} settings. However, the {% data variables.product.prodname_pages %} settings will link to the workflow run that most recently deployed your site.
@@ -67,7 +67,7 @@ To configure your site to publish with {% data variables.product.prodname_action
For more information about {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions)."
-When you configure your site to publish with {% data variables.product.prodname_actions %}, {% data variables.product.product_name %} will suggest starter workflows for common publishing scenarios. The general flow of a workflow is to:
+When you configure your site to publish with {% data variables.product.prodname_actions %}, {% data variables.product.product_name %} will suggest workflow templates for common publishing scenarios. The general flow of a workflow is to:
1. Trigger whenever there is a push to the default branch of the repository or whenever the workflow is run manually from the Actions tab.
1. Use the [`actions/checkout`](https://github.com/actions/checkout) action to check out the repository contents.
@@ -75,7 +75,7 @@ When you configure your site to publish with {% data variables.product.prodname_
1. Use the [`actions/upload-pages-artifact`](https://github.com/actions/upload-pages-artifact) action to upload the static files as an artifact.
1. If the workflow was triggered by a push to the default branch, use the [`actions/deploy-pages`](https://github.com/actions/deploy-pages) action to deploy the artifact. This step is skipped if the workflow was triggered by a pull request.
-The starter workflows use a deployment environment called `github-pages`. If your repository does not already include an environment called `github-pages`, the environment will be created automatically. We recommend that you add a deployment protection rule so that only the default branch can deploy to this environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+The workflow templates use a deployment environment called `github-pages`. If your repository does not already include an environment called `github-pages`, the environment will be created automatically. We recommend that you add a deployment protection rule so that only the default branch can deploy to this environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
{% ifversion fpt or ghec %}
{% note %}
diff --git a/content/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https.md b/content/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https.md
index 888aed7e1acd..13c5bcdbde4c 100644
--- a/content/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https.md
+++ b/content/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https.md
@@ -40,8 +40,6 @@ All {% data variables.product.prodname_pages %} sites, including sites that are
When you set or change your custom domain in the Pages settings, an automatic DNS check begins. This check determines if your DNS settings are configured to allow {% data variables.product.prodname_dotcom %} to obtain a certificate automatically. If the check is successful, {% data variables.product.prodname_dotcom %} queues a job to request a TLS certificate from [Let's Encrypt](https://letsencrypt.org/). On receiving a valid certificate, {% data variables.product.prodname_dotcom %} automatically uploads it to the servers that handle TLS termination for Pages. When this process completes successfully, a check mark is displayed beside your custom domain name.
-Please note that your {% data variables.product.prodname_pages %} site must be publicly available for a Let's Encrypt certificate to be issued. Once the certificate has been issued you may revert the site to private.
-
The process may take some time. If the process has not completed several minutes after you clicked **Save**, try clicking **Remove** next to your custom domain name. Retype the domain name and click **Save** again. This will cancel and restart the provisioning process.
## Resolving problems with mixed content
diff --git a/content/pages/getting-started-with-github-pages/troubleshooting-404-errors-for-github-pages-sites.md b/content/pages/getting-started-with-github-pages/troubleshooting-404-errors-for-github-pages-sites.md
index 3222c033fe06..f603c2575056 100644
--- a/content/pages/getting-started-with-github-pages/troubleshooting-404-errors-for-github-pages-sites.md
+++ b/content/pages/getting-started-with-github-pages/troubleshooting-404-errors-for-github-pages-sites.md
@@ -69,5 +69,6 @@ Check whether your repository meets the following requirements.
* The branch you are using to publish your site must be the `main` or default branch.
* The repository must have a commit pushed to it by someone with admin permissions for the repository, such as the repository owner.
* Switching the repository's visibility from public to private or vice versa will change the URL of your {% data variables.product.prodname_pages %} site, which will result in broken links until the site is rebuilt.
+* If you are using a private repository for the {% data variables.product.prodname_pages %} site, please check if your {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_ghe_cloud %} subscription is still active. If you renew the plan, the {% data variables.product.prodname_pages %} site will be automatically re-deployed. Otherwise, you can change your repository's visibility to public to continue using {% data variables.product.prodname_pages %} for free.
If you are still receiving a 404 error, start a [{% data variables.product.prodname_github_community %} discussion](https://github.com/orgs/community/discussions/categories/pages) in the Pages category.
diff --git a/content/pages/getting-started-with-github-pages/using-custom-workflows-with-github-pages.md b/content/pages/getting-started-with-github-pages/using-custom-workflows-with-github-pages.md
index 5ad847952d1b..3a4a9e45e9bc 100644
--- a/content/pages/getting-started-with-github-pages/using-custom-workflows-with-github-pages.md
+++ b/content/pages/getting-started-with-github-pages/using-custom-workflows-with-github-pages.md
@@ -26,7 +26,7 @@ To use the action place this snippet under your `jobs` in the desired workflow.
uses: actions/configure-pages@v3
```
-This action helps support deployment from any static site generator to {% data variables.product.prodname_pages %}. To make this process less repetitive you can use starter workflows for some of the most widely used static site generators. For more information, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)."
+This action helps support deployment from any static site generator to {% data variables.product.prodname_pages %}. To make this process less repetitive you can use workflow templates for some of the most widely used static site generators. For more information, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)."
## Configuring the `upload-pages-artifact` action
diff --git a/content/pages/index.md b/content/pages/index.md
index 9d0b31ae82eb..03976f514af5 100644
--- a/content/pages/index.md
+++ b/content/pages/index.md
@@ -1,7 +1,7 @@
---
title: "{% data variables.product.prodname_pages %} documentation"
shortTitle: "{% data variables.product.prodname_pages %}"
-intro: 'Learn how to create a website directly from a repository on {% data variables.location.product_location %}. Explore website building tools like Jekyll and troubleshoot issues with your {% data variables.product.prodname_pages %} site.'
+intro: 'Learn how to create a website directly from a repository on {% data variables.product.prodname_dotcom %}. Explore website building tools like Jekyll and troubleshoot issues with your {% data variables.product.prodname_pages %} site.'
introLinks:
quickstart: /pages/quickstart
overview: /pages/getting-started-with-github-pages/about-github-pages
diff --git a/content/pages/quickstart.md b/content/pages/quickstart.md
index 51ef4e33414b..665a5d22f1f4 100644
--- a/content/pages/quickstart.md
+++ b/content/pages/quickstart.md
@@ -24,6 +24,9 @@ This guide will lead you through creating a user site at `username.github.io`.
{% data reusables.repositories.create_new %}
1. Enter `username.github.io` as the repository name. Replace `username` with your {% data variables.product.prodname_dotcom %} username. For example, if your username is `octocat`, the repository name should be `octocat.github.io`.
+{% data reusables.repositories.choose-repo-visibility %}
+{% data reusables.repositories.initialize-with-readme %}
+{% data reusables.repositories.create-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.pages.sidebar-pages %}
1. Under "Build and deployment", under "Source", select **Deploy from a branch**.
diff --git a/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md
index 4854ded6183e..90ca33e3657f 100644
--- a/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md
+++ b/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md
@@ -51,9 +51,17 @@ Before you can use Jekyll to test a site, you must:
{% note %}
- **Note:** If you've installed Ruby 3.0 or later (which you may have if you installed the default version via Homebrew), you might get an error at this step. That's because these versions of Ruby no longer come with `webrick` installed.
+ **Notes:**
+ * If you've installed Ruby 3.0 or later (which you may have if you installed the default version via Homebrew), you might get an error at this step. That's because these versions of Ruby no longer come with `webrick` installed.
+
+ To fix the error, try running `bundle add webrick`, then re-running `bundle exec jekyll serve`.
+
+ * If your `_config.yml` file's `baseurl` field contains your GitHub repository's link, you can use the following command when building locally to ignore that value and serve the site on `localhost:4000/`:
+
+ ```shell
+ bundle exec jekyll serve --baseurl=""
+ ```
- To fix the error, try running `bundle add webrick`, then re-running `bundle exec jekyll serve`.
{% endnote %}
1. To preview your site, in your web browser, navigate to `http://localhost:4000`.
diff --git a/content/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models.md b/content/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models.md
index 994f45836945..8e2a434b2340 100644
--- a/content/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models.md
+++ b/content/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models.md
@@ -17,7 +17,7 @@ shortTitle: Collaborative development
---
## Fork and pull model
-In the fork and pull model, anyone can fork an existing repository and push changes to their personal fork. You do not need permission to the source repository to push to a user-owned fork. The changes can be pulled into the source repository by the project maintainer. When you open a pull request proposing changes from your user-owned fork to a branch in the source (upstream) repository, you can allow anyone with push access to the upstream repository to make changes to your pull request. This model is popular with open source projects as it reduces the amount of friction for new contributors and allows people to work independently without upfront coordination.
+In the fork and pull model, anyone can fork an existing ("upstream") repository to which they have read access and the owner of the upstream repository allows it. Be aware that a fork and its upstream share the same git data. This means that all content uploaded to a fork is accessible from the upstream and all other forks of that upstream. You do not need permission from the upstream repository to push to a fork of it you created. You can optionally allow anyone with push access to the upstream repository to make changes to your pull request branch. This model is popular with open-source projects as it reduces the amount of friction for new contributors and allows people to work independently without upfront coordination.
{% tip %}
diff --git a/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges.md b/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges.md
index ddcf485360a1..0ea8cda153e7 100644
--- a/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges.md
+++ b/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges.md
@@ -29,16 +29,17 @@ When you squash and merge, {% data variables.product.prodname_dotcom %} generate
{% else %}
When you squash and merge, {% data variables.product.prodname_dotcom %} generates a default commit message, which you can edit. The default message depends on the number of commits in the pull request, not including merge commits.
-Number of commits | Summary | Description |
------------------ | ------- | ----------- |
-One commit | The title of the commit message for the single commit, followed by the pull request number | The body text of the commit message for the single commit
-More than one commit | The pull request title, followed by the pull request number | A list of the commit messages for all of the squashed commits, in date order
+| Number of commits | Summary | Description |
+| ----------------- | ------- | ----------- |
+| One commit | The title of the commit message for the single commit, followed by the pull request number | The body text of the commit message for the single commit |
+| More than one commit | The pull request title, followed by the pull request number | A list of the commit messages for all of the squashed commits, in date order |
+
{% endif %}
-Number of commits | Summary | Description |
------------------ | ------- | ----------- |
-One commit | The title of the commit message for the single commit, followed by the pull request number | The body text of the commit message for the single commit
-More than one commit | The pull request title, followed by the pull request number | A list of the commit messages for all of the squashed commits, in date order
+| Number of commits | Summary | Description |
+| ----------------- | ------- | ----------- |
+| One commit | The title of the commit message for the single commit, followed by the pull request number | The body text of the commit message for the single commit |
+| More than one commit | The pull request title, followed by the pull request number | A list of the commit messages for all of the squashed commits, in date order |
{% ifversion default-merge-squash-commit-message %}
People with maintainer or admin access to a repository can configure their repository's default merge message for all squashed commits to use the pull request title, the pull request title and commit details, or the pull request title and description. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests)".{% endif %}
@@ -55,17 +56,17 @@ Because this commit is only on the base branch and not the head branch, the comm
{% data reusables.pull_requests.rebase_and_merge_summary %}
-You aren't able to automatically rebase and merge on {% data variables.location.product_location %} when:
+You aren't able to automatically rebase and merge when:
* The pull request has merge conflicts.
* Rebasing the commits from the base branch into the head branch runs into conflicts.
* Rebasing the commits is considered "unsafe," such as when a rebase is possible without merge conflicts but would produce a different result than a merge would.
-If you still want to rebase the commits but can't rebase and merge automatically on {% data variables.location.product_location %} you must:
+If you still want to rebase the commits but can't rebase and merge automatically, you must:
* Rebase the topic branch (or head branch) onto the base branch locally on the command line
* [Resolve any merge conflicts on the command line](/pull-requests/collaborating-with-pull-requests/addressing-merge-conflicts/resolving-a-merge-conflict-using-the-command-line).
* Force-push the rebased commits to the pull request's topic branch (or remote head branch).
-Anyone with write permissions in the repository, can then [merge the changes](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request) using the rebase and merge button on {% data variables.location.product_location %}.
+Anyone with write permissions in the repository, can then [merge the changes](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request) using the rebase and merge button.
## Indirect merges
diff --git a/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue.md b/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue.md
index abddb3379be5..590fd0544eb2 100644
--- a/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue.md
+++ b/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue.md
@@ -35,7 +35,7 @@ product: '{% data reusables.gated-features.merge-queue %}'
1. Click **Merge when ready** to add the pull request to the merge queue. Alternatively, if you are an administrator, you can:
- * Directly merge the pull request by checking **Merge without waiting for requirements to be met ({% ifversion bypass-branch-protections %}bypass branch protections{% else %}administrators only{% endif %})**, if allowed by branch protection settings, and follow the standard flow.
+ * Directly merge the pull request by checking **Merge without waiting for requirements to be met (bypass branch protections)**, if allowed by branch protection settings, and follow the standard flow.
diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests.md
index 699c21b60bd5..233042fdf956 100644
--- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests.md
+++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests.md
@@ -54,7 +54,7 @@ To simplify reviewing changes in a large pull request, you can filter the diff t
## Three-dot and two-dot Git diff comparisons
-There are two comparison methods for the `git diff` command; two-dot (`git diff A..B`) and three-dot (`git diff A...B`). By default, pull requests on {% data variables.product.prodname_dotcom %} show a three-dot diff.
+There are two comparison methods for the `git diff` command; two-dot (`git diff A..B`) and three-dot (`git diff A...B`). Pull requests on {% data variables.product.prodname_dotcom %} show a three-dot diff.
### Three-dot Git diff comparison
diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md
index dbd5a35d6431..6c2424d99ad5 100644
--- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md
+++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md
@@ -1,6 +1,6 @@
---
title: About pull requests
-intro: 'Pull requests let you tell others about changes you''ve pushed to a branch in a repository on {% data variables.product.product_name %}. Once a pull request is opened, you can discuss and review the potential changes with collaborators and add follow-up commits before your changes are merged into the base branch.'
+intro: 'Learn about pull requests and draft pull requests on {% data variables.product.product_name %}. Pull requests communicate changes to a branch in a repository. Once a pull request is opened, you can review changes with collaborators and add follow-up commits.'
redirect_from:
- /github/collaborating-with-issues-and-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests
- /articles/using-pull-requests
@@ -29,17 +29,17 @@ A pull request is a proposal to merge a set of changes from one branch into anot
You can create pull requests on {% data variables.product.prodname_dotcom_the_website %}, with {% data variables.product.prodname_desktop %}{% ifversion fpt or ghec %}, in {% data variables.product.prodname_github_codespaces %}{% endif %}, on {% data variables.product.prodname_mobile %}, and when using GitHub CLI.
-After initializing a pull request, you'll see a review page that shows a high-level overview of the changes between your branch (the compare branch) and the repository's base branch. You can add a summary of the proposed changes, review the changes made by commits, add labels, milestones, and assignees, and @mention individual contributors or teams. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)."
+After initializing a pull request, you'll see a review page that shows a high-level overview of the changes between your branch (the compare branch) and the repository's base branch. You can add a summary of the proposed changes, review the changes made by commits, add labels, milestones, and assignees, and @mention individual contributors or teams. See "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)."
Once you've created a pull request, you can push commits from your topic branch to add them to your existing pull request. These commits will appear in chronological order within your pull request and the changes will be visible in the "Files changed" tab.
Other contributors can review your proposed changes, add review comments, contribute to the pull request discussion, and even add commits to the pull request. {% ifversion pull-request-approval-limit %}{% data reusables.pull_requests.code-review-limits %}{% endif %}
{% ifversion fpt or ghec %}
-You can see information about the branch's current deployment status and past deployment activity on the "Conversation" tab. For more information, see "[AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-deployment-activity-for-your-repository)."
+You can see information about the branch's current deployment status and past deployment activity on the "Conversation" tab. See "[AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-deployment-activity-for-your-repository)."
{% endif %}
-After you're happy with the proposed changes, you can merge the pull request. If you're working in a shared repository model, you create a pull request and you, or someone else, will merge your changes from your feature branch into the base branch you specify in your pull request. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request)."
+After you're happy with the proposed changes, you can merge the pull request. If you're working in a shared repository model, you create a pull request and you, or someone else, will merge your changes from your feature branch into the base branch you specify in your pull request. See "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request)."
{% data reusables.pull_requests.required-checks-must-pass-to-merge %}
@@ -49,19 +49,19 @@ After you're happy with the proposed changes, you can merge the pull request. If
**Tips:**
* To toggle between collapsing and expanding all outdated review comments in a pull request, hold down OptionAltAlt and click **Show outdated** or **Hide outdated**. For more shortcuts, see "[AUTOTITLE](/get-started/accessibility/keyboard-shortcuts)."
-* You can squash commits when merging a pull request to gain a more streamlined view of changes. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges)."
+* You can squash commits when merging a pull request to gain a more streamlined view of changes. See "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges)."
{% endtip %}
-You can visit your dashboard to quickly find links to recently updated pull requests you're working on or subscribed to. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard)."
+You can visit your dashboard to quickly find links to recently updated pull requests you're working on or subscribed to. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard)."
## Draft pull requests
{% data reusables.gated-features.draft-prs %}
-When you create a pull request, you can choose to create a pull request that is ready for review or a draft pull request. Draft pull requests cannot be merged, and code owners are not automatically requested to review draft pull requests. For more information about creating a draft pull request, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)" and "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork)."
+When you create a pull request, you can choose to create a pull request that is ready for review or a draft pull request. Draft pull requests cannot be merged, and code owners are not automatically requested to review draft pull requests. See "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)" and "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork)."
-{% data reusables.pull_requests.mark-ready-review %} You can convert a pull request to a draft at any time. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request)."
+{% data reusables.pull_requests.mark-ready-review %} You can convert a pull request to a draft at any time. See "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request)."
## Differences between commits on compare and pull request pages
diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally.md
index d65973b10ade..13976dc4b849 100644
--- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally.md
+++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally.md
@@ -45,7 +45,7 @@ shortTitle: Check out a PR locally
{% data reusables.cli.cli-learn-more %}
-To check out a pull request locally, use the `gh pr checkout` subcommand. Replace `pull-request` with the number, URL, or head branch of the pull request.
+To check out a pull request locally, use the `gh pr checkout` subcommand. Replace `PULL-REQUEST` with the number, URL, or head branch of the pull request.
```shell
gh pr checkout PULL-REQUEST
diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md
index 400e94d58f21..6f7105920c02 100644
--- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md
+++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md
@@ -34,7 +34,7 @@ You can change the format of the diff view in this tab by clicking {% octicon "g
You can also choose to hide whitespace differences. The choice you make only applies to this pull request and will be remembered the next time you visit this page.
1. Optionally, filter the files to show only the files you want to review{% ifversion pr-tree-view %} or use the file tree to navigate to a specific file{% endif %}. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/filtering-files-in-a-pull-request)."
{%- ifversion ghec %}
-1. Optionally, if you have access to {% data variables.product.prodname_copilot_enterprise %}, you can ask {% data variables.product.prodname_copilot_short %} about the changes in a file in a pull request by clicking {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, clicking **Ask {% data variables.product.prodname_copilot_short %} about this diff**, then typing a request such as "Explain these changes." For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#finding-out-about-the-changes-in-a-pull-request)."
+1. Optionally, if you have access to {% data variables.product.prodname_copilot_enterprise %}, you can ask {% data variables.product.prodname_copilot_short %} about the changes in a file in a pull request by clicking {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, clicking **Ask {% data variables.product.prodname_copilot_short %} about this diff**, then typing a request such as "Explain these changes." For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-questions-about-a-specific-pull-request)."
{%- endif %}
{% data reusables.repositories.start-line-comment %}
{% data reusables.repositories.multiple-lines-comment %}
diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md
index 5f1564bad954..3214f9bee49c 100644
--- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md
+++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md
@@ -16,7 +16,7 @@ topics:
## About forks
-{% data reusables.repositories.about-forks %} A fork can be owned by either a personal account or an organization.
+{% data reusables.repositories.about-forks %} A fork can exist in either a personal account or an organization.
When you view a forked repository on {% data variables.product.product_name %}, the upstream repository is indicated below the name of the fork.
@@ -24,7 +24,7 @@ When you view a forked repository on {% data variables.product.product_name %},
In open source projects, forks are often used to iterate on ideas or changes before incorporating the changes into the upstream repository. {% data reusables.repositories.about-giving-access-to-forks %}
-Deleting a fork will not delete the original upstream repository. You can make any changes you want to your fork, and there will be no effect on the upstream. For example, you can add collaborators, rename files, or generate {% data variables.product.prodname_pages %} on the fork without affecting the upstream. {% ifversion fpt or ghec %} After a fork is deleted, you cannot restore the fork. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/restoring-a-deleted-repository)."{% endif %} If you delete a private repository, all forks of the repository are deleted.
+Deleting a fork will not delete the original upstream repository. Code pushed to a fork will be visible from the upstream, but changes won't have any immediate effect on the upstream branches. For example, you can add collaborators, rename files, or generate {% data variables.product.prodname_pages %} on the fork without affecting the upstream branches. {% ifversion fpt or ghec %} After a fork is deleted, you cannot restore the fork. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/restoring-a-deleted-repository)."{% endif %} If you delete a private repository, all forks of the repository are deleted.
{% data reusables.repositories.forks-page %}
@@ -46,6 +46,7 @@ If you want to create a new repository from the contents of an existing reposito
Forking a repository is similar to duplicating a repository, with the following differences.
+* Code pushed to a fork is visible to all repositories in the fork network, even after that fork is deleted.
* You can use a pull request to suggest changes from your fork to the upstream repository.
* You can bring changes from the upstream repository to your fork by synchronizing your fork with the upstream repository.
* Forks have their own members, branches, tags, labels, policies, issues, pull requests, discussions, actions, projects, and wikis.
diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-permissions-and-visibility-of-forks.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-permissions-and-visibility-of-forks.md
index 64d65eb7b49a..f5ba8200a65c 100644
--- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-permissions-and-visibility-of-forks.md
+++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-permissions-and-visibility-of-forks.md
@@ -32,6 +32,8 @@ All repositories belong to a repository network. A repository network contains t
If you delete a repository or change the repository's visibility settings, you will affect the repository's forks. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility)"
+If you delete a fork, any code contributions of that fork will still be accessible to the repository network.
+
## About permissions of forks
{% data reusables.repositories.private_forks_inherit_permissions %}
@@ -55,11 +57,11 @@ For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-me
If you work with forks, or if you're the owner of a repository or organization that allows forking, it's important to be aware of the following security considerations.
* Forks have their own permissions separate from the upstream repository.
-* The owners of a repository that has been forked have read permission to all forks in the repository's fork network.
+* The owners of a repository that has been forked have read permission to all forks in the repository's network.
* Organization owners of a repository that has been forked have admin permission to forks created in personal user namespaces, including the ability to delete the fork and its branches.
* Organization owners of a repository that has been forked have read permission to forks created in organizations, but do not have the ability to delete the fork or its branches.
* Forks created in another organization will not be deleted when individual access is removed from the upstream repository.
-* Commits to any repository in a fork network can be accessed from any repository in the same fork network, including the upstream repository.
+* Commits to any repository in a network can be accessed from any repository in the same network, including the upstream repository, even after a fork is deleted.
### About forks within an organization
diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork.md
index 4213653412e8..02aa34b5dfbf 100644
--- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork.md
+++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork.md
@@ -1,12 +1,12 @@
---
title: Allowing changes to a pull request branch created from a fork
-intro: 'For greater collaboration, you can allow commits on branches you''ve created from forks owned by your personal account.'
+intro: 'For greater collaboration, you can allow commits on branches you''ve created from forks in your personal account.'
redirect_from:
- /github/collaborating-with-issues-and-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork
- /articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork
- /github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork
- /github/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork
-permissions: People with push access to the upstream repository of a fork owned by a personal account can commit to the forked branches.
+permissions: People with push access to the upstream repository of a fork in a personal account can commit to the forked branches.
versions:
fpt: '*'
ghes: '*'
@@ -15,9 +15,9 @@ topics:
- Pull requests
shortTitle: Allow changes to a branch
---
-When a user creates a pull request from a fork that they own, the user generally has the authority to decide if other users can commit to the pull request's compare branch. If the pull request author wants greater collaboration, they can grant maintainers of the upstream repository (that is, anyone with push access to the upstream repository) permission to commit to the pull request's compare branch. To learn more about upstream repositories, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks)."
+When a user creates a pull request from their fork, the user generally has the authority to decide if other users can commit to the pull request's compare branch. If the pull request author wants greater collaboration, they can grant maintainers of the upstream repository (that is, anyone with push access to the upstream repository) permission to commit to the pull request's compare branch. To learn more about upstream repositories, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks)."
-Pull request authors can give these permissions when they initially create a pull request from a user-owned fork or after they create the pull request. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork)."
+Pull request authors can give these permissions when they initially create a pull request from a fork in a personal account or after they create the pull request. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork)."
You can set commit permissions when you first create a pull request from a fork. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork)." Additionally, you can modify an existing pull request to let repository maintainers make commits to your branch.
diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md
index c6f8d218ed1e..5e90c58ddba2 100644
--- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md
+++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md
@@ -36,7 +36,7 @@ For example, you can use forks to propose changes related to fixing a bug. Rathe
Open source software is based on the idea that by sharing code, we can make better, more reliable software. For more information, see the "[About the Open Source Initiative](https://opensource.org/about)" on the Open Source Initiative.
-For more information about applying open source principles to your organization's development work on {% data variables.location.product_location %}, see {% data variables.product.prodname_dotcom %}'s white paper "[An introduction to innersource](https://resources.github.com/whitepapers/introduction-to-innersource/)."
+For more information about applying open source principles to your organization's development work on {% data variables.product.prodname_dotcom %}, see {% data variables.product.prodname_dotcom %}'s white paper "[An introduction to innersource](https://resources.github.com/whitepapers/introduction-to-innersource/)."
When creating your public repository from a fork of someone's project, make sure to include a license file that determines how you want your project to be shared with others. For more information, see "[Choose an open source license](https://choosealicense.com/)" at choosealicense.com.
diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility.md
index 5e518304bf00..2ca5c91358cc 100644
--- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility.md
+++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility.md
@@ -23,7 +23,7 @@ When you delete a private repository, all of its private forks are also deleted.
## Deleting a public repository
-When you delete a public repository, one of the existing public forks is chosen to be the new upstream repository. All other repositories are forked off of this new upstream and subsequent pull requests go to this new upstream repository.
+When you delete a public repository, the oldest, active public fork is chosen to be the new upstream repository. All other repositories are forked off of this new upstream and subsequent pull requests go to this new upstream repository.
## Private forks and permissions
@@ -45,7 +45,7 @@ If a public repository is made private and then deleted, its public forks will c
## Changing a private repository to a public repository
-When you change a private repository to public, all the commits in that repository, including any commits made in the repositories it was forked into, will be visible to everyone. However, the private forks will not automatically become public. Instead, each private fork will become a separate private repository and create its own independent network of repositories. Any new changes made to these networks will not be accessible from the original repository.
+When a private repository is made public, all the commits in that repository, including any commits previously pushed to private forks of that repository, will be migrated to a new public repository network and become visible to everyone. Any previously created private forks will remain private but will become disconnected from the original repository that was made public. Each private fork will become a separate private repository and create its own independent network of repositories. Any new changes made to these networks will not be accessible from the original repository that was made public.
### Deleting the public repository
diff --git a/content/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-on-behalf-of-an-organization.md b/content/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-on-behalf-of-an-organization.md
index 2ed6d72eeb3b..98f935c7c852 100644
--- a/content/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-on-behalf-of-an-organization.md
+++ b/content/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-on-behalf-of-an-organization.md
@@ -47,7 +47,7 @@ Organizations can use the `name@organization.com` email as a public point of con
on-behalf-of: @ORG NAME@ORGANIZATION.COM"
```
-The new commit, message, and badge will appear on {% data variables.location.product_location %} the next time you push. For more information, see "[AUTOTITLE](/get-started/using-git/pushing-commits-to-a-remote-repository)."
+The new commit, message, and badge will appear on {% data variables.product.prodname_dotcom %} the next time you push. For more information, see "[AUTOTITLE](/get-started/using-git/pushing-commits-to-a-remote-repository)."
## Creating commits with an `on-behalf-of` badge on {% data variables.product.product_name %}
@@ -58,7 +58,7 @@ After you've made changes in a file using the web editor on {% data variables.pr
1. In the text box below your commit message, add `on-behalf-of: @org `.
1. Click **Commit changes** or **Propose changes**.
-The new commit, message, and badge will appear on {% data variables.location.product_location %}.
+The new commit, message, and badge will appear on {% data variables.product.prodname_dotcom %}.
## Further reading
diff --git a/content/repositories/archiving-a-github-repository/archiving-repositories.md b/content/repositories/archiving-a-github-repository/archiving-repositories.md
index e2abd4ef2ccb..cb3bbc108cd9 100644
--- a/content/repositories/archiving-a-github-repository/archiving-repositories.md
+++ b/content/repositories/archiving-a-github-repository/archiving-repositories.md
@@ -29,7 +29,7 @@ topics:
{% ifversion ghec or ghes %}
{% note %}
-**Note:** Customers who use {% data variables.product.prodname_GH_advanced_security %} can enable {% data variables.product.prodname_secret_scanning %} on archived repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-private-repositories)."
+**Note:** Customers who use {% data variables.product.prodname_GH_advanced_security %} can enable {% data variables.product.prodname_secret_scanning %} on archived repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
{% endnote %}
{% endif %}
diff --git a/content/repositories/archiving-a-github-repository/referencing-and-citing-content.md b/content/repositories/archiving-a-github-repository/referencing-and-citing-content.md
index 19e8a6dbd92f..e7520d4e464d 100644
--- a/content/repositories/archiving-a-github-repository/referencing-and-citing-content.md
+++ b/content/repositories/archiving-a-github-repository/referencing-and-citing-content.md
@@ -14,7 +14,7 @@ shortTitle: Reference & cite content
---
## Issuing a persistent identifier for your repository with Zenodo
-To make your repositories easier to reference in academic literature, you can create persistent identifiers, also known as Digital Object Identifiers (DOIs). You can use the data archiving tool [Zenodo](https://about.zenodo.org/) to archive a repository on {% data variables.location.product_location %} and issue a DOI for the archive.
+To make your repositories easier to reference in academic literature, you can create persistent identifiers, also known as Digital Object Identifiers (DOIs). You can use the data archiving tool [Zenodo](https://about.zenodo.org/) to archive a repository on {% data variables.product.prodname_dotcom %} and issue a DOI for the archive.
{% tip %}
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/about-merge-methods-on-github.md b/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/about-merge-methods-on-github.md
index bf562305cdcf..10c24542c564 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/about-merge-methods-on-github.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/about-merge-methods-on-github.md
@@ -1,6 +1,6 @@
---
title: About merge methods on GitHub
-intro: 'You can allow contributors with push access to your repository to merge their pull requests on {% data variables.location.product_location %} with different merge options or enforce a specific merge method for all of your repository''s pull requests.'
+intro: 'You can allow contributors with push access to your repository to merge their pull requests with different merge options or enforce a specific merge method for all of your repository''s pull requests.'
redirect_from:
- /articles/about-merge-methods-on-github
- /github/administering-a-repository/about-merge-methods-on-github
@@ -43,9 +43,9 @@ For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-me
{% data reusables.pull_requests.rebase_and_merge_summary %}
Before enabling commit rebasing, consider these disadvantages:
-* Repository contributors may have to rebase on the command line, resolve any conflicts, and force push their changes to the pull request's topic branch (or remote head branch) before they can use the **rebase and merge** option on {% data variables.location.product_location %}. Force pushing must be done carefully so contributors don't overwrite work that others have based their work on. To learn more about when the **Rebase and merge** option is disabled on {% data variables.location.product_location %} and the workflow to re-enable it, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges#rebase-and-merge-your-pull-request-commits)."
+* Repository contributors may have to rebase on the command line, resolve any conflicts, and force push their changes to the pull request's topic branch (or remote head branch) before they can use the **rebase and merge** option on {% data variables.product.prodname_dotcom %}. Force pushing must be done carefully so contributors don't overwrite work that others have based their work on. To learn more about when the **Rebase and merge** option is disabled on {% data variables.product.prodname_dotcom %} and the workflow to re-enable it, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges#rebase-and-merge-your-pull-request-commits)."
* {% indented_data_reference reusables.pull_requests.rebase_and_merge_verification spaces=2 %}
-
+
{% indented_data_reference reusables.pull_requests.rebase_and_merge_verification_2 spaces=2 %}
For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-rebasing-for-pull-requests)."
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-rebasing-for-pull-requests.md b/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-rebasing-for-pull-requests.md
index f6b165b6ccb6..685a05fe7e7d 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-rebasing-for-pull-requests.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-rebasing-for-pull-requests.md
@@ -1,6 +1,6 @@
---
title: Configuring commit rebasing for pull requests
-intro: 'You can enforce, allow, or disable commit rebasing for all pull request merges on {% data variables.location.product_location %} in your repository.'
+intro: 'You can enforce, allow, or disable commit rebasing for all pull request merges on {% data variables.product.prodname_dotcom %} in your repository.'
redirect_from:
- /articles/configuring-commit-rebasing-for-pull-requests
- /github/administering-a-repository/configuring-commit-rebasing-for-pull-requests
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
index 4998b91b5f0a..bae66a253b85 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
@@ -16,7 +16,7 @@ redirect_from:
You can rename a branch in a repository on {% data variables.location.product_location %}. For more information about branches, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches)."
-When you rename a branch on {% data variables.location.product_location %}, any URLs that contain the old branch name are automatically redirected to the equivalent URL for the renamed branch. Branch protection policies are also updated, as well as the base branch for open pull requests (including those for forks) and draft releases. If the renamed branch is the head branch of an open pull request, this pull request is closed.
+When you rename a branch, any URLs that contain the old branch name are automatically redirected to the equivalent URL for the renamed branch. Branch protection policies are also updated, as well as the base branch for open pull requests (including those for forks) and draft releases. If the renamed branch is the head branch of an open pull request, this pull request is closed.
If a repository's default branch is renamed, {% data variables.product.prodname_dotcom %} provides instructions on the repository's home page directing contributors to update their local Git environments.
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md
index d090e9e3a834..5c94556db651 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md
@@ -31,10 +31,7 @@ You can enforce certain workflows or requirements before a collaborator can push
By default, each branch protection rule disables force pushes to the matching branches and prevents the matching branches from being deleted. You can optionally disable these restrictions and enable additional branch protection settings.
-{% ifversion bypass-branch-protections %}
By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission. You can optionally apply the restrictions to administrators and roles with the "bypass branch protections" permission, too. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization)".
-{% else %}
-By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository. You can optionally choose to include administrators, too.{% endif %}
{% data reusables.repositories.branch-rules-example %} For more information about branch name patterns, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule)."
@@ -65,7 +62,7 @@ For each branch protection rule, you can choose to enable or disable the followi
{%- ifversion lock-branch %}
* [Lock branch](#lock-branch)
{%- endif %}
-{% ifversion bypass-branch-protections %}- [Do not allow bypassing the above settings](#do-not-allow-bypassing-the-above-settings){% else %}- [Include administrators](#include-administrators){% endif %}
+* [Do not allow bypassing the above settings](#do-not-allow-bypassing-the-above-settings)
* [Restrict who can push to matching branches](#restrict-who-can-push-to-matching-branches)
* [Allow force pushes](#allow-force-pushes)
* [Allow deletions](#allow-deletions)
@@ -181,16 +178,11 @@ Locking a branch will make the branch read-only and ensures that no commits can
By default, a forked repository does not support syncing from its upstream repository. You can enable **Allow fork syncing** to pull changes from the upstream repository while preventing other contributions to the fork's branch.
{% endif %}
-{% ifversion bypass-branch-protections %}### Do not allow bypassing the above settings{% else %}
-
-### Include administrators{% endif %}
+### Do not allow bypassing the above settings
-{% ifversion bypass-branch-protections %}
By default, the restrictions of a branch protection rule do not apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission in a repository.
You can enable this setting to apply the restrictions to admins and roles with the "bypass branch protections" permission, too. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization)".
-{% else %}
-By default, protected branch rules do not apply to people with admin permissions to a repository. You can enable this setting to include administrators in your protected branch rules.{% endif %}
### Restrict who can push to matching branches
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md
index 3b50bf9f3934..7f7a4dd1a4a0 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md
@@ -97,7 +97,7 @@ When you create a branch rule, the branch you specify doesn't have to exist yet
* Select **Lock branch**.
* Optionally, to allow fork syncing, select **Allow fork syncing**.
{%- endif %}
-1. Optionally, select {% ifversion bypass-branch-protections %}**Do not allow bypassing the above settings**{% else %}**Apply the rules above to administrators**{% endif %}.
+1. Optionally, select **Do not allow bypassing the above settings**.
1. Optionally,{% ifversion fpt or ghec %} in public repositories owned by a {% data variables.product.prodname_free_user %} organization and in all repositories owned by an organization using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %},{% endif %} enable branch restrictions.
* Select **Restrict who can push to matching branches**.
{%- ifversion restrict-pushes-create-branch %}
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md
index 51501ade7441..90c7bd0f3e12 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md
@@ -45,7 +45,6 @@ Before you can require a linear commit history, your repository must allow squas
## Require merge queue
> [!NOTE]
-> * Configuring a merge queue via rulesets is in public beta and subject to change.
> * This rule is not available for rulesets created at the organization level. For more information about creating rulesets at the repository level, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository)."
You can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues)."
@@ -137,7 +136,7 @@ Required status checks ensure that all required CI tests are passing before coll
You can use the commit status API to allow external services to mark commits with an appropriate status. For more information, see "[AUTOTITLE](/rest/commits/statuses)."
-After enabling required status checks, all required status checks must pass before collaborators can merge changes into the branch or tag.
+After enabling required status checks, all required status checks must pass before collaborators can merge changes into the branch or tag. {% ifversion repo-rules-ignorecheck %} Optionally, you can select "Do not require status checks on creation" if you wish to allow branch creation regardless of the status check result. {% endif %}
Any person or integration with write permissions to a repository can set the state of any status check in the repository, but in some cases you may only want to accept a status check from a specific {% data variables.product.prodname_github_app %}. When you add a required status check rule, you can select an app as the expected source of status updates. The app must be installed in the repository with the `statuses:write` permission, must have recently submitted a check run, and must be associated with a pre-existing required status check in the ruleset. If the status is set by any other person or integration, merging won't be allowed. If you select "any source", you can still manually verify the author of each status, listed in the merge box.
@@ -215,6 +214,7 @@ Applying this rule will block direct pushes because the ruleset workflows run as
This rule should only be added to rulesets that target branches where all changes to the branch are performed by pull requests.
+{% ifversion repo-rules-ignorecheck %} Optionally, you can select "Do not require workflows checks on creation" if you wish to allow branch creation regardless of the status check result. {% endif %}
{% endif %}
{% ifversion repo-rules-enterprise %}
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md
index 08b1f94da10d..fa39dd8c0a47 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md
@@ -104,12 +104,6 @@ You can view insights for rulesets to see how rulesets are affecting a repositor
{%- ifversion repo-rules-merge-queue %}
1. Optionally, review merge queue details for corresponding pull requests in the same merge group.
- {% note %}
-
- **Note:** The merge queue rule is in public beta and this interface is subject to change.
-
- {% endnote %}
-
{% endif %}
{% endif %}
diff --git a/content/repositories/creating-and-managing-repositories/best-practices-for-repositories.md b/content/repositories/creating-and-managing-repositories/best-practices-for-repositories.md
index 0d32342bf23d..a50f7f75b167 100644
--- a/content/repositories/creating-and-managing-repositories/best-practices-for-repositories.md
+++ b/content/repositories/creating-and-managing-repositories/best-practices-for-repositories.md
@@ -24,6 +24,6 @@ To maintain quality of important branches, such as `main`, while using a branchi
## Use {% data variables.large_files.product_name_long %}
-To optimize performance, {% data variables.location.product_location %} limits the sizes of files allowed in repositories. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github)."
+To optimize performance, {% data variables.product.prodname_dotcom %} limits the sizes of files allowed in repositories. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github)."
To track large files in a Git repository, we recommend using {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}). For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-git-large-file-storage)."
diff --git a/content/repositories/creating-and-managing-repositories/cloning-a-repository.md b/content/repositories/creating-and-managing-repositories/cloning-a-repository.md
index d0ad913e2ff3..e5910b9488e8 100644
--- a/content/repositories/creating-and-managing-repositories/cloning-a-repository.md
+++ b/content/repositories/creating-and-managing-repositories/cloning-a-repository.md
@@ -1,6 +1,6 @@
---
title: Cloning a repository
-intro: 'When you create a repository on {% data variables.location.product_location %}, it exists as a remote repository. You can clone your repository to create a local copy on your computer and sync between the two locations.'
+intro: 'When you create a repository on {% data variables.product.prodname_dotcom %}, it exists as a remote repository. You can clone your repository to create a local copy on your computer and sync between the two locations.'
redirect_from:
- /articles/cloning-a-repository
- /articles/cloning-a-repository-from-github
diff --git a/content/repositories/creating-and-managing-repositories/creating-a-new-repository.md b/content/repositories/creating-and-managing-repositories/creating-a-new-repository.md
index 6766606f921a..0e9bf0c9a473 100644
--- a/content/repositories/creating-and-managing-repositories/creating-a-new-repository.md
+++ b/content/repositories/creating-and-managing-repositories/creating-a-new-repository.md
@@ -64,13 +64,14 @@ You must have the proper permissions for any action to use the equivalent query
If you create an invalid URL using query parameters, or if you don’t have the proper permissions, the invalid query parameters will be ignored and the rest of the URL will function as normal. If you create a URL that exceeds the server limit, the URL will return a `414 URI Too Long` error page.
-Query parameter | Example | Valid values
---- | --- | ---
-`name` | `https://{% data variables.product.product_url %}/new?name=test-repo&owner=avocado-corp` creates a repository called "test-repo" owned by the "avocado-corp" organization. | Any valid repository name. Spaces must be replaced with `+` or `%20`.
-`description` | `https://{% data variables.product.product_url %}/new?description=An+exciting+repository&visibility=private&owner=octocat` creates a repo with the description "An exciting repository" with private visibility owned by @octocat. | Any string. Spaces must be replaced with `+` or `%20`.
-`visibility` | `https://{% data variables.product.product_url %}/new?visibility=private` creates a repository with private visibility. | `public` `private` {% ifversion not fpt %}`internal`{% endif %}
-`owner` | `https://{% data variables.product.product_url %}/new?owner=avocado-corp&visibility=public` creates a public repository owned by the "avocado-corp" organization. | Any valid organization name or username. Alternatively, while signed in use `@me` to specify your user account as the owner.
-`template_owner` and `template_name` | `https://{% data variables.product.product_url %}/new?owner=avocado-corp&template_owner=avocado-corp&template_name=octo-repo` creates a repository owned by the "avocado-corp" using the avocado-corp's template "octo-repo". | The username of the template owner and the name of the repository template.
+| Query parameter | Example | Valid values |
+| --- | --- | --- |
+| `name` | `https://{% data variables.product.product_url %}/new?name=test-repo&owner=avocado-corp` creates a repository called "test-repo" owned by the "avocado-corp" organization. | Any valid repository name. Spaces must be replaced with `+` or `%20`. |
+| `description` | `https://{% data variables.product.product_url %}/new?description=An+exciting+repository&visibility=private&owner=octocat` creates a repo with the description "An exciting repository" with private visibility owned by @octocat. | Any string. Spaces must be replaced with `+` or `%20`. |
+| `visibility` | `https://{% data variables.product.product_url %}/new?visibility=private` creates a repository with private visibility. | `public` `private` {% ifversion not fpt %}`internal`{% endif %} |
+| `owner` | `https://{% data variables.product.product_url %}/new?owner=avocado-corp&visibility=public` creates a public repository owned by the "avocado-corp" organization. | Any valid organization name or username. Alternatively, while signed in use `@me` to specify your user account as the owner. |
+| `template_owner` and `template_name` | `https://{% data variables.product.product_url %}/new?owner=avocado-corp&template_owner=avocado-corp&template_name=octo-repo` creates a repository owned by the "avocado-corp" using the avocado-corp's template "octo-repo". | The username of the template owner and the name of the repository template. |
+
{% endif %}
## Further reading
diff --git a/content/repositories/creating-and-managing-repositories/creating-a-template-repository.md b/content/repositories/creating-and-managing-repositories/creating-a-template-repository.md
index 6ad11055cb40..496380d7e531 100644
--- a/content/repositories/creating-and-managing-repositories/creating-a-template-repository.md
+++ b/content/repositories/creating-and-managing-repositories/creating-a-template-repository.md
@@ -17,7 +17,7 @@ shortTitle: Create a template repo
## About template repositories
-{% data reusables.repositories.about-template-repositories %}.
+{% data reusables.repositories.about-template-repositories %}
## Creating a template repository
diff --git a/content/repositories/creating-and-managing-repositories/duplicating-a-repository.md b/content/repositories/creating-and-managing-repositories/duplicating-a-repository.md
index cc77c335dad4..e091dbf9b177 100644
--- a/content/repositories/creating-and-managing-repositories/duplicating-a-repository.md
+++ b/content/repositories/creating-and-managing-repositories/duplicating-a-repository.md
@@ -37,7 +37,7 @@ Before you can push the original repository to your new copy, or _mirror_, of th
1. Mirror-push to the new repository.
```shell
- cd OLD-REPOSITORY.git
+ cd OLD-REPOSITORY
git push --mirror https://{% data variables.product.product_url %}/EXAMPLE-USER/NEW-REPOSITORY.git
```
@@ -45,7 +45,7 @@ Before you can push the original repository to your new copy, or _mirror_, of th
```shell
cd ..
- rm -rf OLD-REPOSITORY.git
+ rm -rf OLD-REPOSITORY
```
## Mirroring a repository that contains {% data variables.large_files.product_name_long %} objects
@@ -60,7 +60,7 @@ Before you can push the original repository to your new copy, or _mirror_, of th
1. Navigate to the repository you just cloned.
```shell
- cd OLD-REPOSITORY.git
+ cd OLD-REPOSITORY
```
1. Pull in the repository's {% data variables.large_files.product_name_long %} objects.
@@ -85,7 +85,7 @@ Before you can push the original repository to your new copy, or _mirror_, of th
```shell
cd ..
- rm -rf OLD-REPOSITORY.git
+ rm -rf OLD-REPOSITORY
```
## Mirroring a repository in another location
diff --git a/content/repositories/creating-and-managing-repositories/quickstart-for-repositories.md b/content/repositories/creating-and-managing-repositories/quickstart-for-repositories.md
index a1b930c8ace2..473e806b4863 100644
--- a/content/repositories/creating-and-managing-repositories/quickstart-for-repositories.md
+++ b/content/repositories/creating-and-managing-repositories/quickstart-for-repositories.md
@@ -114,7 +114,7 @@ _README_ files are a great place to describe your project in more detail, or add
## Next steps
-You have now created a repository, including a _README_ file, and created your first commit on {% data variables.location.product_location %}.
+You have now created a repository, including a _README_ file, and created your first commit on {% data variables.product.prodname_dotcom %}.
{% webui %}
diff --git a/content/repositories/creating-and-managing-repositories/repository-limits.md b/content/repositories/creating-and-managing-repositories/repository-limits.md
index e7d22cb00ee2..8cad689046a5 100644
--- a/content/repositories/creating-and-managing-repositories/repository-limits.md
+++ b/content/repositories/creating-and-managing-repositories/repository-limits.md
@@ -32,7 +32,7 @@ Some portions of a limited diff may be displayed, but anything exceeding the lim
The compare view and pull requests pages display a list of commits between the `base` and `head` revisions. These lists are limited to **250** commits. If they exceed that limit, a note indicates that additional commits are present (but they're not shown).
-The maximum count of commits displayed on the Commits tab of Github.com is **10,000**. Use other tools such as `git rev-list --count mybranch` to count and enumerate a high volume of commits when needed.
+The maximum count of commits displayed on the Commits tab of {% data variables.product.prodname_dotcom_the_website %} is **10,000**. Use other tools such as `git rev-list --count mybranch` to count and enumerate a high volume of commits when needed.
## Organization Limits
diff --git a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md
index 17f06fde00fc..b20c7fec1923 100644
--- a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md
@@ -68,15 +68,13 @@ A CODEOWNERS file uses a pattern that follows most of the same rules used in [gi
If you want to match two or more code owners with the same pattern, all the code owners must be on the same line. If the code owners are not on the same line, the pattern matches only the last mentioned code owner.
-{% ifversion fpt or ghec%}In most cases, you{% else %}You{% endif %} can also refer to a user by an email address that has been added to their account on {% data variables.location.product_location %}, for example `user@example.com`. {% ifversion fpt or ghec %} You cannot use an email address to refer to a {% data variables.enterprise.prodname_managed_user %}. For more information about {% data variables.enterprise.prodname_managed_users %}, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %}
+{% ifversion fpt or ghec%}In most cases, you{% else %}You{% endif %} can also refer to a user by an email address that has been added to their account, for example `user@example.com`. {% ifversion fpt or ghec %} You cannot use an email address to refer to a {% data variables.enterprise.prodname_managed_user %}. For more information about {% data variables.enterprise.prodname_managed_users %}, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %}
CODEOWNERS paths are case sensitive, because {% data variables.product.prodname_dotcom %} uses a case sensitive file system. Since CODEOWNERS are evaluated by {% data variables.product.prodname_dotcom %}, even systems that are case insensitive (for example, macOS) must use paths and files that are cased correctly in the CODEOWNERS file.
-{% ifversion codeowners-errors %}
-If any line in your CODEOWNERS file contains invalid syntax, that line will be skipped. When you navigate to the CODEOWNERS file in your repository on {% data variables.location.product_location %}, you can see any errors highlighted. A list of errors in a repository's CODEOWNERS file is also accessible via the API. For more information, see "[AUTOTITLE](/rest/repos/repos#list-codeowners-errors)."
-{% else %}
-If any line in your CODEOWNERS file contains invalid syntax, the file will not be detected and will not be used to request reviews.
-{% endif %}
+If any line in your CODEOWNERS file contains invalid syntax, that line will be skipped. When you navigate to the CODEOWNERS file in your repository, you can see any errors highlighted. A list of errors in a repository's CODEOWNERS file is also accessible via the API. For more information, see "[AUTOTITLE](/rest/repos/repos#list-codeowners-errors)."
+
+If you specify a user or team that doesn't exist or has insufficient access, a code owner will not be assigned.
### Example of a CODEOWNERS file
diff --git a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics.md b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics.md
index bb651e0d9ba6..c0afe350e833 100644
--- a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics.md
@@ -21,7 +21,7 @@ With topics, you can explore repositories in a particular subject area, find pro
-To browse the most used topics, go to https://github.com/topics/.
+To browse the most used topics, go to {% data variables.product.oauth_host_code %}/topics/.
{% ifversion fpt or ghec %}You can contribute to {% data variables.product.product_name %}'s set of featured topics in the [github/explore](https://github.com/github/explore) repository. {% endif %}
@@ -32,9 +32,9 @@ Repository admins can add any topics they'd like to a repository. Helpful topics
You can search for repositories that are associated with a particular topic. For more information, see "[AUTOTITLE](/search-github/searching-on-github/searching-for-repositories#search-by-topic)." You can also search for a list of topics on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/searching-on-github/searching-topics)."
When creating a topic:
-* use lowercase letters, numbers, and hyphens.
-* use 50 characters or less.
-* add no more than 20 topics.
+* Use lowercase letters, numbers, and hyphens.
+* Use 50 characters or less.
+* Add no more than 20 topics.
## Adding topics to your repository
diff --git a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository.md
index bb22acff85b0..66bdc6ec6d51 100644
--- a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository.md
@@ -31,6 +31,7 @@ Platform | Syntax
[Tidelift](https://tidelift.com/) | `tidelift: PLATFORM-NAME/PACKAGE-NAME`
[Polar](https://www.polar.sh/) | `polar: USERNAME`
[Buy Me a Coffee](https://www.buymeacoffee.com/) | `buy_me_a_coffee: USERNAME`
+[thanks.dev](https://thanks.dev/) | `thanks_dev: USERNAME`
Custom URL | `custom: LINK1` or `custom: [LINK1, LINK2, LINK3, LINK4]`
For Tidelift, use the `platform-name/package-name` syntax with the following platform names.
diff --git a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/about-email-notifications-for-pushes-to-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/about-email-notifications-for-pushes-to-your-repository.md
index 574a371cc132..cbda019b9223 100644
--- a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/about-email-notifications-for-pushes-to-your-repository.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/about-email-notifications-for-pushes-to-your-repository.md
@@ -31,6 +31,12 @@ Each email notification for a push to a repository lists the new commits and lin
You can filter email notifications you receive for pushes to a repository. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#filtering-email-notifications)."
+{% ifversion ghec %}
+
+>[!NOTE] Notifications for pushes to your repository will bypass restrictions for email notifications to verified domains configured in your enterprise account or organisation.
+
+{% endif %}
+
## Enabling email notifications for pushes to your repository
{% data reusables.repositories.navigate-to-repo %}
diff --git a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md
index 62352cfd08c6..7c7c2e77b105 100644
--- a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md
@@ -33,14 +33,14 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}
For more information about repository roles, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)."
-
-
## Filtering the list of teams and people
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.click-collaborators-teams %}
-1. Under "Manage access", in the search field, start typing the name of the team or person you'd like to find. Optionally, use the dropdown menus to filter your search.
+1. Under "Manage access", in the search field, start typing the name of the team or person you'd like to find. Optionally, use the dropdown menus to filter your search. {% ifversion org-custom-role-with-repo-permissions %}
+
+ You can also toggle between the **Direct access** and **Organization access** tabs to view who has direct access to the repository and who can access the repository via a team or organization role.{% endif %}
## Changing permissions for a team or person
diff --git a/content/repositories/viewing-activity-and-data-for-your-repository/analyzing-changes-to-a-repositorys-content.md b/content/repositories/viewing-activity-and-data-for-your-repository/analyzing-changes-to-a-repositorys-content.md
index 78b0e2e9b760..e7049a1bfc83 100644
--- a/content/repositories/viewing-activity-and-data-for-your-repository/analyzing-changes-to-a-repositorys-content.md
+++ b/content/repositories/viewing-activity-and-data-for-your-repository/analyzing-changes-to-a-repositorys-content.md
@@ -30,14 +30,11 @@ You can see all commits made to a repository in the past year (excluding merge c
The top graph shows commits for the entire year by week. The bottom graph shows the average number of commits by day of the week for the selected week.
-
-
### Accessing the commits graph
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.accessing-repository-graphs %}
1. In the left sidebar, click **Commits**.
-
## Visualizing additions and deletion to content in a repository
@@ -45,18 +42,14 @@ The top graph shows commits for the entire year by week. The bottom graph shows
The code frequency graph displays the content additions and deletions for each week in a repository's history.
-{% ifversion fpt or ghec %}
-
-
-
-{% endif %}
-
### Accessing the code frequency graph
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.accessing-repository-graphs %}
1. In the left sidebar, click **Code frequency**.
-
+{%- ifversion accessible-charts %}
+{% data reusables.repositories.repositories-insights-graphs-download-steps %}
+{% endif %}
{% ifversion repository-activity-view %}
{% data reusables.repositories.activity-view %}
diff --git a/content/repositories/viewing-activity-and-data-for-your-repository/viewing-a-projects-contributors.md b/content/repositories/viewing-activity-and-data-for-your-repository/viewing-a-projects-contributors.md
index 591b3f926e2d..01b31b7a493f 100644
--- a/content/repositories/viewing-activity-and-data-for-your-repository/viewing-a-projects-contributors.md
+++ b/content/repositories/viewing-activity-and-data-for-your-repository/viewing-a-projects-contributors.md
@@ -31,9 +31,12 @@ You can also see a list of people who have contributed to the project's Python d
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.accessing-repository-graphs %}
1. In the left sidebar, click **Contributors**.
- 
+{%- ifversion accessible-charts %}
+1. Optionally, to view contributors during a specific time period, to the right of "Contributors," click **Period: All**. Then select a time period.
+{% data reusables.repositories.repositories-insights-graphs-download-steps %}
+{%- else %}
1. Optionally, to view contributors during a specific time period, click, then drag until the time period is selected. The contributors graph sums weekly commit numbers onto each Sunday, so your time period must include a Sunday.
- 
+{% endif %}
## Troubleshooting contributors
diff --git a/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md b/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md
index fa8eaa8d5711..ee8fa4dd4cb9 100644
--- a/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md
+++ b/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md
@@ -35,7 +35,7 @@ You can upload multiple files to {% data variables.product.product_name %} at th
{% ifversion push-protection-block-uploads %}
-Your repository may be secured by push protection. With push protection, {% data variables.product.prodname_dotcom %} will block uploading a file to the repository if the file contains a supported secret, such as a token. You should remove the secret from the file before attempting to upload the file again. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-push-protection#using-push-protection-from-the-web-ui)" and "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-commit-in-the-web-ui)."
+Your repository may be secured by push protection. With push protection, {% data variables.product.prodname_dotcom %} will block uploading a file to the repository if the file contains a supported secret, such as a token. You should remove the secret from the file before attempting to upload the file again. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)" and "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui#resolving-a-blocked-commit)."
{% data reusables.secret-scanning.push-protection-web-UI-uploads-beta %}
@@ -52,7 +52,7 @@ Your repository may be secured by push protection. With push protection, {% data
## Adding a file to a repository using the command line
-You can upload an existing file to a repository on {% data variables.location.product_location %} using the command line.
+You can upload an existing file to a repository on {% data variables.product.prodname_dotcom %} using the command line.
{% tip %}
diff --git a/content/repositories/working-with-files/managing-large-files/about-git-large-file-storage.md b/content/repositories/working-with-files/managing-large-files/about-git-large-file-storage.md
index ad3b4e604300..fb2f7eb6bf6f 100644
--- a/content/repositories/working-with-files/managing-large-files/about-git-large-file-storage.md
+++ b/content/repositories/working-with-files/managing-large-files/about-git-large-file-storage.md
@@ -25,9 +25,10 @@ Different maximum size limits for {% data variables.large_files.product_name_sho
| {% data variables.product.prodname_free_user %} | 2 GB |
| {% data variables.product.prodname_pro %} | 2 GB |
| {% data variables.product.prodname_team %} | 4 GB |
-| {% data variables.product.prodname_ghe_cloud %} | 5 GB |{% else %}
+| {% data variables.product.prodname_ghe_cloud %} | 5 GB |
+| {% else %} |
Using {% data variables.large_files.product_name_short %}, you can store files up to 5 GB in your repository.
-{% endif %}
+| {% endif %} |
{% data reusables.repositories.git-lfs %}
diff --git a/content/repositories/working-with-files/managing-large-files/installing-git-large-file-storage.md b/content/repositories/working-with-files/managing-large-files/installing-git-large-file-storage.md
index d15c4c49e56b..38fb916c00e4 100644
--- a/content/repositories/working-with-files/managing-large-files/installing-git-large-file-storage.md
+++ b/content/repositories/working-with-files/managing-large-files/installing-git-large-file-storage.md
@@ -45,7 +45,7 @@ shortTitle: Install Git LFS
**Note:** You may have to use `sudo ./install.sh` to install the file.
{% endnote %}
-1. Verify that the installation was successful:
+1. Next, make required changes to your global Git config:
```shell
$ git {% data variables.large_files.command_name %} install
@@ -113,7 +113,7 @@ shortTitle: Install Git LFS
**Note:** You may have to use `sudo ./install.sh` to install the file.
{% endnote %}
-1. Verify that the installation was successful:
+1. Next, make required changes to your global Git config:
```shell
$ git {% data variables.large_files.command_name %} install
diff --git a/content/repositories/working-with-files/using-files/downloading-source-code-archives.md b/content/repositories/working-with-files/using-files/downloading-source-code-archives.md
index fb9b2040bc26..892aad4dc0c2 100644
--- a/content/repositories/working-with-files/using-files/downloading-source-code-archives.md
+++ b/content/repositories/working-with-files/using-files/downloading-source-code-archives.md
@@ -11,7 +11,7 @@ shortTitle: Source code archives
---
## Overview of source code archives
-You can download a snapshot of any branch, tag, or specific commit from {% data variables.location.product_location %}. These snapshots are generated by the [`git archive` command](https://git-scm.com/docs/git-archive) in one of two formats: tarball or zipball. Snapshots don't contain the entire repository history. If you want the entire history, you can clone the repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository)."
+You can download a snapshot of any branch, tag, or specific commit from {% data variables.product.prodname_dotcom %}. These snapshots are generated by the [`git archive` command](https://git-scm.com/docs/git-archive) in one of two formats: tarball or zipball. Snapshots don't contain the entire repository history. If you want the entire history, you can clone the repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository)."
## Downloading source code archives
diff --git a/content/repositories/working-with-files/using-files/getting-permanent-links-to-files.md b/content/repositories/working-with-files/using-files/getting-permanent-links-to-files.md
index 9971fbcf231c..ce3823e4b59b 100644
--- a/content/repositories/working-with-files/using-files/getting-permanent-links-to-files.md
+++ b/content/repositories/working-with-files/using-files/getting-permanent-links-to-files.md
@@ -1,6 +1,6 @@
---
title: Getting permanent links to files
-intro: 'When viewing a file on {% data variables.location.product_location %}, you can press the "y" key to update the URL to a permalink to the exact version of the file you see.'
+intro: 'When viewing a file on {% data variables.product.prodname_dotcom %}, you can press the "y" key to update the URL to a permalink to the exact version of the file you see.'
redirect_from:
- /articles/getting-a-permanent-link-to-a-file
- /articles/how-do-i-get-a-permanent-link-from-file-view-to-permanent-blob-url
@@ -23,7 +23,7 @@ shortTitle: Permanent links to files
## File views show the latest version on a branch
-When viewing a file on {% data variables.location.product_location %}, you usually see the version at the current head of a branch. For example:
+When viewing a file on {% data variables.product.prodname_dotcom %}, you usually see the version at the current head of a branch. For example:
* [https://github.com/github/codeql/blob/**main**/README.md](https://github.com/github/codeql/blob/main/README.md)
diff --git a/content/repositories/working-with-files/using-files/navigating-code-on-github.md b/content/repositories/working-with-files/using-files/navigating-code-on-github.md
index db73f270c34e..f96de49b5e54 100644
--- a/content/repositories/working-with-files/using-files/navigating-code-on-github.md
+++ b/content/repositories/working-with-files/using-files/navigating-code-on-github.md
@@ -39,6 +39,7 @@ Code navigation uses the open source [`tree-sitter`](https://github.com/tree-sit
| PHP | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Protocol Buffers | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Python | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| R | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Ruby | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Rust | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Scala | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
diff --git a/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/content/repositories/working-with-files/using-files/working-with-non-code-files.md
index a14f97208c47..b51662dc539b 100644
--- a/content/repositories/working-with-files/using-files/working-with-non-code-files.md
+++ b/content/repositories/working-with-files/using-files/working-with-non-code-files.md
@@ -48,7 +48,7 @@ shortTitle: Working with non-code files
### Viewing images
-You can directly browse and view images in your repository on {% data variables.location.product_location %}.
+You can directly browse and view images in your repository on {% data variables.product.prodname_dotcom %}.
SVGs don't currently support inline scripting or animation.
@@ -125,7 +125,7 @@ You can embed ASCII STL syntax directly in Markdown. For more information, see "
-When viewed, any _.csv_ or _.tsv_ file committed to a repository on {% data variables.location.product_location %} automatically renders as an interactive table, complete with headers and row numbering. By default, we'll always assume the first row is your header row.
+When viewed, any _.csv_ or _.tsv_ file committed to a repository on {% data variables.product.prodname_dotcom %} automatically renders as an interactive table, complete with headers and row numbering. By default, we'll always assume the first row is your header row.
You can link to a particular row by clicking the row number, or select multiple rows by holding down the shift key. Just copy the URL and send it to a friend.
@@ -296,9 +296,9 @@ It may still be possible to render the data by converting the `.geojson` file to
## Working with Jupyter Notebook files on {% data variables.product.prodname_dotcom %}
-When you add Jupyter Notebook or IPython Notebook files with a _.ipynb_ extension on {% data variables.location.product_location %}, they will render as static HTML files in your repository.
+When you add Jupyter Notebook or IPython Notebook files with a _.ipynb_ extension on {% data variables.product.prodname_dotcom %}, they will render as static HTML files in your repository.
-The interactive features of the notebook, such as custom JavaScript plots, will not work in your repository on {% data variables.location.product_location %}. For an example, see [_Linking and Interactions.ipynb_](https://github.com/bokeh/bokeh-notebooks/blob/main/tutorial/06%20-%20Linking%20and%20Interactions.ipynb).
+The interactive features of the notebook, such as custom JavaScript plots, will not work in your repository on {% data variables.product.prodname_dotcom %}. For an example, see [_Linking and Interactions.ipynb_](https://github.com/bokeh/bokeh-notebooks/blob/main/tutorial/06%20-%20Linking%20and%20Interactions.ipynb).
To view your Jupyter notebook with JavaScript content rendered or to share your notebook files with others you can use [nbviewer](https://nbviewer.jupyter.org/). For an example, see [_Linking and Interactions.ipynb_](https://nbviewer.jupyter.org/github/bokeh/bokeh-notebooks/blob/main/tutorial/06%20-%20Linking%20and%20Interactions.ipynb) rendered on nbviewer.
diff --git a/content/rest/authentication/keeping-your-api-credentials-secure.md b/content/rest/authentication/keeping-your-api-credentials-secure.md
index 04e2511b29d4..b9a14e6f2aab 100644
--- a/content/rest/authentication/keeping-your-api-credentials-secure.md
+++ b/content/rest/authentication/keeping-your-api-credentials-secure.md
@@ -34,6 +34,8 @@ When creating a {% data variables.product.pat_generic %}, only select the minimu
{% endif %}
+{% data reusables.user-settings.token_access_capabilities %}
+
When creating a {% data variables.product.prodname_github_app %}, select the minimum permissions that your {% data variables.product.prodname_github_app %} will need. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app)."
When authenticating with `GITHUB_TOKEN` in a {% data variables.product.prodname_actions %} workflow, only give the minimum amount of permissions needed. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)."
@@ -45,7 +47,7 @@ Treat authentication credentials the same way you would treat your passwords or
* Don't share authentication credentials using an unencrypted messaging or email system.
* Don't pass your {% data variables.product.pat_generic %} as plain text in the command line. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#keeping-your-personal-access-tokens-secure)."
* Don't push unencrypted authentication credentials like tokens or keys to any repository, even if the repository is private. Instead consider using a {% data variables.product.prodname_actions %} secret{% ifversion fpt or ghec %} or Codespaces secret{% endif %}. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)"{% ifversion fpt or ghec %} and "[AUTOTITLE](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces)"{% endif %}.
-* You can use secret scanning to discover tokens, private keys, and other secrets that were pushed to a repository, or to block future pushes that contain secrets. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+* You can use secret scanning to discover tokens, private keys, and other secrets that were pushed to a repository, or to block future pushes that contain secrets. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
## Limit who can access your authentication credentials
diff --git a/content/rest/copilot/copilot-user-management.md b/content/rest/copilot/copilot-user-management.md
index 02cf4a1d198c..bb1a59fe352d 100644
--- a/content/rest/copilot/copilot-user-management.md
+++ b/content/rest/copilot/copilot-user-management.md
@@ -14,10 +14,6 @@ redirect_from:
- /rest/copilot/copilot-business
---
-{% note %}
-
-**Note:** These endpoints are in public beta and subject to change.
-
-{% endnote %}
+> [!NOTE] These endpoints are in public beta and subject to change.
diff --git a/content/rest/dependency-graph/dependency-submission.md b/content/rest/dependency-graph/dependency-submission.md
index de193331d97d..cacded936fde 100644
--- a/content/rest/dependency-graph/dependency-submission.md
+++ b/content/rest/dependency-graph/dependency-submission.md
@@ -12,8 +12,6 @@ autogenerated: rest
## About dependency submissions
-{% data reusables.dependency-submission.dependency-submission-api-beta %}
-
{% data reusables.dependency-submission.about-dependency-submission %}
You can submit dependencies in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. You can choose to use pre-made actions or create your own actions to submit your dependencies in the required format each time your project is built. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
diff --git a/content/rest/deployments/protection-rules.md b/content/rest/deployments/protection-rules.md
index f24d030b64c1..89f073a20daf 100644
--- a/content/rest/deployments/protection-rules.md
+++ b/content/rest/deployments/protection-rules.md
@@ -2,10 +2,10 @@
title: REST API endpoints for protection rules
shortTitle: Protection rules
intro: 'Use the REST API to create, configure, and delete deployment protection rules.'
-versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+versions:
fpt: '*'
ghec: '*'
- ghes: '>=3.10'
+ ghes: '*'
topics:
- API
autogenerated: rest
diff --git a/content/rest/enterprise-admin/management-console.md b/content/rest/enterprise-admin/management-console.md
index 89f699c67ac0..9c8fb2b7c1e2 100644
--- a/content/rest/enterprise-admin/management-console.md
+++ b/content/rest/enterprise-admin/management-console.md
@@ -14,11 +14,11 @@ autogenerated: rest
## Deprecation of the Management Console endpoints
-The full functionality of the Management Console endpoints was added to the [Manage GHES](/rest/enterprise-admin/manage-ghes) endpoints in {% data variables.product.prodname_ghe_server %} version 3.12. With feature parity achieved, the Management Console API endpoints {% ifversion ghes < 3.14 %}will be{% else %}were{% endif %} deprecated in version 3.14.
+The full functionality of the Management Console endpoints was added to the [Manage GHES](/rest/enterprise-admin/manage-ghes) endpoints in {% data variables.product.prodname_ghe_server %} version 3.12. With feature parity achieved, the Management Console API endpoints {% ifversion ghes < 3.15 %}will be{% else %}were{% endif %} removed in version 3.15.
{% ifversion management-console-manage-ghes-parity %}
-To help you migrate, the mapping table below shows the equivalent Manage GHES operation for each Management Console operation.{% ifversion ghes < 3.14 %} Please migrate to the Manage GHES API endpoints as soon as possible.{% endif %}
+To help you migrate, the mapping table below shows the equivalent Manage GHES operation for each Management Console operation.{% ifversion ghes < 3.15 %} Please migrate to the Manage GHES API endpoints as soon as possible.{% endif %}
| Purpose | Management Console API operation | Manage GHES API operation |
| ------------- | ------------- | - |
diff --git a/content/rest/enterprise-admin/scim.md b/content/rest/enterprise-admin/scim.md
index d3f62dbc6bd2..73678e89e50c 100644
--- a/content/rest/enterprise-admin/scim.md
+++ b/content/rest/enterprise-admin/scim.md
@@ -100,7 +100,7 @@ To use other IdPs for SAML, the following SAML claims and SCIM attribute must ma
{% data reusables.user-settings.enterprise-admin-api-classic-pat-only %}
-{% data variables.product.product_name %} provides endpoints for use by SCIM-enabled Identity Providers (IdPs). An integration on the IdP can use the REST API to automatically provision, manage, or deprovision user accounts on a {% data variables.product.product_name %} instance that uses SAML single sign-on (SSO) for authentication. For more information about SAML SSO, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
+{% data variables.product.product_name %} provides endpoints for use by SCIM-enabled Identity Providers (IdPs). An integration on the IdP can use the REST API to automatically provision, manage, or deprovision user accounts on a {% data variables.product.product_name %} instance that uses SAML single sign-on (SSO) for authentication. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
These endpoints are based on SCIM 2.0. For more information, refer to your IdP's documentation or see the [specification on the IETF website](https://datatracker.ietf.org/doc/html/rfc7644).
@@ -112,6 +112,8 @@ An IdP can use the following root URL to communicate with the endpoints in this
{% data variables.product.rest_url %}/scim/v2/
```
+Do **not** include the `enterprises/{enterprise}/` portion of the URLs provided in the endpoint documentation below. This part of the path is not applicable to {% data variables.product.product_name %}. In the future, this documentation will display the correct URLs for {% data variables.product.product_name %}.
+
Endpoints in this category are case-sensitive. For example, the first letter in the `Users` endpoint must be capitalized.
```shell
diff --git a/content/rest/orgs/organization-roles.md b/content/rest/orgs/organization-roles.md
index e23c3786359b..b95987b93664 100644
--- a/content/rest/orgs/organization-roles.md
+++ b/content/rest/orgs/organization-roles.md
@@ -5,7 +5,7 @@ intro: Use the REST API to interact with organization roles.
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
fpt: '*'
ghec: '*'
- ghes: '>=3.13'
+ ghes: '>=3.14'
topics:
- API
autogenerated: rest
diff --git a/content/rest/orgs/personal-access-tokens.md b/content/rest/orgs/personal-access-tokens.md
index 5df885d4c33a..a31e7dfc100a 100644
--- a/content/rest/orgs/personal-access-tokens.md
+++ b/content/rest/orgs/personal-access-tokens.md
@@ -2,10 +2,10 @@
title: REST API endpoints for personal access tokens
shortTitle: Personal access tokens
intro: 'Use the REST API to manage {% data variables.product.pat_v2 %}s.'
-versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+versions:
fpt: '*'
ghec: '*'
- ghes: '>=3.10'
+ ghes: '*'
topics:
- API
autogenerated: rest
diff --git a/content/rest/secret-scanning/secret-scanning.md b/content/rest/secret-scanning/secret-scanning.md
index 072eaa66d406..fd37126d14bc 100644
--- a/content/rest/secret-scanning/secret-scanning.md
+++ b/content/rest/secret-scanning/secret-scanning.md
@@ -23,6 +23,6 @@ You can use the API to:
* Enable or disable {% data variables.product.prodname_secret_scanning %} and push protection for a repository. For more information, see "[AUTOTITLE](/rest/repos/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section.
* Retrieve and update {% data variables.secret-scanning.alerts %} from a repository. For further details, see the sections below.
-For more information about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+For more information about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
diff --git a/content/rest/users/attestations.md b/content/rest/users/attestations.md
new file mode 100644
index 000000000000..84efc2daec6b
--- /dev/null
+++ b/content/rest/users/attestations.md
@@ -0,0 +1,14 @@
+---
+title: REST API endpoints for artifact attestations
+shortTitle: Attestations
+intro: Use the REST API to manage artifact attestations.
+versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+ fpt: '*'
+ ghec: '*'
+topics:
+ - API
+autogenerated: rest
+allowTitleToDifferFromFilename: true
+---
+
+
diff --git a/content/rest/users/index.md b/content/rest/users/index.md
index 9b1bdd52cdf8..4ac6760f1649 100644
--- a/content/rest/users/index.md
+++ b/content/rest/users/index.md
@@ -2,7 +2,9 @@
title: REST API endpoints for users
shortTitle: Users
allowTitleToDifferFromFilename: true
-intro: Use the REST API to get public and private information about authenticated users.
+intro: >-
+ Use the REST API to get public and private information about authenticated
+ users.
redirect_from:
- /v3/users
- /rest/reference/users
@@ -13,14 +15,15 @@ versions:
topics:
- API
children:
- - /users
+ - /attestations
- /blocking
- /emails
- /followers
- /gpg-keys
- /keys
- - /ssh-signing-keys
- /social-accounts
+ - /ssh-signing-keys
+ - /users
autogenerated: rest
---
diff --git a/content/search-github/getting-started-with-searching-on-github/about-searching-on-github.md b/content/search-github/getting-started-with-searching-on-github/about-searching-on-github.md
index 97f14aef84e8..6c746a1217b6 100644
--- a/content/search-github/getting-started-with-searching-on-github/about-searching-on-github.md
+++ b/content/search-github/getting-started-with-searching-on-github/about-searching-on-github.md
@@ -22,7 +22,7 @@ topics:
{% data reusables.search.you-can-search-globally %}
-* To search globally across all of {% data variables.product.product_name %}, type what you're looking for into the search field at the top of any page, and choose "Search all of {% data variables.product.prodname_dotcom %}" in the search dropdown menu.
+* To search globally across all of {% data variables.product.product_name %}, type what you're looking for into the search field at the top of any page, and choose "Search all of {% data variables.product.prodname_dotcom %}"{% ifversion fpt or ghec or ghes < 3.12 %} in the search dropdown menu{% endif %}.
* To search within a particular repository or organization, navigate to the repository or organization page, type what you're looking for into the search field at the top of the page, and press **Enter**.
{% ifversion code-search-upgrade %}You can also use suggestions and completions in the search bar to quickly find what you need.
@@ -51,7 +51,7 @@ After running a search on {% data variables.product.product_name %}, you can sor
## Types of searches on {% data variables.product.prodname_dotcom %}
-You can search for the following information across all repositories you can access on {% data variables.location.product_location %}.
+You can search for the following information across all repositories you can access on {% data variables.product.prodname_dotcom %}.
* [Repositories](/search-github/searching-on-github/searching-for-repositories)
* [Topics](/search-github/searching-on-github/searching-topics)
diff --git a/content/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax.md b/content/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax.md
index 9788eb1f3ce3..77e83525e01e 100644
--- a/content/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax.md
+++ b/content/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax.md
@@ -60,8 +60,8 @@ Query | Example
<YYYY-MM-DD | **[cats pushed:<2012-07-05](https://github.com/search?q=cats+pushed%3A%3C2012-07-05&type=Repositories&utf8=%E2%9C%93)** matches repositories with the word "cats" that were pushed to before July 5, 2012.
<=YYYY-MM-DD | **[cats created:<=2012-07-04](https://github.com/search?utf8=%E2%9C%93&q=cats+created%3A%3C%3D2012-07-04&type=Issues)** matches issues with the word "cats" that were created on or before July 4, 2012.
YYYY-MM-DD..YYYY-MM-DD | **[cats pushed:2016-04-30..2016-07-04](https://github.com/search?utf8=%E2%9C%93&q=cats+pushed%3A2016-04-30..2016-07-04&type=Repositories)** matches repositories with the word "cats" that were pushed to between the end of April and July of 2016.
-YYYY-MM-DD..* | **[cats created:2012-04-30..*](https://github.com/search?utf8=%E2%9C%93&q=cats+created%3A2012-04-30..*&type=Issues)** matches issues created after April 30th, 2012 containing the word "cats."
-*..YYYY-MM-DD | **[cats created:*..2012-07-04](https://github.com/search?utf8=%E2%9C%93&q=cats+created%3A*..2012-07-04&type=Issues)** matches issues created before July 4th, 2012 containing the word "cats."
+YYYY-MM-DD..* | **[cats created:2012-04-30..*](https://github.com/search?utf8=%E2%9C%93&q=cats+created%3A2012-04-30..*&type=Issues)** matches issues created on or after April 30th, 2012 containing the word "cats."
+*..YYYY-MM-DD | **[cats created:*..2012-07-04](https://github.com/search?utf8=%E2%9C%93&q=cats+created%3A*..2012-07-04&type=Issues)** matches issues created on or before July 4th, 2012 containing the word "cats."
{% data reusables.time_date.time_format %}
diff --git a/content/search-github/searching-on-github/searching-discussions.md b/content/search-github/searching-on-github/searching-discussions.md
index 8710855dce55..decad00a8b2c 100644
--- a/content/search-github/searching-on-github/searching-discussions.md
+++ b/content/search-github/searching-on-github/searching-discussions.md
@@ -67,10 +67,12 @@ You can search for a discussion that has been locked using the `is` qualifier. F
You can filter by the visibility of the repository containing the discussions using the `is` qualifier. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
-| Qualifier | Example
+| Qualifier | Example |
| :- | :- |
-| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Discussions) matches discussions in public repositories.{% ifversion ghec %}
-| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Discussions) matches discussions in internal repositories.{% endif %}
+| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Discussions) matches discussions in public repositories. |
+| {% ifversion ghec %} |
+| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Discussions) matches discussions in internal repositories. |
+| {% endif %} |
| `is:private` | [**is:private tiramisu**](https://github.com/search?q=is%3Aprivate+tiramisu&type=Discussions) matches discussions that contain the word "tiramisu" in private repositories you can access.
## Search by author
diff --git a/content/search-github/searching-on-github/searching-for-repositories.md b/content/search-github/searching-on-github/searching-for-repositories.md
index ee1b162d43f3..0c984a1cb9e6 100644
--- a/content/search-github/searching-on-github/searching-for-repositories.md
+++ b/content/search-github/searching-on-github/searching-for-repositories.md
@@ -14,7 +14,7 @@ topics:
- GitHub search
shortTitle: Search for repositories
---
-You can search for repositories globally across all of {% data variables.location.product_location %}, or search for repositories within a particular organization. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)."
+You can search for repositories globally across all of {% data variables.product.prodname_dotcom %}, or search for repositories within a particular organization. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)."
To include forks in the search results, you will need to add `fork:true` or `fork:only` to your query. For more information, see "[AUTOTITLE](/search-github/searching-on-github/searching-in-forks)."
@@ -143,10 +143,12 @@ You can search repositories by the type of license in the repositories. You must
You can filter your search based on the visibility of the repositories. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
-| Qualifier | Example
+| Qualifier | Example |
| ------------- | ------------- |
-| `is:public` | [**is:public org:github**](https://github.com/search?q=is%3Apublic+org%3Agithub&type=Repositories) matches public repositories owned by {% data variables.product.company_short %}.{% ifversion ghes or ghec %}
-| `is:internal` | [**is:internal test**](https://github.com/search?q=is%3Ainternal+test&type=Repositories) matches internal repositories that you can access and contain the word "test".{% endif %}
+| `is:public` | [**is:public org:github**](https://github.com/search?q=is%3Apublic+org%3Agithub&type=Repositories) matches public repositories owned by {% data variables.product.company_short %}. |
+| {% ifversion ghes or ghec %} |
+| `is:internal` | [**is:internal test**](https://github.com/search?q=is%3Ainternal+test&type=Repositories) matches internal repositories that you can access and contain the word "test". |
+| {% endif %} |
| `is:private` | [**is:private pages**](https://github.com/search?q=is%3Aprivate+pages&type=Repositories) matches private repositories that you can access and contain the word "pages."
{% ifversion repository-properties %}
diff --git a/content/search-github/searching-on-github/searching-issues-and-pull-requests.md b/content/search-github/searching-on-github/searching-issues-and-pull-requests.md
index 7c69fed80e59..981ee9f59219 100644
--- a/content/search-github/searching-on-github/searching-issues-and-pull-requests.md
+++ b/content/search-github/searching-on-github/searching-issues-and-pull-requests.md
@@ -96,10 +96,12 @@ You can filter issues based on the reason given when the issue was closed, using
You can filter by the visibility of the repository containing the issues and pull requests using the `is` qualifier. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
-| Qualifier | Example
+| Qualifier | Example |
| ------------- | ------------- |
-| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Issues) matches issues and pull requests in public repositories.{% ifversion ghes or ghec %}
-| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Issues) matches issues and pull requests in internal repositories.{% endif %}
+| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Issues) matches issues and pull requests in public repositories. |
+| {% ifversion ghes or ghec %} |
+| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Issues) matches issues and pull requests in internal repositories. |
+| {% endif %} |
| `is:private` | [**is:private cupcake**](https://github.com/search?q=is%3Aprivate+cupcake&type=Issues) matches issues and pull requests that contain the word "cupcake" in private repositories you can access.
## Search by author
diff --git a/content/site-policy/acceptable-use-policies/github-impersonation.md b/content/site-policy/acceptable-use-policies/github-impersonation.md
index 235addcfe4de..1e1dfc6a7140 100644
--- a/content/site-policy/acceptable-use-policies/github-impersonation.md
+++ b/content/site-policy/acceptable-use-policies/github-impersonation.md
@@ -21,4 +21,4 @@ You may not misrepresent your identity or your association with another person o
Impersonation is a form of harassment and violation of this policy may lead to loss of access to your account.
-Please note, having a username similar to another is not necessarily impersonation. GitHub will take context into account. For example, as in cases involving claims of [misinformation or disinformation](/site-policy/acceptable-use-policies/github-misinformation-and-disinformation), we generally allow parody and satire that is in line with our [Acceptable Use Polices](/site-policy/acceptable-use-policies/github-acceptable-use-policies).
+Please note, having a username similar to another is not necessarily impersonation. GitHub will take context into account. For example, as in cases involving claims of [misinformation or disinformation](/site-policy/acceptable-use-policies/github-misinformation-and-disinformation), we generally allow parody and satire that is in line with our [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies).
diff --git a/content/site-policy/acceptable-use-policies/github-misinformation-and-disinformation.md b/content/site-policy/acceptable-use-policies/github-misinformation-and-disinformation.md
index 65c8b5476313..4e95f298bfee 100644
--- a/content/site-policy/acceptable-use-policies/github-misinformation-and-disinformation.md
+++ b/content/site-policy/acceptable-use-policies/github-misinformation-and-disinformation.md
@@ -17,7 +17,7 @@ You may not post content that presents a distorted view of reality, whether it i
* False or misleading content likely to interfere with an individual's ability to participate in civic activities
* Unsubstantiated claims that could promote hate or targeted harassment of specific groups of people
-We encourage active participation in the expression of ideas, perspectives, and experiences and may not be in a position to dispute personal accounts or observations. We generally allow parody and satire that is in line with our [Acceptable Use Polices](/site-policy/acceptable-use-policies/github-acceptable-use-policies), and we consider context to be important in how information is received and understood. When reviewing content under this policy, GitHub will consider the impact of various factors that may help to orient the viewer, such as whether the content has been provided with clear disclaimers, citations to credible sources, or includes other details that clarify the accuracy of the information being shared.
+We encourage active participation in the expression of ideas, perspectives, and experiences and may not be in a position to dispute personal accounts or observations. We generally allow parody and satire that is in line with our [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies), and we consider context to be important in how information is received and understood. When reviewing content under this policy, GitHub will consider the impact of various factors that may help to orient the viewer, such as whether the content has been provided with clear disclaimers, citations to credible sources, or includes other details that clarify the accuracy of the information being shared.
## Synthetic & Manipulated Media Tools
diff --git a/content/site-policy/github-terms/github-marketplace-terms-of-service.md b/content/site-policy/github-terms/github-marketplace-terms-of-service.md
index cebeede003d7..2a2675cbf6f3 100644
--- a/content/site-policy/github-terms/github-marketplace-terms-of-service.md
+++ b/content/site-policy/github-terms/github-marketplace-terms-of-service.md
@@ -10,11 +10,11 @@ topics:
- Legal
---
-Welcome to GitHub Marketplace ("Marketplace")! We're happy you're here. Please read these Terms of Service ("Marketplace Terms") carefully before accessing or using GitHub Marketplace. GitHub Marketplace is a platform that allows you to select developer apps or actions (for free or for a charge) that can be used with your GitHub.com account ("Developer Products"). Although offered by GitHub, Inc. ("GitHub", "we", "us"), Developer Products may be developed and maintained by either GitHub or by third-party software providers. Your selection or use of Developer Products is subject to these Marketplace Terms and any applicable fees, and may require you to agree to additional terms as provided by the third party licensor of that Developer Product (the "Product Provider").
+Welcome to GitHub Marketplace ("Marketplace")! We're happy you're here. Please read these Terms of Service ("Marketplace Terms") carefully before accessing or using GitHub Marketplace. GitHub Marketplace is a platform that allows you to select developer apps or actions (for free or for a charge) that can be used with your GitHub.com account ("Developer Products"). Although offered by GitHub, Inc. ("GitHub", "we", "us"), Developer Products may be developed and maintained by either GitHub or by third-party software providers. Your selection or use of Developer Products is subject to these Marketplace Terms and any applicable fees, and may require you to agree to additional terms as provided by the third party licensor of that Developer Product (the "Product Provider"). Your use of GitHub Models is subject to the [GitHub Terms for Additional Products and Features](/site-policy/github-terms/github-terms-for-additional-products-and-features).
By using Marketplace, you are agreeing to be bound by these Marketplace Terms.
-Effective Date: November 20, 2020
+Effective Date: August 1, 2024
## A. GitHub.com's Terms of Service
diff --git a/content/site-policy/github-terms/github-sponsors-additional-terms.md b/content/site-policy/github-terms/github-sponsors-additional-terms.md
index a591d6ac555e..64e2adf1f142 100644
--- a/content/site-policy/github-terms/github-sponsors-additional-terms.md
+++ b/content/site-policy/github-terms/github-sponsors-additional-terms.md
@@ -12,7 +12,7 @@ topics:
Your participation in the GitHub Sponsors Program (the "Program") is subject to the [GitHub Terms of Service](/site-policy/github-terms/github-terms-of-service) (the "Agreement") or other agreement you have with GitHub (for example the GitHub Customer General Terms, the GitHub Corporate Terms of Service or other agreement), as well as the following additional terms ("Additional Terms"). Any use of the GitHub Sponsors Program that violates the Agreement will also be a violation of these Additional Terms. Any capitalized terms used but not defined below have the meanings in the Agreement. These Additional Terms for the GitHub Sponsors Program describe the relationship between GitHub and you, the "Sponsored Developer", for the Program. The Additional Terms are effective as of the date you accept them ("Effective Date").
-The purpose of this Agreement is to: 1) set forth the terms under which Sponsors will participate in the GitHub Sponsors Program (the "Program"); and 2) set forth the terms under which Sponsored Developers may participate in the Program. The Program allows sponsors to identify certain open source projectws ("Projects") housed on GitHub and to make committed investments in those Projects to further the Projects' development.
+The purpose of this Agreement is to: 1) set forth the terms under which Sponsors will participate in the GitHub Sponsors Program (the "Program"); and 2) set forth the terms under which Sponsored Developers may participate in the Program. The Program allows sponsors to identify certain open source projects ("Projects") housed on GitHub and to make committed investments in those Projects to further the Projects' development.
## 1. Definitions.
diff --git a/content/site-policy/github-terms/github-terms-for-additional-products-and-features.md b/content/site-policy/github-terms/github-terms-for-additional-products-and-features.md
index 2931d0b16c7e..1c439bf750de 100644
--- a/content/site-policy/github-terms/github-terms-for-additional-products-and-features.md
+++ b/content/site-policy/github-terms/github-terms-for-additional-products-and-features.md
@@ -14,7 +14,7 @@ topics:
- Legal
---
-Version Effective Date: March 21, 2024
+Version Effective Date: August 1, 2024
When you use GitHub, you may be given access to lots of additional products and features ("Additional Products and Features"). Because many of the Additional Products and Features offer different functionality, your Agreement with us (the "Agreement") includes the specific terms for that product or feature combined with your main agreement — the GitHub Terms of Service or GitHub Customer Agreement, or the GitHub Corporate Terms of Service or other legacy GitHub contract, or a Microsoft volume licensing agreement. Below, we've listed those products and features, along with the corresponding additional terms that apply to your use of them.
@@ -29,12 +29,12 @@ By using the Additional Products and Features, you also agree to the applicable
GitHub Actions enables you to create custom software development lifecycle workflows directly in your GitHub repository. Actions is billed on a usage basis. The [Actions documentation](/actions) includes details, including compute and storage quantities (depending on your Account plan), and how to monitor your Actions minutes usage and set usage limits.
-Actions and any elements of the Actions product or service may not be used in violation of the Agreement, the [GitHub Acceptable Use Polices](/site-policy/acceptable-use-policies/github-acceptable-use-policies), or the GitHub Actions service limitations set forth in the [Actions documentation](/actions/learn-github-actions/usage-limits-billing-and-administration). Additionally, regardless of whether an Action is using self-hosted runners, Actions should not be used for:
-* cryptomining;
-* disrupting, gaining, or attempting to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the [GitHub Bug Bounty program](https://bounty.github.com));
-* the provision of a stand-alone or integrated application or service offering the Actions product or service, or any elements of the Actions product or service, for commercial purposes;
-* any activity that places a burden on our servers, where that burden is disproportionate to the benefits provided to users (for example, don't use Actions as a content delivery network or as part of a serverless application, but a low benefit Action could be ok if it’s also low burden); or
-* if using GitHub-hosted runners, any other activity unrelated to the production, testing, deployment, or publication of the software project associated with the repository where GitHub Actions are used.
+Actions and any elements of the Actions product or service may not be used in violation of the Agreement, the [GitHub Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies), or the GitHub Actions service limitations set forth in the [Actions documentation](/actions/learn-github-actions/usage-limits-billing-and-administration). Additionally, regardless of whether an Action is using self-hosted runners, Actions should not be used for:
+* Cryptomining;
+* Disrupting, gaining, or attempting to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the [GitHub Bug Bounty program](https://bounty.github.com));
+* The provision of a stand-alone or integrated application or service offering the Actions product or service, or any elements of the Actions product or service, for commercial purposes;
+* Any activity that places a burden on our servers, where that burden is disproportionate to the benefits provided to users (for example, don't use Actions as a content delivery network or as part of a serverless application, but a low benefit Action could be ok if it’s also low burden); or
+* If using GitHub-hosted runners, any other activity unrelated to the production, testing, deployment, or publication of the software project associated with the repository where GitHub Actions are used.
In order to prevent violations of these limitations and abuse of GitHub Actions, GitHub may monitor your use of GitHub Actions. Misuse of GitHub Actions may result in termination of jobs, restrictions in your ability to use GitHub Actions, disabling of repositories created to run Actions in a way that violates these Terms, or in some cases, suspension or termination of your GitHub account.
@@ -60,7 +60,7 @@ GitHub makes extra security features available to customers under an Advanced Se
Advanced Security is licensed on a "Unique Committer" basis. A "Unique Committer" is a licensed user of GitHub Enterprise, GitHub Enterprise Cloud, or GitHub Enterprise Server, who has made a commit in the last 90 days to any repository with any GitHub Advanced Security functionality activated. You must acquire a GitHub Advanced Security User license for each of your Unique Committers. You may only use GitHub Advanced Security on codebases that are developed by or for you. For GitHub Enterprise Cloud users, some Advanced Security features also require the use of GitHub Actions.
-For secret scanning with GitHub Advanced Security, when you opt-in to automatic validity checks for partner patterns, exposed third-party tokens may be shared with the relevant partner, in order to provide you with more information about the validity of the token. Not all partners are based in the United States. The [Secret scanning patterns documentation](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns) provides more details on which partners support the validity check.
+For secret scanning with GitHub Advanced Security, when you opt-in to automatic validity checks for partner patterns, exposed third-party tokens may be shared with the relevant partner, in order to provide you with more information about the validity of the token. Not all partners are based in the United States. The [Secret scanning patterns documentation](/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns) provides more details on which partners support the validity check.
## Advisory Database
@@ -79,11 +79,11 @@ The GitHub Advisory Database is licensed under the [Creative Commons Attribution
_Note: The github.dev service, available by pressing . on a repo or navigating directly to github.dev, is governed by GitHub's Beta Terms of service._
GitHub Codespaces enables you to develop code directly from your browser using the code within your GitHub repository. Codespaces and any elements of the Codespaces service may not be used in violation of the Agreement or the Acceptable Use Policies. Additionally, Codespaces should not be used for:
-* cryptomining;
-* using our servers to disrupt, or to gain or to attempt to gain unauthorized access to any service, device, data, account or network (other than those authorized by the GitHub Bug Bounty program);
-* the provision of a stand-alone or integrated application or service offering Codespaces or any elements of Codespaces for commercial purposes;
-* any activity that places a burden on our servers, where that burden is disproportionate to the benefits provided to users (for example, don't use Codespaces as a content delivery network, as part of a serverless application, or to host any kind of production-facing application); or
-* any other activity unrelated to the development or testing of the software project associated with the repository where GitHub Codespaces is initiated.
+* Cryptomining;
+* Using our servers to disrupt, or to gain or to attempt to gain unauthorized access to any service, device, data, account or network (other than those authorized by the GitHub Bug Bounty program);
+* The provision of a stand-alone or integrated application or service offering Codespaces or any elements of Codespaces for commercial purposes;
+* Any activity that places a burden on our servers, where that burden is disproportionate to the benefits provided to users (for example, don't use Codespaces as a content delivery network, as part of a serverless application, or to host any kind of production-facing application); or
+* Any other activity unrelated to the development or testing of the software project associated with the repository where GitHub Codespaces is initiated.
In order to prevent violations of these limitations and abuse of GitHub Codespaces, GitHub may monitor your use of GitHub Codespaces. Misuse of GitHub Codespaces may result in termination of your access to Codespaces, restrictions in your ability to use GitHub Codespaces, or the disabling of repositories created to run Codespaces in a way that violates these Terms.
@@ -125,7 +125,7 @@ npm is a software package hosting service that allows you to host your software
## Packages
-GitHub Packages is a software package hosting service that allows you to host your software packages privately or publicly and use packages as dependencies in your projects. GitHub Packages is billed on a usage basis. The [Packages documentation](/packages/learn-github-packages/introduction-to-github-packages) includes details, including bandwidth and storage quantities (depending on your Account plan), and how to monitor your Packages usage and set usage limits. Packages bandwidth usage is limited by the [GitHub Acceptable Use Polices](/site-policy/acceptable-use-policies/github-acceptable-use-policies).
+GitHub Packages is a software package hosting service that allows you to host your software packages privately or publicly and use packages as dependencies in your projects. GitHub Packages is billed on a usage basis. The [Packages documentation](/packages/learn-github-packages/introduction-to-github-packages) includes details, including bandwidth and storage quantities (depending on your Account plan), and how to monitor your Packages usage and set usage limits. Packages bandwidth usage is limited by the [GitHub Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies).
## Pages
@@ -158,3 +158,9 @@ GitHub Sponsors allows the developer community to financially support the people
## SQL Server Images
You may download Microsoft SQL Server Standard Edition container image for Linux files ("SQL Server Images"). You must uninstall the SQL Server Images when your right to use the Software ends. Microsoft Corporation may disable SQL Server Images at any time.
+
+## GitHub Models
+
+GitHub Models is a feature that allows you to learn, try, and test artificial intelligence models on GitHub.com. You can access GitHub Models via the [GitHub Marketplace](https://github.com/marketplace). Learn more about GitHub Models by visiting [Prototyping with AI models](/github-models/prototyping-with-ai-models).
+
+Your use of this feature is subject to the terms of the company hosting the model and the model license.
diff --git a/content/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor.md b/content/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor.md
index ce8a565e719d..1818712ee97e 100644
--- a/content/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor.md
+++ b/content/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor.md
@@ -33,6 +33,6 @@ Please note that we cannot authorize out-of-scope testing in the name of third p
That said, if legal action is initiated by a third party, including law enforcement, against you because of your participation in this bug bounty program, and you have sufficiently complied with our bug bounty policy (i.e. have not made intentional or bad faith violations), we will take steps to make it known that your actions were conducted in compliance with this policy. While we consider submitted reports both confidential and potentially privileged documents, and protected from compelled disclosure in most circumstances, please be aware that a court could, despite our objections, order us to share information with a third party.
-## 3. Limited Waiver of Other Site Polices
+## 3. Limited Waiver of Other Site Policies
To the extent that your security research activities are inconsistent with certain restrictions in our [relevant site policies](/site-policy) but consistent with the terms of our bug bounty program, we waive those restrictions for the sole and limited purpose of permitting your security research under this bug bounty program. Just like above, if in doubt, ask us first!
diff --git a/content/sponsors/getting-started-with-github-sponsors/about-github-sponsors.md b/content/sponsors/getting-started-with-github-sponsors/about-github-sponsors.md
index 6c42452b0190..65b574fc8fdb 100644
--- a/content/sponsors/getting-started-with-github-sponsors/about-github-sponsors.md
+++ b/content/sponsors/getting-started-with-github-sponsors/about-github-sponsors.md
@@ -159,6 +159,7 @@ Anyone in any region can sponsor eligible maintainers, but you must reside in a
* "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors)"
* "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors)"
+* "[AUTOTITLE](/sponsors/getting-started-with-github-sponsors/navigating-your-sponsors-dashboard)"
* "[AUTOTITLE](/search-github/searching-on-github/searching-users#search-based-on-ability-to-sponsor)"
* "[AUTOTITLE](/search-github/searching-on-github/searching-for-repositories#search-based-on-ability-to-sponsor)"
* "[FAQ with the {% data variables.product.prodname_sponsors %} team](https://github.blog/2019-06-12-faq-with-the-github-sponsors-team/)" on {% data variables.product.prodname_blog %}
diff --git a/content/sponsors/getting-started-with-github-sponsors/index.md b/content/sponsors/getting-started-with-github-sponsors/index.md
index 1bd3e53cd7ce..b005a8d2e06e 100644
--- a/content/sponsors/getting-started-with-github-sponsors/index.md
+++ b/content/sponsors/getting-started-with-github-sponsors/index.md
@@ -7,6 +7,6 @@ versions:
children:
- /about-github-sponsors
- /quickstart-for-finding-contributors-to-sponsor
+ - /navigating-your-sponsors-dashboard
shortTitle: Getting started
---
-
diff --git a/content/sponsors/getting-started-with-github-sponsors/navigating-your-sponsors-dashboard.md b/content/sponsors/getting-started-with-github-sponsors/navigating-your-sponsors-dashboard.md
new file mode 100644
index 000000000000..a24a7b1f6b4d
--- /dev/null
+++ b/content/sponsors/getting-started-with-github-sponsors/navigating-your-sponsors-dashboard.md
@@ -0,0 +1,73 @@
+---
+title: Navigating your Sponsors dashboard
+intro: 'View {% data variables.product.prodname_sponsors %}-related activity from your Sponsors dashboard.'
+versions:
+ fpt: '*'
+ ghec: '*'
+type: overview
+topics:
+ - Open Source
+ - Fundamentals
+ - Sponsors
+ - Sponsors profile
+---
+## About your Sponsors dashboard
+
+From your sponsors dashboard, you can view current and past sponsorships and dependencies, manage your recent invoices and sponsor settings, and create bulk sponsorships.
+
+## Viewing your sponsorships
+
+On your sponsorships page, you can display your current invoice balance, and see options to open a support ticket and create an invoice.
+
+You can also manage current sponsorships and view past sponsorships, and export your current and past sponsorships as a CSV file.
+
+{% data reusables.organizations.sponsors-dashboard %}
+{% data reusables.organizations.navigate-to-sponsoring %}
+1. From the left sidebar, click **{% octicon "heart" aria-hidden="true" %} Your sponsorships**.
+
+## Viewing dependencies
+
+You can view dependencies that have an active sponsors profile, search for specific dependencies, view repositories your sponsors own or maintain, and see when your sponsors were last active.
+
+You can also export the list of dependencies as a CSV file.
+
+{% data reusables.organizations.sponsors-dashboard %}
+{% data reusables.organizations.navigate-to-sponsoring %}
+1. From the left sidebar, click **{% octicon "package-dependencies" aria-hidden="true" %} Dependencies**.
+
+## Viewing bulk sponsorships
+
+You can create a bulk sponsorship from your organization's sponsorships page.
+
+{% data reusables.organizations.sponsors-dashboard %}
+{% data reusables.organizations.navigate-to-sponsoring %}
+1. From the left sidebar, click **Bulk Sponsors**.
+
+## Viewing invoices
+
+You can manage your open and paid invoices from your sponsors dashboard. To be able to add funds to your balance, you must first create a new invoice. For more information, see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice#creating-a-new-invoice)."
+
+{% data reusables.organizations.sponsors-dashboard %}
+{% data reusables.organizations.navigate-to-sponsoring %}
+1. From the left sidebar, click **{% octicon "credit-card" aria-hidden="true" %} Invoices**.
+
+## Viewing settings
+
+You can view your sponsorship logs from your sponsoring settings page.
+
+You can also choose to attribute your paid sponsorships to another account by linking the accounts.
+
+### View your sponsorship logs
+
+{% data reusables.organizations.sponsors-dashboard %}
+{% data reusables.organizations.navigate-to-sponsoring %}
+1. From the left sidebar, click **{% octicon "gear" aria-label="The Gear icon" %} Settings**.
+1. Under "Sponsorship log", click **log**.
+
+### Link your sponsorships to another account
+
+{% data reusables.organizations.sponsors-dashboard %}
+{% data reusables.organizations.navigate-to-sponsoring %}
+1. From the left sidebar, click **{% octicon "gear" aria-label="The Gear icon" %} Settings**.
+1. Select the **Linked account** dropdown and click the account to use.
+1. Click **Link account** to confirm your selection.
diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors.md
index 317bbda0d873..655804009bd0 100644
--- a/content/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors.md
+++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors.md
@@ -31,3 +31,27 @@ Your {% data variables.product.prodname_sponsors %} profile tells potential spon
{% data reusables.sponsors.edit-featured-work %}
{% data reusables.sponsors.opt-in-to-being-featured %}
{% data reusables.sponsors.save-profile %}
+
+## Selecting Featured Sponsors
+
+Featured sponsors allows you to spotlight your sponsors. You can opt to automatically display your top 10 sponsors, manually select 10 sponsors, or feature no sponsors.
+
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-profile-tab %}
+1. Under "Featured Sponsors", select the checkbox for the option to display your featured sponsors automatically or manually.
+
+ * If opting to automatically feature your top 10 sponsors, select the dial button and click **Update profile**.
+
+ * To manually add sponsors, select the **Manually add my featured sponsors** option and click **Add or remove**.
+
+ * A pop up window will display allowing you to search your sponsors. Click on the desired sponsors and click **Save**.
+
+{% data reusables.sponsors.save-profile %}
+
+## Sharing your profile
+
+Let others know about your Sponsors profile by sharing it out on social media or embedding it on your personal website.
+
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+1. From the left sidebar, click **Overview**.
+1. Under "Share it out", select the option to share your Sponsors profile on social media or embed it on a website.
diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-goal.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-goal.md
index e3ff655adbc2..9a3b623853e7 100644
--- a/content/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-goal.md
+++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-goal.md
@@ -46,3 +46,11 @@ After you retire a goal, you won't be able to reactivate the goal. You must crea
{% data reusables.sponsors.navigate-to-your-goals-tab %}
{% data reusables.sponsors.edit-goal %}
{% data reusables.sponsors.retire-goal %}
+
+## Sharing a goal
+
+You can share your sponsorship goal on social media or embed it on your personal website.
+
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-your-goals-tab %}
+1. Under your goal, click the **Share** or **Embed it** button.
diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
index eaf0f7611460..84688f67f420 100644
--- a/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
+++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
@@ -81,7 +81,7 @@ If you choose to receive payouts to a bank account, your bank account can be a d
## Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
-Before your organization can become a sponsored organization, you must enable 2FA for your account on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
+Before your organization can become a sponsored organization, you must enable 2FA for your account on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
## Submitting your application to {% data variables.product.prodname_dotcom %} for approval
diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
index ec2f6780aadd..e82950e695e4 100644
--- a/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
+++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
@@ -1,6 +1,6 @@
---
title: Setting up GitHub Sponsors for your personal account
-intro: 'You can become a sponsored developer by joining {% data variables.product.prodname_sponsors %}, completing your sponsored developer profile, creating sponsorship tiers, submitting your bank and tax information, and enabling two-factor authentication for your account on {% data variables.location.product_location %}.'
+intro: 'You can become a sponsored developer by joining {% data variables.product.prodname_sponsors %}, completing your sponsored developer profile, creating sponsorship tiers, submitting your bank and tax information, and enabling two-factor authentication for your account on {% data variables.product.prodname_dotcom %}.'
redirect_from:
- /articles/becoming-a-sponsored-developer
- /github/supporting-the-open-source-community-with-github-sponsors/becoming-a-sponsored-developer
@@ -79,7 +79,7 @@ If you choose to receive payouts to a bank account, your region of residence and
## Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
-Before you can become a sponsored developer, you must enable 2FA for your account on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
+Before you can become a sponsored developer, you must enable 2FA for your account on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
## Submitting your application to {% data variables.product.prodname_dotcom %} for approval
diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md
index a269fa85ea0e..e9313f53bc60 100644
--- a/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md
+++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md
@@ -19,9 +19,12 @@ When you sign up for a {% data variables.product.prodname_sponsors %} profile so
{% data variables.product.prodname_sponsors %} supports these fiscal hosts:
-* [Open Source Collective](https://opencollective.com/opensource)
+* [Hack Club](https://hackclub.com/)
* [NumFOCUS](https://www.numfocus.org/)
* [Open Collective Europe](https://opencollective.com/europe)
+* [Open Source Collective](https://opencollective.com/opensource)
+* [Python Software Foundation](https://www.python.org/psf-landing/)
+* [Software in the Public Interest](https://www.spi-inc.org/)
* [Software Underground](https://softwareunderground.org/)
## Choosing to use a fiscal host
diff --git a/content/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes.md b/content/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes.md
index 9056f70545ff..b270ecdd440a 100644
--- a/content/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes.md
+++ b/content/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes.md
@@ -37,23 +37,30 @@ If the account you want to sponsor does not have a profile on {% data variables.
{% endnote %}
-## About payment methods for sponsorships
+## About billing and sponsorship payments
-You can pay for sponsorships:
-* With a credit card. For more information, see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-github)."
-* Through Patreon. For more information, see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-patreon)."
+GitHub provides the following billing methods to show love and support to your fellow collaborators and developers in the form of paid sponsorships: debit or credit cards, and Patreon.
+For additional information on your preferred funding, please click on any of the links below.
+* [AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-github)
+* [AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-patreon)
{% note %}
-**Note:** When you sponsor an account using a credit card, the charge will become effective immediately. {% data reusables.sponsors.prorated-sponsorship %}
+**Note:** When sponsoring through GitHub, your balance will be charged effective immediately. {% data reusables.sponsors.prorated-sponsorship %}
{% endnote %}
-Organizations can also pay for sponsorships by invoice. For more information, see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice)."
+Alternatively, enterprises and organizations may opt to be billed by recurring invoice. For additional information on billing by invoice, please click on [AUTOTITLE](/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice).
+
+{% warning %}
+
+**Warning:** As of February 23, 2023, GitHub Sponsors does not support PayPal. While this only affects GitHub Sponsors, please note that it is still possible to fund GitHub Pro, GitHub Copilot, Actions and Packages, Storage, Codespaces and Git LFS Data using PayPal.
+
+{% endwarning %}
{% ifversion enterprise-orgs-sponsors-with-cc %}
-If your enterprise pays by credit card, you can allow your enterprise's organizations to sponsor open source contributors using the credit card. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise)."
+When an enterprise opts to pay by credit card, it can enforce policies within its organizations that allow sponsoring of open source contributors by payments from the same card that was used for billing. For additional information, please click on [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-sponsors-in-your-enterprise).
{% endif %}
diff --git a/content/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-github.md b/content/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-github.md
index 4608f615ee3f..36f30894a73f 100644
--- a/content/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-github.md
+++ b/content/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor-through-github.md
@@ -58,7 +58,7 @@ Before you can sponsor an account, you must have a verified email address. For m
To sponsor these maintainers using the downloaded file, in the corresponding cells of the "Sponsorship amount in USD" column, input sponsorship amounts in US dollars for each maintainer you want to sponsor.
-1. On {% data variables.product.prodname_dotcom %}, in the "Bulk Sponsor" box above the list of developers who maintain your dependencies, click **Get started**.
+1. On {% data variables.product.prodname_dotcom %}, in the "Bulk Sponsor" box above the list of developers who maintain your dependencies, click **Get started**. Organizations can also access the "Bulk Sponsor" functionality from the sponsors dashboard.
1. Optionally, to change which account or organization you are sponsoring as, select the **Sponsor as USERNAME** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click the desired account or organization from the options that appear.
diff --git a/content/support/contacting-github-support/using-copilot-in-github-support.md b/content/support/contacting-github-support/using-copilot-in-github-support.md
index 595e097dcdc4..a3c964cd72e2 100644
--- a/content/support/contacting-github-support/using-copilot-in-github-support.md
+++ b/content/support/contacting-github-support/using-copilot-in-github-support.md
@@ -38,7 +38,7 @@ When you chat with {% data variables.product.prodname_copilot_in_support %}, rem
## Sharing feedback about {% data variables.product.prodname_copilot_in_support %}
-We greatly value your feedback. As we continuously improve {% data variables.product.prodname_copilot_in_support %}, we value knowing which answers were helpful and which were not. To let us know, just click {% octicon "thumbsup" aria-label="The thumbs up icon" %} or {% octicon "thumbsdown" aria-label="The thumbs down icon" %} accompanying the last response from {% data variables.product.prodname_copilot_short %}.
+We greatly value your feedback. As we continuously improve {% data variables.product.prodname_copilot_in_support %}, we value knowing which answers were helpful and which were not. To let us know, just click {% octicon "thumbsdown" aria-label="The thumbs down icon" %} accompanying the last response from {% data variables.product.prodname_copilot_short %}.
## Further reading
diff --git a/content/support/learning-about-github-support/about-copilot-in-github-support.md b/content/support/learning-about-github-support/about-copilot-in-github-support.md
index aac0360d8d0a..12e02251378e 100644
--- a/content/support/learning-about-github-support/about-copilot-in-github-support.md
+++ b/content/support/learning-about-github-support/about-copilot-in-github-support.md
@@ -59,7 +59,7 @@ Currently, {% data variables.product.prodname_copilot_in_support %} cannot take
## Sharing feedback about {% data variables.product.prodname_copilot_in_support %}
-We greatly value your feedback. As we continuously improve {% data variables.product.prodname_copilot_in_support %}, we value knowing which answers were helpful and which were not. To let us know, just click the thumbs up or thumbs down under the corresponding response from {% data variables.product.prodname_copilot_short %}.
+We greatly value your feedback. As we continuously improve {% data variables.product.prodname_copilot_in_support %}, we value knowing which answers were helpful and which were not. To let us know, just click the thumbs down under the corresponding response from {% data variables.product.prodname_copilot_short %}.
## Further reading
diff --git a/content/support/learning-about-github-support/about-github-premium-support.md b/content/support/learning-about-github-support/about-github-premium-support.md
index 530e377332c1..e9e1b9f08519 100644
--- a/content/support/learning-about-github-support/about-github-premium-support.md
+++ b/content/support/learning-about-github-support/about-github-premium-support.md
@@ -48,7 +48,7 @@ There are two {% data variables.contact.premium_support %} plans: Premium and Pr
| Initial response time |
30 minutes for {% data variables.product.support_ticket_priority_urgent %} (including initial troubleshooting)
4 hours for {% data variables.product.support_ticket_priority_high %}
|
30 minutes for {% data variables.product.support_ticket_priority_urgent %} (including initial troubleshooting)
4 hours for {% data variables.product.support_ticket_priority_high %}
|
| Support channels |
Online ticket submission
Phone support in English via callback request (when required for ticket resolution)
Screen share request for critical issues
|
Online ticket submission
Phone support in English via callback request (when required for ticket resolution)
Screen share request for critical issues
|
| Training | Access to premium content |
Access to premium content
1 virtual training class per year
|
-| Members with support entitlements | 20 | 20 |
+| Members with support entitlements | 20 | 40 |
| Resources | Priority ticket handling |
Priority ticket handling
Named Customer Reliability Engineer
|
Escalation management | For high and urgent priority tickets | For High and Urgent priority tickets
Incident management | None | For urgent priority tickets, as needed
diff --git a/content/support/learning-about-github-support/about-ticket-priority.md b/content/support/learning-about-github-support/about-ticket-priority.md
index 473ffd474097..8e492f54916d 100644
--- a/content/support/learning-about-github-support/about-ticket-priority.md
+++ b/content/support/learning-about-github-support/about-ticket-priority.md
@@ -59,7 +59,7 @@ Ticket priority helps to ensure that support requests are handled in order, and
| Priority | Description | Examples |
| :---: | --- | --- |
-| {% data variables.product.support_ticket_priority_urgent %}{% ifversion ghec %}
([{% data variables.contact.premium_support %}](/support/learning-about-github-support/about-github-premium-support) only){% endif %} | Issues that critically impact the functionality of GitHub-supported ARC in an existing production environment. | ARC fails to create pods/start job/remove pods, or ARC has a significant bug affecting production and a rollback is not possible. |
+| {% data variables.product.support_ticket_priority_urgent %}{% ifversion ghec %}
([{% data variables.contact.premium_support %}](/support/learning-about-github-support/about-github-premium-support) only){% endif %} | Issues that critically impact the functionality of GitHub-supported ARC in an existing production environment. This excludes disruptions caused by Kubernetes components, missing dependencies, third-party software (such as proxy servers), or other changes made by your teams. | ARC fails to create pods/start job/remove pods, or ARC has a significant bug affecting production and a rollback is not possible. |
| {% data variables.product.support_ticket_priority_high %} | Issues that affect the performance of {% data variables.product.prodname_dotcom %}-supported ARC in an existing production environment but do not result in a complete system failure. | Delays in pod termination or assignment of jobs to pods, where the delay is not in line with expectations but does not entirely halt the workflow. |
| {% data variables.product.support_ticket_priority_normal %} / {% data variables.product.support_ticket_priority_low %} | Any other minor issues not classified as {% data variables.product.support_ticket_priority_urgent %} or {% data variables.product.support_ticket_priority_high %} should be directed to [the open source {% data variables.product.prodname_actions_runner_controller %} repository](https://github.com/actions/actions-runner-controller) issues/discussions. | Customization, performance analysis, initial setup. |
diff --git a/data/features/accessible-charts.yml b/data/features/accessible-charts.yml
new file mode 100644
index 000000000000..5afa7162f0d7
--- /dev/null
+++ b/data/features/accessible-charts.yml
@@ -0,0 +1,6 @@
+# Issue 14969
+# Accessibility updates to the repo insights and the code frequency pages
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.15'
diff --git a/data/features/account-switcher.yml b/data/features/account-switcher.yml
index c639949f7407..5e03782aca7b 100644
--- a/data/features/account-switcher.yml
+++ b/data/features/account-switcher.yml
@@ -3,3 +3,4 @@
versions:
fpt: '*'
ghec: '*'
+ ghes: '>=3.14'
diff --git a/data/features/actions-OIDC-custom-claim-runner-environment.yml b/data/features/actions-OIDC-custom-claim-runner-environment.yml
deleted file mode 100644
index 513ae1e370a1..000000000000
--- a/data/features/actions-OIDC-custom-claim-runner-environment.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #9725
-# Adding new OIDC claim - runner environment
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/features/actions-cache-org-ui.yml b/data/features/actions-cache-org-ui.yml
deleted file mode 100644
index 8c082a844e89..000000000000
--- a/data/features/actions-cache-org-ui.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-# Reference: #8112
-# Documentation for the Actions cache list UI for organizations
-# Related feature flags are actions-cache-admin-ui and actions-cache-ui
-# All features released at the same time, but have different versions
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>= 3.8'
diff --git a/data/features/actions-job-summaries.yml b/data/features/actions-job-summaries.yml
deleted file mode 100644
index 71d96f8e6e4a..000000000000
--- a/data/features/actions-job-summaries.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #6405
-# Documentation for job summaries for jobs on the workflow run summary page.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>3.5'
diff --git a/data/features/actions-macos-arm.yml b/data/features/actions-macos-arm.yml
deleted file mode 100644
index 7b1910121184..000000000000
--- a/data/features/actions-macos-arm.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #6732
-# Self-hosted runners with macOS ARM
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>= 3.7'
diff --git a/data/features/actions-oidc-custom-claims.yml b/data/features/actions-oidc-custom-claims.yml
deleted file mode 100644
index f08669dd9bb2..000000000000
--- a/data/features/actions-oidc-custom-claims.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #8927
-# General versioning for new OIDC custom claims
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/features/actions-runner-arch-envvars.yml b/data/features/actions-runner-arch-envvars.yml
deleted file mode 100644
index 2e160fda02e8..000000000000
--- a/data/features/actions-runner-arch-envvars.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #5727
-# Documentation for new runner 'arch' environment variables set by the `runner` app.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.4'
diff --git a/data/features/actions-save-state-set-output-envs.yml b/data/features/actions-save-state-set-output-envs.yml
deleted file mode 100644
index 7e13e11d69cf..000000000000
--- a/data/features/actions-save-state-set-output-envs.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #8273
-# New Actions `save-state`` and `set-output` env file commands, which deprecates their stdout counterparts.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>= 3.8'
diff --git a/data/features/actions-starter-template-ui.yml b/data/features/actions-starter-template-ui.yml
deleted file mode 100644
index 35026bc839bb..000000000000
--- a/data/features/actions-starter-template-ui.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #5169.
-# Documentation for the Actions starter template UI updates
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>3.4'
diff --git a/data/features/audit-log-streaming-health-check.yml b/data/features/audit-log-streaming-health-check.yml
index 615aefafbcdc..fae55c1baebd 100644
--- a/data/features/audit-log-streaming-health-check.yml
+++ b/data/features/audit-log-streaming-health-check.yml
@@ -2,4 +2,4 @@
# Documentation for audit log streaming health check
versions:
ghec: '*'
- ghes: '>= 3.13'
+ ghes: '>= 3.14'
diff --git a/data/features/backup-utilities-encryption-bug.yml b/data/features/backup-utilities-encryption-bug.yml
deleted file mode 100644
index e4fc9d694f79..000000000000
--- a/data/features/backup-utilities-encryption-bug.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# Reference: ghes#6726, ghes#6731
-# Encryption bug in GitHub Enterprise Server Backup Utilities
-
-versions:
- ghes: '>=3.7 <=3.9'
diff --git a/data/features/bypass-branch-protections.yml b/data/features/bypass-branch-protections.yml
deleted file mode 100644
index dc2ade316c06..000000000000
--- a/data/features/bypass-branch-protections.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Issue: 6667
-# Description: Allow merging pull requests without complying with branch protection rules.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>= 3.8'
diff --git a/data/features/code-scanning-tool-status-page.yml b/data/features/code-scanning-tool-status-page.yml
deleted file mode 100644
index a9fd1f02c465..000000000000
--- a/data/features/code-scanning-tool-status-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# Reference: #8882 for the new page and #10029 for CodeQL CLI information
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>= 3.9'
diff --git a/data/features/code-scanning-without-workflow.yml b/data/features/code-scanning-without-workflow.yml
deleted file mode 100644
index 47cd2bcc8a7c..000000000000
--- a/data/features/code-scanning-without-workflow.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>3.8'
diff --git a/data/features/codeowners-errors.yml b/data/features/codeowners-errors.yml
deleted file mode 100644
index 97fcdb4322f1..000000000000
--- a/data/features/codeowners-errors.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.5'
diff --git a/data/features/codeql-kotlin-beta.yml b/data/features/codeql-kotlin-beta.yml
deleted file mode 100644
index 47cd2bcc8a7c..000000000000
--- a/data/features/codeql-kotlin-beta.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>3.8'
diff --git a/data/features/codeql-model-packs-org.yml b/data/features/codeql-model-packs-org.yml
index 8e36a811b222..3be7183b6de8 100644
--- a/data/features/codeql-model-packs-org.yml
+++ b/data/features/codeql-model-packs-org.yml
@@ -2,3 +2,4 @@
versions:
fpt: '*'
ghec: '*'
+ ghes: '>=3.14'
diff --git a/data/features/codeql-model-packs.yml b/data/features/codeql-model-packs.yml
index c44ffeb06a50..7a6347ad10d2 100644
--- a/data/features/codeql-model-packs.yml
+++ b/data/features/codeql-model-packs.yml
@@ -1,4 +1,4 @@
-# Reference: #11599 Java, #13332 Java and C#, #13659 Java, C#, and Ruby
+# Reference: #11599 Java, #13332 Java and C#, #13659 Java, C#, and Ruby, #15116 Java, C#, Python, and Ruby
versions:
fpt: '*'
diff --git a/data/features/codeql-no-build-csharp.yml b/data/features/codeql-no-build-csharp.yml
index bbde37a5de5d..979f528738f9 100644
--- a/data/features/codeql-no-build-csharp.yml
+++ b/data/features/codeql-no-build-csharp.yml
@@ -1,4 +1,5 @@
-# Reference: #14183 (Add C# to existing Java support)
+# Reference: #14183 (C# beta)
+# Reference: #15544 (C# GA)
versions:
fpt: '*'
diff --git a/data/features/codeql-no-build.yml b/data/features/codeql-no-build.yml
index a03959203820..890d9b7f2b69 100644
--- a/data/features/codeql-no-build.yml
+++ b/data/features/codeql-no-build.yml
@@ -1,4 +1,5 @@
-# Reference: #12924 (Java)
+# Reference: #12924 (Java beta)
+# Reference: #14184 (Java GA)
versions:
fpt: '*'
diff --git a/data/features/codeql-swift-beta.yml b/data/features/codeql-swift-beta.yml
index 1ce4c2ad51c5..061d1e9890e4 100644
--- a/data/features/codeql-swift-beta.yml
+++ b/data/features/codeql-swift-beta.yml
@@ -1,5 +1,6 @@
-# Reference: #10251.
+# Reference: #10251 and #15120
# [2023-06-01] Swift support for code scanning users (GitHub docs site) [Public beta]
+# 2024-07-17 GA
versions:
fpt: '*'
ghec: '*'
diff --git a/data/features/secret-scanning-push-protection-private-internal.yml b/data/features/copilot-custom-models.yml
similarity index 56%
rename from data/features/secret-scanning-push-protection-private-internal.yml
rename to data/features/copilot-custom-models.yml
index 9375bc9a8025..1a45eecc8073 100644
--- a/data/features/secret-scanning-push-protection-private-internal.yml
+++ b/data/features/copilot-custom-models.yml
@@ -1,3 +1,2 @@
versions:
- ghes: '>=3.11'
ghec: '*'
diff --git a/data/features/create-branch-from-overview.yml b/data/features/create-branch-from-overview.yml
deleted file mode 100644
index 18c8223067b4..000000000000
--- a/data/features/create-branch-from-overview.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.7'
diff --git a/data/features/custom-org-roles.yml b/data/features/custom-org-roles.yml
index 1a45eecc8073..54bbfb7e970c 100644
--- a/data/features/custom-org-roles.yml
+++ b/data/features/custom-org-roles.yml
@@ -1,2 +1,3 @@
versions:
ghec: '*'
+ ghes: '>=3.14'
diff --git a/data/features/dependabot-bulk-alerts.yml b/data/features/dependabot-bulk-alerts.yml
deleted file mode 100644
index aede738d9648..000000000000
--- a/data/features/dependabot-bulk-alerts.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# Reference: Issue #6076 ability to dismiss or re-open multiple Dependabot alerts
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>3.6'
diff --git a/data/features/dependabot-updates-multidirectory-support.yml b/data/features/dependabot-updates-multidirectory-support.yml
new file mode 100644
index 000000000000..d9ed16363fa0
--- /dev/null
+++ b/data/features/dependabot-updates-multidirectory-support.yml
@@ -0,0 +1,5 @@
+# Reference: Issue #13733 - Multidirectory Configuration for Dependabot Version Updates - [Public Beta]
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.13'
diff --git a/data/features/dependabot-version-updates-for-forks.yml b/data/features/dependabot-version-updates-for-forks.yml
deleted file mode 100644
index 3674b3983660..000000000000
--- a/data/features/dependabot-version-updates-for-forks.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.8'
diff --git a/data/features/dependency-review-action-fail-on-scopes.yml b/data/features/dependency-review-action-fail-on-scopes.yml
deleted file mode 100644
index 1d3bb2ceda27..000000000000
--- a/data/features/dependency-review-action-fail-on-scopes.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: Issue #7739 - Dependency review action, new config option "fail-on-scopes" added.
-
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '> 3.7'
diff --git a/data/features/device-flow-is-opt-in.yml b/data/features/device-flow-is-opt-in.yml
deleted file mode 100644
index 222a3c7c8dd5..000000000000
--- a/data/features/device-flow-is-opt-in.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# docs-content 6307. OAuth device auth flow is opt in.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>3.4'
diff --git a/data/features/enforce-security-configurations-beta.yml b/data/features/enforce-security-configurations-beta.yml
new file mode 100644
index 000000000000..0f0b33176816
--- /dev/null
+++ b/data/features/enforce-security-configurations-beta.yml
@@ -0,0 +1,3 @@
+# Reference: #13288
+versions:
+ ghes: '3.14'
diff --git a/data/features/github-models.yml b/data/features/github-models.yml
new file mode 100644
index 000000000000..1dff13223b1b
--- /dev/null
+++ b/data/features/github-models.yml
@@ -0,0 +1,5 @@
+# GitHub Models (AI models on GitHub Marketplace)
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '*'
diff --git a/data/features/maven-transitive-dependencies.yml b/data/features/maven-transitive-dependencies.yml
new file mode 100644
index 000000000000..576e454fc4f2
--- /dev/null
+++ b/data/features/maven-transitive-dependencies.yml
@@ -0,0 +1,5 @@
+# Reference: #114733
+# Automatic dependency submission for Maven
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/data/features/metered-ghe-ghas.yml b/data/features/metered-ghe-ghas.yml
new file mode 100644
index 000000000000..f20f8f00e5ef
--- /dev/null
+++ b/data/features/metered-ghe-ghas.yml
@@ -0,0 +1,5 @@
+# Reference: 13369
+# Documentation for metered GHE/GHAS.
+
+versions:
+ ghec: '*'
diff --git a/data/features/oauth_account_picker.yml b/data/features/oauth_account_picker.yml
index cad25e78fce3..c3aa55221271 100644
--- a/data/features/oauth_account_picker.yml
+++ b/data/features/oauth_account_picker.yml
@@ -3,4 +3,4 @@
versions:
fpt: '*'
ghec: '*'
- ghes: '>=3.15'
+ ghes: '>=3.14'
diff --git a/data/features/org-custom-role-with-repo-permissions.yml b/data/features/org-custom-role-with-repo-permissions.yml
new file mode 100644
index 000000000000..058d7cf7cfc0
--- /dev/null
+++ b/data/features/org-custom-role-with-repo-permissions.yml
@@ -0,0 +1,5 @@
+# Issue #11307
+# Documentation for custom organization roles can include repository permissions
+versions:
+ ghec: '*'
+ ghes: '>=3.15'
diff --git a/data/features/org-npp-enablement-security-configurations.yml b/data/features/org-npp-enablement-security-configurations.yml
new file mode 100644
index 000000000000..5836d2f2da76
--- /dev/null
+++ b/data/features/org-npp-enablement-security-configurations.yml
@@ -0,0 +1,5 @@
+# Reference: #15650
+# Secret scanning - non-provider pattern enablement is included in security configurations [Public Beta]
+versions:
+ ghec: '*'
+ ghes: '> 3.14'
diff --git a/data/features/org-pre-defined-roles.yml b/data/features/org-pre-defined-roles.yml
new file mode 100644
index 000000000000..9c81774e4e46
--- /dev/null
+++ b/data/features/org-pre-defined-roles.yml
@@ -0,0 +1,6 @@
+# Issue #13617
+# Documentation for Built-in organization roles
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.15'
diff --git a/data/features/passkeys.yml b/data/features/passkeys.yml
index 63347c1820f5..24117f0fa041 100644
--- a/data/features/passkeys.yml
+++ b/data/features/passkeys.yml
@@ -3,3 +3,4 @@
versions:
fpt: '*'
ghec: '*'
+ ghes: '>=3.14'
diff --git a/data/features/projects-v2-auto-add.yml b/data/features/projects-v2-auto-add.yml
deleted file mode 100644
index 67fe2f78154e..000000000000
--- a/data/features/projects-v2-auto-add.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Issue 8996
-# ProjectV2 auto-adding
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/features/projects-v2-auto-archive.yml b/data/features/projects-v2-auto-archive.yml
deleted file mode 100644
index 2c4bcc97ae48..000000000000
--- a/data/features/projects-v2-auto-archive.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Issue 7910
-# ProjectV2 auto-archiving
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/features/projects-v2-roadmaps.yml b/data/features/projects-v2-roadmaps.yml
deleted file mode 100644
index 4d15af9ebcf4..000000000000
--- a/data/features/projects-v2-roadmaps.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Issue 8551
-# Roadmap layout
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/features/projects-v2-workflows.yml b/data/features/projects-v2-workflows.yml
deleted file mode 100644
index 862420ebd93a..000000000000
--- a/data/features/projects-v2-workflows.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# Built-in workflows for Projects
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/features/push-protection-bypass-fine-grained-permissions.yml b/data/features/push-protection-bypass-fine-grained-permissions.yml
new file mode 100644
index 000000000000..e3c924f96d99
--- /dev/null
+++ b/data/features/push-protection-bypass-fine-grained-permissions.yml
@@ -0,0 +1,5 @@
+# Issue 13329
+# Push protection bypass fine-grained permissions
+versions:
+ ghec: '*'
+ ghes: '>=3.16'
diff --git a/data/features/repo-rules-ignorecheck.yml b/data/features/repo-rules-ignorecheck.yml
new file mode 100644
index 000000000000..8f8715870470
--- /dev/null
+++ b/data/features/repo-rules-ignorecheck.yml
@@ -0,0 +1,6 @@
+# Reference: #15296
+# Docs for the ruleset update to allow skipping enforcement of status checks and workflows on new branches.
+
+versions:
+ ghec: '*'
+ ghes: '>=3.15'
diff --git a/data/features/repo-rules-merge-queue.yml b/data/features/repo-rules-merge-queue.yml
index 8944456d3750..ff8ef36e357e 100644
--- a/data/features/repo-rules-merge-queue.yml
+++ b/data/features/repo-rules-merge-queue.yml
@@ -3,4 +3,4 @@
versions:
ghec: '*'
- ghes: '>=3.13'
+ ghes: '>=3.15'
diff --git a/data/features/scim-for-ghes-public-beta.yml b/data/features/scim-for-ghes-public-beta.yml
new file mode 100644
index 000000000000..22cceb504d0d
--- /dev/null
+++ b/data/features/scim-for-ghes-public-beta.yml
@@ -0,0 +1,5 @@
+#14827
+# SCIM for GitHub Enterprise Server, public beta
+
+versions:
+ ghes: '>=3.14'
diff --git a/data/features/secret-scanning-backfill-email.yml b/data/features/secret-scanning-backfill-email.yml
deleted file mode 100644
index d4d1ba216eb9..000000000000
--- a/data/features/secret-scanning-backfill-email.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #9143.
-# Documentation for secret scanning sends email when backfill scan completes
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.10'
diff --git a/data/features/secret-scanning-custom-link-on-block.yml b/data/features/secret-scanning-custom-link-on-block.yml
index 7f0a595d72e1..323d4f94967b 100644
--- a/data/features/secret-scanning-custom-link-on-block.yml
+++ b/data/features/secret-scanning-custom-link-on-block.yml
@@ -1,5 +1,5 @@
# Reference: #8384.
-# Documentation for secret scanning: custom link on block.
+# Documentation for secret scanning: on block.
versions:
ghec: '*'
ghes: '>=3.8'
diff --git a/data/features/secret-scanning-dismissal-comment.yml b/data/features/secret-scanning-dismissal-comment.yml
deleted file mode 100644
index 8dce53006c7f..000000000000
--- a/data/features/secret-scanning-dismissal-comment.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #7524.
-# Documentation for allowing users to add a comment when dismissing a secret scanning alert.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.8'
diff --git a/data/features/secret-scanning-partner-documentation-link-UI.yml b/data/features/secret-scanning-partner-documentation-link-UI.yml
deleted file mode 100644
index 4cc5866bb24a..000000000000
--- a/data/features/secret-scanning-partner-documentation-link-UI.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: issue #8552
-# Adding link to partner documentation in the secret scanning alert, so secret can be revoked.
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>= 3.8'
diff --git a/data/features/secret-scanning-push-protection.yml b/data/features/secret-scanning-push-protection.yml
deleted file mode 100644
index 64104cda0543..000000000000
--- a/data/features/secret-scanning-push-protection.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reference: #5620.
-# Documentation for secret scanning as a push protection
-versions:
- fpt: '*'
- ghes: '>=3.5'
- ghec: '*'
diff --git a/data/features/secret-scanning-store-tokens.yml b/data/features/secret-scanning-store-tokens.yml
deleted file mode 100644
index 44c9794fee56..000000000000
--- a/data/features/secret-scanning-store-tokens.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Issue 8348
-# Secret Scanning - Persist detected secrets in encrypted storage
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.8'
diff --git a/data/features/security-configurations-beta-and-pre-beta.yml b/data/features/security-configurations-beta-and-pre-beta.yml
new file mode 100644
index 000000000000..ae1bd4dac717
--- /dev/null
+++ b/data/features/security-configurations-beta-and-pre-beta.yml
@@ -0,0 +1,3 @@
+# Reference: #13288
+versions:
+ ghes: '>3.8 <3.15'
diff --git a/data/features/security-configurations-beta-only.yml b/data/features/security-configurations-beta-only.yml
new file mode 100644
index 000000000000..e8fed4d3818e
--- /dev/null
+++ b/data/features/security-configurations-beta-only.yml
@@ -0,0 +1,3 @@
+# Reference: #13288
+versions:
+ ghes: '>3.12 <3.15'
diff --git a/data/features/security-configurations-ga.yml b/data/features/security-configurations-ga.yml
new file mode 100644
index 000000000000..0ce24ebcb38d
--- /dev/null
+++ b/data/features/security-configurations-ga.yml
@@ -0,0 +1,6 @@
+# Reference: #13288
+# Documentation for security configurations and global settings.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.14'
diff --git a/data/features/security-overview-enterprise-secret-scanning-metrics.yml b/data/features/security-overview-enterprise-secret-scanning-metrics.yml
new file mode 100644
index 000000000000..2f32cba56b0c
--- /dev/null
+++ b/data/features/security-overview-enterprise-secret-scanning-metrics.yml
@@ -0,0 +1,5 @@
+# Reference: #14658
+# Documentation for the enterprise-level secret scanning metrics page
+versions:
+ ghes: '>3.13'
+ ghec: '*'
diff --git a/data/features/security-overview-export-dashboard-data.yml b/data/features/security-overview-export-dashboard-data.yml
new file mode 100644
index 000000000000..01775162e26c
--- /dev/null
+++ b/data/features/security-overview-export-dashboard-data.yml
@@ -0,0 +1,4 @@
+# Reference: #13511
+# Documentation for the ability to download CSV files of data from the overview dashboard page of security overview.
+versions:
+ ghec: '*'
diff --git a/data/features/security-overview-org-codeql-pr-alerts.yml b/data/features/security-overview-org-codeql-pr-alerts.yml
new file mode 100644
index 000000000000..33c7d3e229a7
--- /dev/null
+++ b/data/features/security-overview-org-codeql-pr-alerts.yml
@@ -0,0 +1,5 @@
+# Reference: #4347
+# Documentation for org-level CodeQL PR alerts report
+versions:
+ ghes: '> 3.14'
+ ghec: '*'
diff --git a/data/features/task-lists-v1.yml b/data/features/task-lists-v1.yml
deleted file mode 100644
index b3a5c2584ecc..000000000000
--- a/data/features/task-lists-v1.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# Task lists v1
-versions:
- fpt: '*'
- ghec: '*'
- ghes: '>=3.9'
diff --git a/data/learning-tracks/actions.yml b/data/learning-tracks/actions.yml
index 25efdc5c115d..55f5c22925e6 100644
--- a/data/learning-tracks/actions.yml
+++ b/data/learning-tracks/actions.yml
@@ -4,12 +4,13 @@ getting_started:
Discover the possibilities of {% data variables.product.prodname_actions %}
by creating your first workflow.
guides:
- - /actions/learn-github-actions/understanding-github-actions
- - /actions/learn-github-actions/finding-and-customizing-actions
- - /actions/learn-github-actions/essential-features-of-github-actions
- - /actions/using-workflows/about-workflows
- - /actions/using-workflows/reusing-workflows
- - /actions/security-guides/security-hardening-for-github-actions
+ - /actions/about-github-actions/understanding-github-actions
+ - >-
+ /actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow
+ - /actions/writing-workflows/about-workflows
+ - /actions/sharing-automations/reusing-workflows
+ - >-
+ /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
adopting_github_actions_for_your_enterprise_ghec:
title: Adopt GitHub Actions for your enterprise
description: >-
@@ -19,15 +20,16 @@ adopting_github_actions_for_your_enterprise_ghec:
ghec: '*'
guides:
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
- - /actions/learn-github-actions/understanding-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
+ - /actions/about-github-actions/understanding-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
- - /actions/security-guides/security-hardening-for-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+ - >-
+ /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
- >-
/billing/managing-billing-for-github-actions/about-billing-for-github-actions
adopting_github_actions_for_your_enterprise_ghes:
@@ -39,19 +41,20 @@ adopting_github_actions_for_your_enterprise_ghes:
ghes: '*'
guides:
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
- - /actions/learn-github-actions/understanding-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
+ - /actions/about-github-actions/understanding-github-actions
+ - >-
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
- - /actions/security-guides/security-hardening-for-github-actions
+ /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
- >-
/billing/managing-billing-for-github-actions/about-billing-for-github-actions
hosting_your_own_runners:
@@ -60,14 +63,18 @@ hosting_your_own_runners:
You can create self-hosted runners to run workflows in a highly customizable
environment.
guides:
- - /actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners
- - /actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners
+ - >-
+ /actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners
+ - >-
+ /actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners
- >-
/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service
- >-
/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners
- - /actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners
- - /actions/hosting-your-own-runners/managing-self-hosted-runners/using-self-hosted-runners-in-a-workflow
+ - >-
+ /actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners
+ - >-
+ /actions/hosting-your-own-runners/managing-self-hosted-runners/using-self-hosted-runners-in-a-workflow
- >-
/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups
- >-
@@ -79,11 +86,16 @@ create_actions:
your project? Learn how to build shareable actions and publish them to
GitHub Marketplace.
guides:
- - /actions/creating-actions/about-custom-actions
- - /actions/creating-actions/creating-a-docker-container-action
- - /actions/creating-actions/creating-a-javascript-action
- - /actions/creating-actions/creating-a-composite-action
- - /actions/creating-actions/metadata-syntax-for-github-actions
- - /actions/creating-actions/dockerfile-support-for-github-actions
- - /actions/creating-actions/setting-exit-codes-for-actions
- - /actions/creating-actions/publishing-actions-in-github-marketplace
+ - /actions/sharing-automations/creating-actions/about-custom-actions
+ - >-
+ /actions/sharing-automations/creating-actions/creating-a-docker-container-action
+ - /actions/sharing-automations/creating-actions/creating-a-javascript-action
+ - /actions/sharing-automations/creating-actions/creating-a-composite-action
+ - >-
+ /actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions
+ - >-
+ /actions/sharing-automations/creating-actions/dockerfile-support-for-github-actions
+ - >-
+ /actions/sharing-automations/creating-actions/setting-exit-codes-for-actions
+ - >-
+ /actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace
diff --git a/data/learning-tracks/admin.yml b/data/learning-tracks/admin.yml
index 6da821d4eead..c9033f243d1f 100644
--- a/data/learning-tracks/admin.yml
+++ b/data/learning-tracks/admin.yml
@@ -7,12 +7,12 @@ deploy_an_instance:
ghes: '*'
guides:
- /admin/overview/system-overview
- - /admin/installation
+ - /admin/installing-your-enterprise-server
- >-
/admin/administering-your-instance/administering-your-instance-from-the-web-ui
- >-
- /admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance
- - /admin/identity-and-access-management/using-saml-for-enterprise-iam
+ /admin/configuring-settings/configuring-network-settings/configuring-the-hostname-for-your-instance
+ - /admin/managing-iam/using-saml-for-enterprise-iam
upgrade_your_instance:
title: Upgrade your instance
description: >-
@@ -22,17 +22,18 @@ upgrade_your_instance:
ghes: '*'
guides:
- >-
- /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks
+ /admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process
+ - /admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements
- >-
- /admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance
+ /admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks
- >-
- /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements
+ /admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance
- >-
/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise
- >-
/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode
- - >-
- /admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server
+ - /admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot
+ - /admin/upgrading-your-instance/performing-an-upgrade
adopting_github_actions_for_your_enterprise_ghec:
title: Adopt GitHub Actions for your enterprise
description: >-
@@ -42,15 +43,15 @@ adopting_github_actions_for_your_enterprise_ghec:
ghec: '*'
guides:
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
- - /actions/learn-github-actions/understanding-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
+ - /actions/about-github-actions/understanding-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
- - /actions/security-guides/security-hardening-for-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+ - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
- >-
/billing/managing-billing-for-github-actions/about-billing-for-github-actions
adopting_github_actions_for_your_enterprise_ghes:
@@ -62,19 +63,19 @@ adopting_github_actions_for_your_enterprise_ghes:
ghes: '*'
guides:
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
- - /actions/learn-github-actions/understanding-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
+ - /actions/about-github-actions/understanding-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
- - /actions/security-guides/security-hardening-for-github-actions
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
+ - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
- >-
/billing/managing-billing-for-github-actions/about-billing-for-github-actions
increase_fault_tolerance:
@@ -91,11 +92,11 @@ increase_fault_tolerance:
- >-
/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance
- >-
- /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/about-high-availability-configuration
+ /admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration
- >-
- /admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica
+ /admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica
- >-
- /admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer
+ /admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer
improve_security_of_your_instance:
title: Improve the security of your instance
description: >-
@@ -106,18 +107,18 @@ improve_security_of_your_instance:
ghes: '*'
guides:
- >-
- /admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode
+ /admin/configuring-settings/hardening-security-for-your-enterprise/enabling-private-mode
- >-
- /admin/configuration/hardening-security-for-your-enterprise/configuring-tls
+ /admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls
- >-
- /admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors
+ /admin/configuring-settings/hardening-security-for-your-enterprise/troubleshooting-tls-errors
- >-
- /admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation
+ /admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation
- >-
/admin/administering-your-instance/administering-your-instance-from-the-command-line/accessing-the-administrative-shell-ssh
- - /admin/configuration/configuring-network-settings/network-ports
+ - /admin/configuring-settings/configuring-network-settings/network-ports
- >-
- /admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules
+ /admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules
- >-
/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/best-practices-for-user-security
- >-
@@ -133,17 +134,17 @@ configure_github_actions:
ghes: '*'
guides:
- >-
- /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+ /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
- >-
- /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise
+ /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise
- >-
- /admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect
+ /admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect
- >-
- /admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions
+ /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/high-availability-for-github-actions
- >-
- /admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
+ /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
- >-
- /admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment
+ /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment
configure_github_advanced_security:
title: Configure {% data variables.product.prodname_GH_advanced_security %}
description: >-
@@ -155,15 +156,15 @@ configure_github_advanced_security:
- >-
/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security
- >-
- /admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise
+ /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise
- >-
- /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance
+ /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance
- >-
- /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
+ /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
- >-
- /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance
+ /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance
- >-
- /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise
+ /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise
get_started_with_your_enterprise_account:
title: Get started with your enterprise account
description: >-
@@ -181,6 +182,6 @@ get_started_with_your_enterprise_account:
- >-
/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise
- >-
- /admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise
+ /admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise
- >-
- /admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies
+ /admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies
diff --git a/data/learning-tracks/code-security.yml b/data/learning-tracks/code-security.yml
index bd2bb21f1bd0..1f5d26db59e5 100644
--- a/data/learning-tracks/code-security.yml
+++ b/data/learning-tracks/code-security.yml
@@ -112,27 +112,36 @@ secret_scanning:
Set up secret scanning to guard against accidental check-ins of tokens,
passwords, and other secrets to your repository.
guides:
- - /code-security/secret-scanning/about-secret-scanning
+ - /code-security/secret-scanning/introduction/about-secret-scanning
+ - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository
+ - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository
- >-
- /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
+ {% ifversion secret-scanning-validity-check-partner-patterns %}
+ /code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository{% endif %}
- >-
{% ifversion not fpt
- %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning{%
+ %}/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning{%
endif %}
- /code-security/secret-scanning/managing-alerts-from-secret-scanning
- - /code-security/secret-scanning/secret-scanning-patterns
+ - /code-security/secret-scanning/introduction/supported-secret-scanning-patterns
- >-
{% ifversion secret-scanning-push-protection
- %}/code-security/secret-scanning/push-protection-for-repositories-and-organizations{%
+ %}/code-security/secret-scanning/introduction/about-push-protection{%
endif %}
- >-
{% ifversion secret-scanning-push-protection-for-users
- %}/code-security/secret-scanning/push-protection-for-users{% endif %}
+ %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users{%
+ endif %}
- >-
{% ifversion secret-scanning-push-protection
- %}/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection{%
+ %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line{%
endif %}
- - /code-security/secret-scanning/troubleshooting-secret-scanning
+ - >-
+ {% ifversion secret-scanning-push-protection
+ %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui{%
+ endif %}
+ - >-
+ /code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning
security_alerts:
title: Explore and manage security alerts
description: Learn where to find and resolve security alerts.
diff --git a/data/release-notes/PLACEHOLDER-TEMPLATE.yml b/data/release-notes/PLACEHOLDER-TEMPLATE.yml
index b510d0814bfd..37f203175217 100644
--- a/data/release-notes/PLACEHOLDER-TEMPLATE.yml
+++ b/data/release-notes/PLACEHOLDER-TEMPLATE.yml
@@ -8,7 +8,7 @@ intro: |
>
> If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
- For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+ For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
sections:
# Remove section heading if the section contains no notes.
diff --git a/data/release-notes/enterprise-server/3-10/15.yml b/data/release-notes/enterprise-server/3-10/15.yml
new file mode 100644
index 000000000000..f7c8ebdb10a9
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-10/15.yml
@@ -0,0 +1,139 @@
+date: '2024-07-19'
+intro: |
+
+ >[!NOTE] Due to a bug that caused hotpatch upgrades to fail for instances on Microsoft Azure, the previous patch release in this series (**3.10.14**) is not available for download. The following release notes include the updates introduced in that release.
+
+ {% warning %}
+
+ **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.14-known-issues)" section of these release notes.
+
+ {% endwarning %}
+sections:
+ security_fixes:
+ - |
+ **HIGH**: An attacker could cause unbounded resource exhaustion on the instance by sending a large payload to the Git server. To mitigate this issue, GitHub has limited the count of "have" and "want" lines for Git read operations. GitHub has requested CVE ID [CVE-2024-5795](https://www.cve.org/cverecord?id=CVE-2024-5795) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related {% data variables.product.pat_generic %}. GitHub has requested CVE ID [CVE-2024-5566](https://www.cve.org/cverecord?id=CVE-2024-5566) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized access in a public repository using a suspended GitHub App via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. GitHub has requested CVE ID [CVE-2024-5816](https://www.cve.org/cverecord?id=CVE-2024-5816) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could execute a Cross Site Request Forgery (CSRF) attack to perform write operations on a victim-owned repository in GitHub Enterprise Server by exploiting incorrect request types. A mitigating factor is that the attacker has to be a trusted user and the victim has to visit a tag in the attacker's fork of their own repository. GitHub has requested CVE ID [CVE-2024-5815](https://nvd.nist.gov/vuln/detail/CVE-2024-5815) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the name of a private repository on the GitHub Enterprise Server appliance when the private repository has a deploy key associated to it. GitHub has requested CVE ID [CVE-2024-6395](https://www.cve.org/cverecord?id=CVE-2024-6395) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **LOW:** Instance administrators could see fine-grained {% data variables.product.pat_generic_plural %} in plaintext in the babeld and gitauth logs.
+ - |
+ **LOW:** An attacker with read access to a project could use the REST API to view a list of all members in an organization, including members who had made their membership private. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **LOW:** An attacker could include MathJax syntax in Markdown to bypass GitHubs normal restrictions on CSS properties in Markdown. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **MEDIUM:** An attacker could disclose sensitive information from a private repository exploiting organization ruleset features. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. GitHub has requested CVE ID [CVE-2024-6336](https://www.cve.org/cverecord?id=CVE-2024-6336) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Firewall port 9199, which linked to a static maintenance page used when enabling maintenance mode with an IP exception list, was opened unnecessarily.
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When an instance hosted on Azure was upgraded with a hotpatch, the upgrade failed with an `rsync` error.
+ - |
+ On an instance with GitHub Actions enabled, remote blob storage could fill up with large amounts of data because cleanup jobs were skipped on old hosts.
+ - |
+ In some cases, commands run in an administrative SSH shell were not written to the audit log.
+ - |
+ When an administrator submitted support data to GitHub Support, spokesd keys were incorrectly sanitized.
+ - |
+ When log forwarding was enabled, some specific service logs, including babeld, gitauth, unicorn, and resqued, were duplicated.
+ - |
+ During the initial boot of an instance, a data disk attached as `/dev/sdb` may not have been recognized as an available disk.
+ - |
+ In some cases, the HAProxy `kill_timeout` setting caused service outages during upgrades or large transactions.
+ - |
+ The `ssh-audit-log.sh` script did not effectively log SSH commands, and the `ghe-sanitize-log.psed` script inadequately sanitized password-related logs.
+ - |
+ The default MSSQL timeout of 8 seconds sometimes caused issues during administrator activities. The default timeout has been increased to 30 seconds.
+ - |
+ For an instance running on Microsoft Azure, the user disk service failed to start because the attached volume could not be found.
+ - |
+ Establishing a new GitHub Connect connection could fail with a 500 error.
+ - |
+ When using `ghe-migrator` to migrate a repository, the links for pull requests merge commits were not imported.
+ - |
+ In some cases, reading data from repositories with a large number of objects would result in timeout or error.
+ - |
+ When a user used the REST API endpoints that returned secret scanning alerts at the repository or organization level with non-cursor-based pagination (for example, without `before` or `after` query parameters), the REST API endpoints for secret scanning returned incorrect `Link` headers.
+ - |
+ On instances with SAML authentication configured, users were unable to sign out and became stuck in an infinite SAML SSO loop.
+ - |
+ Deleting a branch that was targeted by many pull requests could result in delayed job processing and increased system memory usage.
+ - |
+ On an instance that restricts emails to verified domains, secret scanning emails would sometimes be sent to an unverified domain.
+ - |
+ In some cases, on the "Files" tab of a pull request, a comment on the first line did not render.
+ - |
+ Some organizations were not recognized as part of an instance's enterprise account.
+ - |
+ Some users would encounter an error when navigating to their personal security settings page at `https://HOSTNAME/settings/security`.
+ - |
+ On the "Code scanning" page of a repository, the branch filter did not correctly display all branches.
+ - |
+ Users viewing the alerts index page experienced inconsistencies in rendering the closed alert state.
+ - |
+ Organizations named "C" were incorrectly routed to the GitHub Enterprise Server contact page instead of their organization page.
+ - |
+ When servers responded with unsupported characters, webhook deliveries were not displayed in the UI.
+ - |
+ Chat integrations required frequent reauthentication, as a result of new app installations overwriting previous ones.
+ - |
+ On an instance in a cluster configuration, the `ghe-spokesctl ssh` command did not select the correct Nomad container when running a command within a git repository.
+ - |
+ On an instance with a GitHub Advanced Security license, disabling and re-enabling GitHub Advanced Security for an organization resulted in redundant scans of some repositories.
+ changes:
+ - |
+ The timeout for requests made to the REST API endpoints for secret scanning has been extended.
+ - |
+ When a user changes a repository's visibility to public, the user is now warned that previous Actions history and logs will become public as well.
+ - |
+ When using the `ghe-webhook-logs` utility, webhook delivery logs can be filtered by event and action. Users can use `ghe-webhook-logs --event issues` to filter by event, or `ghe-webhook-logs --event issues.opened` to filter by event and action.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
+ - |
+ {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
+ - |
+ {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
+ - |
+ {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
+ - |
+ After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
+ - |
+ {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
+ - |
+ The reply.[hostname] subdomain is falsely always displaying as having no ssl and dns record, when testing the domain settings via management console **without subdomain isolation**.
+ - |
+ _Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised._
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
diff --git a/data/release-notes/enterprise-server/3-10/16.yml b/data/release-notes/enterprise-server/3-10/16.yml
new file mode 100644
index 000000000000..67e6d06c10fe
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-10/16.yml
@@ -0,0 +1,95 @@
+date: '2024-08-20'
+intro: |
+ {% warning %}
+
+ **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.16-known-issues)" section of these release notes.
+
+ {% endwarning %}
+sections:
+ features:
+ - |
+ Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management.
+ security_fixes:
+ - |
+ **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities.
+ - |
+ The `ghe-config-apply` process made an unnecessary number of connections to Redis.
+ - |
+ Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied.
+ - |
+ The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint.
+ - |
+ On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled.
+ - |
+ On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`.
+ - |
+ Some users were unable to delete project views.
+ - |
+ Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions.
+ - |
+ Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed
+ - |
+ The `github-stream-processor` service could get into a state where it would continually fail to process messages with a `TRILOGY_CLOSED_CONNECTION` error.
+ - |
+ A corrupted entry in the Git audit log could cause out of memory errors.
+ - |
+ Fixes and improvements for the git core module.
+ changes:
+ - |
+ Actions KPI logs are disabled by default to reduce log size.
+ - |
+ Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
+ - |
+ {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
+ - |
+ {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
+ - |
+ {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
+ - |
+ After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
+ - |
+ {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
+ - |
+ The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation.
+ - |
+ When log forwarding is enabled, some forwarded log entries may be duplicated.
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run.
diff --git a/data/release-notes/enterprise-server/3-11/0.yml b/data/release-notes/enterprise-server/3-11/0.yml
index 08613d94ff5e..d80531bcb1ac 100644
--- a/data/release-notes/enterprise-server/3-11/0.yml
+++ b/data/release-notes/enterprise-server/3-11/0.yml
@@ -364,5 +364,11 @@ sections:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
+ # https://github.com/github/docs-content/issues/14995
+ - heading: Elasticsearch index `repository-stack` is no longer in use
+ notes:
+ - |
+ The Elasticsearch index `repository-stacks` is no longer in use. [Updated: 2024-06-24]
+
errata:
- 'The "[Changes](/admin/release-notes#3.11.0-changes)" section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]'
diff --git a/data/release-notes/enterprise-server/3-11/13.yml b/data/release-notes/enterprise-server/3-11/13.yml
new file mode 100644
index 000000000000..598961697bfb
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-11/13.yml
@@ -0,0 +1,163 @@
+date: '2024-07-19'
+intro: |
+
+ >[!NOTE] Due to a bug that caused hotpatch upgrades to fail for instances on Microsoft Azure, the previous patch release in this series (**3.11.12**) is not available for download. The following release notes include the updates introduced in that release.
+sections:
+ security_fixes:
+ - |
+ **HIGH**: An attacker could cause unbounded resource exhaustion on the instance by sending a large payload to the Git server. To mitigate this issue, GitHub has limited the count of "have" and "want" lines for Git read operations. GitHub has requested CVE ID [CVE-2024-5795](https://www.cve.org/cverecord?id=CVE-2024-5795) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related {% data variables.product.pat_generic %}. GitHub has requested CVE ID [CVE-2024-5566](https://www.cve.org/cverecord?id=CVE-2024-5566) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized access in a public repository using a suspended GitHub App via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. GitHub has requested CVE ID [CVE-2024-5816](https://www.cve.org/cverecord?id=CVE-2024-5816) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could execute a Cross Site Request Forgery (CSRF) attack to perform write operations on a victim-owned repository in GitHub Enterprise Server by exploiting incorrect request types. A mitigating factor is that the attacker has to be a trusted user and the victim has to visit a tag in the attacker's fork of their own repository. GitHub has requested CVE ID [CVE-2024-5815](https://nvd.nist.gov/vuln/detail/CVE-2024-5815) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the name of a private repository on the GitHub Enterprise Server appliance when the private repository has a deploy key associated to it. GitHub has requested CVE ID [CVE-2024-6395](https://www.cve.org/cverecord?id=CVE-2024-6395) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **LOW:** Instance administrators could see fine-grained {% data variables.product.pat_generic_plural %} in plaintext in the babeld and gitauth logs.
+ - |
+ **LOW:** An attacker with read access to a project could use the REST API to view a list of all members in an organization, including members who had made their membership private. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **LOW:** An attacker could include MathJax syntax in Markdown to bypass GitHubs normal restrictions on CSS properties in Markdown. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **MEDIUM:** An attacker could disclose sensitive information from a private repository exploiting organization ruleset features. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. GitHub has requested CVE ID [CVE-2024-6336](https://www.cve.org/cverecord?id=CVE-2024-6336) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When an instance hosted on Azure was upgraded with a hotpatch, the upgrade failed with an `rsync` error.
+ - |
+ On an instance with GitHub Actions enabled, remote blob storage could fill up with large amounts of data because cleanup jobs were skipped on old hosts.
+ - |
+ The threshold set by `server_rejoin_age_max` for single-node GHES deployments was too low.
+ - |
+ In some cases, commands run in an administrative SSH shell were not written to the audit log.
+ - |
+ When an administrator submitted support data to GitHub Support, spokesd keys were incorrectly sanitized.
+ - |
+ When log forwarding was enabled, some specific service logs, including babeld, gitauth, unicorn, and resqued, were duplicated.
+ - |
+ During the initial boot of an instance, a data disk attached as `/dev/sdb` may not have been recognized as an available disk.
+ - |
+ In a high availablity configuration, running `ghe-repl-node` multiple times from a node that did not have replication running had the potential to overwrite the configuration on the primary node.
+ - |
+ Configuration history is only generated for instances in a cluster, high availability (HA) cluster, or standalone HA configuration. The current node must be a primary or replica node with replication running.
+ - |
+ In some cases, the HAProxy `kill_timeout` setting caused service outages during upgrades or large transactions.
+ - |
+ The `ssh-audit-log.sh` script did not effectively log SSH commands, and the `ghe-sanitize-log.psed` script inadequately sanitized password-related logs.
+ - |
+ The default MSSQL timeout of 8 seconds sometimes caused issues during administrator activities. The default timeout has been increased to 30 seconds.
+ - |
+ For an instance running on Microsoft Azure, the user disk service failed to start because the attached volume could not be found.
+ - |
+ Establishing a new GitHub Connect connection could fail with a 500 error.
+ - |
+ When using `ghe-migrator` to migrate a repository, the links for pull requests merge commits were not imported.
+ - |
+ When a user used the REST API endpoints that returned secret scanning alerts at the repository or organization level with non-cursor-based pagination (for example, without `before` or `after` query parameters), the REST API endpoints for secret scanning returned incorrect `Link` headers.
+ - |
+ On certain branch names, the branch info bar was causing frozen string errors.
+ - |
+ On instances with SAML authentication configured, users were unable to sign out and became stuck in an infinite SAML SSO loop.
+ - |
+ On instances with SCIM enabled, the administrator was unable to view users without an external identity record (for example, because they were provisioned before SCIM was enabled on the instance) in stafftools.
+ - |
+ On instances enrolled in the SCIM private beta, built-in authentication users can be added to organizations and teams. Organization owners will no longer see the misleading message that the organization membership is managed by the SAML identity provider when updating organization memberships.
+ - |
+ Enterprise owners managed by an identity provider were asked to authenticate within GitHub when performing privileged actions.
+ - |
+ On an instance that restricts emails to verified domains, secret scanning emails would sometimes be sent to an unverified domain.
+ - |
+ In some cases, on the "Files" tab of a pull request, a comment on the first line did not render.
+ - |
+ Some organizations were not recognized as part of an instance's enterprise account.
+ - |
+ Some users would encounter an error when navigating to their personal security settings page at `https://HOSTNAME/settings/security`.
+ - |
+ The `SpokesSyncCacheReplicaJob` could not initialize in some cases, resulting in an exception when handling the error.
+ - |
+ On the "Code scanning" page of a repository, the branch filter did not correctly display all branches.
+ - |
+ When including a `.gitignore` or `README.md` file on repository creation failed due to a ruleset or pre-receive hook, no error message displayed.
+ - |
+ On an instance with a GitHub Advanced Security license, requests to the `/enterprises/{enterprise}/settings/billing/advanced-security` REST API endpoint could fail due to timeout.
+ - |
+ Users viewing the alerts index page experienced inconsistencies in rendering the closed alert state.
+ - |
+ Organizations named "C" were incorrectly routed to the GitHub Enterprise Server contact page instead of their organization page.
+ - |
+ On an instance with a GitHub Advanced Security license, commits made by users who do not belong to an organization were not counted.
+ - |
+ When servers responded with unsupported characters, webhook deliveries were not displayed in the UI.
+ - |
+ Chat integrations required frequent reauthentication, as a result of new app installations overwriting previous ones.
+ - |
+ On an instance in a cluster configuration, the `ghe-spokesctl ssh` command did not select the correct Nomad container when running a command within a Git repository.
+ - |
+ On an instance with a GitHub Advanced Security license, disabling and re-enabling GitHub Advanced Security for an organization resulted in redundant scans of some repositories.
+ - |
+ On an instance with a GitHub Advanced Security license, contributions were not tracked on public repositories.
+ - |
+ On an instance with a GitHub Advanced Security license, the "adjust configuration" step failed when enabling code scanning with the default setup on self-hosted Windows runners.
+ - |
+ Migration of the `issue_edits` table caused intermittent failures during the upgrade to GitHub Enterprise Server version 3.11, resulting in the error message `ActiveRecord::ConcurrentMigrationError: Failed to release advisory lock.` [Updated: 2024-08-14]
+ changes:
+ - |
+ In a high availability configuration, users can only run `ghe-config-apply` or `ghe-cluster-config-apply` on a replica node if replication is already running (from `ghe-repl-start`). If replication isnt running on the node, the user will be instructed to start replication.
+ - |
+ Configuration history has been extended. When `ghe-config-apply`, `ghe-cluster-config-apply`, or `ghe-config-archive` is run: `secrets.conf` is captured, a sha256sum for each of the current configuration files is included, the existing patch that is generated includes `secrets.conf`, and an additional sanitized patch that excludes `secrets.conf` is also generated.
+ - |
+ The timeout for requests made to the REST API endpoints for secret scanning has been extended.
+ - |
+ A more specific error message is shown when a non-provisioned user tried to sign in to an instance with SCIM enabled.
+ - |
+ When a user changes a repository's visibility to public, the user is now warned that previous Actions history and logs will become public as well.
+ - |
+ A more specific error message is shown when a deprovisioned user attempts signing into an instance with SCIM enabled.
+ - |
+ In the audit logs, administrators can see more context for failed user authentication attempts using LDAP.
+ - |
+ The system logs provide more context for authentication failures related to multi-factor authentication.
+ - |
+ When using the `ghe-webhook-logs` utility, webhook delivery logs can be filtered by event and action. Users can use `ghe-webhook-logs --event issues` to filter by event, or `ghe-webhook-logs --event issues.opened` to filter by event and action.
+ - |
+ To avoid excessive log volume and associated disk pressure, requests for `GetCacheKey` are no longer logged. Previously, the high frequency of these requests caused significant log accumulation.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
+ - |
+ Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions.
+ - |
+ Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations.
+ - |
+ The reply.[hostname] subdomain is falsely always displaying as having no ssl and dns record, when testing the domain settings via management console **without subdomain isolation**.
+ - |
+ _Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised._
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
diff --git a/data/release-notes/enterprise-server/3-11/14.yml b/data/release-notes/enterprise-server/3-11/14.yml
new file mode 100644
index 000000000000..c738cc36025e
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-11/14.yml
@@ -0,0 +1,107 @@
+date: '2024-08-20'
+sections:
+ features:
+ - |
+ Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management.
+ security_fixes:
+ - |
+ **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could update the `title`, `assignees`, and `labels` of any issue inside a public repository. This was only exploitable inside a public repository, and private/internal repositories were not affected. GitHub has requested CVE ID [CVE-2024-7711](https://www.cve.org/cverecord?id=CVE-2024-7711) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ During hotpatching and sometimes when applying configuration changes, a configuration run to upgrade the GitHub Actions service was unnecessarily triggered. The GitHub Actions service will only be upgraded in GitHub Enterprise Server feature releases.
+ - |
+ On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities.
+ - |
+ The `ghe-config-apply` process made an unnecessary number of connections to Redis.
+ - |
+ Restarting the `resolvconf` service would not correctly update the contents of `/etc/resolv.conf`.
+ - |
+ Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied.
+ - |
+ The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint.
+ - |
+ The `ghe-migrations` utility for visualizing migrations did not work due to a regression. Administrators can now run `ghe-migrations` to view the progress and status of `github` migrations, or run `ghe-migrations --all` to view progress on all services.
+ - |
+ On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled.
+ - |
+ On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`.
+ - |
+ Site administrators could not switch maintenance mode directly from "scheduled" to "on," or vice versa.
+ - |
+ Some users were unable to delete project views.
+ - |
+ When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes.
+ - |
+ Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions.
+ - |
+ Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed
+ - |
+ The `github-stream-processor` service could get into a state where it would continually fail to process messages with a `TRILOGY_CLOSED_CONNECTION` error.
+ - |
+ The wrong help link was displayed when push protection blocked a secret from the CLI.
+ - |
+ For repositories with issues disabled, issue links were redirected to pull requests.
+ - |
+ In custom pre-receive hooks, the paths stored in environment variables that allow for newly pushed objects to be in a quarantine directory could be incorrectly interpreted as relative to a worktree instead of the Git directory, causing certain commands to fail to read from the repository. The variables now use absolute paths.
+ - |
+ A corrupted entry in the Git audit log could cause out of memory errors.
+ - |
+ Fixes and improvements for the git core module.
+ changes:
+ - |
+ Actions KPI logs are disabled by default to reduce log size.
+ - |
+ Users can set their styling preference for link underlines in the web interface, on their "Accessibility" settings page.
+ - |
+ Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
+ - |
+ Repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions.
+ - |
+ Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations.
+ - |
+ The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation.
+ - |
+ When log forwarding is enabled, some forwarded log entries may be duplicated.
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run.
+ - |
+ {% data reusables.release-notes.2024-08-resolvconf-wont-start %}
+
+ [Updated: 2024-08-26]
diff --git a/data/release-notes/enterprise-server/3-12/0-rc1.yml b/data/release-notes/enterprise-server/3-12/0-rc1.yml
index 33a8243491db..c8fa66d0e5fe 100644
--- a/data/release-notes/enterprise-server/3-12/0-rc1.yml
+++ b/data/release-notes/enterprise-server/3-12/0-rc1.yml
@@ -15,7 +15,7 @@ sections:
notes:
# https://github.com/github/releases/issues/3542
- |
- To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)."
+ To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)."
# https://github.com/github/releases/issues/3531
- |
When backing up an instance in a cluster configuration using GitHub Enterprise Server Backup Utilities, the pre-flight routine includes a health check for all nodes and notifies administrators of any issues before the backup begins.
@@ -185,4 +185,3 @@ sections:
notes:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
-
diff --git a/data/release-notes/enterprise-server/3-12/0.yml b/data/release-notes/enterprise-server/3-12/0.yml
index 53ab27a2bb47..ea7d665bdd72 100644
--- a/data/release-notes/enterprise-server/3-12/0.yml
+++ b/data/release-notes/enterprise-server/3-12/0.yml
@@ -10,7 +10,7 @@ sections:
notes:
# https://github.com/github/releases/issues/3542
- |
- To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)."
+ To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)."
# https://github.com/github/releases/issues/3531
- |
When backing up an instance in a cluster configuration using GitHub Enterprise Server Backup Utilities, the pre-flight routine includes a health check for all nodes and notifies administrators of any issues before the backup begins.
@@ -25,7 +25,7 @@ sections:
# https://github.com/github/releases/issues/3802
- |
On an instance in a cluster configuration, administrators can more easily configure or tear down a high availability replica of the cluster. For more information, see the documentation for the following utilities in the "Command-line utilities" article:
-
+
- [`ghe-cluster-repl-bootstrap`](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-repl-bootstrap)
- [`ghe-cluster-repl-teardown`](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-repl-teardown)
diff --git a/data/release-notes/enterprise-server/3-12/7.yml b/data/release-notes/enterprise-server/3-12/7.yml
new file mode 100644
index 000000000000..8b11e53bce90
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-12/7.yml
@@ -0,0 +1,169 @@
+date: '2024-07-19'
+intro: |
+
+ >[!NOTE] Due to a bug that caused hotpatch upgrades to fail for instances on Microsoft Azure, the previous patch release in this series (**3.12.6**) is not available for download. The following release notes include the updates introduced in that release.
+sections:
+ security_fixes:
+ - |
+ **HIGH**: An attacker could cause unbounded resource exhaustion on the instance by sending a large payload to the Git server. To mitigate this issue, GitHub has limited the count of "have" and "want" lines for Git read operations. GitHub has requested CVE ID [CVE-2024-5795](https://www.cve.org/cverecord?id=CVE-2024-5795) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related {% data variables.product.pat_generic %}. GitHub has requested CVE ID [CVE-2024-5566](https://www.cve.org/cverecord?id=CVE-2024-5566) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized access in a public repository using a suspended GitHub App via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. GitHub has requested CVE ID [CVE-2024-5816](https://www.cve.org/cverecord?id=CVE-2024-5816) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could execute a Cross Site Request Forgery (CSRF) attack to perform write operations on a victim-owned repository in GitHub Enterprise Server by exploiting incorrect request types. A mitigating factor is that the attacker has to be a trusted user and the victim has to visit a tag in the attacker's fork of their own repository. GitHub has requested CVE ID [CVE-2024-5815](https://nvd.nist.gov/vuln/detail/CVE-2024-5815) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the name of a private repository on the GitHub Enterprise Server appliance when the private repository has a deploy key associated to it. GitHub has requested CVE ID [CVE-2024-6395](https://www.cve.org/cverecord?id=CVE-2024-6395) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **LOW:** Instance administrators could see fine-grained {% data variables.product.pat_generic_plural %} in plaintext in the babeld and gitauth logs.
+ - |
+ **LOW:** An attacker with read access to a project could use the REST API to view a list of all members in an organization, including members who had made their membership private. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **LOW:** An attacker could include MathJax syntax in Markdown to bypass GitHubs normal restrictions on CSS properties in Markdown. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **MEDIUM:** An attacker could disclose sensitive information from a private repository exploiting organization ruleset features. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. GitHub has requested CVE ID [CVE-2024-6336](https://www.cve.org/cverecord?id=CVE-2024-6336) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When an instance hosted on Azure was upgraded with a hotpatch, the upgrade failed with an `rsync` error.
+ - |
+ On an instance with GitHub Actions enabled, remote blob storage could fill up with large amounts of data because cleanup jobs were skipped on old hosts.
+ - |
+ The `ghe-cluster-repl-status` command could be run on instance configurations other than high-availability clusters, resulting in an incorrect or incomplete status.
+ - |
+ The threshold set by `server_rejoin_age_max` for single-node GHES deployments was too low.
+ - |
+ In some cases, commands run in an administrative SSH shell were not written to the audit log.
+ - |
+ When an administrator submitted support data to GitHub Support, spokesd keys were incorrectly sanitized.
+ - |
+ When log forwarding was enabled, some specific service logs, including babeld, gitauth, unicorn, and resqued, were duplicated.
+ - |
+ During the initial boot of an instance, a data disk attached as `/dev/sdb` may not have been recognized as an available disk.
+ - |
+ In a high availablity configuration, running `ghe-repl-node` multiple times from a node that did not have replication running had the potential to overwrite the configuration on the primary node.
+ - |
+ Configuration history is only generated for instances in a cluster, high availability (HA) cluster, or standalone HA configuration. The current node must be a primary or replica node with replication running.
+ - |
+ In some cases, the HAProxy `kill_timeout` setting caused service outages during upgrades or large transactions.
+ - |
+ The `ssh-audit-log.sh` script did not effectively log SSH commands, and the `ghe-sanitize-log.psed` script inadequately sanitized password-related logs.
+ - |
+ The default MSSQL timeout of 8 seconds sometimes caused issues during administrator activities. The default timeout has been increased to 30 seconds.
+ - |
+ For an instance running on Microsoft Azure, the user disk service failed to start because the attached volume could not be found.
+ - |
+ Establishing a new GitHub Connect connection could fail with a 500 error.
+ - |
+ When using `ghe-migrator` to migrate a repository, the links for pull requests merge commits were not imported.
+ - |
+ When a user used the REST API endpoints that returned secret scanning alerts at the repository or organization level with non-cursor-based pagination (for example, without `before` or `after` query parameters), the REST API endpoints for secret scanning returned incorrect `Link` headers.
+ - |
+ On certain branch names, the branch info bar was causing frozen string errors.
+ - |
+ On instances with SAML authentication configured, users were unable to sign out and became stuck in an infinite SAML SSO loop.
+ - |
+ On instances with SCIM enabled, the administrator was unable to view users without an external identity record (for example, because they were provisioned before SCIM was enabled on the instance) in stafftools.
+ - |
+ After navigating to a discussion, the link underline for the Discussions tab in the GitHub UI incorrectly appeared under the Settings tab heading.
+ - |
+ On instances enrolled in the SCIM private beta, built-in authentication users can be added to organizations and teams. Organization owners will no longer see the misleading message that the organization membership is managed by the SAML identity provider when updating organization memberships.
+ - |
+ Enterprise owners managed by an identity provider were asked to authenticate within GitHub when performing privileged actions.
+ - |
+ On an instance that restricts emails to verified domains, secret scanning emails would sometimes be sent to an unverified domain.
+ - |
+ In some cases, on the "Files" tab of a pull request, a comment on the first line did not render.
+ - |
+ Some organizations were not recognized as part of an instance's enterprise account.
+ - |
+ Some users would encounter an error when navigating to their personal security settings page at `https://HOSTNAME/settings/security`.
+ - |
+ The `SpokesSyncCacheReplicaJob` could not initialize in some cases, resulting in an exception when handling the error.
+ - |
+ In the sidebar menu that is displayed when a user clicks their profile picture, users who are not enterprise owners saw an "Enterprise settings" option, linking to the main page of an enterprise. This option is now labeled "Your enterprise".
+ - |
+ On the "Code scanning" page of a repository, the branch filter did not correctly display all branches.
+ - |
+ When including a `.gitignore` or `README.md` file on repository creation failed due to a ruleset or pre-receive hook, no error message displayed.
+ - |
+ On an instance with a GitHub Advanced Security license, requests to the `/enterprises/{enterprise}/settings/billing/advanced-security` REST API endpoint could fail due to timeout.
+ - |
+ On some instances, users were unable to save historical insights charts for Projects.
+ - |
+ The setting to enable or view non-provider patterns was not available for public repositories.
+ - |
+ Users viewing the alerts index page experienced inconsistencies in rendering the closed alert state.
+ - |
+ Organizations named "C" were incorrectly routed to the GitHub Enterprise Server contact page instead of their organization page.
+ - |
+ On an instance with a GitHub Advanced Security license, commits made by users who do not belong to an organization were not counted.
+ - |
+ When servers responded with unsupported characters, webhook deliveries were not displayed in the UI.
+ - |
+ Chat integrations required frequent reauthentication, as a result of new app installations overwriting previous ones.
+ - |
+ On an instance in a cluster configuration, the `ghe-spokesctl ssh` command did not select the correct Nomad container when running a command within a Git repository.
+ - |
+ On an instance with a GitHub Advanced Security license, disabling and re-enabling GitHub Advanced Security for an organization resulted in redundant scans of some repositories.
+ - |
+ On an instance with a GitHub Advanced Security license, contributions were not tracked on public repositories.
+ - |
+ On an instance with a GitHub Advanced Security license, the "adjust configuration" step failed when enabling code scanning with the default setup on self-hosted Windows runners.
+ - |
+ Migration of the `issue_edits` table caused intermittent failures during the upgrade to GitHub Enterprise Server version 3.12, resulting in the error message `ActiveRecord::ConcurrentMigrationError: Failed to release advisory lock.` [Updated: 2024-08-14]
+ changes:
+ - |
+ In a high availability configuration, users can only run `ghe-config-apply` or `ghe-cluster-config-apply` on a replica node if replication is already running (from `ghe-repl-start`). If replication isnt running on the node, the user will be instructed to start replication.
+ - |
+ Configuration history has been extended. When `ghe-config-apply`, `ghe-cluster-config-apply`, or `ghe-config-archive` is run: `secrets.conf` is captured, a sha256sum for each of the current configuration files is included, the existing patch that is generated includes `secrets.conf`, and an additional sanitized patch that excludes `secrets.conf` is also generated.
+ - |
+ The timeout for requests made to the REST API endpoints for secret scanning has been extended.
+ - |
+ A more specific error message is shown when a non-provisioned user tried to sign in to an instance with SCIM enabled.
+ - |
+ When a user changes a repository's visibility to public, the user is now warned that previous Actions history and logs will become public as well.
+ - |
+ A more specific error message is shown when a deprovisioned user attempts signing into an instance with SCIM enabled.
+ - |
+ In the audit logs, administrators can see more context for failed user authentication attempts using LDAP.
+ - |
+ The system logs provide more context for authentication failures related to multi-factor authentication.
+ - |
+ When using the `ghe-webhook-logs` utility, webhook delivery logs can be filtered by event and action. Users can use `ghe-webhook-logs --event issues` to filter by event, or `ghe-webhook-logs --event issues.opened` to filter by event and action.
+ - |
+ To avoid excessive log volume and associated disk pressure, requests for `GetCacheKey` are no longer logged. Previously, the high frequency of these requests caused significant log accumulation.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions.
+ - |
+ Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations.
+ - |
+ The reply.[hostname] subdomain is falsely always displaying as having no ssl and dns record, when testing the domain settings via management console **without subdomain isolation**.
+ - |
+ _Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised._
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
diff --git a/data/release-notes/enterprise-server/3-12/8.yml b/data/release-notes/enterprise-server/3-12/8.yml
new file mode 100644
index 000000000000..d3683b583e77
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-12/8.yml
@@ -0,0 +1,115 @@
+date: '2024-08-20'
+sections:
+ features:
+ - |
+ Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management.
+ security_fixes:
+ - |
+ **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could update the `title`, `assignees`, and `labels` of any issue inside a public repository. This was only exploitable inside a public repository, and private/internal repositories were not affected. GitHub has requested CVE ID [CVE-2024-7711](https://www.cve.org/cverecord?id=CVE-2024-7711) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ During hotpatching and sometimes when applying configuration changes, a configuration run to upgrade the GitHub Actions service was unnecessarily triggered. The GitHub Actions service will only be upgraded in GitHub Enterprise Server feature releases.
+ - |
+ On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities.
+ - |
+ The `ghe-config-apply` process made an unnecessary number of connections to Redis.
+ - |
+ Upgrading the Dependency Graph sometimes failed due to outdated data from `go.sum` manifests.
+ - |
+ Restarting the `resolvconf` service would not correctly update the contents of `/etc/resolv.conf`.
+ - |
+ Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied.
+ - |
+ The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint.
+ - |
+ The `ghe-migrations` utility for visualizing migrations did not work due to a regression. Administrators can now run `ghe-migrations` to view the progress and status of `github` migrations, or run `ghe-migrations --all` to view progress on all services.
+ - |
+ On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled.
+ - |
+ During support bundle generation or when running `ghe-diagnostics`, filesystem usage for the Elasticsearch data directory was not be included.
+ - |
+ On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`.
+ - |
+ Site administrators could not switch maintenance mode directly from "scheduled" to "on," or vice versa.
+ - |
+ Some users were unable to delete project views.
+ - |
+ On the repository settings page for GitHub Pages, users saw an option to upgrade to GitHub Enterprise to use GitHub Pages with private visibility.
+ - |
+ When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes.
+ - |
+ Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions.
+ - |
+ On an instance with subdomain isolation enabled, images served from a subdomain or external source did not render correctly in issues opened in the Projects side panel.
+ - |
+ In tag input fields, such as when adding topics to a repository, pressing space did not start a new tag.
+ - |
+ Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed
+ - |
+ The wrong help link was displayed when push protection blocked a secret from the CLI.
+ - |
+ For repositories with issues disabled, issue links were redirected to pull requests.
+ - |
+ Fixes and improvements for the git core module.
+ - |
+ In custom pre-receive hooks, the paths stored in environment variables that allow for newly pushed objects to be in a quarantine directory could be incorrectly interpreted as relative to a worktree instead of the Git directory, causing certain commands to fail to read from the repository. The variables now use absolute paths.
+ - |
+ A corrupted entry in the Git audit log could cause out of memory errors.
+ changes:
+ - |
+ Actions KPI logs are disabled by default to reduce log size.
+ - |
+ When running `ghe-support-bundle`, the support bundle includes the Elasticsearch config.
+ - |
+ Users can set their styling preference for link underlines in the web interface, on their "Accessibility" settings page.
+ - |
+ Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ Repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions.
+ - |
+ Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations.
+ - |
+ The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation.
+ - |
+ When log forwarding is enabled, some forwarded log entries may be duplicated.
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run.
+ - |
+ {% data reusables.release-notes.2024-08-resolvconf-wont-start %}
+
+ [Updated: 2024-08-26]
diff --git a/data/release-notes/enterprise-server/3-13/0-rc1.yml b/data/release-notes/enterprise-server/3-13/0-rc1.yml
index 2a876b36d22f..334fea83a8bb 100644
--- a/data/release-notes/enterprise-server/3-13/0-rc1.yml
+++ b/data/release-notes/enterprise-server/3-13/0-rc1.yml
@@ -181,4 +181,4 @@ sections:
As part of sunsetting Subversion compatibility, Subversion support is now disabled by default. Subversion can be re-enabled in the 3.13 release series by setting `app.svnbridge.enabled = true`. In 3.14, subversion support will be permanently removed. For more information, see [Sunsetting Subversion support](https://github.blog/2023-01-20-sunsetting-subversion-support/) on the GitHub blog.
# https://github.com/github/releases/issues/3859
- |
- The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.14. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
+ The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
diff --git a/data/release-notes/enterprise-server/3-13/0.yml b/data/release-notes/enterprise-server/3-13/0.yml
index 24f448241cd4..9e61b5e3bb48 100644
--- a/data/release-notes/enterprise-server/3-13/0.yml
+++ b/data/release-notes/enterprise-server/3-13/0.yml
@@ -183,11 +183,21 @@ sections:
For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node.
- |
Memory utilization may increase after the upgrade. During periods of high traffic, interruptions in service may occur due to insufficient memory allocations for internal components.
-
+ - |
+ Following an upgrade, Elasticsearch search migrations are sometimes incorrectly reported as failing in the audit log, even though the migrations completed successfully. [Updated: 2024-08-02]
+
deprecations:
# https://github.com/github/releases/issues/2732
- |
As part of sunsetting Subversion compatibility, Subversion support is now disabled by default. Subversion can be re-enabled in the 3.13 release series by setting `app.svnbridge.enabled = true`. In 3.14, subversion support will be permanently removed. For more information, see [Sunsetting Subversion support](https://github.blog/2023-01-20-sunsetting-subversion-support/) on the GitHub blog.
# https://github.com/github/releases/issues/3859
- |
- The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.14. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
+ The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
+ # https://github.com/github/releases/issues/3794
+ - |
+ From November 19, 2024, references to v1 and v2 of artifacts actions in GitHub Actions will not resolve. GitHub deprecated v1 and v2 of actions/upload-artifact, actions/download-artifact, and related npm packages on June 30, 2024. You can read more about this deprecation on the [GitHub Blog](https://github.blog/changelog/2024-02-13-deprecation-notice-v1-and-v2-of-the-artifact-actions/). GitHub Enterprise Server instances configured to use GitHub Connect to download these actions will need to store cached copies locally for workflows to continue working. If your local copy of these actions has been removed, use [GitHub Actions Sync](https://github.com/actions/actions-sync) to manually re-download the actions. [Updated: 2024-18-20]
+ # https://github.com/github/releases/issues/3794
+ - |
+ The deprecated v1 and v2 versions of artifacts actions will be removed from GitHub Enterprise Server 3.15 onwards. Users should update their workflows to use v3 or later versions of artifacts actions. [Updated: 2024-18-20]
+ errata:
+ - 'The "[Deprecations](/admin/release-notes#3.13.0-deprecations)" section previously indicated that the Management Console API would be deprecated in GitHub Enterprise Server 3.14. Instead, the Management Console API will be removed in GitHub Enterprise Server 3.15. [Updated: 2024-07-08]'
diff --git a/data/release-notes/enterprise-server/3-13/2.yml b/data/release-notes/enterprise-server/3-13/2.yml
new file mode 100644
index 000000000000..68bb53c9cc1f
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-13/2.yml
@@ -0,0 +1,171 @@
+date: '2024-07-19'
+intro: |
+
+ >[!NOTE] Due to a bug that caused hotpatch upgrades to fail for instances on Microsoft Azure, the previous patch release in this series (**3.13.1**) is not available for download. The following release notes include the updates introduced in that release.
+sections:
+ security_fixes:
+ - |
+ **HIGH**: An attacker could cause unbounded resource exhaustion on the instance by sending a large payload to the Git server. To mitigate this issue, GitHub has limited the count of "have" and "want" lines for Git read operations. GitHub has requested CVE ID [CVE-2024-5795](https://www.cve.org/cverecord?id=CVE-2024-5795) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related {% data variables.product.pat_generic %}. GitHub has requested CVE ID [CVE-2024-5566](https://www.cve.org/cverecord?id=CVE-2024-5566) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized access in a public repository using a suspended GitHub App via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. GitHub has requested CVE ID [CVE-2024-5816](https://www.cve.org/cverecord?id=CVE-2024-5816) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could execute a Cross Site Request Forgery (CSRF) attack to perform write operations on a victim-owned repository in GitHub Enterprise Server by exploiting incorrect request types. A mitigating factor is that the attacker has to be a trusted user and the victim has to visit a tag in the attacker's fork of their own repository. GitHub has requested CVE ID [CVE-2024-5815](https://nvd.nist.gov/vuln/detail/CVE-2024-5815) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the name of a private repository on the GitHub Enterprise Server appliance when the private repository has a deploy key associated to it. GitHub has requested CVE ID [CVE-2024-6395](https://www.cve.org/cverecord?id=CVE-2024-6395) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **LOW:** Instance administrators could see fine-grained {% data variables.product.pat_generic_plural %} in plaintext in the babeld and gitauth logs.
+ - |
+ **LOW:** An attacker with read access to a project could use the REST API to view a list of all members in an organization, including members who had made their membership private. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **LOW:** An attacker could include MathJax syntax in Markdown to bypass GitHubs normal restrictions on CSS properties in Markdown. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ An attacker could access previously executed private required workflows by changing the repository visibility from private to public. This occurred despite the repositories with the required workflows remaining private. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ A user without the enterprise owner role could view all secret scanning alerts for user-owned repositories using the REST API. Alerts in user-owned repositories are now properly restricted to only be visible to enterprise owners.
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When an instance hosted on Azure was upgraded with a hotpatch, the upgrade failed with an `rsync` error.
+ - |
+ On an instance with GitHub Actions enabled, remote blob storage could fill up with large amounts of data because cleanup jobs were skipped on old hosts.
+ - |
+ The `ghe-cluster-repl-status` command could be run on instance configurations other than high-availability clusters, resulting in an incorrect or incomplete status.
+ - |
+ The threshold set by `server_rejoin_age_max` for single-node GHES deployments was too low.
+ - |
+ On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover.
+ - |
+ In some cases, commands run in an administrative SSH shell were not written to the audit log.
+ - |
+ When an administrator submitted support data to GitHub Support, spokesd keys were incorrectly sanitized.
+ - |
+ When log forwarding was enabled, some specific service logs, including babeld, gitauth, unicorn, and resqued, were duplicated.
+ - |
+ During the initial boot of an instance, a data disk attached as `/dev/sdb` may not have been recognized as an available disk.
+ - |
+ In a high availablity configuration, running `ghe-repl-node` multiple times from a node that didnt have replication running had the potential to overwrite the configuration on the primary node.
+ - |
+ Configuration history is only generated for instances in a cluster, high availability (HA) cluster, or standalone HA configuration. The current node must be a primary or replica node with replication running.
+ - |
+ In some cases, the HAProxy `kill_timeout` setting caused service outages during upgrades or large transactions.
+ - |
+ The `ssh-audit-log.sh` script did not effectively log SSH commands, and the `ghe-sanitize-log.psed` script inadequately sanitized password-related logs.
+ - |
+ For an instance running on Microsoft Azure, the user disk service failed to start because the attached volume could not be found.
+ - |
+ When analyzing a repository with code scanning, the extractor logs only contained warnings and errors for some languages.
+ - |
+ The `GitHub Desktop` option in the `Open with...` edit menu was not shown unless `github.dev` was also enabled.
+ - |
+ When transferring a repository, the required properties for one organization continued to be displayed even after a user chose a different owner.
+ - |
+ Establishing a new GitHub Connect connection could fail with a 500 error.
+ - |
+ When using `ghe-migrator` to migrate a repository, the links for pull requests merge commits were not imported.
+ - |
+ When a user used the REST API endpoints that returned secret scanning alerts at the repository or organization level with non-cursor-based pagination (for example, without `before` or `after` query parameters), the REST API endpoints for secret scanning returned incorrect `Link` headers.
+ - |
+ On certain branch names, the branch info bar was causing frozen string errors.
+ - |
+ On instances with SAML authentication configured, users were unable to sign out and became stuck in an infinite SAML SSO loop.
+ - |
+ On instances with SCIM enabled, the administrator was unable to view users without an external identity record (for example, because they were provisioned before SCIM was enabled on the instance) in stafftools.
+ - |
+ On instances enrolled in the SCIM private beta, built-in authentication users can be added to organizations and teams. Organization owners will no longer see the misleading message that the organization membership is managed by the SAML identity provider when updating organization memberships.
+ - |
+ Enterprise owners managed by an identity provider were asked to authenticate within GitHub when performing privileged actions.
+ - |
+ On an instance that restricts emails to verified domains, secret scanning emails would sometimes be sent to an unverified domain.
+ - |
+ In some cases, on the "Files" tab of a pull request, a comment on the first line did not render.
+ - |
+ Some organizations were not recognized as part of an instance's enterprise account.
+ - |
+ Some users would encounter an error when navigating to their personal security settings page at `https://HOSTNAME/settings/security`.
+ - |
+ The `SpokesSyncCacheReplicaJob` could not initialize in some cases, resulting in an exception when handling the error.
+ - |
+ In the sidebar menu that is displayed when a user clicks their profile picture, users who are not enterprise owners saw an "Enterprise settings" option, linking to the main page of an enterprise. This option is now labeled "Your enterprise".
+ - |
+ On the "Code scanning" page of a repository, the branch filter did not correctly display all branches.
+ - |
+ The video player did not load a video that was uploaded to an issue.
+ - |
+ The warning message `irb: warn: cant alias delete from irb_delete` would appear during Support Bundle creation and upload.
+ - |
+ When including a `.gitignore` or `README.md` file on repository creation failed due to a ruleset or pre-receive hook, no error message displayed.
+ - |
+ On an instance with a GitHub Advanced Security license, requests to the `/enterprises/{enterprise}/settings/billing/advanced-security` REST API endpoint could fail due to timeout.
+ - |
+ The global enterprise overview page contained a "Give feedback" link that was only intended for GitHub Enterprise Cloud.
+ - |
+ Organizations named "C" were incorrectly routed to the GitHub Enterprise Server contact page instead of their organization page.
+ - |
+ On an instance with a GitHub Advanced Security license, commits made by users who do not belong to an organization were not counted.
+ - |
+ Due to a regression, adding `../` when editing a files name did not result in the file being moved up a directory level.
+ - |
+ When servers responded with unsupported characters, webhook deliveries were not displayed in the UI.
+ - |
+ Chat integrations required frequent reauthentication, as a result of new app installations overwriting previous ones.
+ - |
+ On an instance in a cluster configuration, the `ghe-spokesctl ssh` command did not select the correct Nomad container when running a command within a git repository.
+ - |
+ On an instance with a GitHub Advanced Security license, contributions were not tracked on public repositories.
+ - |
+ The "Adjust configuration" step failed when enabling code scanning with default setup on self-hosted Windows runners.
+ - |
+ Migration of the `issue_edits` table caused intermittent failures during the upgrade to GitHub Enterprise Server version 3.13, resulting in the error message `ActiveRecord::ConcurrentMigrationError: Failed to release advisory lock.` [Updated: 2024-08-14]
+ changes:
+ - |
+ In a high availability configuration, users can only run `ghe-config-apply` or `ghe-cluster-config-apply` on a replica node if replication is already running (from `ghe-repl-start`). If replication isnt running on the node, the user will be instructed to start replication.
+ - |
+ Configuration history has been extended. When `ghe-config-apply`, `ghe-cluster-config-apply`, or `ghe-config-archive` is run: `secrets.conf` is captured, a sha256sum for each of the current configuration files is included, the existing patch that is generated includes `secrets.conf`, and an additional sanitized patch that excludes `secrets.conf` is also generated.
+ - |
+ The timeout for requests made to the REST API endpoints for secret scanning has been extended.
+ - |
+ A more specific error message is shown when a non-provisioned user tried to sign in to an instance with SCIM enabled.
+ - |
+ A more specific error message is shown when a deprovisioned user attempts signing into an instance with SCIM enabled.
+ - |
+ In the audit logs, administrators can see more context for failed user authentication attempts using LDAP.
+ - |
+ The system logs provide more context for authentication failures related to multi-factor authentication.
+ - |
+ When using the `ghe-webhook-logs` utility, webhook delivery logs can be filtered by event and action. Users can use `ghe-webhook-logs --event issues` to filter by event, or `ghe-webhook-logs --event issues.opened` to filter by event and action.
+ - |
+ To avoid excessive log volume and associated disk pressure, requests for `GetCacheKey` are no longer logged. Previously, the high frequency of these requests caused significant log accumulation.
+ known_issues:
+ - |
+ When restoring data originally backed up from a 3.13 appliance onto a 3.13 appliance, the Elasticsearch indices need to be reindexed before some data will appear. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions.
+ - |
+ Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations.
+ - |
+ For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node.
+ - |
+ `TokenScanningServiceMetricsApiError` errors may appear after the upgrade.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Memory utilization may increase after the upgrade. During periods of high traffic, interruptions in service may occur due to insufficient memory allocations for internal components.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ Following an upgrade, Elasticsearch search migrations are sometimes incorrectly reported as failing in the audit log, even though the migrations completed successfully. [Updated: 2024-08-02]
diff --git a/data/release-notes/enterprise-server/3-13/3.yml b/data/release-notes/enterprise-server/3-13/3.yml
new file mode 100644
index 000000000000..621d65e59034
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-13/3.yml
@@ -0,0 +1,129 @@
+date: '2024-08-20'
+sections:
+ features:
+ - |
+ Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management.
+ security_fixes:
+ - |
+ **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could update the `title`, `assignees`, and `labels` of any issue inside a public repository. This was only exploitable inside a public repository, and private/internal repositories were not affected. GitHub has requested CVE ID [CVE-2024-7711](https://www.cve.org/cverecord?id=CVE-2024-7711) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ During hotpatching and sometimes when applying configuration changes, a configuration run to upgrade the GitHub Actions service was unnecessarily triggered. The GitHub Actions service will only be upgraded in GitHub Enterprise Server feature releases.
+ - |
+ On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities.
+ - |
+ The `ghe-config-apply` process made an unnecessary number of connections to Redis.
+ - |
+ Upgrading the Dependency Graph sometimes failed due to outdated data from `go.sum` manifests.
+ - |
+ Restarting the `resolvconf` service would not correctly update the contents of `/etc/resolv.conf`.
+ - |
+ The configuration log at `/data/user/common/ghe-config.log` was no longer rotated to `/data/user/config-apply/logs/` after each config apply run. This was because a regular expression failed to match after timestamps were added to the config apply log.
+ - |
+ Empty lines were inserted into the configuration log at `/data/user/common/ghe-config.log`.
+ - |
+ Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied.
+ - |
+ The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint.
+ - |
+ The `ghe-migrations` utility for visualizing migrations did not work due to a regression. Administrators can now run `ghe-migrations` to view the progress and status of `github` migrations, or run `ghe-migrations --all` to view progress on all services.
+ - |
+ On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled.
+ - |
+ Audit log data migration failed on instances using a legacy Elasticsearch data directory.
+ - |
+ When clicking the help link under the Authentication header in enterprise-manage, the user would be redirected to `/admin/managing-accounts-and-repositories` instead of `/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management`.
+ - |
+ During support bundle generation or when running `ghe-diagnostics`, filesystem usage for the Elasticsearch data directory was not be included.
+ - |
+ On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`.
+ - |
+ Site administrators could not switch maintenance mode directly from "scheduled" to "on," or vice versa.
+ - |
+ Some users were unable to delete project views.
+ - |
+ On the repository settings page for GitHub Pages, users saw an option to upgrade to GitHub Enterprise to use GitHub Pages with private visibility.
+ - |
+ When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes.
+ - |
+ In the file tree on the "Files changed" tab of a pull request, users could not collapse or expand directories.
+ - |
+ Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions.
+ - |
+ Administrators sometimes saw an error message when visiting the administrative search page.
+ - |
+ On an instance with subdomain isolation enabled, images served from a subdomain or external source did not render correctly in issues opened in the Projects side panel.
+ - |
+ Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed
+ - |
+ The wrong help link was displayed when push protection blocked a secret from the CLI.
+ - |
+ Embedded images in wiki pages were broken.
+ - |
+ For repositories with issues disabled, issue links were redirected to pull requests.
+ - |
+ In custom pre-receive hooks, the paths stored in environment variables that allow for newly pushed objects to be in a quarantine directory could be incorrectly interpreted as relative to a worktree instead of the Git directory, causing certain commands to fail to read from the repository. The variables now use absolute paths.
+ - |
+ A corrupted entry in the Git audit log could cause out of memory errors.
+ - |
+ Fixes and improvements for the git core module.
+ - |
+ When enabling GitHub Advanced Security for an organization, active committers in other organizations were not accounted for.
+ changes:
+ - |
+ Actions KPI logs are disabled by default to reduce log size.
+ - |
+ When running `ghe-support-bundle`, the support bundle includes the Elasticsearch config.
+ - |
+ In the site admin dashboard, administrators have more granular options for the maximum object size in repositories.
+ - |
+ Users can set their styling preference for link underlines in the web interface, on their "Accessibility" settings page.
+ - |
+ Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming.
+ known_issues:
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ Repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions.
+ - |
+ Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations.
+ - |
+ When log forwarding is enabled, some forwarded log entries may be duplicated.
+ - |
+ For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node.
+ - |
+ `TokenScanningServiceMetricsApiError` errors may appear after the upgrade.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/enterprise-server@3.12/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Memory utilization may increase after the upgrade. During periods of high traffic, interruptions in service may occur due to insufficient memory allocations for internal components.
+ - |
+ Running a `config apply` as part of the steps for [Replacing a node in an emergency](/enterprise-server@3.12/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+ - |
+ Including `../` when editing a file name does not move the file up a directory level.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ When restoring data originally backed up from a 3.13 appliance onto a 3.13 appliance, the elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run.
+ - |
+ Instance setup in AWS with IMDSv2 enforced fails if no public IP is present.
+ - |
+ {% data reusables.release-notes.2024-08-resolvconf-wont-start %}
+
+ [Updated: 2024-08-26]
diff --git a/data/release-notes/enterprise-server/3-14/0-rc1.yml b/data/release-notes/enterprise-server/3-14/0-rc1.yml
new file mode 100644
index 000000000000..b9b246f563c4
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-14/0-rc1.yml
@@ -0,0 +1,222 @@
+date: '2024-08-07'
+release_candidate: true
+deprecated: true
+intro: |
+ > [!NOTE] Release candidate (RC) builds are intended solely for use in a test environment. Do not install an RC in a production environment.
+ >
+ > Do not upgrade to an RC from a supported, earlier version.
+ >
+ > If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
+
+ For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
+sections:
+
+ features:
+ - heading: Instance administration
+ notes:
+ # https://github.com/github/releases/issues/4262
+ - |
+ On an instance with multiple replica nodes, to start or stop replication for all nodes in a single configuration run, administrators can use the `ghe-repl-start-all` and `ghe-repl-stop-all` commands.
+
+ - heading: Instance services
+ notes:
+ # https://github.com/github/releases/issues/4178
+ - |
+ Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)."
+ # https://github.com/github/releases/issues/4179
+ - |
+ Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration.
+
+ - heading: Identity and access management
+ notes:
+ # https://github.com/github/releases/issues/4087
+ - |
+ Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
+
+ * If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM.
+ * Existing private beta customers should also reconfigure their implementation with an updated application.
+ * During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup.
+ # https://github.com/github/releases/issues/3905
+ - |
+ Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)."
+ # https://github.com/github/releases/issues/4026
+ - |
+ Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)."
+ # https://github.com/github/releases/issues/4025
+ - |
+ On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)."
+ # https://github.com/github/releases/issues/3789
+ - |
+ Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)."
+
+ - heading: Audit logs
+ notes:
+ # https://github.com/github/releases/issues/3793
+ - |
+ Every 24 hours, a health check runs for each audit log stream. If a stream is set up incorrectly, an email will be sent to the enterprise owners as notification that their audit log stream is not properly configured.
+
+ - heading: Secret scanning
+ notes:
+ # https://github.com/github/releases/issues/3179
+ - |
+ Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)."
+ # https://github.com/github/releases/issues/3567
+ - |
+ Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+ # https://github.com/github/releases/issues/3740
+ - |
+ Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change.
+ # https://github.com/github/releases/issues/3741
+ - |
+ Audit log events are created when secret scanning non-provider patterns are enabled or disabled at the repository, organization, or enterprise level.
+
+ - heading: Code scanning
+ notes:
+ # https://github.com/github/releases/issues/3707
+ - |
+ Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)."
+ # https://github.com/github/releases/issues/3734
+ - |
+ Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)."
+ # https://github.com/github/releases/issues/3936
+ - |
+ Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)."
+ # https://github.com/github/releases/issues/3663
+ - |
+ CodeQL can scan Java projects without a build. This feature is in public beta and subject to change.
+ # https://github.com/github/releases/issues/3865
+ - |
+ This release comes installed with version **2.17.6** of the CodeQL CLI, used in the CodeQL action for code scanning. Significant updates since the default version installed on GitHub Enterprise Server 3.13 include:
+
+ * Support for Java 22, Swift 5.10, TS 5.4, and C# 12
+ * New queries for C/C++, Go, Java, and Ruby:
+ * `cpp/type-confusion`: Detects casts to invalid types
+ * `cpp/iterator-to-expired-container`: Detects the creation of iterators owned by temporary objects that are about to be destroyed
+ * `go/uncontrolled-allocation-size`: Detects slice memory allocation with excessive size value
+ * `java/unvalidated-url-forward`: Prevents information disclosure caused by unsafe URL construction
+ * `rb/insecure-mass-assignment`: Detects instances of mass assignment operations accepting arbitrary parameters
+ * `rb/csrf-protection-not-enabled`: Detects cases where Cross-Site Request Forgery protection is not enabled in Ruby on Rails controllers
+
+ - heading: Dependabot
+ notes:
+ # https://github.com/github/releases/issues/3344
+ - |
+ Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
+ # https://github.com/github/releases/issues/3839
+ - |
+ Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)."
+ # https://github.com/github/releases/issues/3848
+ - |
+ Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption.
+ # https://github.com/github/releases/issues/3850
+ - |
+ Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
+
+ - heading: Code security
+ notes:
+ # https://github.com/github/releases/issues/4036
+ - |
+ The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
+ # https://github.com/github/releases/issues/4212
+ - |
+ The security overview dashboard for organizations is now generally available.
+ # https://github.com/github/releases/issues/3913
+ - |
+ On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)."
+ # https://github.com/github/releases/issues/3912
+ - |
+ On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change.
+ # https://github.com/github/releases/issues/4115
+ - |
+ In the dependency graph, a software bill of materials (SBOM) generated for a package now includes the package URL for more packages. Previously, the package URL was not included if the manifest file referenced a package with a version range.
+
+ - heading: GitHub Actions
+ notes:
+ # Required Actions Runner version
+ - |
+ {% data reusables.actions.actions-runner-release-note %}
+ # https://github.com/github/releases/issues/3866
+ - |
+ Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
+
+ - heading: GitHub Pages
+ notes:
+ # https://github.com/github/releases/issues/3872
+ - |
+ Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)."
+
+ - heading: Repositories
+ notes:
+ # https://github.com/github/releases/issues/3947
+ - |
+ Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)."
+ # https://github.com/github/releases/issues/3826
+ - |
+ Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)."
+
+ - heading: Projects
+ notes:
+ # https://github.com/github/releases/issues/3910
+ - |
+ Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."
+
+ - heading: Integrations and extensions
+ notes:
+ # https://github.com/github/releases/issues/3679
+ # https://github.com/github/releases/issues/4047
+ - |
+ When authenticating to a native GitHub App or OAuth app, users will be prompted to select which account they want to sign in to using an account picker. Developers of apps can append `?prompt=select_account` to their login flow to show users the account picker.
+ # https://github.com/github/releases/issues/3898
+ - |
+ When using a JSON Web Token (JWT) to authenticate or request an installation token, developers of GitHub Apps can use the app's client ID for the JWT's `iss` claim. The application ID remains valid, but is considered deprecated.
+
+ changes:
+ # https://github.com/github/releases/issues/3927
+ - |
+ Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows.
+
+ known_issues:
+ - |
+ **Note:** This list is not complete. Any new known issues that are identified for the 3.14 release will be added between now and the GA.
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions.
+ - |
+ When log forwarding is enabled, some forwarded log entries may be duplicated.
+ - |
+ REST API endpoints for admin stats may time out on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ When restoring data originally backed up from a 3.13 appliance, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience.
+ - |
+ Upgrades include an error concerning `Error deregistering job` for `consul-template`. This message does not indicate any problems with your install and can be safely ignored.
+ - |
+ Some links to GitHub Docs from GitHub Enterprise Server may lead to a "Page not found," because an `enterprise-cloud@latest` portion is incorrectly added to the URL.
+ - |
+ An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning.
+ - |
+ In the header bar displayed to site administrators, some icons are not available.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+
+ deprecations:
+ - |
+ The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
diff --git a/data/release-notes/enterprise-server/3-14/0.yml b/data/release-notes/enterprise-server/3-14/0.yml
new file mode 100644
index 000000000000..dfa85a05128d
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-14/0.yml
@@ -0,0 +1,223 @@
+date: '2024-08-27'
+release_candidate: false
+deprecated: false
+intro: |
+ For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
+
+sections:
+
+ features:
+ - heading: Instance administration
+ notes:
+ # https://github.com/github/releases/issues/4262
+ - |
+ On an instance with multiple replica nodes, to start or stop replication for all nodes in a single configuration run, administrators can use the `ghe-repl-start-all` and `ghe-repl-stop-all` commands.
+
+ - heading: Instance services
+ notes:
+ # https://github.com/github/releases/issues/4178
+ - |
+ Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)."
+ # https://github.com/github/releases/issues/4179
+ - |
+ Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration.
+
+ - heading: Identity and access management
+ notes:
+ # https://github.com/github/releases/issues/4087
+ - |
+ Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
+
+ * If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM.
+ * Existing private beta customers should also reconfigure their implementation with an updated application.
+ * During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup.
+ # https://github.com/github/releases/issues/3905
+ - |
+ Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)."
+ # https://github.com/github/releases/issues/4026
+ - |
+ Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)."
+ # https://github.com/github/releases/issues/4025
+ - |
+ On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)."
+ # https://github.com/github/releases/issues/3789
+ - |
+ Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)."
+
+ - heading: Audit logs
+ notes:
+ # https://github.com/github/releases/issues/3793
+ - |
+ Every 24 hours, a health check runs for each audit log stream. If a stream is set up incorrectly, an email will be sent to the enterprise owners as notification that their audit log stream is not properly configured.
+
+ - heading: Secret scanning
+ notes:
+ # https://github.com/github/releases/issues/3179
+ - |
+ Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)."
+ # https://github.com/github/releases/issues/3567
+ - |
+ Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+ # https://github.com/github/releases/issues/3740
+ - |
+ Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change.
+ # https://github.com/github/releases/issues/3741
+ - |
+ Audit log events are created when secret scanning non-provider patterns are enabled or disabled at the repository, organization, or enterprise level.
+
+ - heading: Code scanning
+ notes:
+ # https://github.com/github/releases/issues/3707
+ - |
+ Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)."
+ # https://github.com/github/releases/issues/3734
+ - |
+ Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)."
+ # https://github.com/github/releases/issues/3936
+ - |
+ Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)."
+ # https://github.com/github/releases/issues/3663
+ - |
+ CodeQL can scan Java projects without a build. This feature is in public beta and subject to change.
+ # https://github.com/github/releases/issues/3865
+ - |
+ This release comes installed with version **2.17.6** of the CodeQL CLI, used in the CodeQL action for code scanning. Significant updates since the default version installed on GitHub Enterprise Server 3.13 include:
+
+ * Support for Java 22, Swift 5.10, TS 5.4, and C# 12
+ * New queries for C/C++, Go, Java, and Ruby:
+ * `cpp/type-confusion`: Detects casts to invalid types
+ * `cpp/iterator-to-expired-container`: Detects the creation of iterators owned by temporary objects that are about to be destroyed
+ * `go/uncontrolled-allocation-size`: Detects slice memory allocation with excessive size value
+ * `java/unvalidated-url-forward`: Prevents information disclosure caused by unsafe URL construction
+ * `rb/insecure-mass-assignment`: Detects instances of mass assignment operations accepting arbitrary parameters
+ * `rb/csrf-protection-not-enabled`: Detects cases where Cross-Site Request Forgery protection is not enabled in Ruby on Rails controllers
+
+ - heading: Dependabot
+ notes:
+ # https://github.com/github/releases/issues/3344
+ - |
+ Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
+ # https://github.com/github/releases/issues/3839
+ - |
+ Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)."
+ # https://github.com/github/releases/issues/3848
+ - |
+ Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption.
+ # https://github.com/github/releases/issues/3850
+ - |
+ Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
+
+ - heading: Code security
+ notes:
+ # https://github.com/github/releases/issues/4036
+ - |
+ The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
+ # https://github.com/github/releases/issues/4212
+ - |
+ The security overview dashboard for organizations is now generally available.
+ # https://github.com/github/releases/issues/3913
+ - |
+ On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)."
+ # https://github.com/github/releases/issues/3912
+ - |
+ On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change.
+ # https://github.com/github/releases/issues/4115
+ - |
+ In the dependency graph, a software bill of materials (SBOM) generated for a package now includes the package URL for more packages. Previously, the package URL was not included if the manifest file referenced a package with a version range.
+
+ - heading: GitHub Actions
+ notes:
+ # Required Actions Runner version
+ - |
+ {% data reusables.actions.actions-runner-release-note %}
+ # https://github.com/github/releases/issues/3866
+ - |
+ Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
+
+ - heading: GitHub Pages
+ notes:
+ # https://github.com/github/releases/issues/3872
+ - |
+ Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)."
+
+ - heading: Repositories
+ notes:
+ # https://github.com/github/releases/issues/3947
+ - |
+ Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)."
+ # https://github.com/github/releases/issues/3826
+ - |
+ Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)."
+
+ - heading: Projects
+ notes:
+ # https://github.com/github/releases/issues/3910
+ - |
+ Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."
+
+ - heading: Integrations and extensions
+ notes:
+ # https://github.com/github/releases/issues/3679
+ # https://github.com/github/releases/issues/4047
+ - |
+ When authenticating to a native GitHub App or OAuth app, users will be prompted to select which account they want to sign in to using an account picker. Developers of apps can append `?prompt=select_account` to their login flow to show users the account picker.
+ # https://github.com/github/releases/issues/3898
+ - |
+ When using a JSON Web Token (JWT) to authenticate or request an installation token, developers of GitHub Apps can use the app's client ID for the JWT's `iss` claim. The application ID remains valid, but is considered deprecated.
+
+ changes:
+ # https://github.com/github/releases/issues/3927
+ - |
+ Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows.
+
+ known_issues:
+ - |
+ Complete SCIM payloads are written to the audit log, including SCIM attributes that are not required or supported per [API docs](/rest/enterprise-admin/scim?apiVersion=2022-11-28#supported-scim-user-attributes). Customers using Okta with SCIM may notice that a placeholder password attribute is among the data passed to audit logs in its current configuration. This placeholder data is associated with Okta’s password synchronization feature that is not expected or required by GitHub. See [okta-scim](https://developer.okta.com/docs/api/openapi/okta-scim/guides/scim-20/#create-the-user) for more information.
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions.
+ - |
+ When log forwarding is enabled, some forwarded log entries may be duplicated.
+ - |
+ REST API endpoints for admin stats may time out on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps.
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
+ - |
+ When restoring data originally backed up from a 3.13 appliance, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience.
+ - |
+ Upgrades include an error concerning `Error deregistering job` for `consul-template`. This message does not indicate any problems with your install and can be safely ignored.
+ - |
+ Some links to GitHub Docs from GitHub Enterprise Server may lead to a "Page not found," because an `enterprise-cloud@latest` portion is incorrectly added to the URL.
+ - |
+ An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning.
+ - |
+ In the header bar displayed to site administrators, some icons are not available.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ {% data reusables.release-notes.2024-08-resolvconf-wont-start %}
+ - |
+ Services may respond with a 503 status due to an out of date haproxy configuration. This can usually be resolved with a `ghe-config-apply` run.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+
+ deprecations:
+ - |
+ The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
diff --git a/data/release-notes/enterprise-server/3-9/0-rc1.yml b/data/release-notes/enterprise-server/3-9/0-rc1.yml
deleted file mode 100644
index c028071770e9..000000000000
--- a/data/release-notes/enterprise-server/3-9/0-rc1.yml
+++ /dev/null
@@ -1,435 +0,0 @@
-date: '2023-06-08'
-release_candidate: true
-deprecated: true
-intro: |
- {% note %}
-
- **Note:** Release candidate (RC) builds are intended solely for use in a test environment. If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
-
- {% endnote %}
-
- For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
-sections:
- features:
- - heading: Instance administration
- notes:
- # https://github.com/github/releases/issues/3019
- - |
- To improve security posture and protect data from threats, enterprise owners can see user activity from the Management Console within the enterprise audit log, including events from the UI, API, and administrative SSH access. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#management_console-category-actions)."
-
- # https://github.com/github/releases/issues/3053
- - |
- During an upgrade of an instance to a new release, people with administrative SSH access to the instance can monitor the progress of routine migrations using the `ghe-migrations` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
-
- # https://github.com/github/releases/issues/3054
- - |
- On an instance with multiple nodes, site administrators can use the Manage GitHub Enterprise Server API to monitor the health of replication. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration)."
-
- # https://github.com/github/releases/issues/3097
- - |
- On an instance in a cluster configuration, administrators can ensure a balanced distribution of jobs across nodes by using the `ghe-cluster-rebalance` utility. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)."
-
- # https://github.com/github/releases/issues/3096
- - |
- On an instance in a cluster configuration, administrators can proactively monitor the health of individual nodes and control the reintroduction of unhealthy nodes into the cluster using Node Eligibility Service. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service)."
-
- - heading: Identity and access management
- notes:
- # https://github.com/github/releases/issues/3019
- - |
- On an instance configured for SAML SSO, enterprise owners can review information about the Identity Provider (IdP) configured for user authentication using the GraphQL API. The {% data variables.product.pat_generic %} (PAT) used to authenticate requests to this API requires the `read:enterprise` scope. Previously, the PAT required the `admin:enterprise` scope. For more information, see "[AUTOTITLE](/graphql/reference/objects#enterpriseidentityprovider)" in the GraphQL API documentation.
-
- - heading: Authentication
- notes:
- # https://github.com/github/releases/issues/2833
- - |
- For an instance or organization with 2FA enabled, users can configure a 2FA method to be a preferred method. Users can also update 2FA methods from `http(s)://HOSTNAME/settings/security`. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)" and "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-preferred-two-factor-authentication-method)."
-
- - heading: REST API
- notes:
- # https://github.com/github/releases/issues/2022
- - |
- To provide API integrators a smooth migration path and time to update integrations after GitHub makes occasional breaking changes, the REST API now uses calendar-based versioning. GitHub Enterprise Server 3.9 provides version `2022-11-28` of the REST API. For more information, see "[AUTOTITLE](/rest/overview/api-versions?apiVersion=2022-11-28)" in the REST API documentation.
-
- - heading: GitHub Connect
- notes:
- # https://github.com/github/releases/issues/2783
- - |
- Enterprise owners who configure Server Statistics on an instance with GitHub Actions enabled will transmit usage metrics related to GitHub Actions. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)."
-
- - heading: GitHub Advanced Security
- notes:
- # https://github.com/github/releases/issues/2452
- - |
- To more easily discover potential security or quality issues in code, users can configure code scanning directly through the web interface without adding a GitHub Actions workflow to the repository. This feature finds and sets up the best CodeQL configuration for the repository, detecting supported languages and enabling CodeQL analysis for every pull request and every push to the default branch and any protected branches. Analysis of JavaScript (including TypeScript), Python, and Ruby code, are currently supported. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)."
-
- # https://github.com/github/releases/issues/2888
- - |
- To simplify the configuration of code scanning, organization owners can enable code scanning for all eligible repositories in an organization using a default configuration, either via the web interface or REST API. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
-
- # https://github.com/github/releases/issues/2845
- - |
- To ensure that relevant alerts remain visible and actionable, users can manually remove stale alerts from code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)."
-
- # https://github.com/github/releases/issues/2796
- - |
- To better understand the status of CodeQL and other code scanning tools for a repository, and to help troubleshoot, users can review the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)."
-
- # https://github.com/github/releases/issues/2943
- - |
- To customize the behavior of code scanning on a per-repository basis, repository administrators can configure what severity levels for code scanning alerts will cause checks in a pull request to fail. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests#code-scanning-results-check-failures)."
-
- # https://github.com/github/releases/issues/2699
- # https://github.com/github/releases/issues/2800
- - |
- To protect repositories from pushes that contain custom secret scanning patterns defined at the enterprise, organization, or repository level, users can enable push protection for those patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
-
- # https://github.com/github/releases/issues/2794
- - |
- Organization owners can view the enablement status of security features for the organization's repositories using the REST API. The endpoint provides details for GitHub Advanced Security, secret scanning, and push protection. For more information, see "[Repositories](/rest/repos/repos?apiVersion=2022-11-28#list-organization-repositories)" in the REST API documentation.
-
- # https://github.com/github/releases/issues/2840
- - |
- Repository administrators can programmatically enable code scanning with a default CodeQL configuration using the REST API. For more information, see the following documentation.
-
- - "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)"
- - "[Get the code scanning default setup configuration](/rest/code-scanning#get-a-code-scanning-default-setup-configuration)" in the Code Scanning REST API documentation
- - "[Update the code scanning default setup configuration](/rest/code-scanning#update-a-code-scanning-default-setup-configuration)" in the Code Scanning REST API documentation
-
- - heading: Dependabot
- notes:
- # https://github.com/github/releases/issues/2976
- - |
- To improve the security of GitHub Actions workflows that pin references, Dependabot can update the versioning for calls to reusable workflows within workflow files. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
-
- # https://github.com/github/releases/issues/2911
- - |
- On an instance with GitHub Actions and the dependency graph enabled, as well as automatic access to GitHub.com actions using GitHub Connect, the web interface will suggest submission actions within a repository with supported languages. For more information, see the following documentation.
-
- - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)"
- - "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)"
- - "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)"
-
- For repositories that use a language that has a submission action, when users with write access visit their dependency graph (this page), we will show them a prompt that directs them to the Marketplace to find an action that would help them.
-
- # https://github.com/github/releases/issues/3007
- - |
- To improve the security of projects that use npm v9, the dependency graph and Dependabot can parse and update `package-lock.json` files that specify `lockfileVersion: 3`. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)," "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)," and [`lockfileVersion`](https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion) in the npm documentation.
-
- # https://github.com/github/releases/issues/2980
- - |
- To improve the security of Gradle projects, the dependency graph and Dependabot can parse and update Gradle version catalogs in `settings.gradle`. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)" and [Sharing dependency versions between projects](https://docs.gradle.org/current/userguide/platforms.html) in the Gradle User Manual.
-
- # https://github.com/github/releases/issues/2806
- - |
- To ensure that users receive the most relevant and actionable alerts about dependency updates, repository administrators and organization owners can enable or disable Dependabot alerts for an individual repository or organization. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository#managing-dependabot-alerts)" or "[AUTOTITLE](/code-security/getting-started/securing-your-organization#managing-dependabot-alerts-and-the-dependency-graph)."
-
- # https://github.com/github/releases/issues/2601
- - |
- If people with access to a repository do not interact with Dependabot security updates for over 90 days, Dependabot will pause automated pull request activity. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)."
-
- # https://github.com/github/releases/issues/3068
- - |
- To help users evaluate the stability risk of a dependency update, Dependabot can fetch release notes, changelogs, and commit history in pull requests that update Docker dependencies. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker)."
-
- # https://github.com/github/releases/issues/2873
- - |
- To assist with software security and supply chain risk management, people with read access to a repository can export a software bill of materials (SBOM) for a repository's dependency graph using the web interface or REST API. The SBOM adheres to the SPDX 2.3 specification. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#generating-and-submitting-a-software-bill-of-materials-sbom)," "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository)," and [The Software Package Data Exchange® (SPDX®) Specification Version 2.3](https://spdx.github.io/spdx-spec/v2.3/) on the SPDX website.
-
- # https://github.com/github/releases/issues/2871
- - |
- The dependency graph can parse Python dependencies for `pyproject.toml` files that follow the PEP 621 standard. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" and [PEP 621 – Storing project metadata in pyproject.toml](https://peps.python.org/pep-0621/) in the Index of Python Enhancement Proposals.
-
- # https://github.com/github/releases/issues/3023
- - |
- Users can use the GraphQL API to review dependencies submitted using the {% data variables.dependency-submission-api.name %}. For more information, see "[AUTOTITLE](/graphql/overview/schema-previews#access-to-a-repositorys-dependency-graph-preview)."
-
- - heading: GitHub Actions
- notes:
- # https://github.com/github/releases/issues/3006
- - |
- On instances in a cluster configuration, GitHub Actions is available as a private beta. Beta features are subject to change. For more information, and to enroll in the beta, [contact your representative on GitHub's Sales team](https://github.com/enterprise/contact).
-
- # https://github.com/github/releases/issues/2617
- - |
- Administrators of self-hosted runners for GitHub Actions can configure auto-scaling runners using Actions Runner Controller and runner scale sets. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)."
-
- # https://github.com/github/releases/issues/2896
- - |
- Administrators can bypass all protection rules for a given environment and force the pending jobs referencing the environment to proceed. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#allow-administrators-to-bypass-configured-protection-rules)."
-
- # https://github.com/github/releases/issues/2801
- - |
- Users who deploy with OIDC can define more advanced access policies by including additional custom claims within a token. To help uniquely verify the source of a workflow job, include the following claims.
-
- - `actor_id`
- - `repository_id`
- - `repository_owner_id`
- - `workflow_ref`
- - `workflow_sha`
- - `job_workflow_sha`
-
- For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments).
-
- # https://github.com/github/releases/issues/2905
- - |
- To improve security for workflows that use `GITHUB_TOKEN`, the following defaults apply to new organizations and repositories.
-
- - New organizations that users create inherit permissions from the instance's enterprise-level configuration. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-the-default-github_token-permissions)."
- - New repositories that users create within an organization inherit permissions from the organization. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions)."
- - New user-owned repositories have a read-only `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions)."
-
- # https://github.com/github/releases/issues/2979
- - |
- To allow workflow authors to pin a required workflow file to a fully validated version, required workflows can be referenced using any branch, tag, or commit SHA from the repository containing the workflow file. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-a-required-workflow-for-your-organization)."
- - |
- To enforce required workflows throughout an organization, GitHub Enterprise Server blocks direct pushes to branches where required workflows are enforced. To allow direct pushes for a particular repository, remove the repository as a target for the required workflow. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-a-required-workflow-for-your-organization)."
-
- # https://github.com/github/releases/issues/2861
- - |
- To improve performance for workflows that build Go, caching is enabled by default when using the `setup-go` action. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests/building-and-testing-go#caching-dependencies)."
-
- # IN PROGRESS
- #- heading: GitHub Packages
- # notes:
- # # https://github.com/github/releases/issues/2924
- # - |
- # Users can manage packages in repositories and organizations using the Packages REST API. For more information, see "[AUTOTITLE](/rest/packages?apiVersion=2022-11-28)" in the REST API documentation.
-
- - heading: Organizations
- notes:
- # https://github.com/github/releases/issues/2986
- - |
- Organization owners can improve security posture and protect data from threats by enabling the display of organization members' IP addresses in audit log events. This feature is in beta and is subject to change. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization)."
-
- # https://github.com/github/releases/issues/2916
- - |
- To allow the management of branch protection rules without granting admin access, organization owners can create a custom role with the "Edit repository rules" permission. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."
-
- # https://github.com/github/releases/issues/2462
- # https://github.com/github/releases/issues/2556
- - |
- Users of the REST API can programmatically create and update least-privilege roles for repositories using the Custom Repository Roles REST API. The API is generally available, with a breaking change to the API's endpoint paths. Previously, the API was accessible at `/orgs/{org}/custom_roles`, and is now accessible at `/orgs/{org}/custom-repository-roles`. The [List custom repository roles in an organization](/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization) will no longer be available in the next version of the REST API. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)" and "[AUTOTITLE](/rest/orgs/custom-roles?apiVersion=2022-11-28)" in the REST API documentation.
-
- # https://github.com/github/releases/issues/3067
- - |
- Enterprise and organization owners can delete an organization and all of the organization's repositories using the REST API. After deletion, organization names are locked for 90 days. For more information, see "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#delete-an-organization)" in the REST API documentation.
-
- - heading: Repositories
- notes:
- # https://github.com/github/releases/issues/2707
- - |
- Within the "Insights" tab for a repository, the sidebar's "Forks" tab provides more information about a project's forks, including a sortable and filterable list of forks and more details about each fork.
-
- # https://github.com/github/releases/issues/2791
- - |
- Repository administrators can unarchive a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos?apiVersion=2022-11-28#update-a-repository)" in the REST API documentation.
-
- - heading: Projects
- notes:
- # https://github.com/github/releases/issues/2827
- - |
- To visualize a project at a high level and across a configurable timespan, users can apply a roadmap layout to any project view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view#about-the-roadmap-layout)."
-
- # https://github.com/github/releases/issues/2821
- - |
- To get started with a new project faster, users can copy an existing project, including the source project's views, custom fields, and draft issues. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/copying-an-existing-project)."
-
- # https://github.com/github/releases/issues/2820
- - |
- To save time when adding items to a project, users can configure a workflow to automatically add new items from a repository as people create or update items that match specific criteria. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."
-
- # https://github.com/github/releases/issues/2503
- - |
- To keep a long-lived project focused, users can define filters to automatically archive items. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."
-
- # https://github.com/github/releases/issues/2826
- - |
- To easily organize items within a project's columns while using the board layout, users can sort the project by field values using the view configuration menu. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout)."
-
- # https://github.com/github/releases/issues/2829
- - |
- To quickly add a new issue to a project without changing context, users can create a new issue from a project's omnibar by clicking `+`, then clicking **Create new issue**. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project#creating-issues)."
-
- # https://github.com/github/releases/issues/2917
- - |
- To help people scan a project and take action, users can add a color and a text description to each value for a project's single select fields. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields#editing-a-single-select-field)."
-
- # https://github.com/github/releases/issues/2984
- - |
- Users of the GitHub CLI can manage projects from the command line. For more information, see "[AUTOTITLE](/github-cli/github-cli/about-github-cli)" and the [README](https://github.com/github/gh-projects#cli-extension-for-projects) for the `github/gh-projects` repository on GitHub.com.
-
- # https://github.com/github/releases/issues/2978
- - |
- For users who programmatically access projects using the GraphQL API, additional mutations are available. For more information, see "[createProjectV2Field](/graphql/reference/mutations#createprojectv2field)," "[deleteProjectV2Field](/graphql/reference/mutations#deleteprojectv2field)," and "[deleteProjectV2](/graphql/reference/mutations#deleteprojectv2)" in the "Mutations" GraphQL documentation.
-
- - heading: GitHub Discussions
- notes:
- # https://github.com/github/releases/issues/2967
- - |
- To indicate that a discussion is resolved, outdated, or a duplicate, users can close the discussion. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/managing-discussions#closing-a-discussion)."
-
- # https://github.com/github/releases/issues/2825
- - |
- To encourage other users to include specific, structured information in discussions, users can create discussion category forms. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/creating-discussion-category-forms)."
-
- # https://github.com/github/releases/issues/2675
- - |
- After a user locks a discussion and disallows further comments, the user can permit emoji reactions on the discussion. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/moderating-discussions#locking-discussions)."
-
- - heading: Pull requests
- notes:
- # https://github.com/github/releases/issues/3026
- - |
- To provide feedback on an entire file, or a file that's been deleted, users can comment on a file from a pull request's "Files changed" tab. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)."
-
- # https://github.com/github/releases/issues/2857
- - |
- Users of the GraphQL API can revert a merged pull request by using the revertPullRequest mutation. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/reverting-a-pull-request)" and "[AUTOTITLE](/graphql/reference/mutations#revertpullrequest)" in the GraphQL API documentation.
-
- changes:
- # https://github.com/github/releases/issues/2909
- - |
- Field names for some service logs on GitHub Enterprise Server have changed as part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/). Additional field names will change in upcoming releases. If any tooling or processes in your environment rely on specific field names within logs, or log entries in specific files, the following changes may affect you.
-
- - `level` is now `SeverityText`.
- - `log_message`, `msg`, or `message` is now `Body`.
- - `now` is now `Timestamp`.
- - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job.
-
- For a full list of mappings, download the [OpenTelemetry attribute mapping CSV](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv).
-
- # https://github.com/github/ghes/issues/6342
- - |
- On a configured instance, the name for the HAProxy service is now `haproxy-frontend`. Previously, the name was `haproxy`. Additionally, on an unconfigured instance, there is a new service named `haproxy-pre-config`. If your instance forwards logs to an external system, update your rules to reflect these changes. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)" article
-
- # https://github.com/github/releases/issues/2757
- - |
- For an instance or organization with 2FA enabled, when a user sets up 2FA, GitHub Enterprise Server suggests an authenticator app (TOTP) by default.
-
- # https://github.com/github/releases/issues/3160
- - |
- When a person with administrative SSH access to an instance submits a support bundle using either the `ghe-support-bundle` or `ghe-cluster-support-bundle` utility, a period for log collection specified with the `-p` or `--period` no longer requires quotes to enclose the date value. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-support-bundle)."
-
- # https://github.com/github/releases/issues/2745
- - |
- To provide additional context within the web interface on an instance where Dependabot alerts are enabled, links to Dependabot alerts in an issue or pull request comment display an improved label and hovercard with alert details.
-
- # https://github.com/github/releases/issues/2599
- - |
- On an instance with Dependabot alerts enabled, people with write or maintain access to a repository can view or act on Dependabot alerts by default. Custom roles, the security manager role, organization permissions, and notification settings are not affected.
-
- # https://github.com/github/releases/issues/2946
- - |
- On an instance with a GitHub Advanced Security license and GitHub Connect enabled for the synchronization of actions from GitHub.com, CodeQL code scanning is up to 16% faster. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
-
- # https://github.com/github/releases/issues/2865
- - |
- On an instance with a GitHub Advanced Security license and email configured for notifications, users can receive notifications for secret scanning alerts by watching a repository and choosing "All activity" or "Security alerts". To continue receiving notifications for secret scanning alerts in GitHub Enterprise Server 3.9 and later, users must enable email notifications in the web interface at `http(s)://HOSTNAME/settings/notifications` under "Watching" by choosing "Email".
-
- # https://github.com/github/releases/issues/2724
- - |
- On an instance with a GitHub Advanced Security license, secret scanning alerts display whether detected tokens from GitHub are valid.
-
- # https://github.com/github/releases/issues/2776
- - |
- On an instance with a GitHub Advanced Security license, the enterprise and organization audit logs now display an event when an owner enables or disables a push protection for a custom pattern for a repository, organization, or the enterprise. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#org-category-actions)" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection-category-actions)."
-
- # https://github.com/github/releases/issues/2892
- - |
- Users can filter the lists of alerts for Dependabot, code scanning, and secret scanning by repository topic or team in the security overview for an organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-
- # https://github.com/github/releases/issues/3073
- - |
- In the security overview for an organization, the following improvements apply to the "Security coverage" view during feature enablement.
-
- - To provide insight into the number of GitHub Advanced Security licenses used, active committers for the repository are visible. For repositories where GitHub Advanced Security is not enabled, the number indicates the number of licenses required to enable the feature.
- - Unsaved changes are now labeled with a "Modified" tag, and the "Save security settings" button now displays the total number of changes to save.
- - While a security feature is being enabled, the "Security coverage" view shows a status of "Updating..." to inform you of the ongoing process.
-
- For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
-
- # https://github.com/github/releases/issues/2811
- - |
- In the security overview's "Security risk" and "Security coverage" views, when a user selects a team from the "Team" drop-down or filters by team, results appear for repositories where the team has write or administrative access or has been granted access to security alerts. Previously, users could only view results for repositories where the team had administrative access or had been granted access to security alerts.
-
- # https://github.com/github/releases/issues/2822
- - |
- To provide more context within a project, users can share a deep link to a specific issue in a project to have the issue open in the project's side panel.
-
- # https://github.com/github/releases/issues/2958
- - |
- Organization owners can create up to five custom repository roles. Previously, the limit was three. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)."
-
- # https://github.com/github/releases/issues/2799
- - |
- When transferring a repository, users can also rename the repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository)."
-
- # https://github.com/github/releases/issues/2961
- - |
- If a user archives a repository, responses from the GraphQL API that include information about the repository now include an `archivedAt` value with a timestamp representing the archival date.
-
- backups:
- # https://github.com/github/releases/issues/3050
- - |
- Before beginning a backup with GitHub Enterprise Server Backup Utilities 3.9.0 and later, the `ghe-host-check` utility will now perform a preflight check on the backup host to confirm the software version and disk space requirements. For more information, see the [3.9.0 release](https://github.com/github/backup-utils/releases/tag/v3.9.0) in the github/backup-utils repository on GitHub.com.
-
- # https://github.com/github/releases/issues/3052
- - |
- GitHub Enterprise Server Backup Utilities 3.9.0 allows administrators to view the progress of backup and restoration operations on the backup host using the `ghe-backup-progress` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance#monitoring-backup-or-restoration-progress)."
-
- known_issues:
- - |
- If you upgrade from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9, the database server on your instance will be upgraded from MySQL 5.7 to MySQL 8.0. I/O utilization will increase as a result, and in some cases this may affect your instance's performance. Do not upgrade to this RC in a production environment, and ensure that you take and verify a backup of the instance before upgrading to the GA release. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)."
- - |
- {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- - |
- {% data reusables.release-notes.manage-api-unreachable %} [Updated: 2023-06-22]
- - |
- On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
-
- ```shell
- Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
- ```
-
- You can safely ignore this message.
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-
- deprecations:
- # https://github.com/github/releases/issues/2826
- - heading: Change to command-line utility for management of replication
- notes:
- - |
- On an instance with multiple nodes, people with administrative SSH access to the instance should use `ghe-spokesctl` for management of Git replication instead of `ghe-spokes`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-spokesctl)."
-
- # https://github.com/github/releases/issues/2773
- - heading: Dependency graph no longer ingests go.sum files
- notes:
- - |
- Because `go.sum` files are not lock files and may result in false positive Dependabot alerts, on an instance with the dependency graph enabled, the `go.sum` files are no longer ingested for users' Go repositories. If Dependabot alerts are enabled, Dependabot will no longer alert users for vulnerabilities in a `go.sum` file's dependencies. The dependency graph continues to support `go.mod` files, the recommended format for Go projects. Use Go 1.17 or higher to ensure your `go.mod` file contains a comprehensive view of all direct and transitive dependencies. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
-
- # https://github.com/github/releases/issues/2938
- - heading: Only GitHub Actions can publish a GitHub Pages site if source includes symbolic links
- notes:
- - |
- To improve the security of an instance where users deploy sites using GitHub Pages, sites that contain symbolic links will no longer build outside of GitHub Actions. If a user's site is affected and a site administrator has configured email for the instance, the user will receive an email with instructions about how to fix the error. To continue using symbolic links in the site's source, the instance must be configured for GitHub Actions, and the user must write a GitHub Actions workflow to use as a publishing source. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites)."
diff --git a/data/release-notes/enterprise-server/3-9/0.yml b/data/release-notes/enterprise-server/3-9/0.yml
deleted file mode 100644
index 08da2a012355..000000000000
--- a/data/release-notes/enterprise-server/3-9/0.yml
+++ /dev/null
@@ -1,478 +0,0 @@
-date: '2023-06-08'
-release_candidate: false
-deprecated: false
-intro: |
- For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
-
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.0-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- features:
- - heading: Instance administration
- notes:
- # https://github.com/github/releases/issues/3019
- - |
- To improve security posture and protect data from threats, enterprise owners can see user activity from the Management Console within the enterprise audit log, including events from the UI, API, and administrative SSH access. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#management_console-category-actions)."
-
- # https://github.com/github/releases/issues/3053
- - |
- During an upgrade of an instance to a new release, people with administrative SSH access to the instance can monitor the progress of routine migrations using the `ghe-migrations` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
-
- # https://github.com/github/releases/issues/3054
- - |
- On an instance with multiple nodes, site administrators can use the Manage GitHub Enterprise Server API to monitor the health of replication. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration)."
-
- # https://github.com/github/releases/issues/3097
- - |
- On an instance in a cluster configuration, administrators can ensure a balanced distribution of jobs across nodes by using the `ghe-cluster-rebalance` utility. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)."
-
- # https://github.com/github/releases/issues/3096
- - |
- On an instance in a cluster configuration, administrators can proactively monitor the health of individual nodes and control the reintroduction of unhealthy nodes into the cluster using Node Eligibility Service. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service)."
-
- - heading: Identity and access management
- notes:
- # https://github.com/github/releases/issues/3019
- - |
- On an instance configured for SAML SSO, enterprise owners can review information about the Identity Provider (IdP) configured for user authentication using the GraphQL API. The {% data variables.product.pat_generic %} (PAT) used to authenticate requests to this API requires the `read:enterprise` scope. Previously, the PAT required the `admin:enterprise` scope. For more information, see "[AUTOTITLE](/graphql/reference/objects#enterpriseidentityprovider)" in the GraphQL API documentation.
-
- - heading: Authentication
- notes:
- # https://github.com/github/releases/issues/2833
- - |
- For an instance or organization with 2FA enabled, users can configure a 2FA method to be a preferred method. Users can also update 2FA methods from `http(s)://HOSTNAME/settings/security`. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)" and "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-preferred-two-factor-authentication-method)."
-
- - heading: REST API
- notes:
- # https://github.com/github/releases/issues/2022
- - |
- To provide API integrators a smooth migration path and time to update integrations after GitHub makes occasional breaking changes, the REST API now uses calendar-based versioning. GitHub Enterprise Server 3.9 provides version `2022-11-28` of the REST API. For more information, see "[AUTOTITLE](/rest/overview/api-versions?apiVersion=2022-11-28)" in the REST API documentation.
-
- - heading: GitHub Connect
- notes:
- # https://github.com/github/releases/issues/2783
- - |
- Enterprise owners who configure Server Statistics on an instance with GitHub Actions enabled will transmit usage metrics related to GitHub Actions. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)."
-
- - heading: GitHub Advanced Security
- notes:
- # https://github.com/github/releases/issues/2452
- - |
- To more easily discover potential security or quality issues in code, users can configure code scanning directly through the web interface without adding a GitHub Actions workflow to the repository. This feature finds and sets up the best CodeQL configuration for the repository, detecting supported languages and enabling CodeQL analysis for every pull request and every push to the default branch and any protected branches. Analysis of JavaScript (including TypeScript), Python, and Ruby code, are currently supported. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)."
-
- # https://github.com/github/releases/issues/2888
- - |
- To simplify the configuration of code scanning, organization owners can enable code scanning for all eligible repositories in an organization using a default configuration, either via the web interface or REST API. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
-
- # https://github.com/github/releases/issues/2845
- - |
- To ensure that relevant alerts remain visible and actionable, users can manually remove stale alerts from code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)."
-
- # https://github.com/github/releases/issues/2796
- - |
- To better understand the status of CodeQL and other code scanning tools for a repository, and to help troubleshoot, users can review the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)."
-
- # https://github.com/github/releases/issues/2943
- - |
- To customize the behavior of code scanning on a per-repository basis, repository administrators can configure what severity levels for code scanning alerts will cause checks in a pull request to fail. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests#code-scanning-results-check-failures)."
-
- # https://github.com/github/releases/issues/2699
- # https://github.com/github/releases/issues/2800
- - |
- To protect repositories from pushes that contain custom secret scanning patterns defined at the enterprise, organization, or repository level, users can enable push protection for those patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
-
- # https://github.com/github/releases/issues/2794
- - |
- Organization owners can view the enablement status of security features for the organization's repositories using the REST API. The endpoint provides details for GitHub Advanced Security, secret scanning, and push protection. For more information, see "[Repositories](/rest/repos/repos?apiVersion=2022-11-28#list-organization-repositories)" in the REST API documentation.
-
- # https://github.com/github/releases/issues/2840
- - |
- Repository administrators can programmatically enable code scanning with a default CodeQL configuration using the REST API. For more information, see the following documentation.
-
- - "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)"
- - "[Get the code scanning default setup configuration](/rest/code-scanning#get-a-code-scanning-default-setup-configuration)" in the Code Scanning REST API documentation
- - "[Update the code scanning default setup configuration](/rest/code-scanning#update-a-code-scanning-default-setup-configuration)" in the Code Scanning REST API documentation
-
- - heading: Dependabot
- notes:
- # https://github.com/github/releases/issues/2976
- - |
- To improve the security of GitHub Actions workflows that pin references, Dependabot can update the versioning for calls to reusable workflows within workflow files. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
-
- # https://github.com/github/releases/issues/2911
- - |
- On an instance with GitHub Actions and the dependency graph enabled, as well as automatic access to GitHub.com actions using GitHub Connect, the web interface will suggest submission actions within a repository with supported languages. For more information, see the following documentation.
-
- - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)"
- - "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)"
- - "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)"
-
- For repositories that use a language that has a submission action, when users with write access visit their dependency graph (this page), we will show them a prompt that directs them to the Marketplace to find an action that would help them.
-
- # https://github.com/github/releases/issues/3007
- - |
- To improve the security of projects that use npm v9, the dependency graph and Dependabot can parse and update `package-lock.json` files that specify `lockfileVersion: 3`. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)," "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)," and [`lockfileVersion`](https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion) in the npm documentation.
-
- # https://github.com/github/releases/issues/2980
- - |
- To improve the security of Gradle projects, the dependency graph and Dependabot can parse and update Gradle version catalogs in `settings.gradle`. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)" and [Sharing dependency versions between projects](https://docs.gradle.org/current/userguide/platforms.html) in the Gradle User Manual.
-
- # https://github.com/github/releases/issues/2806
- - |
- To ensure that users receive the most relevant and actionable alerts about dependency updates, repository administrators and organization owners can enable or disable Dependabot alerts for an individual repository or organization. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository#managing-dependabot-alerts)" or "[AUTOTITLE](/code-security/getting-started/securing-your-organization#managing-dependabot-alerts-and-the-dependency-graph)."
-
- # https://github.com/github/releases/issues/2601
- - |
- If people with access to a repository do not interact with Dependabot security updates for over 90 days, Dependabot will pause automated pull request activity. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)."
-
- # https://github.com/github/releases/issues/3068
- - |
- To help users evaluate the stability risk of a dependency update, Dependabot can fetch release notes, changelogs, and commit history in pull requests that update Docker dependencies. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker)."
-
- # https://github.com/github/releases/issues/2873
- - |
- To assist with software security and supply chain risk management, people with read access to a repository can export a software bill of materials (SBOM) for a repository's dependency graph using the web interface or REST API. The SBOM adheres to the SPDX 2.3 specification. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#generating-and-submitting-a-software-bill-of-materials-sbom)," "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository)," and [The Software Package Data Exchange® (SPDX®) Specification Version 2.3](https://spdx.github.io/spdx-spec/v2.3/) on the SPDX website.
-
- # https://github.com/github/releases/issues/2871
- - |
- The dependency graph can parse Python dependencies for `pyproject.toml` files that follow the PEP 621 standard. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" and [PEP 621 – Storing project metadata in pyproject.toml](https://peps.python.org/pep-0621/) in the Index of Python Enhancement Proposals.
-
- # https://github.com/github/releases/issues/3023
- - |
- Users can use the GraphQL API to review dependencies submitted using the {% data variables.dependency-submission-api.name %}. For more information, see "[AUTOTITLE](/graphql/overview/schema-previews#access-to-a-repositorys-dependency-graph-preview)."
-
- - heading: GitHub Actions
- notes:
- # Required Actions Runner version
- - |
- {% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25]
- # https://github.com/github/releases/issues/3006
- - |
- On instances in a cluster configuration, GitHub Actions is available as a private beta. Beta features are subject to change. For more information, and to enroll in the beta, [contact your representative on GitHub's Sales team](https://github.com/enterprise/contact).
-
- # https://github.com/github/releases/issues/2617
- - |
- Administrators of self-hosted runners for GitHub Actions can configure auto-scaling runners using Actions Runner Controller and runner scale sets. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)."
-
- # https://github.com/github/releases/issues/2896
- - |
- Administrators can bypass all protection rules for a given environment and force the pending jobs referencing the environment to proceed. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#allow-administrators-to-bypass-configured-protection-rules)."
-
- # https://github.com/github/releases/issues/2801
- - |
- Users who deploy with OIDC can define more advanced access policies by including additional custom claims within a token. To help uniquely verify the source of a workflow job, include the following claims.
-
- - `actor_id`
- - `repository_id`
- - `repository_owner_id`
- - `workflow_ref`
- - `workflow_sha`
- - `job_workflow_sha`
-
- For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments).
-
- # https://github.com/github/releases/issues/2905
- - |
- To improve security for workflows that use `GITHUB_TOKEN`, the following defaults apply to new organizations and repositories.
-
- - New organizations that users create inherit permissions from the instance's enterprise-level configuration. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-the-default-github_token-permissions)."
- - New repositories that users create within an organization inherit permissions from the organization. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions)."
- - New user-owned repositories have a read-only `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions)."
-
- # https://github.com/github/releases/issues/2979
- - |
- To allow workflow authors to pin a required workflow file to a fully validated version, required workflows can be referenced using any branch, tag, or commit SHA from the repository containing the workflow file. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-a-required-workflow-for-your-organization)."
- - |
- To enforce required workflows throughout an organization, GitHub Enterprise Server blocks direct pushes to branches where required workflows are enforced. To allow direct pushes for a particular repository, remove the repository as a target for the required workflow. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-a-required-workflow-for-your-organization)."
-
- # https://github.com/github/releases/issues/2861
- - |
- To improve performance for workflows that build Go, caching is enabled by default when using the `setup-go` action. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests/building-and-testing-go#caching-dependencies)."
-
- # IN PROGRESS
- #- heading: GitHub Packages
- # notes:
- # # https://github.com/github/releases/issues/2924
- # - |
- # Users can manage packages in repositories and organizations using the Packages REST API. For more information, see "[AUTOTITLE](/rest/packages?apiVersion=2022-11-28)" in the REST API documentation.
-
- - heading: Organizations
- notes:
- # https://github.com/github/releases/issues/2916
- - |
- To allow the management of branch protection rules without granting admin access, organization owners can create a custom role with the "Edit repository rules" permission. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."
-
- # https://github.com/github/releases/issues/2462
- # https://github.com/github/releases/issues/2556
- - |
- Users of the REST API can programmatically create and update least-privilege roles for repositories using the Custom Repository Roles REST API. The API is generally available, with a breaking change to the API's endpoint paths. Previously, the API was accessible at `/orgs/{org}/custom_roles`, and is now accessible at `/orgs/{org}/custom-repository-roles`. The [List custom repository roles in an organization](/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization) will no longer be available in the next version of the REST API. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)" and "[AUTOTITLE](/rest/orgs/custom-roles?apiVersion=2022-11-28)" in the REST API documentation.
-
- # https://github.com/github/releases/issues/3067
- - |
- Enterprise and organization owners can delete an organization and all of the organization's repositories using the REST API. After deletion, organization names are locked for 90 days. For more information, see "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#delete-an-organization)" in the REST API documentation.
-
- - heading: Repositories
- notes:
- # https://github.com/github/releases/issues/2707
- - |
- Within the "Insights" tab for a repository, the sidebar's "Forks" tab provides more information about a project's forks, including a sortable and filterable list of forks and more details about each fork.
-
- # https://github.com/github/releases/issues/2791
- - |
- Repository administrators can unarchive a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos?apiVersion=2022-11-28#update-a-repository)" in the REST API documentation.
-
- - heading: Projects
- notes:
- # https://github.com/github/releases/issues/2827
- - |
- To visualize a project at a high level and across a configurable timespan, users can apply a roadmap layout to any project view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view#about-the-roadmap-layout)."
-
- # https://github.com/github/releases/issues/2821
- - |
- To get started with a new project faster, users can copy an existing project, including the source project's views, custom fields, and draft issues. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/copying-an-existing-project)."
-
- # https://github.com/github/releases/issues/2820
- - |
- To save time when adding items to a project, users can configure a workflow to automatically add new items from a repository as people create or update items that match specific criteria. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."
-
- # https://github.com/github/releases/issues/2503
- - |
- To keep a long-lived project focused, users can define filters to automatically archive items. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."
-
- # https://github.com/github/releases/issues/2826
- - |
- To easily organize items within a project's columns while using the board layout, users can sort the project by field values using the view configuration menu. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout)."
-
- # https://github.com/github/releases/issues/2829
- - |
- To quickly add a new issue to a project without changing context, users can create a new issue from a project's omnibar by clicking `+`, then clicking **Create new issue**. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project#creating-issues)."
-
- # https://github.com/github/releases/issues/2917
- - |
- To help people scan a project and take action, users can add a color and a text description to each value for a project's single select fields. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields#editing-a-single-select-field)."
-
- # https://github.com/github/releases/issues/2984
- - |
- Users of the GitHub CLI can manage projects from the command line. For more information, see "[AUTOTITLE](/github-cli/github-cli/about-github-cli)" and the [README](https://github.com/github/gh-projects#cli-extension-for-projects) for the `github/gh-projects` repository on GitHub.com.
-
- # https://github.com/github/releases/issues/2978
- - |
- For users who programmatically access projects using the GraphQL API, additional mutations are available. For more information, see "[createProjectV2Field](/graphql/reference/mutations#createprojectv2field)," "[deleteProjectV2Field](/graphql/reference/mutations#deleteprojectv2field)," and "[deleteProjectV2](/graphql/reference/mutations#deleteprojectv2)" in the "Mutations" GraphQL documentation.
-
- - heading: GitHub Discussions
- notes:
- # https://github.com/github/releases/issues/2967
- - |
- To indicate that a discussion is resolved, outdated, or a duplicate, users can close the discussion. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/managing-discussions#closing-a-discussion)."
-
- # https://github.com/github/releases/issues/2825
- - |
- To encourage other users to include specific, structured information in discussions, users can create discussion category forms. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/creating-discussion-category-forms)."
-
- # https://github.com/github/releases/issues/2675
- - |
- After a user locks a discussion and disallows further comments, the user can permit emoji reactions on the discussion. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/moderating-discussions#locking-discussions)."
-
- - heading: Pull requests
- notes:
- # https://github.com/github/releases/issues/3026
- - |
- To provide feedback on an entire file, or a file that's been deleted, users can comment on a file from a pull request's "Files changed" tab. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)."
-
- # https://github.com/github/releases/issues/2857
- - |
- Users of the GraphQL API can revert a merged pull request by using the revertPullRequest mutation. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/reverting-a-pull-request)" and "[AUTOTITLE](/graphql/reference/mutations#revertpullrequest)" in the GraphQL API documentation.
-
- changes:
- # https://github.com/github/releases/issues/2909
- - |
- Field names and destinations for some service logs on GitHub Enterprise Server have changed. If any tooling or processes in your environment rely on specific field names within logs, or log entries in specific files, the following changes may affect you.
-
- - `level` is now `SeverityText`.
- - `log_message`, `msg`, or `message` is now `Body`.
- - `now` is now `Timestamp`.
- - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
-
- For a full list of field mappings, download the [OpenTelemetry attribute mapping CSV](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv). This change is part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/), and additional field names will change in upcoming releases.
-
- # https://github.com/github/ghes/issues/6342
- - |
- On a configured instance, the name for the HAProxy service is now `haproxy-frontend`. Previously, the name was `haproxy`. Additionally, on an unconfigured instance, there is a new service named `haproxy-pre-config`. If your instance forwards logs to an external system, update your rules to reflect these changes. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)" article
-
- # https://github.com/github/releases/issues/2757
- - |
- For an instance or organization with 2FA enabled, when a user sets up 2FA, GitHub Enterprise Server suggests an authenticator app (TOTP) by default.
-
- # https://github.com/github/releases/issues/3160
- - |
- When a person with administrative SSH access to an instance submits a support bundle using either the `ghe-support-bundle` or `ghe-cluster-support-bundle` utility, a period for log collection specified with the `-p` or `--period` no longer requires quotes to enclose the date value. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-support-bundle)."
-
- # https://github.com/github/releases/issues/2745
- - |
- To provide additional context within the web interface on an instance where Dependabot alerts are enabled, links to Dependabot alerts in an issue or pull request comment display an improved label and hovercard with alert details.
-
- # https://github.com/github/releases/issues/2599
- - |
- On an instance with Dependabot alerts enabled, people with write or maintain access to a repository can view or act on Dependabot alerts by default. Custom roles, the security manager role, organization permissions, and notification settings are not affected.
-
- # https://github.com/github/releases/issues/2946
- - |
- On an instance with a GitHub Advanced Security license and GitHub Connect enabled for the synchronization of actions from GitHub.com, CodeQL code scanning is up to 16% faster. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
-
- # https://github.com/github/releases/issues/2865
- - |
- On an instance with a GitHub Advanced Security license and email configured for notifications, users can receive notifications for secret scanning alerts by watching a repository and choosing "All activity" or "Security alerts". To continue receiving notifications for secret scanning alerts in GitHub Enterprise Server 3.9 and later, users must enable email notifications in the web interface at `http(s)://HOSTNAME/settings/notifications` under "Watching" by choosing "Email".
-
- # https://github.com/github/releases/issues/2724
- - |
- On an instance with a GitHub Advanced Security license, secret scanning alerts display whether detected tokens from GitHub are valid.
-
- # https://github.com/github/releases/issues/2776
- - |
- On an instance with a GitHub Advanced Security license, the enterprise and organization audit logs now display an event when an owner enables or disables a push protection for a custom pattern for a repository, organization, or the enterprise. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#org-category-actions)" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection-category-actions)."
-
- # https://github.com/github/releases/issues/2892
- - |
- Users can filter the lists of alerts for Dependabot, code scanning, and secret scanning by repository topic or team in the security overview for an organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-
- # https://github.com/github/releases/issues/3073
- - |
- In the security overview for an organization, the following improvements apply to the "Security coverage" view during feature enablement.
-
- - To provide insight into the number of GitHub Advanced Security licenses used, active committers for the repository are visible. For repositories where GitHub Advanced Security is not enabled, the number indicates the number of licenses required to enable the feature.
- - Unsaved changes are now labeled with a "Modified" tag, and the "Save security settings" button now displays the total number of changes to save.
- - While a security feature is being enabled, the "Security coverage" view shows a status of "Updating..." to inform you of the ongoing process.
-
- For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
-
- # https://github.com/github/releases/issues/2811
- - |
- In the security overview's "Security risk" and "Security coverage" views, when a user selects a team from the "Team" drop-down or filters by team, results appear for repositories where the team has write or administrative access or has been granted access to security alerts. Previously, users could only view results for repositories where the team had administrative access or had been granted access to security alerts.
-
- # https://github.com/github/releases/issues/2822
- - |
- To provide more context within a project, users can share a deep link to a specific issue in a project to have the issue open in the project's side panel.
-
- # https://github.com/github/releases/issues/2958
- - |
- Organization owners can create up to five custom repository roles. Previously, the limit was three. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)."
-
- # https://github.com/github/releases/issues/2799
- - |
- When transferring a repository, users can also rename the repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository)."
-
- # https://github.com/github/releases/issues/2961
- - |
- If a user archives a repository, responses from the GraphQL API that include information about the repository now include an `archivedAt` value with a timestamp representing the archival date.
-
- backups:
- # https://github.com/github/releases/issues/3050
- - |
- Before beginning a backup with GitHub Enterprise Server Backup Utilities 3.9.0 and later, the `ghe-host-check` utility will now perform a preflight check on the backup host to confirm the software version and disk space requirements. For more information, see the [3.9.0 release](https://github.com/github/backup-utils/releases/tag/v3.9.0) in the `github/backup-utils` repository on GitHub.com.
-
- # https://github.com/github/releases/issues/3052
- - |
- GitHub Enterprise Server Backup Utilities 3.9.0 allows administrators to view the progress of backup and restoration operations on the backup host using the `ghe-backup-progress` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance#monitoring-backup-or-restoration-progress)."
-
- known_issues:
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- The Management Console may get stuck in a loop showing "Checking requirements..." when attempting to download an update. It is safe to proceed the update process manually via the command line.
- - |
- {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- - |
- {% data reusables.release-notes.manage-api-unreachable %} [Updated: 2023-06-22]
- - |
- On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
-
- ```shell
- Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
- ```
-
- You can safely ignore this message.
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- {% data reusables.release-notes.mermaid-rendering-known-issue %} [Updated: 2023-08-18]
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- - |
- On an instance with GitHub Actions enabled, if shared runner groups are configured for the enterprise, the enterprise security overview page may return a `500` error. You can avoid the issue by trying one of the following workarounds.
-
- - Add a runner scale set to the enterprise runner group shared with the repositories.
- - Remove access to the enterprise runner group from the affected repositories or organizations.
-
- [Updated: 2023-09-05]
-
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
- - |
- {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
-
- deprecations:
- # https://github.com/github/releases/issues/2826
- - heading: Change to command-line utility for management of replication
- notes:
- - |
- On an instance with multiple nodes, people with administrative SSH access to the instance should use `ghe-spokesctl` for management of Git replication instead of `ghe-spokes`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-spokesctl)."
-
- # https://github.com/github/releases/issues/2773
- - heading: Dependency graph no longer ingests go.sum files
- notes:
- - |
- Because `go.sum` files are not lock files and may result in false positive Dependabot alerts, on an instance with the dependency graph enabled, the `go.sum` files are no longer ingested for users' Go repositories. If Dependabot alerts are enabled, Dependabot will no longer alert users for vulnerabilities in a `go.sum` file's dependencies. The dependency graph continues to support `go.mod` files, the recommended format for Go projects. Use Go 1.17 or higher to ensure your `go.mod` file contains a comprehensive view of all direct and transitive dependencies. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
-
- # https://github.com/github/releases/issues/2938
- - heading: Only GitHub Actions can publish a GitHub Pages site if source includes symbolic links
- notes:
- - |
- To improve the security of an instance where users deploy sites using GitHub Pages, sites that contain symbolic links will no longer build outside of GitHub Actions. If a user's site is affected and a site administrator has configured email for the instance, the user will receive an email with instructions about how to fix the error. To continue using symbolic links in the site's source, the instance must be configured for GitHub Actions, and the user must write a GitHub Actions workflow to use as a publishing source. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites)."
-
- errata:
- # https://github.com/github/releases/issues/2986
- - |
- Previously, these release notes indiciated that organization owners could enable the display of organization members' IP addresses in audit log events. Audit logs for GitHub Enterprise Server always include IP addresses. [Updated: 2024-03-28]
diff --git a/data/release-notes/enterprise-server/3-9/1.yml b/data/release-notes/enterprise-server/3-9/1.yml
deleted file mode 100644
index a333a592ff6a..000000000000
--- a/data/release-notes/enterprise-server/3-9/1.yml
+++ /dev/null
@@ -1,175 +0,0 @@
-date: '2023-07-18'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.1-known-issues)" section of these release notes.
-
- The known issues originally published on 2023-07-18 omitted a number of known issues that still existed. The `Known issues` section below was updated on 2023-08-08.
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **MEDIUM**: An attacker with write access to a repository could craft a pull request that would hide commits made in its source branch. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23764). [Updated: 2023-07-26]
- - |
- An attacker with access to the password hash of the root site administrator user for the instance's Management Console could make requests to the password API endpoint from outside of the instance.
- - |
- Packages have been updated to the latest security versions.
- - |
- **LOW:** An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and was assigned [CVE-2023-23765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23765).
- bugs:
- - |
- If MinIO was configured for external blob storage on an instance with GitHub Actions enabled and MinIO was configured for bucket replication, the instance's credential validation with MinIO would occasionally fail.
- - |
- Customers who use Azure Blob store as the remote blob provider to back GitHub Packages would have validation errors if the `EndpointSuffix` part of their Connection string was anything other than `core.windows.net`. Now all valid `EndpointSuffix` are accepted.
- - |
- When a user viewed a Jupyter notebook, GitHub Enterprise Server returned a `500` error code if the instance was configured with a self-signed TLS certificate.
- - |
- After creation of a blob object from the web UI, pre-receive hook events were missing from the instance's audit log.
- - |
- On an instance with an outbound web proxy server configured, the proxy interfered with internal operations that used `nomad alloc exec`.
- - |
- On an instance in a cluster configuration, the `ghe-cluster-balance` behaved inconsistently when displaying status or managing jobs with more than one task group.
- - |
- `.topojson` files would not render correctly, but files that conformed to the TopoJSON spec that used a `.geojson` extension would render correctly.
- - |
- On an instance configured for LDAP authentication, if the LDAP server sent an empty string for the `sshPublicKey` attribute, LDAP user sync would fail.
- - |
- REST API endpoints for managing GitHub Enterprise Server are now functional. For more information, see "[Manage GitHub Enterprise Server](/rest/enterprise-admin/manage-ghes?apiVersion=2022-11-28)" in the REST API documentation.
- - |
- After creation of a new Management Console user, the Management Console did not display the button to copy the new users invitation.
- - |
- On an instance with Dependabot enabled, in some situations, Dependabot alerts were not updated when a user pushed to a repository.
- - |
- In some cases, pull requests with more than 25 rich-diff renderable files required that users toggle the diff type to correctly render the files over the 25-file limit.
- - |
- In rare circumstances, Git commits signed with SSH keys using the RSA algorithm would incorrectly indicate the signature was invalid.
- - |
- After a migration using GitHub Enterprise Importer, some repository autolink references were created with an incorrect format.
- - |
- In some cases on an instance without a GitHub Advanced Security license, Redis exceeded the maximum default memory allocation, causing `500` errors for the instance's users.
- - |
- On an instance with many organizations, the enterprise security overview page returned a `500` error.
- - |
- On an instance that was not configured to deliver email notifications using SMTP, background jobs to deliver email were enqueued unnecessarily.
- - |
- Users were unable to configure a SSH certificate authority for an organization.
- - |
- An erroneous "Blocked Copilot Repositories" link was visible in site admin pages for organizations.
- - |
- On an instance with GitHub Actions enabled and a GitHub Advanced Security license, repository-level runner scale sets were not accounted for when determining whether default setup for code scanning could be used.
- - |
- Events related to repository notifications did not appear in the audit log.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, a committer would not receive an email notification for a secret scanning alert where push protections were bypassed.
- - |
- On an instance with a GitHub Advanced Security license, if a user filtered by a custom pattern on an organizations "Code & security analysis" page using an invalid query, the entire GitHub Advanced Security disappeared and an error reading "Sorry, something went wrong loading GitHub Advanced Security settings" appeared.
- - |
- On an instance with a GitHub Advanced Security license, if a user browsed to the alerts page for secret scanning without signing in, the instance responded with a `500` error.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, output from Git for a push blocked by push protection always included an `http://` link.
- - |
- On an instance with GitHub Actions enabled, links to `http(s)://HOSTNAME/features/actions` from the web UI returned a `500` error.
- - |
- If a user added a new item to a projects roadmap view, and the item was outside of the viewport, the view would crash and display "This project failed to load".
- - |
- The audit log reported the incorrect target repository for pre-receive hook failures.
- - |
- Users can add issues and pull requests from any organization to a project, and are no longer limited to the user or organization of the project.
- - |
- On an instance with GitHub Actions enabled and a GitHub Advanced Security license, enterprise-level runner scale sets with the `code-scanning` label were not sufficient to allow default setup for code scanning.
- - |
- On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories.
- - |
- On an instance with multiple nodes, `ERROR`-level "resolver failed" errors no longer appear in system logs when the instance is unable to resolve an offline fileserver. The messages are now `DEBUG`-level.
- - |
- On an instance with a GitHub Advanced Security license that was also configured for a timezone greater than UTC, the list of secret scanning alerts displayed a "Loading secrets failed" error if a user sorted secrets by date in descending order.
- - |
- Code Scanning workflow runs now only request the `code-scanning` label so that they can be used with runner scale sets.
- changes:
- - |
- On an instance in a cluster configuration, the `ghe-cluster-config-check` command-line utility will return an affirmative message when no warnings or errors are detected. The affirmative message is "Configuration validation complete. No errors found."
- - |
- During initialization of a cluster configuration, output from the `ghe-cluster-config-init` command-line utility is improved and simplified.
- - |
- The API endpoint for management of the GitHub Enterprise Server instance was unavailable prior to initial configuration of the instance.
- - |
- The Management Console displays a warning about unexpected consequences that may result from modification of the instance's hostname after initial configuration.
- - |
- On an instance with multiple nodes, internal tooling to repair repositories now attempts to resolve problems within the entire repository network.
- - |
- To supplement a disaster recovery plan for a GitHub Enterprise Server instance in a cluster configuration, an administrator can configure a replica of an entire cluster in a separate datacenter, allowing the cluster to fail over to redundant nodes. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster)."
- known_issues:
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- The Management Console may get stuck in a loop showing "Checking requirements..." when attempting to download an update. It is safe to proceed the update process manually via the command line.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- - |
- On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
-
- ```shell
- Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
- ```
-
- You can safely ignore this message.
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- {% data reusables.release-notes.mermaid-rendering-known-issue %} [Updated: 2023-08-18]
- - |
- {% data reusables.release-notes.migrations-missing-section-known-issue %} [Updated: 2023-08-18]
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- - |
- On an instance with GitHub Actions enabled, if shared runner groups are configured for the enterprise, the enterprise security overview page may return a `500` error. You can avoid the issue by trying one of the following workarounds.
-
- - Add a runner scale set to the enterprise runner group shared with the repositories.
- - Remove access to the enterprise runner group from the affected repositories or organizations.
-
- [Updated: 2023-09-05]
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
- - |
- {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/10.yml b/data/release-notes/enterprise-server/3-9/10.yml
deleted file mode 100644
index 7988205a31b4..000000000000
--- a/data/release-notes/enterprise-server/3-9/10.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-date: '2024-02-13'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.10-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH:** An attacker could gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. GitHub has requested CVE ID [CVE-2024-1082](https://www.cve.org/cverecord?id=CVE-2024-1082) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection when configuring SAML settings. GitHub has requested CVE ID [CVE-2024-1372](https://www.cve.org/cverecord?id=CVE-2024-1372) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection when setting an HTTP proxy. GitHub has requested CVE ID [CVE-2024-1359](https://www.cve.org/cverecord?id=CVE-2024-1359) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection into nomad templates when configuring SMTP options. GitHub has requested CVE ID [CVE-2024-1378](https://www.cve.org/cverecord?id=CVE-2024-1378) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection in the `actions-console` docker container while setting a service URL. GitHub has requested CVE ID [CVE-2024-1355](https://www.cve.org/cverecord?id=CVE-2024-1355) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection in the `syslog-ng` configuration file. GitHub has requested CVE ID [CVE-2024-1354](https://www.cve.org/cverecord?id=CVE-2024-1354) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection when setting the username and password for `collectd` configurations. GitHub has requested CVE ID [CVE-2024-1369](https://www.cve.org/cverecord?id=CVE-2024-1369) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection into nomad templates when configuring audit log forwarding. GitHub has requested CVE ID [CVE-2024-1374](https://www.cve.org/cverecord?id=CVE-2024-1374) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker could create new branches in public repositories, and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. GitHub has requested CVE ID [CVE-2024-1482](https://www.cve.org/cverecord?id=CVE-2024-1482) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM:** An attacker could make changes to a user account by taking advantage of a Cross-site Scripting vulnerability in the tag name pattern field in the tag protections UI. Exploitation of this vulnerability required user interaction with malicious javascript on a website along with further social engineering. GitHub has requested CVE ID [CVE-2024-1084](https://www.cve.org/cverecord?id=CVE-2024-1084) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **LOW:** An attacker could decrypt the user section of the enterprise user license list JSON file by using an exposed private key. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- On startup, Elasticsearch logged an innocuous JMX MBeans registration error.
- - |
- Hunk headers in C# files did not correctly display changed functions.
- - |
- Pre-receive hook failures were not visible in the administrator audit log. A previous bug fix for this issue was incomplete.
- - |
- When restoring a deleted repository, some metadata associated with the repository, such as packages or project items, did not properly restore.
- - |
- During Git data server maintenance, a process that was ran on unsupported GitHub Enterprise Server topologies created a significant amount of system logs but did not perform any repair work.
- changes:
- - |
- The default 30 second webhook delivery HTTP timeout can be configured.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-02-pages-deployment-error %} [Updated: 2024-03-07]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/11.yml b/data/release-notes/enterprise-server/3-9/11.yml
deleted file mode 100644
index 432465ea7fc1..000000000000
--- a/data/release-notes/enterprise-server/3-9/11.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-date: '2024-02-29'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.11-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH**: On an instance with GitHub Connect enabled and non-default settings for GitHub Connect configured, an attacker could use an enterprise GitHub Actions download token to fetch private repository data. This token is only accessible to users on the GitHub Enterprise Server instance. To fix this vulnerability, the Actions download token will now be a permissionless token. GitHub has requested CVE ID [CVE-2024-1908](https://www.cve.org/cverecord?id=CVE-2024-1908) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- Redundant messages caused increased log volumes in `/var/log/syslog`.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/12.yml b/data/release-notes/enterprise-server/3-9/12.yml
deleted file mode 100644
index 948126160d54..000000000000
--- a/data/release-notes/enterprise-server/3-9/12.yml
+++ /dev/null
@@ -1,100 +0,0 @@
-date: '2024-03-20'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.12-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH:** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. GitHub has requested CVE ID [CVE-2024-2469](https://www.cve.org/cverecord?id=CVE-2024-2469) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH:** An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring GeoJSON settings. GitHub has requested CVE ID [CVE-2024-2443](https://www.cve.org/cverecord?id=CVE-2024-2443) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- In some cases, storage initialization on a new instance launch could cause EBS-backed data volumes to not be detected correctly.
- - |
- Redundant messages caused an increase in the volume of events logged in `/var/log/syslog`.
- - |
- Administrators could initiate an SSH audit that unknowingly unverified all SSH keys.
- - |
- Attributes used to debug LDAP issues were not included in system logs.
- - |
- On an instance in a cluster configuration with high availability enabled, the `ghe-spokesctl` command failed when run on a replica node.
- - |
- On an instance with GitHub Actions enabled, GitHub Actions workflows that deployed GitHub Pages sites failed with the following error: `Error: Deployment failed, try again later.`
- - |
- Organizations using projects (classic) returned an error log about a soon-to-be deprecated MySQL feature when viewing a project.
- - |
- On an instance in a cluster configuration, Jupyter notebooks did not render correctly.
- - |
- In some cases, manual repository maintenance using ghe-spokesctl would fail with the following error: panic: runtime error: invalid memory address or nil pointer dereference.
- - |
- On an instance with a GitHub Advanced Security license, in some cases, when a user deleted a custom pattern for secret scanning, GitHub Enterprise Server failed to close or delete the pattern's alerts.
- - |
- On an instance in a cluster configuration with many nodes, requests to the REST API for managing GitHub Enterprise Server would exceed the instance's HTTP timeouts.
- - |
- In some cases, the `codeload` service could panic during shutdown and not terminate gracefully.
- - |
- When an administrator set a policy to require two-factor authentication (2FA) for an enterprise, a message incorrectly indicated that users without 2FA enabled on their account would be removed from the enterprise. These users will be removed from repositories and organizations in the enterprise, but not from the enterprise itself.
- - |
- On an instance with a GitHub Advanced Security license, viewing a secret scanning alert as a user without the security manager role would return a `500` error if the alert was generated from a Git tag instead of a normal commit.
- - |
- When using GitHub Enterprise Importer to import repositories, `ghost` users in archive metadata files would cause an error when generating a list of migration conflicts using `ghe-migrator conflicts`.
- - |
- Some API endpoints for projects did not properly filter target repositories based on the users access.
- - |
- After an administrator ran `ghe-saml-mapping-csv`, the output did not include the corresponding SQL query.
- - |
- During a configuration run prompted by the delayed restart of the `notebooks` service, a container validation warning appeared in system logs.
- - |
- On an instance in a cluster configuration, rebuilds of GitHub Pages sites failed if no replicas of the GitHub Pages data were available (for example, on a newly restored cluster).
- - |
- On an instance with code scanning enabled, upgrades to GitHub Enterprise Server version 3.9 or 3.10 could be slow if a large number of code scanning analyses were present on the instance.
- changes:
- - |
- Gists can be deleted using the **Purge Gist** button on the Deleted Gists page in Staff Tools.
- - |
- People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2).
- - |
- The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)."
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/13.yml b/data/release-notes/enterprise-server/3-9/13.yml
deleted file mode 100644
index 3c6f59793efd..000000000000
--- a/data/release-notes/enterprise-server/3-9/13.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-date: '2024-04-18'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.13-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH**: An attacker with the editor role in the Management Console could gain administrative SSH access to the appliance by command injection when configuring the chat integration. GitHub has requested CVE ID [CVE-2024-3646](https://www.cve.org/cverecord?id=CVE-2024-3646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). The editor role has been deprecated. For more information, see the "Changes" section of these release notes.
- - |
- **HIGH**: An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring Artifact & Logs and Migrations Storage. GitHub has requested CVE ID [CVE-2024-3684](https://nvd.nist.gov/vuln/detail/CVE-2024-3684) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM**: An attacker could maintain admin access to a detached repository in a race condition by making a GraphQL mutation to alter repository permissions while the repository is detached. GitHub has requested CVE ID [CVE-2024-2440](https://nvd.nist.gov/vuln/detail/CVE-2024-2440) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- A GraphQL endpoint was disabled as part of a previous security fix, causing errors with the "Auto-add to project" workflow and with issue creation from within a project. To resolve these errors, a security patch has been applied and the affected GraphQL endpoint has been re-enabled.
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- When configuring audit log streaming to Datadog or Splunk on an instance with custom CA certificates, the connection failed with the error `There was an error trying to connect`.
- - |
- Disk usage, utilization, and latency for data devices could render incorrectly in Grafana.
- - |
- On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01]
- - |
- The `ghe-update-check` command did not clean up .tmp files in `/var/lib/ghe-updates/`, which could lead to full disk issues.
- - |
- On an instance that failed a configuration run, when attempting to repeat the restore step of a backup, the audit log restore step returned error lines even though audit logs were being fully restored.
- - |
- In some cases, Treelights timeouts caused pull requests to return a 500 error.
- - |
- On an instance with a GitHub Advanced Security license, some searches for secret scanning alerts resulted in a `500` error.
- - |
- The web UI presented inapplicable fine-grained permissions for assignment to custom repository roles. The permissions were also displayed as implicitly included in certain base roles.
- - |
- The profile settings for organizations displayed a warning about profile images that does not apply to organizations on a GitHub Enterprise Server instance.
- - |
- Administrators could get a 500 error when trying to access the "File storage" section of the site admin dashboard.
- - |
- On an instance where user avatars had been deleted directly from the database, an identicon avatar was not correctly displayed for affected users, and administrators may have observed a relatively high number of application exceptions.
- - |
- On an instance with code scanning enabled, on the tool status page for code scanning, outdated upload errors were still displayed after a successful upload.
- changes:
- - |
- On an instance hosted on Azure, administrators can set and reset SSH keys and passwords via the Azure Agent.
- - |
- On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)."
- - |
- As a result of a security vulnerability, the editor role for a Management Console user has been deprecated. For details, see the "Security fixes" section of these release notes. Existing users with the editor role will be unable to log in to the Management Console, and should contact their site administrator requesting that access be reinstated by updating the user to the operator role if appropriate.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/14.yml b/data/release-notes/enterprise-server/3-9/14.yml
deleted file mode 100644
index fe10dcd43560..000000000000
--- a/data/release-notes/enterprise-server/3-9/14.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-date: '2024-05-08'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.14-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- Running `ghe-repl-node -d` did not validate value length in order to prevent values longer than 20 characters.
- - |
- For an instance in a cluster configuration, during the migration phase of a configuration run, the process of copying configuration updates to all nodes would fail.
- - |
- External collaborators with read-only access were able to run workflows on their pull requests from private forks without approval.
- - |
- On an instance with a GitHub Advanced Security license, custom pattern matches were incorrectly filtered during post-scan filtering.
- changes:
- - |
- To aid in understanding the CPU/memory utilization of secret scanning processes, the binary names of nomad workers were updated to differentiate between the different types of secret scanning jobs.
- - |
- A more specific error message is shown when the `ghe-repl-node` command is run on an instance not configured for high availability.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/15.yml b/data/release-notes/enterprise-server/3-9/15.yml
deleted file mode 100644
index a0311aeb33ca..000000000000
--- a/data/release-notes/enterprise-server/3-9/15.yml
+++ /dev/null
@@ -1,52 +0,0 @@
-date: '2024-05-20'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.15-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **CRITICAL**: On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges.
-
- Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-
- For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)."
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/16.yml b/data/release-notes/enterprise-server/3-9/16.yml
deleted file mode 100644
index 8c71c86e127c..000000000000
--- a/data/release-notes/enterprise-server/3-9/16.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-date: '2024-06-19'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.16-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH**: An attacker with the site administrator role could gain arbitrary code execution capability on the GitHub Enterprise Server appliance when configuring audit log streaming. GitHub has requested CVE ID [CVE-2024-5746](https://www.cve.org/cverecord?id=CVE-2024-5746) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- On an instance with GitHub Actions and External MySQL enabled, a validation step in the config apply could fail.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- When enabling [log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding), specific services logs (babeld and some more) are duplicated.
- - |
- The reply.[hostname] subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via management console without subdomain isolation.
- - |
- When log forwarding is enabled, some forwarded log entries may be duplicated.
- - |
- Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
- - |
- If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
diff --git a/data/release-notes/enterprise-server/3-9/18.yml b/data/release-notes/enterprise-server/3-9/18.yml
new file mode 100644
index 000000000000..25a0d072054e
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-9/18.yml
@@ -0,0 +1,121 @@
+date: '2024-07-19'
+intro: |
+
+ >[!NOTE] Due to a bug that caused hotpatch upgrades to fail for instances on Microsoft Azure, the previous patch release in this series (**3.9.17**) is not available for download. The following release notes include the updates introduced in that release.
+
+ {% warning %}
+
+ **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.17-known-issues)" section of these release notes.
+
+ {% endwarning %}
+sections:
+ security_fixes:
+ - |
+ **HIGH**: An attacker could cause unbounded resource exhaustion on the instance by sending a large payload to the Git server. To mitigate this issue, GitHub has limited the count of "have" and "want" lines for Git read operations. GitHub has requested CVE ID [CVE-2024-5795](https://www.cve.org/cverecord?id=CVE-2024-5795) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related {% data variables.product.pat_generic %}. GitHub has requested CVE ID CVE-2024-5566 for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized access in a public repository using a suspended GitHub App via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. GitHub has requested CVE ID [CVE-2024-5816](https://www.cve.org/cverecord?id=CVE-2024-5816) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could execute a Cross Site Request Forgery (CSRF) attack to perform write operations on a victim-owned repository in GitHub Enterprise Server by exploiting incorrect request types. A mitigating factor is that the attacker has to be a trusted user and the victim has to visit a tag in the attacker's fork of their own repository. GitHub has requested CVE ID [CVE-2024-5815](https://nvd.nist.gov/vuln/detail/CVE-2024-5815) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **MEDIUM:** An attacker could disclose sensitive information from a private repository exploiting organization ruleset features. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. GitHub has requested CVE ID [CVE-2024-6336](https://www.cve.org/cverecord?id=CVE-2024-6336) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
+ - |
+ **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+ - |
+ **LOW:** An attacker with read access to a project could use the REST API to view a list of all members in an organization, including members who had made their membership private. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ **LOW:** An attacker could include MathJax syntax in Markdown to bypass GitHubs normal restrictions on CSS properties in Markdown. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
+ - |
+ Firewall port 9199, which linked to a static maintenance page used when enabling maintenance mode with an IP exception list, was opened unnecessarily.
+ bugs:
+ - |
+ When an instance hosted on Azure was upgraded with a hotpatch, the upgrade failed with an `rsync` error.
+ - |
+ On an instance with GitHub Actions enabled, remote blob storage could fill up with large amounts of data because cleanup jobs were skipped on old hosts.
+ - |
+ The memory limit for a Redis job was too low in some cases, causing the process to run out of memory.
+ - |
+ In some cases, commands run in an administrative SSH shell were not written to the audit log.
+ - |
+ When an administrator submitted a support data to GitHub Support, spokesd keys were incorrectly sanitized.
+ - |
+ When log forwarding was enabled, some specific service logs, including babeld, gitauth, unicorn, and resqued, were duplicated.
+ - |
+ During the initial boot of an instance, a data disk attached as `/dev/sdb` may not have been recognized as an available disk.
+ - |
+ In some cases, the HAProxy `kill_timeout` setting caused service outages during upgrades or large transactions.
+ - |
+ The `ssh-audit-log.sh` script did not effectively log SSH commands, and the `ghe-sanitize-log.psed` script inadequately sanitized password-related logs
+ - |
+ The default MSSQL timeout of 8 seconds sometimes caused issues during administrator activities. The default timeout has been increased to 30 seconds.
+ - |
+ For an instance running on Microsoft Azure, the user disk service failed to start because the attached volume could not be found.
+ - |
+ Establishing a new GitHub Connect connection could fail with a 500 error.
+ - |
+ When using `ghe-migrator` to migrate a repository, the links for pull requests merge commits were not imported.
+ - |
+ In some cases, reading data from repositories with a large number of objects would result in timeout or error.
+ - |
+ On an instance that restricts emails to verified domains, secret scanning emails would sometimes be sent to an unverified domain.
+ - |
+ In some cases, on the "Files" tab of a pull request, a comment on the first line did not render.
+ - |
+ Some organizations were not recognized as part of an instance's enterprise account.
+ - |
+ On the "Code scanning" page of a repository, the branch filter did not correctly display all branches.
+ - |
+ Users viewing the alerts index page experienced inconsistencies in rendering the closed alert state.
+ - |
+ Organizations named "C" were incorrectly routed to the GitHub Enterprise Server contact page instead of their organization page.
+ - |
+ Chat integrations required frequent reauthentication, as a result of new app installations overwriting previous ones.
+ - |
+ On an instance in a cluster configuration, the `ghe-spokesctl ssh` command did not select the correct Nomad container when running a command within a git repository.
+ - |
+ On an instance with a GitHub Advanced Security license, disabling and re-enabling GitHub Advanced Security for an organization resulted in redundant scans of some repositories.
+ changes:
+ - |
+ When a user changes a repository's visibility to public, the user is now warned that previous Actions history and logs will become public as well.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+ - |
+ When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
+ - |
+ The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+ - |
+ When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
+ - |
+ {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
+ - |
+ {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
+ - |
+ {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
+ - |
+ {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
+ - |
+ {% data reusables.release-notes.2023-11-aws-system-time %}
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
+ - |
+ {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
+ - |
+ {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
+ - |
+ {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
+ - |
+ The reply.[hostname] subdomain is falsely always displaying as having no ssl and dns record, when testing the domain settings via management console **without subdomain isolation**.
+ - |
+ _Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised._
+ - |
+ If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
diff --git a/data/release-notes/enterprise-server/3-9/2.yml b/data/release-notes/enterprise-server/3-9/2.yml
deleted file mode 100644
index b2662be64837..000000000000
--- a/data/release-notes/enterprise-server/3-9/2.yml
+++ /dev/null
@@ -1,90 +0,0 @@
-date: '2023-07-28'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.2-known-issues)" section of these release notes.
-
- The known issues originally published on 2023-07-28 omitted a number of known issues that still existed. The `Known issues` section below was updated on 2023-08-08.
- {% endwarning %}
-sections:
- changes:
- - |
- Added a pre-upgrade check to validate the GHES version and MySQL configuration before allowing an upgrade to 3.9.
- - |
- Adjusted the timeout threshold for shutting down MySQL to prevent premature termination when upgrading to GHES 3.9.
-
- known_issues:
- - |
- After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)."
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- The Management Console may get stuck in a loop showing "Checking requirements..." when attempting to download an update. It is safe to proceed the update process manually via the command line.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- - |
- On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
-
- ```shell
- Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
- ```
-
- You can safely ignore this message.
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- {% data reusables.release-notes.mermaid-rendering-known-issue %} [Updated: 2023-08-18]
- - |
- {% data reusables.release-notes.migrations-missing-section-known-issue %} [Updated: 2023-08-18]
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- - |
- On an instance with GitHub Actions enabled, if shared runner groups are configured for the enterprise, the enterprise security overview page may return a `500` error. You can avoid the issue by trying one of the following workarounds.
-
- - Add a runner scale set to the enterprise runner group shared with the repositories.
- - Remove access to the enterprise runner group from the affected repositories or organizations.
-
- [Updated: 2023-09-05]
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
- - |
- {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/3.yml b/data/release-notes/enterprise-server/3-9/3.yml
deleted file mode 100644
index 20de3c917f0f..000000000000
--- a/data/release-notes/enterprise-server/3-9/3.yml
+++ /dev/null
@@ -1,86 +0,0 @@
-date: '2023-08-10'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.3-known-issues)" section of these release notes.
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **LOW:** An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a reopened pull request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/) and was assigned [CVE-2023-23766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23766). [Updated: 2023-09-22]
- bugs:
- - |
- API results were incomplete, and ordering of results was incorrect if `asc` or `desc` appeared in lowercase within the API query.
- - |
- The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request.
- - |
- When a site administrator used GitHub Enterprise Importer on versions 3.7 and below to migrate repositories from GitHub Enterprise Server, the system backup size would increase after running many migrations due to storage files not being cleaned up.
- - |
- A collaborator with the "Set the social preview" permission inherited from the "Read" role could not upload the social preview image of a repository.
- - |
- The security settings page for a repository would return an error when enterprise-level runners were assigned to the repository.
- - |
- GitHub Enterprise Server was queuing zip jobs unnecessarily.
- - |
- On an instance configured to use an outbound web proxy server, an administrator could not exclude private domains in [this list](https://github.com/weppos/publicsuffix-ruby/blob/main/data/list.txt) from the proxy configuration. [Updated: 2023-11-27]
- changes:
- - |
- On GitHub Enterprise Server 3.8 and above, a blob storage provider must be configured in the Management Console in order to use the GitHub Enterprise Importer CLI, "startRepositoryMigration" GraphQL API, or "Start an organization migration" REST API. The "Migrations" section in the Management Console was mistakenly removed and has been added back.
- - |
- Administrators can display all repositories in a network with `spokesctl` by using the `repositories` subcommand.
- - |
- The secondary abuse rate limits of the GraphQL API are now configurable in the Management Console. [Updated: 2023-09-01]
- known_issues:
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- {% data reusables.release-notes.mermaid-rendering-known-issue %}
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.migrations-blob-storage-unconfigurable-known-issue %} [Updated: 2023-08-18]
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
- - |
- {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/4.yml b/data/release-notes/enterprise-server/3-9/4.yml
deleted file mode 100644
index fb6c8ef7d348..000000000000
--- a/data/release-notes/enterprise-server/3-9/4.yml
+++ /dev/null
@@ -1,74 +0,0 @@
-date: '2023-08-24'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.4-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after the fork's visibility was changed to private. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and assigned [CVE-2023-23763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23763). [Updated: 2023-09-01]
- - Packages have been updated to the latest security versions.
- bugs:
- - On an instance with GitHub Actions enabled, scale sets configured at the enterprise level did not appear for use within the instance's organizations or repositories.
- - When an administrator tried to validate blob storage connection settings for GitHub Enterprise Importer in the Management Console using the **Test storage settings** button, the operation failed.
- - syslog-ng configurations for containerized services caused errors for log forwarding services. The configurations have been removed.
- - When an instance exhausted available memory, in some cases, the system's out-of-memory killer (OOMK) killed the process for `dockerd`, causing Nomad to fail to recover after systemd restarted Docker.
- - In some cases, when starting a new GitHub Enterprise Server instance, the preflight page indicated that there was no user disk of sufficient size attached.
- - When running the ghe-migrator, certain error messages contained an invalid link to import documentation.
- - On an instance with GitHub Actions enabled, due to mismatched values, users could not easily associate workflow job run IDs from the GitHub Enterprise Server APIs or webhooks with a job in the UI. Workflow job runs now use a new URL pattern of `...actions/runs/job/{job_id}`, and `job_id` matches values from APIs and webhook payloads.
- - |
- Administrators could not see or use the "Migrations" section in an instance's Management Console, which prevented the configuration of blob storage for GitHub Enterprise Importer. [Updated: 2023-08-31]
- known_issues:
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- {% data reusables.release-notes.mermaid-rendering-known-issue %}
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
- - |
- {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/5.yml b/data/release-notes/enterprise-server/3-9/5.yml
deleted file mode 100644
index d2f1743dba85..000000000000
--- a/data/release-notes/enterprise-server/3-9/5.yml
+++ /dev/null
@@ -1,80 +0,0 @@
-date: '2023-09-21'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.5-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - HTTP Strict Transport Security (HSTS) is enabled within the Management Console.
- - Packages have been updated to the latest security versions.
- bugs:
- - On an instance with GitHub Actions enabled, scale sets configured at the enterprise level did not appear for use within the instance's organizations or repositories.
- - On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alerts could fail to show an error message in the UI when a failure occurred closing or reopening the alert.
- - On an instance with a GitHub Advanced Security license and secret scanning enabled, and when using Safari, changing additional match requirements for a custom pattern did not retrigger custom pattern evaluation against a user submitted test string.
- - On an instance with a GitHub Advanced Security license and secret scanning enabled, when token location(s) included a commit that introduced a large change, the page for viewing the alert would load slowly.
- - In some cases, users could reopen a pull request that should not have been able to be reopened.
- - When running the `ghe-saml-mapping-csv` CLI command in dry run mode, the operation failed with errors.
- - When uploading migration archives to blob storage, the GitHub Enterprise Server instance's outbound web proxy server was not used.
- - On an enterprise with the policy setting that disallows repository admins from enabling/disabling secret scanning, transferring a repository to a new organization that automatically enabled secret scanning wouldn't result in the transferred repository being automatically enabled for secret scanning.
- - When viewing {% data variables.product.pat_v2_plural %}, the permissions text for pre-receive hooks was not visible for selection when filtering by permission.
- - When migrating a repository from a GitHub Enterprise Server instance to another location, the `ghe-migrator target_url` command allows you to record the repository's new location. The new URL is displayed when you visit the main page of the repository in the web interface.
- - On an instance with subdomain isolation disabled, a notebook could not be loaded due to incorrect asset paths.
- - On an instance with subdomain isolation disabled, a notebook could not be loaded due to an extra `/` character in the URL path.
- - On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
- - On an instance with GitHub Actions enabled, the software on ephemeral runners would not automatically update to the latest version.
- - '{% data reusables.release-notes.mermaid-rendering-known-issue %}'
- changes:
- - When listing the node metadata for all nodes using the [Manage GitHub Enterprise Server REST API](/enterprise-server/rest/enterprise-admin/manage-ghes?apiVersion=2022-11-28#get-all-ghes-node-metadata-for-all-nodes), information about whether a given node is a replica is included.
- - When GitHub Enterprise checks for a new upgrade or hotpatch package, if the check fails the failure details are output to the `ghe-update-check` log, and the Management Console UI provides a "Check Again" button to rerun the check.
- - When providing data to GitHub Support, GitHub Enterprise Server displays a notice describing how support data is used before uploading the support files.
- - When running async repository repairs, the output message about scheduling a repair job is more accurate.
- known_issues:
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/6.yml b/data/release-notes/enterprise-server/3-9/6.yml
deleted file mode 100644
index 2278d60fd253..000000000000
--- a/data/release-notes/enterprise-server/3-9/6.yml
+++ /dev/null
@@ -1,100 +0,0 @@
-date: '2023-10-24'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.6-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **LOW:** Due to an incorrect permission assignment for some configuration files, an attacker with access to a local operating system user account could read MySQL connection details including the MySQL password. [Updated: 2023-11-13]
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- The REST API did not correctly check the "Users can create organizations" setting. [Updated: 2024-05-30]
- - |
- The `ghe-cluster-repl-status` command did not display all replication statuses.
- - |
- On an instance in a cluster configuration with high availability enabled, `ghe-config-apply` timed out while waiting for `hookshot-go` to start on replica application nodes.
- - |
- `SpokesRepairRepoReplicaJob` and `SpokesSyncCacheReplicaJob` jobs failed, causing cache server replicas to not update and potentially prolonging replication issues.
- - |
- `/var/log/lastlog` was not copied over as a sparse file during `ghe-upgrade`, which could cause issues by using additional disk space.
- - |
- On an instance in a cluster configuration, when managing maintenance mode using `ghe-cluster-maintenance`, an erroneous warning appeared that read "Warning: Maintenance mode set on primary, please make sure to set it on any active replica if needed". - |
- `ghe-repl-status` did not identify Git replicas in certain incomplete states and incorrectly suggested that a failover could be performed safely. In some cases, this led to data loss during failover.
- - |
- Repository exports using `ghe-migrator` or the REST API's operation for organization migrations could fail when a large number of commit comments or long commit comments were present.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning suggested incorrect filters when viewing both open and closed alerts.
- - |
- On instances using the private beta of SCIM provisioning, some users were presented with a "single sign-in" hover card.
- - |
- On an instance with multiple nodes, `ghe-spokes status` did not identify Git replicas in certain incomplete states, causing a false report that replication was in sync and leading to data loss or replication issues during failover.
- - |
- On an instance with GitHub Actions enabled, administrators received a `500` error after attempting to force cancel a workflow run via Staff Tools.
- - |
- On an instance with a GitHub Advanced Security license, repositories within organizations created using the `+` dropdown menu did not have GitHub Advanced Security features enabled automatically, even if the features should have been enabled.
- - |
- As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. This change strengthens GitHub Pages's symbolic link detection.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
- changes:
- - |
- Instructions in the "Migrations" section of the Management Console clarify that only standard AWS S3 endpoints are supported when configuring AWS S3 as a blob storage provider for migrations.
- - |
- When running async repository repairs, the output message about scheduling a repair job is more accurate.
- - |
- On an instance in a cluster configuration, administrators can identify the repository networks or gists that are common across a specified set of storage nodes using the `spokesctl find-on-replicas` command.
- known_issues:
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
- - |
- Custom firewall rules are removed during the upgrade process.
-
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- {% data reusables.release-notes.mermaid-rendering-known-issue %}
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %}
- - |
- {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
- - |
- {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- - |
- {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2024-02-22]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/release-notes/enterprise-server/3-9/7.yml b/data/release-notes/enterprise-server/3-9/7.yml
deleted file mode 100644
index 4709a328fcfb..000000000000
--- a/data/release-notes/enterprise-server/3-9/7.yml
+++ /dev/null
@@ -1,183 +0,0 @@
-date: '2023-12-21'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.7-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)."
-
- This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847).
- - |
- **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://www.cve.org/cverecord?id=CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46645](https://www.cve.org/cverecord?id=CVE-2023-46645).
- - |
- **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://www.cve.org/cverecord?id=CVE-2023-6746) for this vulnerability.
- - |
- **MEDIUM**: Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648).
- - |
- **MEDIUM**: An attacker could maintain admin access via a race condition when an organization was converted from a user. GitHub has requested CVE ID [CVE-2023-46649](https://www.cve.org/cverecord?id=CVE-2023-46649) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://www.cve.org/cverecord?id=CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM**: An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://www.cve.org/cverecord?id=CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM**: An insertion of sensitive information into log file in the audit log in GitHub Enterprise Server was identified that that could allow an attacker to gain access to the Management Console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6802](https://www.cve.org/CVERecord?id=CVE-2023-6802) for this vulnerability.
- - |
- **MEDIUM**: A race condition in GitHub Enterprise Server allowed an outside collaborator to be added while a repository is being transferred. GitHub has requested CVE ID [CVE-2023-6803](https://www.cve.org/cverecord?id=CVE-2023-6803) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. GitHub has requested CVE ID [CVE-2023-6804](https://www.cve.org/cverecord?id=CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379).
- - |
- **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380).
- - |
- **LOW:** Pre-receive hooks have been further hardened against shell command injections.
- - |
- **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)."
- - |
- To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4.
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - |
- In rare cases, on an instance with GitHub Actions enabled, a failed check on a deleted repository could cause upgrades to a new version of GitHub Enterprise Server to fail.
- - |
- Threads in the Git proxy service `babeld` could crash while reading Git packet lines.
- - |
- When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands.
- - |
- On an instance in a cluster configuration, site administrators using the `ghe-config-apply` utility may have seen the extraneous message "Error: Server closed the connection" in the logs for the utility.
- - |
- Some OAuth applications did not have device code flow (DCF) explicitly enabled, which prevented DCF from running correctly.
- - |
- On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid.
- - |
- On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server.
- - |
- On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID.
- - |
- Support for authenticating to GitHub Enterprise Server from Visual Studio Code with a device code was unintentionally disabled.
- - |
- In some environments, stale `.backup` log files could accumulate in the system.
- - |
- On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation.
- - |
- In some cases, when an administrator uploaded a custom TLS certificate, the certificate was not correctly installed on the instance.
- - |
- Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service.
- - |
- On an instance with a GitHub Advanced Security license, users with the security manager role could not update custom links for push protection using the REST API.
- - |
- On an instance with the dependency graph enabled, some security products were not automatically enabled for new public repositories.
- - |
- Deprecated `resource_activity` jobs were not processed and accumulated over time in the queue, causing possible memory issues.
- - |
- Pull request review threads at the file level, rather than the individual line level, were not included in exports from `ghe-migrator` or the Organization Migrations API.
- - |
- After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions.
- - |
- After a user started a repository transfer, if another user viewed the repository before the transfer finished, the repository overview rendered incorrectly.
- - |
- On an instance with GitHub Connect and unified search enabled, users trying to view the unified search code results would get a 500 error.
- - |
- On an instance with GitHub Actions enabled, users occasionally got a 500 error when viewing a job with a pending deployment.
- - |
- On an instance with GitHub Actions enabled, an issue with `GH_TOKEN` sometimes prevented GitHub Pages sites from building successfully in workflows.
- - |
- An administrator could enable GitHub Connect on an instance with a license that does not support GitHub Connect.
- - |
- On an instance with GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync.
- - |
- The enterprise account pages on some installations rendered very slowly.
- - |
- A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository.
- - |
- When using `ghe-migrator` to import repositories into GitHub Enterprise Server, the `conflicts` and `audit` subcommands produced an invalid CSV file due to an extra log line appended to the file.
- - |
- On an instance with subdomain isolation disabled, a notebook could not be loaded due to incorrect asset paths.
- - |
- Running `ghe-spokesctl gov info` without any arguments caused a `panic` response.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
- - |
- On an instance with a GitHub Advanced Security license and secret scanning enabled, webhooks for alert locations did not contain information about push protection bypasses.
- - |
- On an instance with a GitHub Advanced Security license, code scanning would report an incorrect number of files scanned on the "Tools" status page.
- changes:
- - |
- On an instance with Dependabot updates enabled, Dependabot relies on the node installation provided by the actions runner instead of dynamically downloading.
- - |
- When adding a node to an instance, performance is improved during initial database replication.
- - |
- An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance.
- - |
- To avoid negative effects on disk utilization, `babeld` log files have a maximum size of 15 GB.
- - |
- Instance administrators can manage search indices for GitHub Discussions from the site admin dashboard.
- - |
- To improve reliability of release uploads in low-bandwidth environments, the time-to-live (TTL) value of the token for uploading release assets has increased from 1 hour to 3 hours.
- - |
- When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error.
- - |
- The audit log now tracks all failed password attempts individually. Previously, duplicate failed password attempts in sequence within the same day would be grouped into one failed password attempt, with a `count` field.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance.
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} [Updated 2024-01-03]
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2024-02-22]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
- deprecations:
- - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key
- notes:
- - |
- To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release.
-
- To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release.
diff --git a/data/release-notes/enterprise-server/3-9/8.yml b/data/release-notes/enterprise-server/3-9/8.yml
deleted file mode 100644
index 678d5221d477..000000000000
--- a/data/release-notes/enterprise-server/3-9/8.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-date: '2024-01-16'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.8-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- security_fixes:
- - |
- **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. GitHub has requested CVE ID [CVE-2024-0507](https://www.cve.org/cverecord?id=CVE-2024-0507) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- **HIGH**: An attacker could leverage an unsafe reflection vulnerability in GitHub Enterprise Server (GHES) that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the [organization owner role](/enterprise-server@latest/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-owners). GitHub has requested CVE ID [CVE-2024-0200](https://www.cve.org/cverecord?id=CVE-2024-0200) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Packages have been updated to the latest security versions.
- bugs:
- - Support for authenticating to GitHub Enterprise Server using GitHub CLI OAuth App with a device code was unintentionally disabled.
- - During periods of high load, users would see intermittent interruptions to services when upstream services failed internal health checks.
- - On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server.
- - Deleting a repository would enqueue unnecessary background jobs that would never complete.
- - When creating a new custom pattern for secret scanning, the "More options" section of the custom pattern form automatically collapsed when a user entered an invalid regex in the post processing expressions (before/after secret match or additional secret requirements).
- - On an instance with a GitHub Advanced Security license and secret scanning enabled, users could experience a `500` error when viewing a secret scanning alert page in cases where the alerted commits belonged to the user and one or more commits could not be found.
- - Members of an enterprise were incorrectly allowed access to the REST API endpoints for Enterprise licensing.
- - On an instance that uses SAML for authentication, an upgrade from GitHub Enterprise Server 3.7 to 3.9 could result in user login failures due to an outdated gem dependency.
- changes:
- - To avoid leaking secrets, the logging of all parameters is disabled for Management Console events in enterprise audit logs.
- - More detailed information is logged when a GitHub Enterprise Server upgrade failed due to missing database encryption keys.
- - The branch protection setting to require PR approval of the most recent reviewable push is included in exports from `ghe-migrator` or the Organization Migrations API.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance.
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
- - |
- {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2024-02-22]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
- errata:
- - |
- These release notes previously indicated that GitHub Enterprise Server 3.9.8 contained fixes for the following issues:
-
- - An improper authentication vulnerability that affected private mode, [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847)
- - An incorrect authorization vulnerability that affected issue comments, [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380)
-
- These fixes were included in GitHub Enterprise Server [3.9.7](/admin/release-notes#3.9.7-security-fixes).
diff --git a/data/release-notes/enterprise-server/3-9/9.yml b/data/release-notes/enterprise-server/3-9/9.yml
deleted file mode 100644
index dc2bf317d951..000000000000
--- a/data/release-notes/enterprise-server/3-9/9.yml
+++ /dev/null
@@ -1,56 +0,0 @@
-date: '2024-01-30'
-intro: |
- {% warning %}
-
- **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.9-known-issues)" section of these release notes.
-
- {% endwarning %}
-sections:
- bugs:
- - |
- The instance incorrectly wrote the output for multiple workloads to `/var/log/syslog.log`.
- - |
- During periods of high traffic, interruptions in service occurred due to insufficient resource allocations for internal components.
- - |
- When starting up an instance using NVME storage in a cloud other than AWS, the attached data disk was not properly detected.
- known_issues:
- - |
- Custom firewall rules are removed during the upgrade process.
- - |
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- - |
- If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- - |
- If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- - |
- When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- - |
- The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- - |
- When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
- - |
- {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
- - |
- {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- - |
- {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
- - |
- {% data reusables.release-notes.2023-11-aws-system-time %}
- - |
- On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- - |
- {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
- - |
- {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
- - |
- Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
- - |
- {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
- - |
- {% data reusables.release-notes.2024-02-pages-deployment-error %} [Updated: 2024-03-07]
- - |
- {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
- - |
- {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
diff --git a/data/reusables/actions/about-actions-usage-metrics-aggregation.md b/data/reusables/actions/about-actions-usage-metrics-aggregation.md
new file mode 100644
index 000000000000..2aa00bd11d32
--- /dev/null
+++ b/data/reusables/actions/about-actions-usage-metrics-aggregation.md
@@ -0,0 +1,14 @@
+The time period selection feature allows you to view {% data variables.product.prodname_actions %} usage metrics over predefined periods, as detailed in the following table. These metrics include skipped runs and those that use zero minutes. Data is presented using Coordinated Universal Time (UTC) days.
+
+{% rowheaders %}
+
+| Period | Description |
+|------------------------|------------------------------------------------------------------------------|
+| Current week (Mon-Sun) | Data from Monday through the current day when the page is viewed. |
+| Current month | Data from the first of the month to the current day when the page is viewed. |
+| Last month | Data from the first day to the last day of the previous month. |
+| Last 30 days | Data from the last 30 days to when the page is viewed. |
+| Last 90 days | Data from the last 90 days to when the page is viewed. |
+| Last year | Data aggregated for the last 12 months. |
+
+{% endrowheaders %}
diff --git a/data/reusables/actions/about-deployment-with-github-actions.md b/data/reusables/actions/about-deployment-with-github-actions.md
index 9da6f2f95e44..d53b435cb81c 100644
--- a/data/reusables/actions/about-deployment-with-github-actions.md
+++ b/data/reusables/actions/about-deployment-with-github-actions.md
@@ -1 +1 @@
-You can deliver deployments through {% data variables.product.prodname_actions %} and environments or with the REST API and third party apps. For more information about using environments to deploy with {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)." For more information about deployments with the REST API, see "[AUTOTITLE](/rest/repos#deployments)."
+You can deliver deployments through {% data variables.product.prodname_actions %} and environments or with the REST API and third party apps. For more information about using environments to deploy with {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)." For more information about deployments with the REST API, see "[AUTOTITLE](/rest/repos#deployments)."
diff --git a/data/reusables/actions/about-environments.md b/data/reusables/actions/about-environments.md
index feb69946e134..b8c0d8d7144f 100644
--- a/data/reusables/actions/about-environments.md
+++ b/data/reusables/actions/about-environments.md
@@ -1 +1 @@
-Environments are used to describe a general deployment target like `production`, `staging`, or `development`. When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. You can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow{% ifversion actions-custom-deployment-protection-rules-beta %}, gate deployments with custom deployment protection rules{% endif %}, or limit access to secrets. For more information about creating environments, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+Environments are used to describe a general deployment target like `production`, `staging`, or `development`. When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. You can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow{% ifversion actions-custom-deployment-protection-rules-beta %}, gate deployments with custom deployment protection rules{% endif %}, or limit access to secrets. For more information about creating environments, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
diff --git a/data/reusables/actions/about-workflows-long.md b/data/reusables/actions/about-workflows-long.md
index 7806446b79c7..da8ec0972437 100644
--- a/data/reusables/actions/about-workflows-long.md
+++ b/data/reusables/actions/about-workflows-long.md
@@ -1,3 +1,6 @@
-A workflow is a configurable automated process that will run one or more jobs. Workflows are defined by a YAML file checked in to your repository and will run when triggered by an event in your repository, or they can be triggered manually, or at a defined schedule.
+A **workflow** is a configurable automated process that will run one or more jobs. Workflows are defined by a YAML file checked in to your repository and will run when triggered by an event in your repository, or they can be triggered manually, or at a defined schedule.
-Workflows are defined in the `.github/workflows` directory in a repository, and a repository can have multiple workflows, each of which can perform a different set of tasks. For example, you can have one workflow to build and test pull requests, another workflow to deploy your application every time a release is created, and still another workflow that adds a label every time someone opens a new issue.
+Workflows are defined in the `.github/workflows` directory in a repository. A repository can have multiple workflows, each which can perform a different set of tasks such as:
+* Building and testing pull requests.
+* Deploying your application every time a release is created.
+* Adding a label whenever a new issue is opened.
diff --git a/data/reusables/actions/actions-audit-events-for-enterprise.md b/data/reusables/actions/actions-audit-events-for-enterprise.md
index 8559f049ebd6..d9b1df933f1f 100644
--- a/data/reusables/actions/actions-audit-events-for-enterprise.md
+++ b/data/reusables/actions/actions-audit-events-for-enterprise.md
@@ -1,13 +1,15 @@
-| Action | Description
-|------------------|-------------------
-| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed.
-| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)."
-| `runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-self-hosted-runner-groups)."
-| `runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)."
-| `runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group.
-| `runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)."
-| `runner_group_runners_updated` | Triggered when a runner group's list of members is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)."
-| `runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)."
-| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)."{% ifversion fpt or ghec %}
-| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)."
-| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)."{% endif %}
+| Action | Description |
+|------------------|-------------------|
+| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. |
+| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." |
+| `runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-self-hosted-runner-groups)." |
+| `runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)." |
+| `runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group. |
+| `runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)." |
+| `runner_group_runners_updated` | Triggered when a runner group's list of members is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)." |
+| `runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." |
+| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)." |
+| {% ifversion fpt or ghec %} |
+| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." |
+| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." |
+| {% endif %} |
diff --git a/data/reusables/actions/actions-usage-metrics-beta-note.md b/data/reusables/actions/actions-usage-metrics-beta-note.md
deleted file mode 100644
index 3df2f9bbec88..000000000000
--- a/data/reusables/actions/actions-usage-metrics-beta-note.md
+++ /dev/null
@@ -1 +0,0 @@
->[!NOTE] {% data variables.product.prodname_actions %} usage metrics are in beta and subject to change.
diff --git a/data/reusables/actions/artifact-attestations-public-beta-note.md b/data/reusables/actions/artifact-attestations-public-beta-note.md
deleted file mode 100644
index 9ecd05da13e8..000000000000
--- a/data/reusables/actions/artifact-attestations-public-beta-note.md
+++ /dev/null
@@ -1 +0,0 @@
->[!NOTE]Artifact attestations are in public beta and subject to change.
diff --git a/data/reusables/actions/artifact-attestations-step-for-container-images.md b/data/reusables/actions/artifact-attestations-step-for-container-images.md
deleted file mode 100644
index b48ce3077353..000000000000
--- a/data/reusables/actions/artifact-attestations-step-for-container-images.md
+++ /dev/null
@@ -1,6 +0,0 @@
-* name: Generate artifact attestation
- uses: actions/attest-build-provenance@v1
- with:
- subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %}
- subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
- push-to-registry: true
diff --git a/data/reusables/actions/azure-vnet-networking-policies.md b/data/reusables/actions/azure-vnet-networking-policies.md
index c765f5e536ca..c46f22e9ef66 100644
--- a/data/reusables/actions/azure-vnet-networking-policies.md
+++ b/data/reusables/actions/azure-vnet-networking-policies.md
@@ -3,3 +3,5 @@ Because the {% data variables.product.company_short %}-hosted runner's NIC is de
For example, if your VNET is configured with an Azure ExpressRoute to provide access to on-premises resources (e.g. Artifactory) or connected to a VPN tunnel to provide access to other cloud-based resources, those access policies also apply to your runners. Additionally, any outbound rules applied to your VNET's network security group (NSG) also apply, giving you the ability to control outbound access for your runners.
If you have enabled any network logs monitoring for your VNET, you can also monitor network traffic for your runners.
+
+{% data variables.product.company_short %}-hosted runners use whatever outbound control your network is using. If your network relies on Azure's default outbound access, the IPs are not predictable and cannot be added to the {% data variables.product.company_short %} IP allow list. For recommendations on using a stable outbound IP, see [Default outbound access](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access) in the Azure documentation.
diff --git a/data/reusables/actions/azure-vnet-procedures-prereqs.md b/data/reusables/actions/azure-vnet-procedures-prereqs.md
index 8624517c2027..3354efe0324c 100644
--- a/data/reusables/actions/azure-vnet-procedures-prereqs.md
+++ b/data/reusables/actions/azure-vnet-procedures-prereqs.md
@@ -10,6 +10,8 @@ You will use a script to automate configuring your Azure resources.
* Save the following `.bicep` file. Name the file `actions-nsg-deployment.bicep`.
+ The `.bicep` file we provide contains the minimal set of rules to use {% data variables.product.company_short %}-hosted runners with Azure VNET. You may need to add rules for your specific use case.
+
{% note %}
**Note:** Alternatively, to allow {% data variables.product.prodname_actions %} to communicate with the runners, you can allow the same firewall domains that are required for communication between self-hosted runners and {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-cloud)." To determine the appropriate subnet IP address range, we recommend adding a 30% buffer to the maximum job concurrency you anticipate. For instance, if your network configuration's runners are set to a maximum job concurrency of 300, it's recommended to utilize a subnet IP address range that can accommodate at least 390 runners. This buffer helps ensure that your network can handle unexpected increases in VM needs to meet job concurrency without running out of IP addresses.
@@ -172,6 +174,7 @@ You will use a script to automate configuring your Azure resources.
'20.248.137.50/32'
'20.248.137.52/32'
'20.248.137.55/32'
+ '20.26.156.215/32'
'20.26.156.216/32'
'20.27.177.113/32'
'20.27.177.114/32'
diff --git a/data/reusables/actions/azure-vnet-supported-regions.md b/data/reusables/actions/azure-vnet-supported-regions.md
index ff285ac9f797..f6bee03306fb 100644
--- a/data/reusables/actions/azure-vnet-supported-regions.md
+++ b/data/reusables/actions/azure-vnet-supported-regions.md
@@ -36,6 +36,6 @@ Azure private networking supports arm64 runners in the following regions.
* `SouthCentralUs`
> [!NOTE]
-> GPU and arm64 runners are currently in beta and subject to change.
+> arm64 runners are currently in beta and subject to change.
If your desired region is not supported, please submit a request for new region availability in [this GitHub form](https://resources.github.com/private-networking-for-github-hosted-runners-with-azure-virtual-networks/). You may also use global virtual network peering to connect virtual networks across Azure regions. For more information, see [Virtual network peering](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview) in the Azure documentation.
diff --git a/data/reusables/actions/cd-templates-actions.md b/data/reusables/actions/cd-templates-actions.md
index 06ea6b1a5a21..7e9cf34d8504 100644
--- a/data/reusables/actions/cd-templates-actions.md
+++ b/data/reusables/actions/cd-templates-actions.md
@@ -1,3 +1,3 @@
-{% data variables.product.product_name %} offers deployment starter workflows for several popular services, such as Azure Web App. To learn how to get started using a starter workflow, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)" or [browse the full list of deployment starter workflows](https://github.com/actions/starter-workflows/tree/main/deployments). You can also check out our more detailed guides for specific deployment workflows, such as "[AUTOTITLE](/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service)."
+{% data variables.product.product_name %} offers deployment workflow templates for several popular services, such as Azure Web App. To learn how to get started using a workflow template, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)" or [browse the full list of deployment workflow templates](https://github.com/actions/starter-workflows/tree/main/deployments). You can also check out our more detailed guides for specific deployment workflows, such as "[AUTOTITLE](/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service)."
Many service providers also offer actions on {% data variables.product.prodname_marketplace %} for deploying to their service. For the full list, see [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?category=deployment&type=actions).
diff --git a/data/reusables/actions/disable-selfhosted-runners-note.md b/data/reusables/actions/disable-selfhosted-runners-note.md
index 6389c3184403..b205741af46a 100644
--- a/data/reusables/actions/disable-selfhosted-runners-note.md
+++ b/data/reusables/actions/disable-selfhosted-runners-note.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note**: When creation of repository-level self-hosted runners is disabled, workflows can still access self-hosted runners that have been set up at the enterprise or organization level.
-
-{% endnote %}
+> [!NOTE] When creation of repository-level self-hosted runners is disabled, workflows can still access self-hosted runners at the enterprise or organization level.
diff --git a/data/reusables/actions/environment-example.md b/data/reusables/actions/environment-example.md
index 33dcc0224729..eb02d228267f 100644
--- a/data/reusables/actions/environment-example.md
+++ b/data/reusables/actions/environment-example.md
@@ -1,4 +1,4 @@
-You can specify an environment for each job in your workflow. To do so, add a `jobs..environment` key followed by the name of the environment.
+You can specify an environment for each job in your workflow. To do so, add a [`jobs..environment`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idenvironment) key followed by the name of the environment.
For example, this workflow will use an environment called `production`.
diff --git a/data/reusables/actions/example-github-runner-comment.md b/data/reusables/actions/example-github-runner-comment.md
index ba1e9547b765..f70760340e5f 100644
--- a/data/reusables/actions/example-github-runner-comment.md
+++ b/data/reusables/actions/example-github-runner-comment.md
@@ -1,7 +1,7 @@
#
# You can run this workflow using a different operating systems.
#
-# The starter workflow configures jobs to run on Linux, using the {% data variables.product.prodname_dotcom %}-hosted `ubuntu-latest` runners. You can change the `runs-on` key to run your jobs on a different operating system.
+# The workflow template configures jobs to run on Linux, using the {% data variables.product.prodname_dotcom %}-hosted `ubuntu-latest` runners. You can change the `runs-on` key to run your jobs on a different operating system.
#
# For example, you can use the {% data variables.product.prodname_dotcom %}-hosted Windows runners by specifying `runs-on: windows-latest`. Or, you can run on the {% data variables.product.prodname_dotcom %}-hosted macOS runners using `runs-on: macos-latest`.
#
diff --git a/data/reusables/actions/gai-inspect-audit.md b/data/reusables/actions/gai-inspect-audit.md
index b1c94e2a3133..3281c5bc7f3e 100644
--- a/data/reusables/actions/gai-inspect-audit.md
+++ b/data/reusables/actions/gai-inspect-audit.md
@@ -12,7 +12,7 @@ Listed below are some key terms that can appear in the "Pipelines" section:
* **Partially successful** pipelines had all of the pipeline constructs converted, however, there were some individual items that were not converted automatically to their {% data variables.product.prodname_actions %} equivalent.
* **Unsupported** pipelines are definition types that are not supported by {% data variables.product.prodname_actions_importer %}.
* **Failed** pipelines encountered a fatal error when being converted. This can occur for one of three reasons:
- * The pipeline was misconfigured and not valid in Bamboo.
+ * The pipeline was originally misconfigured and not valid.
* {% data variables.product.prodname_actions_importer %} encountered an internal error when converting it.
* There was an unsuccessful network response that caused the pipeline to be inaccessible, which is often due to invalid credentials.
diff --git a/data/reusables/actions/github-token-available-permissions.md b/data/reusables/actions/github-token-available-permissions.md
index 2bdfa7ad08c1..4f76be26a467 100644
--- a/data/reusables/actions/github-token-available-permissions.md
+++ b/data/reusables/actions/github-token-available-permissions.md
@@ -1,12 +1,13 @@
-You can define the access that the `GITHUB_TOKEN` will permit by specifying `read`, `write`, or `none` as the value of the available scopes within the `permissions` key.
+You can define the access that the `GITHUB_TOKEN` will permit by specifying `read`, `write`, or `none` as the value of the available permissions within the `permissions` key.
```yaml
permissions:
- actions: read|write|none
+ actions: read|write|none{% ifversion artifact-attestations %}
+ attestations: read|write|none{% endif %}
checks: read|write|none
contents: read|write|none
deployments: read|write|none{% ifversion fpt or ghec %}
- id-token: read|write|none{% endif %}
+ id-token: write|none{% endif %}
issues: read|write|none
discussions: read|write|none
packages: read|write|none
@@ -17,9 +18,9 @@ permissions:
statuses: read|write|none
```
-If you specify the access for any of these scopes, all of those that are not specified are set to `none`.
+If you specify the access for any of these permissions, all of those that are not specified are set to `none`.
-You can use the following syntax to define one of `read-all` or `write-all` access for all of the available scopes:
+You can use the following syntax to define one of `read-all` or `write-all` access for all of the available permissions:
```yaml
permissions: read-all
@@ -29,7 +30,7 @@ permissions: read-all
permissions: write-all
```
-You can use the following syntax to disable permissions for all of the available scopes:
+You can use the following syntax to disable permissions for all of the available permissions:
```yaml
permissions: {}
diff --git a/data/reusables/actions/github-token-permissions.md b/data/reusables/actions/github-token-permissions.md
index 90d5836ca2a8..11d2ada1c33d 100644
--- a/data/reusables/actions/github-token-permissions.md
+++ b/data/reusables/actions/github-token-permissions.md
@@ -1 +1 @@
-The `GITHUB_TOKEN` secret is set to an access token for the repository each time a job in a workflow begins. You should set the permissions for this access token in the workflow file to grant read access for the `contents` scope and write access for the `packages` scope. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)."
+The `GITHUB_TOKEN` secret is set to an access token for the repository each time a job in a workflow begins. You should set the permissions for this access token in the workflow file to grant read access for the `contents` permission and write access for the `packages` permission. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)."
diff --git a/data/reusables/actions/github-token-scope-descriptions.md b/data/reusables/actions/github-token-scope-descriptions.md
index f636e8feef8e..cd759c2c22e8 100644
--- a/data/reusables/actions/github-token-scope-descriptions.md
+++ b/data/reusables/actions/github-token-scope-descriptions.md
@@ -1,20 +1,22 @@
-For each of the available scopes, shown in the table below, you can assign one of the permissions: `read`, `write`, or `none`. If you specify the access for any of these scopes, all of those that are not specified are set to `none`.
+For each of the available permissions, shown in the table below, you can assign one of the access levels: `read` (if applicable), `write`, or `none`. `write` includes `read`. If you specify the access for any of these permissions, all of those that are not specified are set to `none`.
-Available scopes and details of what each allows an action to do:
+Available permissions and details of what each allows an action to do:
-| Scope | Allows an action using `GITHUB_TOKEN` to |
+| Permission | Allows an action using `GITHUB_TOKEN` to |
| --- | --- |
| `actions` | Work with GitHub Actions. For example, `actions: write` permits an action to cancel a workflow run. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions)." |
-{% ifversion artifact-attestations %}| `attestations` | Work with artifact attestations. For example, `attestations: write` permits an action to generate an artifact attestation for a build. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)" |{% endif %}
+| {% ifversion artifact-attestations %} |
+| `attestations` | Work with artifact attestations. For example, `attestations: write` permits an action to generate an artifact attestation for a build. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)" |
+| {% endif %} |
| `checks` | Work with check runs and check suites. For example, `checks: write` permits an action to create a check run. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-checks)." |
| `contents` | Work with the contents of the repository. For example, `contents: read` permits an action to list the commits, and `contents: write` allows the action to create a release. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-contents)." |
| `deployments` | Work with deployments. For example, `deployments: write` permits an action to create a new deployment. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-deployments)." |
-{%- ifversion discussions %}
+| {% ifversion discussions %} |
| `discussions` | Work with GitHub Discussions. For example, `discussions: write` permits an action to close or delete a discussion. For more information, see "[AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions)." |
-{%- endif %}
-{%- ifversion fpt or ghec %}
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
| `id-token` | Fetch an OpenID Connect (OIDC) token. This requires `id-token: write`. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc)" |
-{%- endif %}
+| {% endif %} |
| `issues` | Work with issues. For example, `issues: write` permits an action to add a comment to an issue. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-issues)." |
| `packages` | Work with GitHub Packages. For example, `packages: write` permits an action to upload and publish packages on GitHub Packages. For more information, see "[AUTOTITLE](/packages/learn-github-packages/about-permissions-for-github-packages#about-scopes-and-permissions-for-package-registries)." |
| `pages` | Work with GitHub Pages. For example, `pages: write` permits an action to request a GitHub Pages build. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-pages)." |
diff --git a/data/reusables/actions/ip-allow-list-self-hosted-runners.md b/data/reusables/actions/ip-allow-list-self-hosted-runners.md
index ac466801aa94..4e89b4fd0cfb 100644
--- a/data/reusables/actions/ip-allow-list-self-hosted-runners.md
+++ b/data/reusables/actions/ip-allow-list-self-hosted-runners.md
@@ -1,6 +1,6 @@
{% warning %}
-**Warning**: If you use an IP allow list and would also like to use {% data variables.product.prodname_actions %}, you must use self-hosted runners{% ifversion actions-hosted-runners %} or {% data variables.product.prodname_dotcom %}-hosted larger runners with static IP address ranges{% endif %}. When using [Azure private networking](/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise), IPs from your Azure subnet must be used. To reduce the number of required IPs, we recommend creating a load balancer to provide a single IP range for the GitHub allow list. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" {% ifversion actions-hosted-runners %} or "[AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners)"{% endif %}.
+**Warning**: If you use an IP allow list and would also like to use {% data variables.product.prodname_actions %}, you must use self-hosted runners{% ifversion actions-hosted-runners %} or {% data variables.product.prodname_dotcom %}-hosted larger runners with static IP address ranges{% endif %}. When using [Azure private networking](/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise), IPs from your Azure subnet must be used. To reduce the number of required IPs, we recommend creating a load balancer to provide a single IP range for the GitHub allow list. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" {% ifversion actions-hosted-runners %} or "[AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners)"{% endif %}.
{% endwarning %}
diff --git a/data/reusables/actions/java-jvm-architecture.md b/data/reusables/actions/java-jvm-architecture.md
index 8a00e84de62e..6802c070fa5c 100644
--- a/data/reusables/actions/java-jvm-architecture.md
+++ b/data/reusables/actions/java-jvm-architecture.md
@@ -1,6 +1,6 @@
### Specifying the Java version and architecture
-The starter workflow sets up the `PATH` to contain OpenJDK 8 for the x64 platform. If you want to use a different version of Java, or target a different architecture (`x64` or `x86`), you can use the `setup-java` action to choose a different Java runtime environment.
+The workflow template sets up the `PATH` to contain OpenJDK 8 for the x64 platform. If you want to use a different version of Java, or target a different architecture (`x64` or `x86`), you can use the `setup-java` action to choose a different Java runtime environment.
For example, to use version 11 of the JDK provided by Adoptium for the x64 platform, you can use the `setup-java` action and configure the `java-version`, `distribution` and `architecture` parameters to `'11'`, `'temurin'` and `x64`.
diff --git a/data/reusables/actions/jobs/choosing-runner-group.md b/data/reusables/actions/jobs/choosing-runner-group.md
index 43198976cbd0..e13e3549f649 100644
--- a/data/reusables/actions/jobs/choosing-runner-group.md
+++ b/data/reusables/actions/jobs/choosing-runner-group.md
@@ -2,7 +2,7 @@ You can use `runs-on` to target runner groups, so that the job will execute on a
{% ifversion fpt or ghec %}
-Runner groups can only have [{% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners) or [self-hosted runners](/actions/hosting-your-own-runners) as members.
+Runner groups can only have [{% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners) or [self-hosted runners](/actions/hosting-your-own-runners) as members.
{% endif %}
diff --git a/data/reusables/actions/jobs/matrix-used-twice.md b/data/reusables/actions/jobs/matrix-used-twice.md
index 9815147444dd..e4b708f8e2c5 100644
--- a/data/reusables/actions/jobs/matrix-used-twice.md
+++ b/data/reusables/actions/jobs/matrix-used-twice.md
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
outputs:
- colors: ${{ steps.colors.outputs.colors }}
+ colors: {% raw %}${{ steps.colors.outputs.colors }}{% endraw %}
steps:
- name: Define Colors
@@ -26,21 +26,18 @@ jobs:
needs: define-matrix
strategy:
matrix:
-{% raw %}
- color: ${{ fromJSON(needs.define-matrix.outputs.colors) }}
-{% endraw %}
+ color: {% raw %}${{ fromJSON(needs.define-matrix.outputs.colors) }}{% endraw %}
steps:
- name: Define Color
env:
- color: ${{ matrix.color }}
+ color: {% raw %}${{ matrix.color }}{% endraw %}
run: |
echo "$color" > color
- name: Produce Artifact
uses: {% data reusables.actions.action-upload-artifact %}
-{% raw %}
with:
- name: ${{ matrix.color }}
+ name: {% raw %}${{ matrix.color }}{% endraw %}
path: color
consume-artifacts:
@@ -50,18 +47,15 @@ jobs:
- produce-artifacts
strategy:
matrix:
- color: ${{ fromJSON(needs.define-matrix.outputs.colors) }}
+ color: {% raw %}${{ fromJSON(needs.define-matrix.outputs.colors) }}{% endraw %}
steps:
- name: Retrieve Artifact
-{% endraw %}
uses: {% data reusables.actions.action-download-artifact %}
-{% raw %}
with:
- name: ${{ matrix.color }}
-
+ name: {% raw %}${{ matrix.color }}{% endraw %}
+
- name: Report Color
run: |
cat color
-{% endraw %}
```
diff --git a/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md b/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md
index ac4e1970862b..ab01eb3e258f 100644
--- a/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md
+++ b/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md
@@ -5,10 +5,10 @@ Use `jobs..runs-on` to define the type of machine to run the job on.
{% ifversion target-runner-groups %}- You can target runners based on the labels assigned to them, or their group membership, or a combination of these.{% else %}
* You can target runners based on the labels assigned to them.{% endif %}
* You can provide `runs-on` as:
- * a single string
- * a single variable containing a string
- * an array of strings, variables containing strings, or a combination of both
- * a `key: value` pair using the `group` or `labels` keys
+ * A single string
+ * A single variable containing a string
+ * An array of strings, variables containing strings, or a combination of both
+ * A `key: value` pair using the `group` or `labels` keys
* If you specify an array of strings or variables, your workflow will execute on any runner that matches all of the specified `runs-on` values. For example, here the job will only run on a self-hosted runner that has the labels `linux`, `x64`, and `gpu`:
```yaml
@@ -66,10 +66,10 @@ Available {% data variables.product.prodname_dotcom %}-hosted runner labels are:
The macos-latest workflow label currently uses the macOS 14 runner image.
@@ -132,7 +132,7 @@ For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managin
You can use `runs-on` to target runner groups, so that the job will execute on any runner that is a member of that group. For more granular control, you can also combine runner groups with labels.
{% ifversion fpt or ghec %}
-Runner groups can only have [{% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners) or [self-hosted runners](/actions/hosting-your-own-runners) as members.
+Runner groups can only have [{% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners) or [self-hosted runners](/actions/hosting-your-own-runners) as members.
{% endif %}
#### Example: Using groups to control where jobs are run
diff --git a/data/reusables/actions/jobs/section-defining-outputs-for-jobs.md b/data/reusables/actions/jobs/section-defining-outputs-for-jobs.md
index 43fd5265bab4..f37718764cf6 100644
--- a/data/reusables/actions/jobs/section-defining-outputs-for-jobs.md
+++ b/data/reusables/actions/jobs/section-defining-outputs-for-jobs.md
@@ -6,12 +6,6 @@ Job outputs containing expressions are evaluated on the runner at the end of eac
To use job outputs in a dependent job, you can use the `needs` context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#needs-context)."
-{% note %}
-
-**Note:** `$GITHUB_OUTPUT` is shared between all steps in a job. If you use the same output name in multiple steps, the last step to write to the output will override the value. If your job uses a matrix and writes to `$GITHUB_OUTPUT`, the content will be overwritten for each matrix combination. You can use the `matrix` context to create unique output names for each job configuration. For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#matrix-context)."
-
-{% endnote %}
-
### Example: Defining outputs for a job
{% raw %}
@@ -40,3 +34,45 @@ jobs:
```
{% endraw %}
+
+### Using Job Outputs in a Matrix Job
+
+Matrices can be used to generate multiple outputs of different names. When using a matrix, job outputs will be combined from all jobs inside the matrix.
+
+{% raw %}
+
+```yaml
+jobs:
+ job1:
+ runs-on: ubuntu-latest
+ outputs:
+ output_1: ${{ steps.gen_output.outputs.output_1 }}
+ output_2: ${{ steps.gen_output.outputs.output_2 }}
+ output_3: ${{ steps.gen_output.outputs.output_3 }}
+ strategy:
+ matrix:
+ version: [1, 2, 3]
+ steps:
+ - name: Generate output
+ id: gen_output
+ run: |
+ version="${{ matrix.version }}"
+ echo "output_${version}=${version}" >> "$GITHUB_OUTPUT"
+ job2:
+ runs-on: ubuntu-latest
+ needs: [job1]
+ steps:
+ # Will show
+ # {
+ # "output_1": "1",
+ # "output_2": "2",
+ # "output_3": "3"
+ # }
+ - run: echo '${{ toJSON(needs.job1.outputs) }}'
+```
+
+{% endraw %}
+
+{% warning %}
+Actions does not guarantee the order that matrix jobs will run in. Ensure that the output name is unique, otherwise the last matrix job that runs will override the output value.
+{% endwarning %}
diff --git a/data/reusables/actions/jobs/section-running-jobs-in-a-container-credentials.md b/data/reusables/actions/jobs/section-running-jobs-in-a-container-credentials.md
index d7a5d9703e1f..ca152c0f98c9 100644
--- a/data/reusables/actions/jobs/section-running-jobs-in-a-container-credentials.md
+++ b/data/reusables/actions/jobs/section-running-jobs-in-a-container-credentials.md
@@ -1,6 +1,6 @@
{% data reusables.actions.registry-credentials %}
-#### Example: Defining credentials for a container registry
+### Example: Defining credentials for a container registry
{% raw %}
diff --git a/data/reusables/actions/jobs/section-running-jobs-in-a-container-volumes.md b/data/reusables/actions/jobs/section-running-jobs-in-a-container-volumes.md
index 1c6f4a4ac3d1..56e12ed8a59d 100644
--- a/data/reusables/actions/jobs/section-running-jobs-in-a-container-volumes.md
+++ b/data/reusables/actions/jobs/section-running-jobs-in-a-container-volumes.md
@@ -6,7 +6,7 @@ To specify a volume, you specify the source and destination path:
The `` is a volume name or an absolute path on the host machine, and `` is an absolute path in the container.
-#### Example: Mounting volumes in a container
+### Example: Mounting volumes in a container
```yaml
volumes:
diff --git a/data/reusables/actions/jobs/section-using-environments-for-jobs.md b/data/reusables/actions/jobs/section-using-environments-for-jobs.md
index 6d0e3eebaa05..66015f307a7d 100644
--- a/data/reusables/actions/jobs/section-using-environments-for-jobs.md
+++ b/data/reusables/actions/jobs/section-using-environments-for-jobs.md
@@ -1,7 +1,10 @@
-Use `jobs..environment` to define the environment that the job references. All deployment protection rules must pass before a job referencing the environment is sent to a runner. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+Use `jobs..environment` to define the environment that the job references.
You can provide the environment as only the environment `name`, or as an environment object with the `name` and `url`. The URL maps to `environment_url` in the deployments API. For more information about the deployments API, see "[AUTOTITLE](/rest/repos#deployments)."
+> [!NOTE]
+> All deployment protection rules must pass before a job referencing the environment is sent to a runner. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
+
### Example: Using a single environment name
{% raw %}
@@ -20,7 +23,7 @@ environment:
url: https://github.com
```
-The value of `url` can be an expression. Allowed expression contexts: [`github`](/actions/learn-github-actions/contexts#github-context), [`inputs`](/actions/learn-github-actions/contexts#inputs-context), [`vars`](/actions/learn-github-actions/contexts#vars-context), [`needs`](/actions/learn-github-actions/contexts#needs-context), [`strategy`](/actions/learn-github-actions/contexts#strategy-context), [`matrix`](/actions/learn-github-actions/contexts#matrix-context), [`job`](/actions/learn-github-actions/contexts#job-context), [`runner`](/actions/learn-github-actions/contexts#runner-context), and [`env`](/actions/learn-github-actions/contexts#env-context). For more information about expressions, see "[AUTOTITLE](/actions/learn-github-actions/expressions)."
+The value of `url` can be an expression. Allowed expression contexts: [`github`](/actions/learn-github-actions/contexts#github-context), [`inputs`](/actions/learn-github-actions/contexts#inputs-context), [`vars`](/actions/learn-github-actions/contexts#vars-context), [`needs`](/actions/learn-github-actions/contexts#needs-context), [`strategy`](/actions/learn-github-actions/contexts#strategy-context), [`matrix`](/actions/learn-github-actions/contexts#matrix-context), [`job`](/actions/learn-github-actions/contexts#job-context), [`runner`](/actions/learn-github-actions/contexts#runner-context), [`env`](/actions/learn-github-actions/contexts#env-context), and [`steps`](/actions/learn-github-actions/contexts#steps-context). For more information about expressions, see "[AUTOTITLE](/actions/learn-github-actions/expressions)."
### Example: Using output as URL
diff --git a/data/reusables/actions/jobs/section-using-jobs-in-a-workflow-id.md b/data/reusables/actions/jobs/section-using-jobs-in-a-workflow-id.md
index e2948783c531..fec27fc92620 100644
--- a/data/reusables/actions/jobs/section-using-jobs-in-a-workflow-id.md
+++ b/data/reusables/actions/jobs/section-using-jobs-in-a-workflow-id.md
@@ -1,6 +1,6 @@
Use `jobs.` to give your job a unique identifier. The key `job_id` is a string and its value is a map of the job's configuration data. You must replace `` with a string that is unique to the `jobs` object. The `` must start with a letter or `_` and contain only alphanumeric characters, `-`, or `_`.
-#### Example: Creating jobs
+### Example: Creating jobs
In this example, two jobs have been created, and their `job_id` values are `my_first_job` and `my_second_job`.
diff --git a/data/reusables/actions/jobs/setting-default-values-for-jobs-defaults-run.md b/data/reusables/actions/jobs/setting-default-values-for-jobs-defaults-run.md
index cbf7ec183e54..0a047c6b4ecf 100644
--- a/data/reusables/actions/jobs/setting-default-values-for-jobs-defaults-run.md
+++ b/data/reusables/actions/jobs/setting-default-values-for-jobs-defaults-run.md
@@ -2,7 +2,7 @@ You can use `defaults.run` to provide default `shell` and `working-directory` op
{% data reusables.actions.defaults-override %}
-#### Example: Set the default shell and working directory
+### Example: Set the default shell and working directory
```yaml
defaults:
diff --git a/data/reusables/actions/jobs/setting-permissions-specific-jobs-example.md b/data/reusables/actions/jobs/setting-permissions-specific-jobs-example.md
index 34fa505d7e01..44e3ccd7c6a4 100644
--- a/data/reusables/actions/jobs/setting-permissions-specific-jobs-example.md
+++ b/data/reusables/actions/jobs/setting-permissions-specific-jobs-example.md
@@ -1,4 +1,4 @@
-This example shows permissions being set for the `GITHUB_TOKEN` that will only apply to the job named `stale`. Write access is granted for the `issues` and `pull-requests` scopes. All other scopes will have no access.
+This example shows permissions being set for the `GITHUB_TOKEN` that will only apply to the job named `stale`. Write access is granted for the `issues` and `pull-requests` permissions. All other permissions will have no access.
```yaml
jobs:
diff --git a/data/reusables/actions/larger-runner-name-note.md b/data/reusables/actions/larger-runner-name-note.md
index 045f33e122a6..7c78d5d5f929 100644
--- a/data/reusables/actions/larger-runner-name-note.md
+++ b/data/reusables/actions/larger-runner-name-note.md
@@ -1,5 +1,2 @@
-{% note %}
-
-**Note:** The names of {% data variables.actions.hosted_runners %} can dictate their functionality. For example, to use a {% data variables.actions.hosted_runner %} for {% data variables.product.prodname_code_scanning %} default setup, the runner must be named `code-scanning`. For more information on {% data variables.product.prodname_code_scanning %} with {% data variables.actions.hosted_runners %}, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup)."
-
-{% endnote %}
+> [!NOTE]
+> The names of {% data variables.actions.hosted_runners %} can dictate their functionality. For example, to use a {% data variables.actions.hosted_runner %} for {% data variables.product.prodname_code_scanning %} default setup, the runner must be named `code-scanning`. For more information on {% data variables.product.prodname_code_scanning %} with {% data variables.actions.hosted_runners %}, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup)."
diff --git a/data/reusables/actions/oidc-deployment-protection-rules.md b/data/reusables/actions/oidc-deployment-protection-rules.md
index 68d35cce78f6..967b5683feb0 100644
--- a/data/reusables/actions/oidc-deployment-protection-rules.md
+++ b/data/reusables/actions/oidc-deployment-protection-rules.md
@@ -1,5 +1,5 @@
{% note %}
-**Note**: When environments are used in workflows or in OIDC policies, we recommend adding protection rules to the environment for additional security. For example, you can configure deployment rules on an environment to restrict which branches and tags can deploy to the environment or access environment secrets. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules)."
+**Note**: When environments are used in workflows or in OIDC policies, we recommend adding protection rules to the environment for additional security. For example, you can configure deployment rules on an environment to restrict which branches and tags can deploy to the environment or access environment secrets. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#deployment-protection-rules)."
{% endnote %}
diff --git a/data/reusables/actions/oidc-permissions-token.md b/data/reusables/actions/oidc-permissions-token.md
index 2a70c56f2bbe..35f6bc51a846 100644
--- a/data/reusables/actions/oidc-permissions-token.md
+++ b/data/reusables/actions/oidc-permissions-token.md
@@ -1,4 +1,4 @@
-The job or workflow run requires a `permissions` setting with [`id-token: write`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token). You won't be able to request the OIDC JWT ID token if the `permissions` setting for `id-token` is set to `read` or `none`.
+The job or workflow run requires a `permissions` setting with [`id-token: write`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) to allow {% data variables.product.prodname_dotcom %}'s OIDC provider to create a JSON Web Token for every run. You won't be able to request the OIDC JWT ID token if the `permissions` for `id-token` is not set to `write`, however this value doesn't imply granting write access to any resources, only being able to fetch and set the OIDC token for an action or step to enable authenticating with a short-lived access token. Any actual trust setting is defined using OIDC claims, for more information see "[AUTOTITLE](/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud)."
The `id-token: write` setting allows the JWT to be requested from {% data variables.product.prodname_dotcom %}'s OIDC provider using one of these approaches:
diff --git a/data/reusables/actions/onboarding-next-steps.md b/data/reusables/actions/onboarding-next-steps.md
index af086de89b5b..73a11ebe04e1 100644
--- a/data/reusables/actions/onboarding-next-steps.md
+++ b/data/reusables/actions/onboarding-next-steps.md
@@ -1,9 +1,9 @@
{% data variables.product.prodname_actions %} can help you automate nearly every aspect of your application development processes. Ready to get started? Here are some helpful resources for taking your next steps with {% data variables.product.prodname_actions %}:
-* For a quick way to create a {% data variables.product.prodname_actions %} workflow, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)."
-* For continuous integration (CI) workflows to build and test your code, see "[AUTOTITLE](/actions/automating-builds-and-tests)."
+* To create a {% data variables.product.prodname_actions %} workflow, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)."
+* For continuous integration (CI) workflows, see "[AUTOTITLE](/actions/automating-builds-and-tests)."
* For building and publishing packages, see "[AUTOTITLE](/actions/publishing-packages)."
* For deploying projects, see "[AUTOTITLE](/actions/deployment)."
* For automating tasks and processes on {% data variables.product.prodname_dotcom %}, see "[AUTOTITLE](/actions/managing-issues-and-pull-requests)."
-* For examples that demonstrate more complex features of {% data variables.product.prodname_actions %}, including many of the above use cases, see "[AUTOTITLE](/actions/examples)." You can see detailed examples that explain how to test your code on a runner, access the {% data variables.product.prodname_dotcom %} CLI, and use advanced features such as concurrency and test matrices.{% ifversion github-certification %}
-* If you want to certify your proficiency in automating workflows and accelerating development with {% data variables.product.prodname_actions %}, you can earn a {% data variables.product.prodname_actions %} certificate with {% data variables.product.prodname_certifications %}. For more information, see "[AUTOTITLE](/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications)."{% endif %}
+* For examples that demonstrate more complex features of {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/examples)." These detailed examples explain how to test your code on a runner, access the {% data variables.product.prodname_dotcom %} CLI, and use advanced features such as concurrency and test matrices.{% ifversion github-certification %}
+* To certify your proficiency in automating workflows and accelerating development with {% data variables.product.prodname_actions %}, earn a {% data variables.product.prodname_actions %} certificate with {% data variables.product.prodname_certifications %}. For more information, see "[AUTOTITLE](/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications)."{% endif %}
diff --git a/data/reusables/actions/permissions-statement-secrets-environment.md b/data/reusables/actions/permissions-statement-secrets-environment.md
index a181b5a3371d..2454550cbfa6 100644
--- a/data/reusables/actions/permissions-statement-secrets-environment.md
+++ b/data/reusables/actions/permissions-statement-secrets-environment.md
@@ -1 +1 @@
-To create secrets or variables for an environment in a personal account repository, you must be the repository owner. To create secrets or variables for an environment in an organization repository, you must have `admin` access. For more information on environments, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
+To create secrets or variables for an environment in a personal account repository, you must be the repository owner. To create secrets or variables for an environment in an organization repository, you must have `admin` access. For more information on environments, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)."
diff --git a/data/reusables/actions/release-trigger-workflow.md b/data/reusables/actions/release-trigger-workflow.md
deleted file mode 100644
index 45696af8f62b..000000000000
--- a/data/reusables/actions/release-trigger-workflow.md
+++ /dev/null
@@ -1 +0,0 @@
-Each time you create a new release on {% data variables.product.product_name %}, you can trigger a workflow to publish your image. The workflow in the example below runs when the `release` event triggers with the `created` activity type. For more information on the `release` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#release)."
diff --git a/data/reusables/actions/starter-workflow-get-started.md b/data/reusables/actions/starter-workflow-get-started.md
deleted file mode 100644
index cb107be28c77..000000000000
--- a/data/reusables/actions/starter-workflow-get-started.md
+++ /dev/null
@@ -1 +0,0 @@
-To get started quickly, add a starter workflow to the `.github/workflows` directory of your repository.
diff --git a/data/reusables/actions/supported-github-runners.md b/data/reusables/actions/supported-github-runners.md
index e994ab92240e..0b0ffad60e56 100644
--- a/data/reusables/actions/supported-github-runners.md
+++ b/data/reusables/actions/supported-github-runners.md
@@ -1,18 +1,15 @@
-
-
-### Standard {% data variables.product.prodname_dotcom %}-hosted runners for Public repositories
+### Standard {% data variables.product.prodname_dotcom %}-hosted runners for public repositories
For public repositories, jobs using the workflow labels shown in the table below will run on virtual machines with the associated specifications. The use of these runners on public repositories is free and unlimited.
-The macos-latest label currently uses the macOS 14 runner image.
+macos-latest or macos-14
-### Standard {% data variables.product.prodname_dotcom %}-hosted runners for Private repositories
+### Standard {% data variables.product.prodname_dotcom %}-hosted runners for {% ifversion ghec %}internal and{% endif %} private repositories
-For private repositories, jobs using the workflow labels shown in the table below will run on virtual machines with the associated specifications. These runners use your {% data variables.product.prodname_dotcom %} account's allotment of free minutes, and are then charged at the per minute rates. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
+For {% ifversion ghec %}internal and{% endif %} private repositories, jobs using the workflow labels shown in the table below will run on virtual machines with the associated specifications. These runners use your {% data variables.product.prodname_dotcom %} account's allotment of free minutes, and are then charged at the per minute rates. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
-The macos-latestlabel currently uses the macOS 14 runner image.
+macos-latest or macos-14
diff --git a/data/reusables/actions/third-party-actions.md b/data/reusables/actions/third-party-actions.md
index 03175a079e01..0abdad711a93 100644
--- a/data/reusables/actions/third-party-actions.md
+++ b/data/reusables/actions/third-party-actions.md
@@ -2,7 +2,7 @@
**Notes**:
-* This starter workflow contains an action that is not certified by {% data variables.product.prodname_dotcom %}. Actions provided by third parties are governed by separate terms of service, privacy policy, and support documentation.
+* This workflow template contains an action that is not certified by {% data variables.product.prodname_dotcom %}. Actions provided by third parties are governed by separate terms of service, privacy policy, and support documentation.
* If you use actions from third parties you should use a version specified by a commit SHA. If the action is revised and you want to use the newer version, you will need to update the SHA. You can specify a version by referencing a tag or a branch, however the action may change without warning. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)."
{% endnote %}
diff --git a/data/reusables/actions/upgrade-runners-before-upgrade-ghes.md b/data/reusables/actions/upgrade-runners-before-upgrade-ghes.md
index fbdf7bfefc47..b6151b039a95 100644
--- a/data/reusables/actions/upgrade-runners-before-upgrade-ghes.md
+++ b/data/reusables/actions/upgrade-runners-before-upgrade-ghes.md
@@ -1 +1 @@
-If you use ephemeral runners and have disabled automatic updates, before you upgrade {% data variables.location.product_location %}, you should first upgrade your self-hosted runners to the version of the runner application that your upgraded instance will run. Upgrading {% data variables.location.product_location %} before you upgrade ephemeral runners may result in your runners going offline. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+If you use ephemeral runners and have disabled automatic updates, before you upgrade {% data variables.location.product_location %}, you should first upgrade your self-hosted runners to the version of the runner application that your upgraded instance will run. Upgrading {% data variables.location.product_location %} before you upgrade ephemeral runners may result in your runners going offline. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
diff --git a/data/reusables/actions/workflow-basic-example-and-explanation.md b/data/reusables/actions/workflow-basic-example-and-explanation.md
index 853d10eb83f8..3062196a2e3a 100644
--- a/data/reusables/actions/workflow-basic-example-and-explanation.md
+++ b/data/reusables/actions/workflow-basic-example-and-explanation.md
@@ -1,4 +1,4 @@
-## Create an example workflow
+## Creating an example workflow
{% data variables.product.prodname_actions %} uses YAML syntax to define the workflow. Each workflow is stored as a separate YAML file in your code repository, in a directory named `.github/workflows`.
diff --git a/data/reusables/actions/workflow-organization-templates.md b/data/reusables/actions/workflow-organization-templates.md
index 0dc4dc05b0e2..0c8af26da21f 100644
--- a/data/reusables/actions/workflow-organization-templates.md
+++ b/data/reusables/actions/workflow-organization-templates.md
@@ -1 +1 @@
-Starter workflows allow everyone in your organization who has permission to create workflows to do so more quickly and easily. When you create a new workflow, you can choose a starter workflow and some or all of the work of writing the workflow will be done for you. You can use starter workflows as a starting place to build your custom workflow or use them as-is. This not only saves time, it promotes consistency and best practice across your organization.
+Workflow templates allow everyone in your organization who has permission to create workflows to do so more quickly and easily. When you create a new workflow, you can choose a workflow template and some or all of the work of writing the workflow will be done for you. You can use workflow templates as a starting place to build your custom workflow or use them as-is. This not only saves time, it promotes consistency and best practice across your organization.
diff --git a/data/reusables/actions/workflow-template-overview.md b/data/reusables/actions/workflow-template-overview.md
index bc08e3019beb..103d3ab0bfff 100644
--- a/data/reusables/actions/workflow-template-overview.md
+++ b/data/reusables/actions/workflow-template-overview.md
@@ -1,3 +1,8 @@
-{% data variables.product.prodname_dotcom %} provides preconfigured starter workflows that you can customize to create your own continuous integration workflow. {% data variables.product.product_name %} analyzes your code and shows you CI starter workflows that might be useful for your repository. For example, if your repository contains Node.js code, you'll see suggestions for Node.js projects. You can use starter workflows as a starting place to build your custom workflow or use them as-is.
+{% data variables.product.prodname_dotcom %} provides preconfigured workflow templates that you can use as-is or customize to create your own workflow. {% data variables.product.product_name %} analyzes your code and shows you workflow templates that might be useful for your repository. For example, if your repository contains Node.js code, you'll see suggestions for Node.js projects.
-You can browse the full list of starter workflows in the {% ifversion fpt or ghec %}[actions/starter-workflows](https://github.com/actions/starter-workflows) repository{% else %} `actions/starter-workflows` repository on {% data variables.location.product_location %}{% endif %}.
+These workflow templates are designed to help you get up and running quickly, offering a range of configurations such as:
+* CI: [Continuous Integration workflows](https://github.com/actions/starter-workflows/tree/main/ci)
+* Deployments: [Deployment workflows](https://github.com/actions/starter-workflows/tree/main/deployments)
+* Automation: [Automating workflows](https://github.com/actions/starter-workflows/tree/main/automation)
+* Code Scanning: [Code Scanning workflows](https://github.com/actions/starter-workflows/tree/main/code-scanning)
+* Pages: [Pages workflows](https://github.com/actions/starter-workflows/tree/main/pages)
diff --git a/data/reusables/actions/starter-workflow-categories.md b/data/reusables/actions/workflow-templates-categories.md
similarity index 64%
rename from data/reusables/actions/starter-workflow-categories.md
rename to data/reusables/actions/workflow-templates-categories.md
index 252bb4bec80f..488dc489e6c3 100644
--- a/data/reusables/actions/starter-workflow-categories.md
+++ b/data/reusables/actions/workflow-templates-categories.md
@@ -1,5 +1,5 @@
-{% data variables.product.prodname_dotcom %} provides ready-to-use starter workflows for the following high level categories:
+{% data variables.product.prodname_dotcom %} provides ready-to-use workflow templates for the following high level categories:
* **Deployment (CD)**. For more information, see "[AUTOTITLE](/actions/deployment/about-deployments/about-continuous-deployment)."
{% ifversion fpt or ghec %}- **Security**. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-code-scanning-using-third-party-actions)."{% endif %}
* **Continuous Integration (CI)**. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests/about-continuous-integration)."
-* **Automation**. Automation starter workflows offer solutions for automating workflows, such as triaging pull requests and applying a label based on the paths that are modified in the pull request, or greeting users who are first time contributors to the repository.
+* **Automation**. Automation workflow templates offer solutions for automating workflows, such as triaging pull requests and applying a label based on the paths that are modified in the pull request, or greeting users who are first time contributors to the repository.
diff --git a/data/reusables/actions/workflow-templates-for-more-information.md b/data/reusables/actions/workflow-templates-for-more-information.md
new file mode 100644
index 000000000000..7d9b55b845df
--- /dev/null
+++ b/data/reusables/actions/workflow-templates-for-more-information.md
@@ -0,0 +1 @@
+To get started with preconfigured workflows, browse through the list of templates in the {% ifversion fpt or ghec %}[actions/starter-workflows](https://github.com/actions/starter-workflows) repository{% else %} `actions/starter-workflows` repository on {% data variables.location.product_location %}{% endif %}. For more information, see "[AUTOTITLE](/actions/writing-workflows/using-starter-workflows)."
diff --git a/data/reusables/actions/workflow-templates-get-started.md b/data/reusables/actions/workflow-templates-get-started.md
new file mode 100644
index 000000000000..0e1d98751d4a
--- /dev/null
+++ b/data/reusables/actions/workflow-templates-get-started.md
@@ -0,0 +1 @@
+To get started quickly, add a workflow template to the `.github/workflows` directory of your repository.
diff --git a/data/reusables/actions/workflow-templates-repo-link.md b/data/reusables/actions/workflow-templates-repo-link.md
new file mode 100644
index 000000000000..884fbb81ee75
--- /dev/null
+++ b/data/reusables/actions/workflow-templates-repo-link.md
@@ -0,0 +1 @@
+Use these workflows as a starting place to build your custom workflow or use them as-is. You can browse the full list of workflow templates in the {% ifversion fpt or ghec %}[actions/starter-workflows](https://github.com/actions/starter-workflows) repository{% else %} `actions/starter-workflows` repository on {% data variables.location.product_location %}{% endif %}. For more information, see "[AUTOTITLE](/actions/writing-workflows/using-starter-workflows)."
diff --git a/data/reusables/actions/workflows/github-token-access.md b/data/reusables/actions/workflows/github-token-access.md
index 33f06b8c95a1..e729af1ab102 100644
--- a/data/reusables/actions/workflows/github-token-access.md
+++ b/data/reusables/actions/workflows/github-token-access.md
@@ -1 +1 @@
-1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes (the permissive setting), or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` scopes{% else %}scope{% endif %} (the restricted setting).
+1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all permissions (the permissive setting), or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` permissions{% else %}permission{% endif %} (the restricted setting).
diff --git a/data/reusables/actions/workflows/run-on-specific-branches-or-tags1.md b/data/reusables/actions/workflows/run-on-specific-branches-or-tags1.md
new file mode 100644
index 000000000000..5a1fcf65ab26
--- /dev/null
+++ b/data/reusables/actions/workflows/run-on-specific-branches-or-tags1.md
@@ -0,0 +1,10 @@
+
+When using the `push` event, you can configure a workflow to run on specific branches or tags.
+
+Use the `branches` filter when you want to include branch name patterns or when you want to both include and exclude branch names patterns. Use the `branches-ignore` filter when you only want to exclude branch name patterns. You cannot use both the `branches` and `branches-ignore` filters for the same event in a workflow.
+
+Use the `tags` filter when you want to include tag name patterns or when you want to both include and exclude tag names patterns. Use the `tags-ignore` filter when you only want to exclude tag name patterns. You cannot use both the `tags` and `tags-ignore` filters for the same event in a workflow.
+
+If you define only `tags`/`tags-ignore` or only `branches`/`branches-ignore`, the workflow won't run for events affecting the undefined Git ref. If you define neither `tags`/`tags-ignore` or `branches`/`branches-ignore`, the workflow will run for events affecting either branches or tags. If you define both `branches`/`branches-ignore` and [`paths`/`paths-ignore`](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied.
+
+The `branches`, `branches-ignore`, `tags`, and `tags-ignore` keywords accept glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch or tag name. If a name contains any of these characters and you want a literal match, you need to _escape_ each of these special characters with `\`. For more information about glob patterns, see the "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
diff --git a/data/reusables/actions/workflows/run-on-specific-branches-or-tags2.md b/data/reusables/actions/workflows/run-on-specific-branches-or-tags2.md
new file mode 100644
index 000000000000..48e4960f5f45
--- /dev/null
+++ b/data/reusables/actions/workflows/run-on-specific-branches-or-tags2.md
@@ -0,0 +1,21 @@
+The patterns defined in `branches` and `tags` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `push` event to:
+
+* A branch named `main` (`refs/heads/main`)
+* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
+* A branch whose name starts with `releases/`, like `releases/10` (`refs/heads/releases/10`)
+* A tag named `v2` (`refs/tags/v2`)
+* A tag whose name starts with `v1.`, like `v1.9.1` (`refs/tags/v1.9.1`)
+
+```yaml
+on:
+ push:
+ # Sequence of patterns matched against refs/heads
+ branches:
+ - main
+ - 'mona/octocat'
+ - 'releases/**'
+ # Sequence of patterns matched against refs/tags
+ tags:
+ - v2
+ - v1.*
+```
diff --git a/data/reusables/actions/workflows/run-on-specific-branches-or-tags3.md b/data/reusables/actions/workflows/run-on-specific-branches-or-tags3.md
new file mode 100644
index 000000000000..f17c333a32d4
--- /dev/null
+++ b/data/reusables/actions/workflows/run-on-specific-branches-or-tags3.md
@@ -0,0 +1,20 @@
+
+When a pattern matches the `branches-ignore` or `tags-ignore` pattern, the workflow will not run. The patterns defined in `branches` and `tags` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `push` event, unless the `push` event is to:
+
+* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
+* A branch whose name matches `releases/**-alpha`, like `releases/beta/3-alpha` (`refs/heads/releases/beta/3-alpha`)
+* A tag named `v2` (`refs/tags/v2`)
+* A tag whose name starts with `v1.`, like `v1.9` (`refs/tags/v1.9`)
+
+```yaml
+on:
+ push:
+ # Sequence of patterns matched against refs/heads
+ branches-ignore:
+ - 'mona/octocat'
+ - 'releases/**-alpha'
+ # Sequence of patterns matched against refs/tags
+ tags-ignore:
+ - v2
+ - v1.*
+```
diff --git a/data/reusables/actions/workflows/run-on-specific-branches-or-tags4.md b/data/reusables/actions/workflows/run-on-specific-branches-or-tags4.md
new file mode 100644
index 000000000000..994269522990
--- /dev/null
+++ b/data/reusables/actions/workflows/run-on-specific-branches-or-tags4.md
@@ -0,0 +1,18 @@
+You can't use `branches` and `branches-ignore` to filter the same event in a single workflow. Similarly, you can't use `tags` and `tags-ignore` to filter the same event in a single workflow. If you want to both include and exclude branch or tag patterns for a single event, use the `branches` or `tags` filter along with the `!` character to indicate which branches or tags should be excluded.
+
+If you define a branch with the `!` character, you must also define at least one branch without the `!` character. If you only want to exclude branches, use `branches-ignore` instead. Similarly, if you define a tag with the `!` character, you must also define at least one tag without the `!` character. If you only want to exclude tags, use `tags-ignore` instead.
+
+The order that you define patterns matters.
+
+* A matching negative pattern (prefixed with `!`) after a positive match will exclude the Git ref.
+* A matching positive pattern after a negative match will include the Git ref again.
+
+The following workflow will run on pushes to `releases/10` or `releases/beta/mona`, but not on `releases/10-alpha` or `releases/beta/3-alpha` because the negative pattern `!releases/**-alpha` follows the positive pattern.
+
+```yaml
+on:
+ push:
+ branches:
+ - 'releases/**'
+ - '!releases/**-alpha'
+```
diff --git a/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md b/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md
deleted file mode 100644
index 328c5d692945..000000000000
--- a/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md
+++ /dev/null
@@ -1,77 +0,0 @@
-
-When using the `push` event, you can configure a workflow to run on specific branches or tags.
-
-Use the `branches` filter when you want to include branch name patterns or when you want to both include and exclude branch names patterns. Use the `branches-ignore` filter when you only want to exclude branch name patterns. You cannot use both the `branches` and `branches-ignore` filters for the same event in a workflow.
-
-Use the `tags` filter when you want to include tag name patterns or when you want to both include and exclude tag names patterns. Use the `tags-ignore` filter when you only want to exclude tag name patterns. You cannot use both the `tags` and `tags-ignore` filters for the same event in a workflow.
-
-If you define only `tags`/`tags-ignore` or only `branches`/`branches-ignore`, the workflow won't run for events affecting the undefined Git ref. If you define neither `tags`/`tags-ignore` or `branches`/`branches-ignore`, the workflow will run for events affecting either branches or tags. If you define both `branches`/`branches-ignore` and [`paths`/`paths-ignore`](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied.
-
-The `branches`, `branches-ignore`, `tags`, and `tags-ignore` keywords accept glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch or tag name. If a name contains any of these characters and you want a literal match, you need to _escape_ each of these special characters with `\`. For more information about glob patterns, see the "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
-
-#### Example: Including branches and tags
-
-The patterns defined in `branches` and `tags` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `push` event to:
-
-* A branch named `main` (`refs/heads/main`)
-* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
-* A branch whose name starts with `releases/`, like `releases/10` (`refs/heads/releases/10`)
-* A tag named `v2` (`refs/tags/v2`)
-* A tag whose name starts with `v1.`, like `v1.9.1` (`refs/tags/v1.9.1`)
-
-```yaml
-on:
- push:
- # Sequence of patterns matched against refs/heads
- branches:
- - main
- - 'mona/octocat'
- - 'releases/**'
- # Sequence of patterns matched against refs/tags
- tags:
- - v2
- - v1.*
-```
-
-#### Example: Excluding branches and tags
-
-When a pattern matches the `branches-ignore` or `tags-ignore` pattern, the workflow will not run. The patterns defined in `branches` and `tags` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `push` event, unless the `push` event is to:
-
-* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
-* A branch whose name matches `releases/**-alpha`, like `releases/beta/3-alpha` (`refs/heads/releases/beta/3-alpha`)
-* A tag named `v2` (`refs/tags/v2`)
-* A tag whose name starts with `v1.`, like `v1.9` (`refs/tags/v1.9`)
-
-```yaml
-on:
- push:
- # Sequence of patterns matched against refs/heads
- branches-ignore:
- - 'mona/octocat'
- - 'releases/**-alpha'
- # Sequence of patterns matched against refs/tags
- tags-ignore:
- - v2
- - v1.*
-```
-
-#### Example: Including and excluding branches and tags
-
-You can't use `branches` and `branches-ignore` to filter the same event in a single workflow. Similarly, you can't use `tags` and `tags-ignore` to filter the same event in a single workflow. If you want to both include and exclude branch or tag patterns for a single event, use the `branches` or `tags` filter along with the `!` character to indicate which branches or tags should be excluded.
-
-If you define a branch with the `!` character, you must also define at least one branch without the `!` character. If you only want to exclude branches, use `branches-ignore` instead. Similarly, if you define a tag with the `!` character, you must also define at least one tag without the `!` character. If you only want to exclude tags, use `tags-ignore` instead.
-
-The order that you define patterns matters.
-
-* A matching negative pattern (prefixed with `!`) after a positive match will exclude the Git ref.
-* A matching positive pattern after a negative match will include the Git ref again.
-
-The following workflow will run on pushes to `releases/10` or `releases/beta/mona`, but not on `releases/10-alpha` or `releases/beta/3-alpha` because the negative pattern `!releases/**-alpha` follows the positive pattern.
-
-```yaml
-on:
- push:
- branches:
- - 'releases/**'
- - '!releases/**-alpha'
-```
diff --git a/data/reusables/actions/workflows/section-triggering-a-workflow-branches.md b/data/reusables/actions/workflows/section-triggering-a-workflow-branches.md
deleted file mode 100644
index 4acdcc3abcef..000000000000
--- a/data/reusables/actions/workflows/section-triggering-a-workflow-branches.md
+++ /dev/null
@@ -1,66 +0,0 @@
-When using the `pull_request` and `pull_request_target` events, you can configure a workflow to run only for pull requests that target specific branches.
-
-Use the `branches` filter when you want to include branch name patterns or when you want to both include and exclude branch names patterns. Use the `branches-ignore` filter when you only want to exclude branch name patterns. You cannot use both the `branches` and `branches-ignore` filters for the same event in a workflow.
-
-If you define both `branches`/`branches-ignore` and [`paths`/`paths-ignore`](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied.
-
-The `branches` and `branches-ignore` keywords accept glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. If a name contains any of these characters and you want a literal match, you need to escape each of these special characters with `\`. For more information about glob patterns, see the "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
-
-#### Example: Including branches
-
-The patterns defined in `branches` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `pull_request` event for a pull request targeting:
-
-* A branch named `main` (`refs/heads/main`)
-* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
-* A branch whose name starts with `releases/`, like `releases/10` (`refs/heads/releases/10`)
-
-```yaml
-on:
- pull_request:
- # Sequence of patterns matched against refs/heads
- branches:
- - main
- - 'mona/octocat'
- - 'releases/**'
-```
-
-{% data reusables.pull_requests.path-filtering-required-workflows %}
-
-If a workflow is skipped due to branch filtering, [path filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), or a [commit message](/actions/managing-workflow-runs/skipping-workflow-runs), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging.
-
-#### Example: Excluding branches
-
-When a pattern matches the `branches-ignore` pattern, the workflow will not run. The patterns defined in `branches-ignore` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `pull_request` event unless the pull request is targeting:
-
-* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
-* A branch whose name matches `releases/**-alpha`, like `releases/beta/3-alpha` (`refs/heads/releases/beta/3-alpha`)
-
-```yaml
-on:
- pull_request:
- # Sequence of patterns matched against refs/heads
- branches-ignore:
- - 'mona/octocat'
- - 'releases/**-alpha'
-```
-
-#### Example: Including and excluding branches
-
-You cannot use `branches` and `branches-ignore` to filter the same event in a single workflow. If you want to both include and exclude branch patterns for a single event, use the `branches` filter along with the `!` character to indicate which branches should be excluded.
-
-If you define a branch with the `!` character, you must also define at least one branch without the `!` character. If you only want to exclude branches, use `branches-ignore` instead.
-
-The order that you define patterns matters.
-
-* A matching negative pattern (prefixed with `!`) after a positive match will exclude the Git ref.
-* A matching positive pattern after a negative match will include the Git ref again.
-
-The following workflow will run on `pull_request` events for pull requests that target `releases/10` or `releases/beta/mona`, but not for pull requests that target `releases/10-alpha` or `releases/beta/3-alpha` because the negative pattern `!releases/**-alpha` follows the positive pattern.
-
-```yaml
-on:
- pull_request:
- branches:
- - 'releases/**'
- - '!releases/**-alpha'
-```
diff --git a/data/reusables/actions/workflows/section-triggering-a-workflow-paths.md b/data/reusables/actions/workflows/section-triggering-a-workflow-paths.md
deleted file mode 100644
index bf8e1d7f1352..000000000000
--- a/data/reusables/actions/workflows/section-triggering-a-workflow-paths.md
+++ /dev/null
@@ -1,85 +0,0 @@
-
-When using the `push` and `pull_request` events, you can configure a workflow to run based on what file paths are changed. Path filters are not evaluated for pushes of tags.
-
-Use the `paths` filter when you want to include file path patterns or when you want to both include and exclude file path patterns. Use the `paths-ignore` filter when you only want to exclude file path patterns. You cannot use both the `paths` and `paths-ignore` filters for the same event in a workflow. If you want to both include and exclude path patterns for a single event, use the `paths` filter prefixed with the `!` character to indicate which paths should be excluded.
-
-{% note %}
-
-**Note:** The order that you define `paths` patterns matters:
-
-* A matching negative pattern (prefixed with `!`) after a positive match will exclude the path.
-* A matching positive pattern after a negative match will include the path again.
-
-{% endnote %}
-
-If you define both `branches`/`branches-ignore` and `paths`/`paths-ignore`, the workflow will only run when both filters are satisfied.
-
-The `paths` and `paths-ignore` keywords accept glob patterns that use the `*` and `**` wildcard characters to match more than one path name. For more information, see the "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
-
-#### Example: Including paths
-
-If at least one path matches a pattern in the `paths` filter, the workflow runs. For example, the following workflow would run anytime you push a JavaScript file (`.js`).
-
-```yaml
-on:
- push:
- paths:
- - '**.js'
-```
-
-{% data reusables.pull_requests.path-filtering-required-workflows %}
-
-If a workflow is skipped due to path filtering, [branch filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore), or a [commit message](/actions/managing-workflow-runs/skipping-workflow-runs), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging.
-
-#### Example: Excluding paths
-
-When all the path names match patterns in `paths-ignore`, the workflow will not run. If any path names do not match patterns in `paths-ignore`, even if some path names match the patterns, the workflow will run.
-
-A workflow with the following path filter will only run on `push` events that include at least one file outside the `docs` directory at the root of the repository.
-
-```yaml
-on:
- push:
- paths-ignore:
- - 'docs/**'
-```
-
-#### Example: Including and excluding paths
-
-You cannot use `paths` and `paths-ignore` to filter the same event in a single workflow. If you want to both include and exclude path patterns for a single event, use the `paths` filter prefixed with the `!` character to indicate which paths should be excluded.
-
-If you define a path with the `!` character, you must also define at least one path without the `!` character. If you only want to exclude paths, use `paths-ignore` instead.
-
-The order that you define `paths` patterns matters:
-
-* A matching negative pattern (prefixed with `!`) after a positive match will exclude the path.
-* A matching positive pattern after a negative match will include the path again.
-
-This example runs anytime the `push` event includes a file in the `sub-project` directory or its subdirectories, unless the file is in the `sub-project/docs` directory. For example, a push that changed `sub-project/index.js` or `sub-project/src/index.js` will trigger a workflow run, but a push changing only `sub-project/docs/readme.md` will not.
-
-```yaml
-on:
- push:
- paths:
- - 'sub-project/**'
- - '!sub-project/docs/**'
-```
-
-#### Git diff comparisons
-
-{% note %}
-
-**Note:** If you push more than 1,000 commits, or if {% data variables.product.prodname_dotcom %} does not generate the diff due to a timeout, the workflow will always run.
-
-{% endnote %}
-
-The filter determines if a workflow should run by evaluating the changed files and running them against the `paths-ignore` or `paths` list. If there are no files changed, the workflow will not run.
-
-{% data variables.product.prodname_dotcom %} generates the list of changed files using two-dot diffs for pushes and three-dot diffs for pull requests:
-* **Pull requests:** Three-dot diffs are a comparison between the most recent version of the topic branch and the commit where the topic branch was last synced with the base branch.
-* **Pushes to existing branches:** A two-dot diff compares the head and base SHAs directly with each other.
-* **Pushes to new branches:** A two-dot diff against the parent of the ancestor of the deepest commit pushed.
-
-Diffs are limited to 300 files. If there are files changed that aren't matched in the first 300 files returned by the filter, the workflow will not run. You may need to create more specific filters so that the workflow will run automatically.
-
-For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests)."
diff --git a/data/reusables/actions/workflows/starter-workflows.md b/data/reusables/actions/workflows/starter-workflows.md
index 289160c1845c..4bbfe889d584 100644
--- a/data/reusables/actions/workflows/starter-workflows.md
+++ b/data/reusables/actions/workflows/starter-workflows.md
@@ -1 +1 @@
-The default starter workflows are excellent starting points when creating your build and test workflow, and you can customize the starter workflow to suit your project’s needs.
+The default workflow templates are excellent starting points when creating your build and test workflow, and you can customize the workflow template to suit your project’s needs.
diff --git a/data/reusables/actions/workflows/triggering-a-workflow-paths1.md b/data/reusables/actions/workflows/triggering-a-workflow-paths1.md
new file mode 100644
index 000000000000..454eedbdc59f
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-a-workflow-paths1.md
@@ -0,0 +1,13 @@
+When using the `push` and `pull_request` events, you can configure a workflow to run based on what file paths are changed. Path filters are not evaluated for pushes of tags.
+
+Use the `paths` filter when you want to include file path patterns or when you want to both include and exclude file path patterns. Use the `paths-ignore` filter when you only want to exclude file path patterns. You cannot use both the `paths` and `paths-ignore` filters for the same event in a workflow. If you want to both include and exclude path patterns for a single event, use the `paths` filter prefixed with the `!` character to indicate which paths should be excluded.
+
+> [!NOTE]
+> The order that you define `paths` patterns matters:
+>
+> * A matching negative pattern (prefixed with `!`) after a positive match will exclude the path.
+> * A matching positive pattern after a negative match will include the path again.
+
+If you define both `branches`/`branches-ignore` and `paths`/`paths-ignore`, the workflow will only run when both filters are satisfied.
+
+The `paths` and `paths-ignore` keywords accept glob patterns that use the `*` and `**` wildcard characters to match more than one path name. For more information, see the "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
diff --git a/data/reusables/actions/workflows/triggering-a-workflow-paths2.md b/data/reusables/actions/workflows/triggering-a-workflow-paths2.md
new file mode 100644
index 000000000000..77a69daf43c8
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-a-workflow-paths2.md
@@ -0,0 +1,12 @@
+If at least one path matches a pattern in the `paths` filter, the workflow runs. For example, the following workflow would run anytime you push a JavaScript file (`.js`).
+
+```yaml
+on:
+ push:
+ paths:
+ - '**.js'
+```
+
+{% data reusables.pull_requests.path-filtering-required-workflows %}
+
+If a workflow is skipped due to path filtering, [branch filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore), or a [commit message](/actions/managing-workflow-runs/skipping-workflow-runs), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging.
diff --git a/data/reusables/actions/workflows/triggering-a-workflow-paths3.md b/data/reusables/actions/workflows/triggering-a-workflow-paths3.md
new file mode 100644
index 000000000000..46a6e49d574d
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-a-workflow-paths3.md
@@ -0,0 +1,10 @@
+When all the path names match patterns in `paths-ignore`, the workflow will not run. If any path names do not match patterns in `paths-ignore`, even if some path names match the patterns, the workflow will run.
+
+A workflow with the following path filter will only run on `push` events that include at least one file outside the `docs` directory at the root of the repository.
+
+```yaml
+on:
+ push:
+ paths-ignore:
+ - 'docs/**'
+```
diff --git a/data/reusables/actions/workflows/triggering-a-workflow-paths4.md b/data/reusables/actions/workflows/triggering-a-workflow-paths4.md
new file mode 100644
index 000000000000..74b33a7a8632
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-a-workflow-paths4.md
@@ -0,0 +1,18 @@
+You cannot use `paths` and `paths-ignore` to filter the same event in a single workflow. If you want to both include and exclude path patterns for a single event, use the `paths` filter prefixed with the `!` character to indicate which paths should be excluded.
+
+If you define a path with the `!` character, you must also define at least one path without the `!` character. If you only want to exclude paths, use `paths-ignore` instead.
+
+The order that you define `paths` patterns matters:
+
+* A matching negative pattern (prefixed with `!`) after a positive match will exclude the path.
+* A matching positive pattern after a negative match will include the path again.
+
+This example runs anytime the `push` event includes a file in the `sub-project` directory or its subdirectories, unless the file is in the `sub-project/docs` directory. For example, a push that changed `sub-project/index.js` or `sub-project/src/index.js` will trigger a workflow run, but a push changing only `sub-project/docs/readme.md` will not.
+
+```yaml
+on:
+ push:
+ paths:
+ - 'sub-project/**'
+ - '!sub-project/docs/**'
+```
diff --git a/data/reusables/actions/workflows/triggering-a-workflow-paths5.md b/data/reusables/actions/workflows/triggering-a-workflow-paths5.md
new file mode 100644
index 000000000000..5cf3803708d7
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-a-workflow-paths5.md
@@ -0,0 +1,13 @@
+> [!NOTE]
+> If you push more than 1,000 commits, or if {% data variables.product.prodname_dotcom %} does not generate the diff due to a timeout, the workflow will always run.
+
+The filter determines if a workflow should run by evaluating the changed files and running them against the `paths-ignore` or `paths` list. If there are no files changed, the workflow will not run.
+
+{% data variables.product.prodname_dotcom %} generates the list of changed files using two-dot diffs for pushes and three-dot diffs for pull requests:
+* **Pull requests:** Three-dot diffs are a comparison between the most recent version of the topic branch and the commit where the topic branch was last synced with the base branch.
+* **Pushes to existing branches:** A two-dot diff compares the head and base SHAs directly with each other.
+* **Pushes to new branches:** A two-dot diff against the parent of the ancestor of the deepest commit pushed.
+
+Diffs are limited to 300 files. If there are files changed that aren't matched in the first 300 files returned by the filter, the workflow will not run. You may need to create more specific filters so that the workflow will run automatically.
+
+For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests)."
diff --git a/data/reusables/actions/workflows/triggering-workflow-branches1.md b/data/reusables/actions/workflows/triggering-workflow-branches1.md
new file mode 100644
index 000000000000..d544dcbb0a24
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-workflow-branches1.md
@@ -0,0 +1,7 @@
+When using the `pull_request` and `pull_request_target` events, you can configure a workflow to run only for pull requests that target specific branches.
+
+Use the `branches` filter when you want to include branch name patterns or when you want to both include and exclude branch names patterns. Use the `branches-ignore` filter when you only want to exclude branch name patterns. You cannot use both the `branches` and `branches-ignore` filters for the same event in a workflow.
+
+If you define both `branches`/`branches-ignore` and [`paths`/`paths-ignore`](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied.
+
+The `branches` and `branches-ignore` keywords accept glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. If a name contains any of these characters and you want a literal match, you need to escape each of these special characters with `\`. For more information about glob patterns, see the "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
diff --git a/data/reusables/actions/workflows/triggering-workflow-branches2.md b/data/reusables/actions/workflows/triggering-workflow-branches2.md
new file mode 100644
index 000000000000..0ad8c1a9bf3f
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-workflow-branches2.md
@@ -0,0 +1,19 @@
+The patterns defined in `branches` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `pull_request` event for a pull request targeting:
+
+* A branch named `main` (`refs/heads/main`)
+* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
+* A branch whose name starts with `releases/`, like `releases/10` (`refs/heads/releases/10`)
+
+```yaml
+on:
+ pull_request:
+ # Sequence of patterns matched against refs/heads
+ branches:
+ - main
+ - 'mona/octocat'
+ - 'releases/**'
+```
+
+{% data reusables.pull_requests.path-filtering-required-workflows %}
+
+If a workflow is skipped due to branch filtering, [path filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), or a [commit message](/actions/managing-workflow-runs/skipping-workflow-runs), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging.
diff --git a/data/reusables/actions/workflows/triggering-workflow-branches3.md b/data/reusables/actions/workflows/triggering-workflow-branches3.md
new file mode 100644
index 000000000000..0e7d8670ca24
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-workflow-branches3.md
@@ -0,0 +1,13 @@
+When a pattern matches the `branches-ignore` pattern, the workflow will not run. The patterns defined in `branches-ignore` are evaluated against the Git ref's name. For example, the following workflow would run whenever there is a `pull_request` event unless the pull request is targeting:
+
+* A branch named `mona/octocat` (`refs/heads/mona/octocat`)
+* A branch whose name matches `releases/**-alpha`, like `releases/beta/3-alpha` (`refs/heads/releases/beta/3-alpha`)
+
+```yaml
+on:
+ pull_request:
+ # Sequence of patterns matched against refs/heads
+ branches-ignore:
+ - 'mona/octocat'
+ - 'releases/**-alpha'
+```
diff --git a/data/reusables/actions/workflows/triggering-workflow-branches4.md b/data/reusables/actions/workflows/triggering-workflow-branches4.md
new file mode 100644
index 000000000000..c75a7b01ed5c
--- /dev/null
+++ b/data/reusables/actions/workflows/triggering-workflow-branches4.md
@@ -0,0 +1,18 @@
+You cannot use `branches` and `branches-ignore` to filter the same event in a single workflow. If you want to both include and exclude branch patterns for a single event, use the `branches` filter along with the `!` character to indicate which branches should be excluded.
+
+If you define a branch with the `!` character, you must also define at least one branch without the `!` character. If you only want to exclude branches, use `branches-ignore` instead.
+
+The order that you define patterns matters.
+
+* A matching negative pattern (prefixed with `!`) after a positive match will exclude the Git ref.
+* A matching positive pattern after a negative match will include the Git ref again.
+
+The following workflow will run on `pull_request` events for pull requests that target `releases/10` or `releases/beta/mona`, but not for pull requests that target `releases/10-alpha` or `releases/beta/3-alpha` because the negative pattern `!releases/**-alpha` follows the positive pattern.
+
+```yaml
+on:
+ pull_request:
+ branches:
+ - 'releases/**'
+ - '!releases/**-alpha'
+```
diff --git a/data/reusables/advanced-security/ghas-license-info-for-fpt.md b/data/reusables/advanced-security/ghas-license-info-for-fpt.md
index 3ab273cb98f4..cd2649053202 100644
--- a/data/reusables/advanced-security/ghas-license-info-for-fpt.md
+++ b/data/reusables/advanced-security/ghas-license-info-for-fpt.md
@@ -1 +1 @@
-If you want to use {% data variables.product.prodname_GH_advanced_security %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom_the_website %}, you will need a {% data variables.product.prodname_GH_advanced_security %} license, available with {% data variables.product.prodname_ghe_cloud %} or {% data variables.product.prodname_ghe_server %}. {% data reusables.advanced-security.ghas-trial %}
+If you want to use {% data variables.product.prodname_GH_advanced_security %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom %}, you will need a {% data variables.product.prodname_GH_advanced_security %} license, available with {% data variables.product.prodname_ghe_cloud %} or {% data variables.product.prodname_ghe_server %}. {% data reusables.advanced-security.ghas-trial %}
diff --git a/data/reusables/advanced-security/more-info-ghas-secret-scanning.md b/data/reusables/advanced-security/more-info-ghas-secret-scanning.md
index f7f7fdece963..4b9b230a89ac 100644
--- a/data/reusables/advanced-security/more-info-ghas-secret-scanning.md
+++ b/data/reusables/advanced-security/more-info-ghas-secret-scanning.md
@@ -1 +1 @@
-For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)"{% elsif ghes %}"[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-enterprise-server)"{% endif %} and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts)"{% elsif ghes %}"[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-secret-scanning-alerts)"{% endif %} and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
diff --git a/data/reusables/advanced-security/purchase-ghas.md b/data/reusables/advanced-security/purchase-ghas.md
index d4552b84e29f..74a42eb5d8d7 100644
--- a/data/reusables/advanced-security/purchase-ghas.md
+++ b/data/reusables/advanced-security/purchase-ghas.md
@@ -1,3 +1,5 @@
1. Under "How many committers do you want to include?", enter the number of committers you want to purchase licenses for. For more information about committer numbers, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
+
+ You won't see this option if you're enrolled in usage-based billing for {% data variables.product.prodname_GH_advanced_security %} licenses.
1. Confirm your billing information and payment method.
1. Click **Purchase Advanced Security**.
diff --git a/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md b/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
index eeb175416e8b..8fb34723f3e0 100644
--- a/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
+++ b/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
@@ -1,6 +1,6 @@
1. Enter the details for your new custom pattern. You must at least provide the name for your pattern, and a regular expression for the format of your secret pattern.
1. In the "Pattern name" field, type a name for your pattern.
- 1. In the "Secret format" field, type a regular expression for the format of your secret pattern.{% ifversion secret-scanning-custom-pattern-ai-generated %} Alternatively, you can use the generator to generate a regular expression for you. For more information, see "[AUTOTITLE](/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai)."{% endif %}
+ 1. In the "Secret format" field, type a regular expression for the format of your secret pattern.{% ifversion secret-scanning-custom-pattern-ai-generated %} Alternatively, you can use the generator to generate a regular expression for you. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai)."{% endif %}
1. You can click **More options {% octicon "chevron-down" aria-label="down" %}** to provide other surrounding content or additional match requirements for the secret format.
1. Provide a sample test string to make sure your configuration is matching the patterns you expect.
diff --git a/data/reusables/advanced-security/secret-scanning-generate-regular-expression-custom-pattern.md b/data/reusables/advanced-security/secret-scanning-generate-regular-expression-custom-pattern.md
index d3185001c942..f82f22059244 100644
--- a/data/reusables/advanced-security/secret-scanning-generate-regular-expression-custom-pattern.md
+++ b/data/reusables/advanced-security/secret-scanning-generate-regular-expression-custom-pattern.md
@@ -3,7 +3,7 @@
{% note %}
- **Note:** You can enter a regular expression manually instead of using the generator, by typing a regular expression for the format of your secret pattern in the "Secret format" field. For more information, see "[Defining a custom pattern for a repository](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)."
+ **Note:** You can enter a regular expression manually instead of using the generator, by typing a regular expression for the format of your secret pattern in the "Secret format" field. For more information, see "[Defining a custom pattern for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)."
{% endnote %}
diff --git a/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md b/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md
new file mode 100644
index 000000000000..8a17b35cff28
--- /dev/null
+++ b/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md
@@ -0,0 +1 @@
+{% ifversion security-configurations-ga %}1. Under "Custom patterns", click **New pattern**.{% else %}1. Under "Secret scanning", under "Custom patterns", click **New pattern**.{% endif %}
diff --git a/data/reusables/advanced-security/security-feature-availability.md b/data/reusables/advanced-security/security-feature-availability.md
index 9141e7dbcfb2..1a64d2c03df4 100644
--- a/data/reusables/advanced-security/security-feature-availability.md
+++ b/data/reusables/advanced-security/security-feature-availability.md
@@ -1 +1 @@
-Some features are available for {% ifversion ghes %}all repositories{% elsif fpt or ghec %}repositories on all plans{% endif %}. Additional features are available to enterprises that use {% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt or ghec %}{% data variables.product.prodname_GH_advanced_security %} features are also enabled for all public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} {% data reusables.advanced-security.more-info-ghas %}
+Some features are available for {% ifversion ghes %}all repositories{% elsif fpt or ghec %}repositories on all plans{% endif %}. Additional features are available to enterprises that use {% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt or ghec %}{% data variables.product.prodname_GH_advanced_security %} features are also enabled for all public repositories on {% data variables.product.prodname_dotcom %}.{% endif %} {% data reusables.advanced-security.more-info-ghas %}
diff --git a/data/reusables/advanced-security/starter-workflows-beta.md b/data/reusables/advanced-security/starter-workflows-beta.md
index 7cce688d1140..20178440891a 100644
--- a/data/reusables/advanced-security/starter-workflows-beta.md
+++ b/data/reusables/advanced-security/starter-workflows-beta.md
@@ -1,5 +1,5 @@
{% note %}
-**Note:** Starter workflows for {% data variables.product.prodname_advanced_security %} have been consolidated in a "Security" category in the **Actions** tab of a repository. This new configuration is currently in beta and subject to change.
+**Note:** Workflow templates for {% data variables.product.prodname_advanced_security %} have been consolidated in a "Security" category in the **Actions** tab of a repository. This new configuration is currently in beta and subject to change.
{% endnote %}
diff --git a/data/reusables/apps/app-scans.md b/data/reusables/apps/app-scans.md
index b7b74e71f2c7..4cb14320734a 100644
--- a/data/reusables/apps/app-scans.md
+++ b/data/reusables/apps/app-scans.md
@@ -1 +1 @@
-You should conduct regular vulnerability scans for your app. For example, you might set up code scanning and secret scanning for the repository that hosts your app's code. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
+You should conduct regular vulnerability scans for your app. For example, you might set up code scanning and secret scanning for the repository that hosts your app's code. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
diff --git a/data/reusables/apps/best-practice-store-data-with-context.md b/data/reusables/apps/best-practice-store-data-with-context.md
new file mode 100644
index 000000000000..3985bce83174
--- /dev/null
+++ b/data/reusables/apps/best-practice-store-data-with-context.md
@@ -0,0 +1,11 @@
+Beyond tracking user identity via the `id` field, you should retain data for the organization or enterprise each user is operating under. This will help ensure you don't leak sensitive information if a user switches roles.
+
+For example:
+
+1. A user is in the `Mona` organization, which requires SAML SSO, and signs into your app after performing SSO. Your app now has access to whatever the user does within `Mona`.
+1. The user pulls a bunch of code out of a repository in `Mona` and saves it in your app for analysis.
+1. Later, the user switches jobs, and is removed from the `Mona` organization.
+
+When the user accesses your app, can they still see the code and analysis from the `Mona` organization in their user account?
+
+This is why it's critical to track the source of the data that your app is saving. Otherwise, your app is a data protection threat for organizations, and they're likely to ban your app if they can't trust that your app correctly protects their data.
diff --git a/data/reusables/apps/best-practice-use-durable-id.md b/data/reusables/apps/best-practice-use-durable-id.md
new file mode 100644
index 000000000000..bb0c864b8b73
--- /dev/null
+++ b/data/reusables/apps/best-practice-use-durable-id.md
@@ -0,0 +1,7 @@
+When a user signs in and performs actions in your application, you have to remember which user took that action in order to grant them access to the same resources the next time they sign in.
+
+To store users in your database correctly, always use the `id` of the user. This value will never change for the user or be used to point to a different user, so it ensures you are providing access to the user you intend. You can find a user's `id` with the `GET /user` REST API endpoint. See "[AUTOTITLE](/rest/users/users#get-a-user)."
+
+If you store references to repositories, organizations, and enterprises, use their `id` as well to ensure your links to them remain accurate.
+
+_Never_ use identifiers that can change over time, including user handles, organization slugs, or email addresses.
diff --git a/data/reusables/apps/best-practice-validate-org-access.md b/data/reusables/apps/best-practice-validate-org-access.md
new file mode 100644
index 000000000000..4bd622b3c668
--- /dev/null
+++ b/data/reusables/apps/best-practice-validate-org-access.md
@@ -0,0 +1 @@
+When you use a user access token, you should track which organizations the token is authorized for. If an organization uses SAML SSO and a user has not performed SAML SSO, the user access token will not have access to that organization. You can use the `GET /user/installations` REST API endpoint to verify which organizations a user access token has access to. If the user is not authorized to access an organization, you should prevent their access to organization owned data within your own application until they perform SAML SSO. For more information, see "[AUTOTITLE](/rest/apps/installations#list-app-installations-accessible-to-the-user-access-token)."
diff --git a/data/reusables/apps/generate-installation-access-token.md b/data/reusables/apps/generate-installation-access-token.md
index 9c0ebdde1a7a..5f0780b920a7 100644
--- a/data/reusables/apps/generate-installation-access-token.md
+++ b/data/reusables/apps/generate-installation-access-token.md
@@ -19,11 +19,11 @@
--header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"
```
- Optionally, you can use the `repositories` or `repository_ids` body parameters to specify individual repositories that the installation access token can access. If you don't use `repositories` or `repository_ids` to grant access to specific repositories, the installation access token will have access to all repositories that the installation was granted access to. The installation access token cannot be granted access to repositories that the installation was not granted access to. You can list up to 500 repositories.
+ Optionally, you can use the `repositories` or `repository_ids` body parameters to specify individual repositories that the installation access token can access. If you don't use `repositories` or `repository_ids` to grant access to specific repositories, the installation access token will have access to all repositories that the installation was granted access to. The installation access token cannot be granted access to repositories that the installation was not granted access to.{% ifversion fpt or ghec or ghes > 3.13 %} You can list up to 500 repositories.{% endif %}
Optionally, use the `permissions` body parameter to specify the permissions that the installation access token should have. If `permissions` is not specified, the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted.
- When using the `permissions` parameters to reduce the access of the token, the complexity of the token is increased due to the number of permissions in the request and the number of repositories the token will have access to. If the complexity is too large, you will get an error message that indicates the maximum number of repositories that can be supported. In this case, you should request fewer permissions with the `permissions` parameter, use the `repositories` or `repository_ids` parameter to request fewer repositories, or install the app on `all` repositories in your organization.
+ {% ifversion fpt or ghec or ghes > 3.13 %}When using the `permissions` parameters to reduce the access of the token, the complexity of the token is increased due to the number of permissions in the request and the number of repositories the token will have access to. If the complexity is too large, you will get an error message that indicates the maximum number of repositories that can be supported. In this case, you should request fewer permissions with the `permissions` parameter, use the `repositories` or `repository_ids` parameter to request fewer repositories, or install the app on `all` repositories in your organization.{% endif %}
The response will include an installation access token, the time that the token expires, the permissions that the token has, and the repositories that the token can access. The installation access token will expire after 1 hour.
diff --git a/data/reusables/audit_log/audit-log-action-categories.md b/data/reusables/audit_log/audit-log-action-categories.md
index 3190d2441fee..45566fcad583 100644
--- a/data/reusables/audit_log/audit-log-action-categories.md
+++ b/data/reusables/audit_log/audit-log-action-categories.md
@@ -1,193 +1,196 @@
-| Category name | Description
-|------------------|-------------------
-{%- ifversion fpt or ghec %}
-| `account` | Contains activities related to an organization account.
-| `advisory_credit` | Contains activities related to crediting a contributor for a security advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)."
-{%- endif %}
-| `artifact` | Contains activities related to {% data variables.product.prodname_actions %} workflow run artifacts.
-{%- ifversion audit-log-streaming %}
-| `audit_log_streaming` | Contains activities related to streaming audit logs for organizations in an enterprise account.
-{%- endif %}
-{%- ifversion fpt or ghec %}
-| `billing` | Contains activities related to an organization's billing.
-{%- endif %}
-{%- ifversion ghec or ghes %}
-| `business` | Contains activities related to business settings for an enterprise.
-{%- endif %}
-{%- ifversion code-security-audit-log-events %}
-| `business_advanced_security` | Contains activities related to {% data variables.product.prodname_GH_advanced_security %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-| `business_secret_scanning` | Contains activities related to {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-{%- endif %}
-{%- ifversion secret-scanning-validity-check-audit-log %}
-| `business_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)."
-{%- endif %}
-{%- ifversion secret-scanning-audit-log-custom-patterns %}
-| `business_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an enterprise.
-{%- endif %}
-{%- ifversion secret-scanning-custom-pattern-push-protection-audit %}
-| `business_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account)."
-{%- endif %}
-{%- ifversion code-security-audit-log-events %}
-| `business_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-| `business_secret_scanning_push_protection_custom_message` | Contains activities related to the custom message displayed when push protection is triggered in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-{%- endif %}
-| `checks` | Contains activities related to check suites and runs.
-{%- ifversion fpt or ghec %}
-| `codespaces` | Contains activities related to an organization's codespaces.
-{%- endif %}
-| `commit_comment` | Contains activities related to updating or deleting commit comments.
-{%- ifversion ghes %}
-| `config_entry` | Contains activities related to configuration settings. These events are only visible in the site admin audit log.
-{%- endif %}
-| `dependabot_alerts` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
-| `dependabot_alerts_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization.
-| `dependabot_repository_access` | Contains activities related to which private repositories in an organization {% data variables.product.prodname_dependabot %} is allowed to access.
-| `dependabot_security_updates` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
-| `dependabot_security_updates_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.
-| `dependency_graph` | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
-| `dependency_graph_new_repos` | Contains organization-level configuration activities for new repositories created in the organization.
-{%- ifversion ghec or ghes %}
-| `dotcom_connection` | Contains activities related to {% data variables.product.prodname_github_connect %}.
-| `enterprise` | Contains activities related to enterprise settings.
-{%- endif %}
-{%- ifversion ghec %}
-| `enterprise_domain` | Contains activities related to verified enterprise domains.
-| `enterprise_installation` | Contains activities related to {% data variables.product.prodname_github_apps %} associated with an {% data variables.product.prodname_github_connect %} enterprise connection.
-{%- endif %}
-{%- ifversion fpt or ghec %}
-| `environment` | Contains activities related to {% data variables.product.prodname_actions %} environments.
-{%- endif %}
-| `hook` | Contains activities related to webhooks.
-| `integration` | Contains activities related to integrations in an account.
-| `integration_installation` | Contains activities related to integrations installed in an account.
-| `integration_installation_request` | Contains activities related to organization member requests for owners to approve integrations for use in the organization.
-{%- ifversion ghec %}
-| `ip_allow_list` | Contains activities related to enabling or disabling the IP allow list for an organization.
-| `ip_allow_list_entry` | Contains activities related to the creation, deletion, and editing of an IP allow list entry for an organization.
-{%- endif %}
-| `issue` | Contains activities related to pinning, transferring, or deleting an issue in a repository.
-| `issue_comment` | Contains activities related to pinning, transferring, or deleting issue comments.
-| `issues` | Contains activities related to enabling or disabling issue creation for an organization.
-{%- ifversion fpt or ghec %}
-| `marketplace_agreement_signature` | Contains activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement.
-| `marketplace_listing` | Contains activities related to listing apps in {% data variables.product.prodname_marketplace %}.
-{%- endif %}
-| `members_can_create_pages` | Contains activities related to managing the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)."
-| `members_can_create_private_pages` | Contains activities related to managing the publication of private {% data variables.product.prodname_pages %} sites for repositories in the organization.
-| `members_can_create_public_pages` | Contains activities related to managing the publication of public {% data variables.product.prodname_pages %} sites for repositories in the organization.
-{%- ifversion ghec or ghes %}
-| `members_can_delete_repos` | Contains activities related to enabling or disabling repository creation for an organization.
-{%- endif %}
-{%- ifversion fpt or ghec %}
-| `members_can_view_dependency_insights` | Contains organization-level configuration activities allowing organization members to view dependency insights.
-| `migration` | Contains activities related to transferring data from a _source_ location (such as a {% data variables.product.prodname_dotcom_the_website %} organization or a {% data variables.product.prodname_ghe_server %} instance) to a _target_ {% data variables.product.prodname_ghe_server %} instance.
-{%- endif %}
-| `oauth_access` | Contains activities related to OAuth access tokens.
-| `oauth_application` | Contains activities related to {% data variables.product.prodname_oauth_apps %}.
-{%- ifversion fpt or ghec %}
-| `oauth_authorization` | Contains activities related to authorizing {% data variables.product.prodname_oauth_apps %}.
-{%- endif %}
-| `org` | Contains activities related to organization membership.
-{%- ifversion ghec or ghes %}
-| `org_credential_authorization` | Contains activities related to authorizing credentials for use with SAML single sign-on.
-{%- endif %}
-{%- ifversion secret-scanning-validity-check-audit-log %}
-| `org_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)."
-{%- endif %}
-{%- ifversion secret-scanning-audit-log-custom-patterns %}
-| `org_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
-{%- endif %}
-| `organization_default_label` | Contains activities related to default labels for repositories in an organization.
-| `organization_domain` | Contains activities related to verified organization domains.
-| `organization_projects_change` | Contains activities related to organization-wide {% data variables.projects.projects_v1_boards %} in an enterprise.
-{%- ifversion fpt or ghec %}
-| `pages_protected_domain` | Contains activities related to verified custom domains for {% data variables.product.prodname_pages %}.
-| `payment_method` | Contains activities related to how an organization pays for {% data variables.product.prodname_dotcom %}.
-| `prebuild_configuration` | Contains activities related to prebuild configurations for {% data variables.product.prodname_github_codespaces %}.
-{%- endif %}
-{%- ifversion ghes %}
-| `pre_receive_environment` | Contains activities related to pre-receive hook environments.
-| `pre_receive_hook` | Contains activities related to pre-receive hooks.
-{%- endif %}
-{%- ifversion ghes %}
-| `private_instance_encryption` | Contains activities related to enabling private mode for an enterprise.
-{%- endif %}
-| `private_repository_forking` | Contains activities related to allowing forks of private and internal repositories, for a repository, organization or enterprise.
-{%- ifversion fpt or ghec %}
-| `profile_picture` | Contains activities related to an organization's profile picture.
-{%- endif %}
-| `project` | Contains activities related to projects.
-| `project_field` | Contains activities related to field creation and deletion in a project.
-| `project_view` | Contains activities related to view creation and deletion in a project.
-| `protected_branch` | Contains activities related to protected branches.
-| `public_key` | Contains activities related to SSH keys and deploy keys.
-| `pull_request` | Contains activities related to pull requests.
-| `pull_request_review` | Contains activities related to pull request reviews.
-| `pull_request_review_comment` | Contains activities related to pull request review comments.
-| `repo` | Contains activities related to the repositories owned by an organization.
-{%- ifversion fpt or ghec %}
-| `repository_advisory` | Contains repository-level activities related to security advisories in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)."
-| `repository_content_analysis` | Contains activities related to enabling or disabling data use for a private repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories)."
-| `repository_dependency_graph` | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
-{%- endif %}
-| `repository_image` | Contains activities related to images for a repository.
-| `repository_invitation` | Contains activities related to invitations to join a repository.
-| `repository_projects_change` | Contains activities related to enabling projects for a repository or for all repositories in an organization.
-{%- ifversion ghec or ghes %}
-| `repository_secret_scanning` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
-{%- endif %}
-{%- ifversion secret-scanning-validity-check-audit-log %}
-| `repository_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories)."
-{%- endif %}
-{%- ifversion secret-scanning-audit-log-custom-patterns %}
-| `repository_secret_scanning_custom_pattern` | Contains activities related to {% data variables.product.prodname_secret_scanning %} custom patterns in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
-{%- endif %}
-{%- ifversion secret-scanning-custom-pattern-push-protection-audit %}
-| `repository_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
-{%- endif %}
-{%- ifversion secret-scanning-audit-log-custom-patterns %}
-| `repository_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
-{%- endif %}
-{%- ifversion fpt or ghec %}
-| `repository_visibility_change` | Contains activities related to allowing organization members to change repository visibilities for the organization.
-{%- endif %}
-| `repository_vulnerability_alert` | Contains activities related to [{% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-{%- ifversion fpt or ghec %}
-| `repository_vulnerability_alerts` | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.
-| `required_status_check` | Contains activities related to required status checks for protected branches.
-{%- endif %}
-{%- ifversion ghec or ghes %}
-| `restrict_notification_delivery` | Contains activities related to the restriction of email notifications to approved or verified domains for an enterprise.
-{%- endif %}
-{%- ifversion custom-repository-roles %}
-| `role` | Contains activities related to [custom repository roles](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization).
-{%- endif %}
-{%- ifversion ghec or ghes %}
-| `secret_scanning` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
-| `secret_scanning_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} for new repositories created in the organization.
-{%- endif %}
-{%- ifversion ghec or ghes %}
-| `security_key` | Contains activities related to security keys registration and removal.
-{%- endif %}
-{%- ifversion fpt or ghec %}
-| `sponsors` | Contains events related to sponsor buttons (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)").
-{%- endif %}
-{%- ifversion ghec or ghes %}
-| `ssh_certificate_authority` | Contains activities related to a SSH certificate authority in an organization or enterprise.
-| `ssh_certificate_requirement` | Contains activities related to requiring members use SSH certificates to access organization resources.
-{%- endif %}{% ifversion sso-redirect %}
-| `sso_redirect` | Contains activities related to automatically redirecting users to sign in (see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users)").{% endif %}
-| `staff` | Contains activities related to a site admin performing an action.
-| `team` | Contains activities related to teams in an organization.{% ifversion team-discussions %}
-| `team_discussions` | Contains activities related to managing team discussions for an organization.{% endif %}
-{%- ifversion ghec %}
-| `team_sync_tenant` | Contains activities related to team synchronization with an IdP for an enterprise or organization.
-{%- endif %}
-{%- ifversion fpt or ghes %}
-| `two_factor_authentication` | Contains activities related to two-factor authentication.
-{%- endif %}
-| `user` | Contains activities related to users in an enterprise or organization.
-{%- ifversion ghec or ghes %}
-| `user_license` | Contains activities related to a user occupying a licensed seat in, and being a member of, an enterprise.
-{%- endif %}
-| `workflows` | Contains activities related to {% data variables.product.prodname_actions %} workflows.
+| Category name | Description |
+|------------------|-------------------|
+| {% ifversion fpt or ghec %} |
+| `account` | Contains activities related to an organization account. |
+| `advisory_credit` | Contains activities related to crediting a contributor for a security advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)." |
+| {% endif %} |
+| `artifact` | Contains activities related to {% data variables.product.prodname_actions %} workflow run artifacts. |
+| {% ifversion audit-log-streaming %} |
+| `audit_log_streaming` | Contains activities related to streaming audit logs for organizations in an enterprise account. |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `billing` | Contains activities related to an organization's billing. |
+| {% endif %} |
+| {% ifversion ghec or ghes %} |
+| `business` | Contains activities related to business settings for an enterprise. |
+| {% endif %} |
+| {% ifversion code-security-audit-log-events %} |
+| `business_advanced_security` | Contains activities related to {% data variables.product.prodname_GH_advanced_security %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." |
+| `business_secret_scanning` | Contains activities related to {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." |
+| {% endif %} |
+| {% ifversion secret-scanning-validity-check-audit-log %} |
+| `business_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)." |
+| {% endif %} |
+| {% ifversion secret-scanning-audit-log-custom-patterns %} |
+| `business_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an enterprise. |
+| {% endif %} |
+| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
+| `business_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account)." |
+| {% endif %} |
+| {% ifversion code-security-audit-log-events %} |
+| `business_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." |
+| `business_secret_scanning_push_protection_custom_message` | Contains activities related to the custom message displayed when push protection is triggered in an enterprise. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." |
+| {% endif %} |
+| `checks` | Contains activities related to check suites and runs. |
+| {% ifversion fpt or ghec %} |
+| `codespaces` | Contains activities related to an organization's codespaces. |
+| {% endif %} |
+| `commit_comment` | Contains activities related to updating or deleting commit comments. |
+| {% ifversion ghes %} |
+| `config_entry` | Contains activities related to configuration settings. These events are only visible in the site admin audit log. |
+| {% endif %} |
+| `dependabot_alerts` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
+| `dependabot_alerts_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. |
+| `dependabot_repository_access` | Contains activities related to which private repositories in an organization {% data variables.product.prodname_dependabot %} is allowed to access. |
+| `dependabot_security_updates` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." |
+| `dependabot_security_updates_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization. |
+| `dependency_graph` | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." |
+| `dependency_graph_new_repos` | Contains organization-level configuration activities for new repositories created in the organization. |
+| {% ifversion ghec or ghes %} |
+| `dotcom_connection` | Contains activities related to {% data variables.product.prodname_github_connect %}. |
+| `enterprise` | Contains activities related to enterprise settings. |
+| {% endif %} |
+| {% ifversion ghec %} |
+| `enterprise_domain` | Contains activities related to verified enterprise domains. |
+| `enterprise_installation` | Contains activities related to {% data variables.product.prodname_github_apps %} associated with an {% data variables.product.prodname_github_connect %} enterprise connection. |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `environment` | Contains activities related to {% data variables.product.prodname_actions %} environments. |
+| {% endif %} |
+| `hook` | Contains activities related to webhooks. |
+| `integration` | Contains activities related to integrations in an account. |
+| `integration_installation` | Contains activities related to integrations installed in an account. |
+| `integration_installation_request` | Contains activities related to organization member requests for owners to approve integrations for use in the organization. |
+| {% ifversion ghec %} |
+| `ip_allow_list` | Contains activities related to enabling or disabling the IP allow list for an organization. |
+| `ip_allow_list_entry` | Contains activities related to the creation, deletion, and editing of an IP allow list entry for an organization. |
+| {% endif %} |
+| `issue` | Contains activities related to pinning, transferring, or deleting an issue in a repository. |
+| `issue_comment` | Contains activities related to pinning, transferring, or deleting issue comments. |
+| `issues` | Contains activities related to enabling or disabling issue creation for an organization. |
+| {% ifversion fpt or ghec %} |
+| `marketplace_agreement_signature` | Contains activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. |
+| `marketplace_listing` | Contains activities related to listing apps in {% data variables.product.prodname_marketplace %}. |
+| {% endif %} |
+| `members_can_create_pages` | Contains activities related to managing the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)." |
+| `members_can_create_private_pages` | Contains activities related to managing the publication of private {% data variables.product.prodname_pages %} sites for repositories in the organization. |
+| `members_can_create_public_pages` | Contains activities related to managing the publication of public {% data variables.product.prodname_pages %} sites for repositories in the organization. |
+| {% ifversion ghec or ghes %} |
+| `members_can_delete_repos` | Contains activities related to enabling or disabling repository creation for an organization. |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `members_can_view_dependency_insights` | Contains organization-level configuration activities allowing organization members to view dependency insights. |
+| `migration` | Contains activities related to transferring data from a _source_ location (such as a {% data variables.product.prodname_dotcom_the_website %} organization or a {% data variables.product.prodname_ghe_server %} instance) to a _target_ {% data variables.product.prodname_ghe_server %} instance. |
+| {% endif %} |
+| `oauth_access` | Contains activities related to OAuth access tokens. |
+| `oauth_application` | Contains activities related to {% data variables.product.prodname_oauth_apps %}. |
+| {% ifversion fpt or ghec %} |
+| `oauth_authorization` | Contains activities related to authorizing {% data variables.product.prodname_oauth_apps %}. |
+| {% endif %} |
+| `org` | Contains activities related to organization membership. |
+| {% ifversion ghec or ghes %} |
+| `org_credential_authorization` | Contains activities related to authorizing credentials for use with SAML single sign-on. |
+| {% endif %} |
+| {% ifversion secret-scanning-validity-check-audit-log %} |
+| `org_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)." |
+| {% endif %} |
+| {% ifversion secret-scanning-audit-log-custom-patterns %} |
+| `org_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)." |
+| {% endif %} |
+| `organization_default_label` | Contains activities related to default labels for repositories in an organization. |
+| `organization_domain` | Contains activities related to verified organization domains. |
+| `organization_projects_change` | Contains activities related to organization-wide {% data variables.projects.projects_v1_boards %} in an enterprise. |
+| {% ifversion fpt or ghec %} |
+| `pages_protected_domain` | Contains activities related to verified custom domains for {% data variables.product.prodname_pages %}. |
+| `payment_method` | Contains activities related to how an organization pays for {% data variables.product.prodname_dotcom %}. |
+| `prebuild_configuration` | Contains activities related to prebuild configurations for {% data variables.product.prodname_github_codespaces %}. |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `pre_receive_environment` | Contains activities related to pre-receive hook environments. |
+| `pre_receive_hook` | Contains activities related to pre-receive hooks. |
+| {% endif %} |
+| {% ifversion ghes %} |
+| `private_instance_encryption` | Contains activities related to enabling private mode for an enterprise. |
+| {% endif %} |
+| `private_repository_forking` | Contains activities related to allowing forks of private and internal repositories, for a repository, organization or enterprise. |
+| {% ifversion fpt or ghec %} |
+| `profile_picture` | Contains activities related to an organization's profile picture. |
+| {% endif %} |
+| `project` | Contains activities related to projects. |
+| `project_field` | Contains activities related to field creation and deletion in a project. |
+| `project_view` | Contains activities related to view creation and deletion in a project. |
+| `protected_branch` | Contains activities related to protected branches. |
+| `public_key` | Contains activities related to SSH keys and deploy keys. |
+| `pull_request` | Contains activities related to pull requests. |
+| `pull_request_review` | Contains activities related to pull request reviews. |
+| `pull_request_review_comment` | Contains activities related to pull request review comments. |
+| `repo` | Contains activities related to the repositories owned by an organization. |
+| {% ifversion fpt or ghec %} |
+| `repository_advisory` | Contains repository-level activities related to security advisories in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)." |
+| `repository_content_analysis` | Contains activities related to enabling or disabling data use for a private repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories)." |
+| `repository_dependency_graph` | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." |
+| {% endif %} |
+| `repository_image` | Contains activities related to images for a repository. |
+| `repository_invitation` | Contains activities related to invitations to join a repository. |
+| `repository_projects_change` | Contains activities related to enabling projects for a repository or for all repositories in an organization. |
+| {% ifversion ghec or ghes %} |
+| `repository_secret_scanning` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." |
+| {% endif %} |
+| {% ifversion secret-scanning-validity-check-audit-log %} |
+| `repository_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)." |
+| {% endif %} |
+| {% ifversion secret-scanning-audit-log-custom-patterns %} |
+| `repository_secret_scanning_custom_pattern` | Contains activities related to {% data variables.product.prodname_secret_scanning %} custom patterns in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)." |
+| {% endif %} |
+| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
+| `repository_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." |
+| {% endif %} |
+| {% ifversion secret-scanning-audit-log-custom-patterns %}
+| `repository_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `repository_visibility_change` | Contains activities related to allowing organization members to change repository visibilities for the organization. |
+| {% endif %} |
+| `repository_vulnerability_alert` | Contains activities related to [{% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). |
+| {% ifversion fpt or ghec %} |
+| `repository_vulnerability_alerts` | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}. |
+| `required_status_check` | Contains activities related to required status checks for protected branches. |
+| {% endif %} |
+| {% ifversion ghec or ghes %} |
+| `restrict_notification_delivery` | Contains activities related to the restriction of email notifications to approved or verified domains for an enterprise. |
+| {% endif %} |
+| {% ifversion custom-repository-roles %} |
+| `role` | Contains activities related to [custom repository roles](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization). |
+| {% endif %} |
+| {% ifversion ghec or ghes %} |
+| `secret_scanning` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." |
+| `secret_scanning_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} for new repositories created in the organization. |
+| {% endif %} |
+| {% ifversion ghec or ghes %} |
+| `security_key` | Contains activities related to security keys registration and removal. |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `sponsors` | Contains events related to sponsor buttons (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"). |
+| {% endif %} |
+| {% ifversion ghec or ghes %} |
+| `ssh_certificate_authority` | Contains activities related to a SSH certificate authority in an organization or enterprise. |
+| `ssh_certificate_requirement` | Contains activities related to requiring members use SSH certificates to access organization resources. |
+| {% endif %} |
+| {% ifversion sso-redirect %} |
+| `sso_redirect` | Contains activities related to automatically redirecting users to sign in (see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users)").
+| {% endif %} |
+| `staff` | Contains activities related to a site admin performing an action. |
+| `team` | Contains activities related to teams in an organization.{% ifversion team-discussions %} |
+| `team_discussions` | Contains activities related to managing team discussions for an organization. |
+| {% endif %} |
+| {% ifversion ghec %} |
+| `team_sync_tenant` | Contains activities related to team synchronization with an IdP for an enterprise or organization. |
+| {% endif %} |
+| {% ifversion fpt or ghes %} |
+| `two_factor_authentication` | Contains activities related to two-factor authentication. |
+| {% endif %} |
+| `user` | Contains activities related to users in an enterprise or organization. |
+| {% ifversion ghec or ghes %} |
+| `user_license` | Contains activities related to a user occupying a licensed seat in, and being a member of, an enterprise. |
+| {% endif %} |
+| `workflows` | Contains activities related to {% data variables.product.prodname_actions %} workflows. |
diff --git a/data/reusables/audit_log/audit_log_sidebar_for_org_admins.md b/data/reusables/audit_log/audit_log_sidebar_for_org_admins.md
index 1c00d0ebbbc4..4258f778c5ba 100644
--- a/data/reusables/audit_log/audit_log_sidebar_for_org_admins.md
+++ b/data/reusables/audit_log/audit_log_sidebar_for_org_admins.md
@@ -1 +1 @@
-1. In the "Archives" section of the sidebar, click {% octicon "log" aria-hidden="true" %} **Logs**, then click **Audit log**.
+1. In the "Archive" section of the sidebar, click {% octicon "log" aria-hidden="true" %} **Logs**, then click **Audit log**.
diff --git a/data/reusables/audit_log/create-s3-bucket.md b/data/reusables/audit_log/create-s3-bucket.md
index 81ad2807d1e8..d74c8ea5816a 100644
--- a/data/reusables/audit_log/create-s3-bucket.md
+++ b/data/reusables/audit_log/create-s3-bucket.md
@@ -1 +1 @@
-1. In AWS, create a bucket, and block public access to the bucket. For more information, see [Creating, configuring, and working with Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) in the AWS documentation.
+1. Create a bucket, and block public access to the bucket. See [Creating, configuring, and working with Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) in the AWS documentation.
diff --git a/data/reusables/audit_log/create-s3-policy.md b/data/reusables/audit_log/create-s3-policy.md
index 4226accb5329..9df6f10cba83 100644
--- a/data/reusables/audit_log/create-s3-policy.md
+++ b/data/reusables/audit_log/create-s3-policy.md
@@ -1,4 +1,4 @@
-1. In AWS, create a policy that allows {% data variables.product.company_short %} to write to the bucket by copying the following JSON and replacing `EXAMPLE-BUCKET` with the name of your bucket. {% data variables.product.prodname_dotcom %} requires only the permissions in this JSON.
+1. Create a policy that allows {% data variables.product.company_short %} to write to the bucket. Copy the following JSON and replace `EXAMPLE-BUCKET` with the name of your bucket. {% data variables.product.prodname_dotcom %} requires only the permissions in this JSON.
```json
{
@@ -16,4 +16,4 @@
}
```
- For more information, see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the AWS documentation.
+ See [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the AWS documentation.
diff --git a/data/reusables/audit_log/only-three-months-displayed.md b/data/reusables/audit_log/only-three-months-displayed.md
index 7658ef875796..baf8a184de48 100644
--- a/data/reusables/audit_log/only-three-months-displayed.md
+++ b/data/reusables/audit_log/only-three-months-displayed.md
@@ -1 +1 @@
-By default, only events from the past three months are displayed. To view older events, you must specify a date range with the `created` parameter. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#query-for-dates)."
+By default, only events from the past three months are displayed. To view older events, you must specify a date range with the `created` parameter. See "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#query-for-dates)."
diff --git a/data/reusables/audit_log/retention-periods.md b/data/reusables/audit_log/retention-periods.md
index 1969796f9a11..c4bcb79fe921 100644
--- a/data/reusables/audit_log/retention-periods.md
+++ b/data/reusables/audit_log/retention-periods.md
@@ -1,3 +1,3 @@
-The audit log lists events triggered by activities that affect your enterprise{% ifversion not ghec %}. Audit logs for {% data variables.product.product_name %} are retained indefinitely{% ifversion audit-data-retention-tab %}, unless an enterprise owner configured a different retention period. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise)."{% else %}.{% endif %}{% else %} within the last 180 days. {% data reusables.audit_log.git-events-retention-period %}{% endif %}
+The audit log lists events triggered by activities that affect your enterprise{% ifversion not ghec %}. Audit logs for {% data variables.product.product_name %} are retained indefinitely{% ifversion audit-data-retention-tab %}, unless an enterprise owner configured a different retention period. See "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise)."{% else %}.{% endif %}{% else %} within the last 180 days. {% data reusables.audit_log.git-events-retention-period %}{% endif %}
{% data reusables.audit_log.only-three-months-displayed %}
diff --git a/data/reusables/billing/actions-usage-delay.md b/data/reusables/billing/actions-usage-delay.md
new file mode 100644
index 000000000000..5133a2869dbd
--- /dev/null
+++ b/data/reusables/billing/actions-usage-delay.md
@@ -0,0 +1 @@
+> [!NOTE] There is a delay of up to 2 hours in the {% data variables.product.prodname_GH_advanced_security %} usage data on the "Overview" page after enabling the feature.
diff --git a/data/reusables/billing/authorization-charge.md b/data/reusables/billing/authorization-charge.md
index 257ab2230866..78526bd0876f 100644
--- a/data/reusables/billing/authorization-charge.md
+++ b/data/reusables/billing/authorization-charge.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** {% data variables.product.company_short %} may apply a temporary authorization hold for the value of the usage-based costs in advance, which will appear as a pending charge in your account's payment method.
-
-{% endnote %}
+Note that {% data variables.product.company_short %} may apply a temporary authorization hold for the value of the usage-based costs in advance, which will appear as a pending charge in your account's payment method.
diff --git a/data/reusables/billing/email-notifications.md b/data/reusables/billing/email-notifications.md
index 33e5301b4ea3..e12d9c982fb9 100644
--- a/data/reusables/billing/email-notifications.md
+++ b/data/reusables/billing/email-notifications.md
@@ -1,3 +1,3 @@
-Email notifications are sent to account owners and billing managers when spending reaches 50%, 75%, 90% and 100% of your account's included usage and when spending reaches 50%, 75%, 90%, and 100% of your account's spending limit.
+Email notifications are sent to account owners and billing managers when spending reaches 75%, 90% and 100% of your account's included usage and when spending reaches 75%, 90%, and 100% of your account's spending limit.
You can disable these notifications at any time by navigating to the "Email alerts" section at the bottom of the "Spending limit" page.
diff --git a/data/reusables/billing/enterprise-billing-menu.md b/data/reusables/billing/enterprise-billing-menu.md
index 7169fc9fa68f..c28a0dc61a35 100644
--- a/data/reusables/billing/enterprise-billing-menu.md
+++ b/data/reusables/billing/enterprise-billing-menu.md
@@ -1 +1 @@
-1. In the enterprise account sidebar, click {% octicon "credit-card" aria-hidden="true" %} **Billing & Licensing**.
+1. On the left side of the page, in the enterprise account sidebar, click {% octicon "credit-card" aria-hidden="true" %} **Billing & Licensing**.
diff --git a/data/reusables/billing/ghas-metered-billing-note-with-link.md b/data/reusables/billing/ghas-metered-billing-note-with-link.md
new file mode 100644
index 000000000000..815bf2d9ae8b
--- /dev/null
+++ b/data/reusables/billing/ghas-metered-billing-note-with-link.md
@@ -0,0 +1 @@
+If you started a free trial of {% data variables.product.prodname_GH_advanced_security %} during your {% data variables.product.prodname_ghe_cloud %} trial on or after August 1, 2024, your billing for {% data variables.product.prodname_GH_advanced_security %} will be usage-based. See, "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#usage-based-billing-for-github-advanced-security)."
diff --git a/data/reusables/billing/usage-based-billing.md b/data/reusables/billing/usage-based-billing.md
new file mode 100644
index 000000000000..24b3b4f38d8e
--- /dev/null
+++ b/data/reusables/billing/usage-based-billing.md
@@ -0,0 +1,3 @@
+If you created a trial of {% data variables.product.prodname_ghe_cloud %} on or after August 1, 2024, you use usage-based billing to pay for your licenses. With usage-based billing, you pay for the number of licenses you use each month. You do not need to buy a predefined number of licenses in advance. See, "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses)."
+
+> [!IMPORTANT] If you currently pay for your {% data variables.product.prodname_enterprise %} licenses through a volume, subscription, or prepaid agreement, you will continue to be billed in this way until your agreement expires. At renewal, you have the option to switch to the metered billing model. See "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/getting-started-with-the-enhanced-billing-platform)."
diff --git a/data/reusables/branches/new-repo-default-branch.md b/data/reusables/branches/new-repo-default-branch.md
index 969f14197cfe..8c00d774f10d 100644
--- a/data/reusables/branches/new-repo-default-branch.md
+++ b/data/reusables/branches/new-repo-default-branch.md
@@ -1 +1 @@
-When you create a repository with content on {% data variables.location.product_location %}, {% data variables.product.product_name %} creates the repository with a single branch. This first branch in the repository is the default branch.
+When you create a repository with content on {% data variables.product.prodname_dotcom %}, {% data variables.product.product_name %} creates the repository with a single branch. This first branch in the repository is the default branch.
diff --git a/data/reusables/classroom/note-on-assignment-changes.md b/data/reusables/classroom/note-on-assignment-changes.md
deleted file mode 100644
index a6bc5205ae33..000000000000
--- a/data/reusables/classroom/note-on-assignment-changes.md
+++ /dev/null
@@ -1,11 +0,0 @@
-{% note %}
-
-**Note:** In January 2024, {% data variables.product.prodname_classroom %} changed the way student repositories are created from starter code repositories. Previously, the process required starter code repositories to be templates, and {% data variables.product.prodname_classroom %} created a new repository for each student based on that template. With the change, student repositories are now created by forking the starter code repository.
-
-This change addresses a frequently requested feature from teachers: the ability to change starter code after an assignment has been accepted by students.
-
-You can read more about this change on the [{% data variables.product.company_short %} blog](https://github.blog/changelog/2024-01-22-migrating-github-classroom-assignment-repository-creation-from-create-from-template-to-forks-public-beta/).
-
-This feature is in public beta and subject to change.
-
-{% endnote %}
diff --git a/data/reusables/classroom/you-can-choose-a-template-repository.md b/data/reusables/classroom/you-can-choose-a-template-repository.md
index 85b2049aa627..f9593422d09b 100644
--- a/data/reusables/classroom/you-can-choose-a-template-repository.md
+++ b/data/reusables/classroom/you-can-choose-a-template-repository.md
@@ -1,4 +1,4 @@
-You can optionally choose a template repository as starter code for the assignment. For more information about template repositories, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-template-repository)."
+You can optionally choose a template repository as starter code for the assignment. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-assignment-from-a-template-repository)."
{% note %}
diff --git a/data/reusables/code-scanning/alerts-found-in-generated-code.md b/data/reusables/code-scanning/alerts-found-in-generated-code.md
index 71a2bf2180c4..904988afb82f 100644
--- a/data/reusables/code-scanning/alerts-found-in-generated-code.md
+++ b/data/reusables/code-scanning/alerts-found-in-generated-code.md
@@ -1,3 +1,3 @@
-For compiled languages like Java,{% ifversion codeql-kotlin-beta %} Kotlin, {% endif %}{% ifversion codeql-go-autobuild %} Go,{% endif %} C, C++, and C#, {% data variables.product.prodname_codeql %} analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a `run` block. You can combine specifying your own build steps with using the `paths` or `paths-ignore` filters on the `pull_request` and `push` events to ensure that your workflow only runs when specific code is changed. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
+For compiled languages like Java, Kotlin, {% ifversion codeql-go-autobuild %} Go,{% endif %} C, C++, and C#, {% data variables.product.prodname_codeql %} analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a `run` block. You can combine specifying your own build steps with using the `paths` or `paths-ignore` filters on the `pull_request` and `push` events to ensure that your workflow only runs when specific code is changed. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
For languages like{% ifversion codeql-go-autobuild %}{% else %} Go,{% endif %} JavaScript, Python, and TypeScript, that {% data variables.product.prodname_codeql %} analyzes without compiling the source code, you can specify additional configuration options to limit the amount of code to analyze. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan)."
diff --git a/data/reusables/code-scanning/beta-kotlin-or-swift-support.md b/data/reusables/code-scanning/beta-kotlin-or-swift-support.md
deleted file mode 100644
index b440bd2b76bb..000000000000
--- a/data/reusables/code-scanning/beta-kotlin-or-swift-support.md
+++ /dev/null
@@ -1,19 +0,0 @@
-{% ifversion codeql-swift-beta and codeql-kotlin-beta %}
- {% note %}
-
- **Note:** {% data variables.product.prodname_codeql %} analysis for Kotlin and Swift is currently in beta. During the beta, analysis of Kotlin and Swift code, and the accompanying documentation, will not be as comprehensive as for other languages. Additionally, Swift 5.9 is not yet supported.
-
- {% endnote %}
-{% elsif codeql-swift-beta %}
- {% note %}
-
- **Note:** {% data variables.product.prodname_codeql %} analysis for Swift is currently in beta. During the beta, analysis of Swift code, and the accompanying documentation, will not be as comprehensive as for other languages. Additionally, Swift 5.8 is not yet supported.
-
- {% endnote %}
-{% elsif codeql-kotlin-beta %}
- {% note %}
-
- **Note:** {% data variables.product.prodname_codeql %} analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin code, and the accompanying documentation, will not be as comprehensive as for other languages.
-
- {% endnote %}
-{% endif %}
diff --git a/data/reusables/code-scanning/beta-kotlin-support.md b/data/reusables/code-scanning/beta-kotlin-support.md
deleted file mode 100644
index db54caba63ca..000000000000
--- a/data/reusables/code-scanning/beta-kotlin-support.md
+++ /dev/null
@@ -1,9 +0,0 @@
-{% ifversion codeql-kotlin-beta %}
-
-{% note %}
-
-**Note**: {% data variables.product.prodname_codeql %} analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin will be less comprehensive than {% data variables.product.prodname_codeql %} analysis of other languages.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/code-scanning/beta-model-packs.md b/data/reusables/code-scanning/beta-model-packs.md
index 75bbb6556160..10ba7f862638 100644
--- a/data/reusables/code-scanning/beta-model-packs.md
+++ b/data/reusables/code-scanning/beta-model-packs.md
@@ -2,7 +2,7 @@
{% note %}
-**Note:** {% data variables.product.prodname_codeql %} model packs and the {% data variables.product.prodname_codeql %} model editor are currently in beta and subject to change. During the beta, model packs are supported only by {% data variables.code-scanning.codeql_model_packs_support %} analysis.
+**Note:** {% data variables.product.prodname_codeql %} model packs and the {% data variables.product.prodname_codeql %} model editor are currently in beta and subject to change. Model packs are supported by {% data variables.code-scanning.codeql_model_packs_support %} analysis.
{% endnote %}
diff --git a/data/reusables/code-scanning/beta-no-build-cli.md b/data/reusables/code-scanning/beta-no-build-cli.md
deleted file mode 100644
index 39355733cb45..000000000000
--- a/data/reusables/code-scanning/beta-no-build-cli.md
+++ /dev/null
@@ -1,9 +0,0 @@
-{% ifversion codeql-no-build %}
-
-{% note %}
-
-**Note:** The option to create a {% data variables.product.prodname_codeql %} database for a compiled language without building it is currently in beta and subject to change. During the beta, this option is supported only for {% data variables.code-scanning.no_build_support %} codebases.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/code-scanning/beta-no-build.md b/data/reusables/code-scanning/beta-no-build.md
deleted file mode 100644
index 97530c0cf80d..000000000000
--- a/data/reusables/code-scanning/beta-no-build.md
+++ /dev/null
@@ -1,9 +0,0 @@
-{% ifversion codeql-no-build %}
-
-{% note %}
-
-**Note:** The option to analyze a compiled language without building it using {% data variables.product.prodname_codeql %} is currently in beta and subject to change. During the beta, this option is supported only for {% data variables.code-scanning.no_build_support %} codebases.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/code-scanning/beta-org-enable-all.md b/data/reusables/code-scanning/beta-org-enable-all.md
index f50ba9c25288..323149a9434e 100644
--- a/data/reusables/code-scanning/beta-org-enable-all.md
+++ b/data/reusables/code-scanning/beta-org-enable-all.md
@@ -1,4 +1,4 @@
-{% ifversion ghes = 3.9 or ghes = 3.10 %}
+{% ifversion ghes = 3.10 %}
{% note %}
diff --git a/data/reusables/code-scanning/beta-swift-support.md b/data/reusables/code-scanning/beta-swift-support.md
deleted file mode 100644
index 4e6cc5cf1332..000000000000
--- a/data/reusables/code-scanning/beta-swift-support.md
+++ /dev/null
@@ -1,8 +0,0 @@
-{% ifversion codeql-swift-beta %}
-{% note %}
-
-**Notes:**
-* {% data variables.product.prodname_codeql %} analysis for Swift is currently in beta. During the beta, analysis of Swift code, and the accompanying documentation, will not be as comprehensive as for other languages.
-
-{% endnote %}
-{% endif %}
diff --git a/data/reusables/code-scanning/click-code-security-enterprise.md b/data/reusables/code-scanning/click-code-security-enterprise.md
index bd94918e0a06..58eb176233c7 100644
--- a/data/reusables/code-scanning/click-code-security-enterprise.md
+++ b/data/reusables/code-scanning/click-code-security-enterprise.md
@@ -1 +1 @@
-1. In the left sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.
+1. On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.
diff --git a/data/reusables/code-scanning/codeql-language-identifiers-table.md b/data/reusables/code-scanning/codeql-language-identifiers-table.md
index 8def181409ff..e9d7951b1b38 100644
--- a/data/reusables/code-scanning/codeql-language-identifiers-table.md
+++ b/data/reusables/code-scanning/codeql-language-identifiers-table.md
@@ -9,9 +9,7 @@
| JavaScript/TypeScript | `javascript-typescript` | `javascript` or `typescript` |
| Python | `python` |
| Ruby | `ruby`
-{%- ifversion codeql-swift-beta %}
| Swift | `swift`
-{%- endif %}
{% note %}
@@ -26,12 +24,10 @@
| C/C++ | `cpp`
| C# | `csharp`
| Go | `go`
-| Java{% ifversion codeql-kotlin-beta %}/Kotlin{% endif %} | `java`
+| Java/Kotlin | `java`
| JavaScript/TypeScript | `javascript`
| Python | `python`
| Ruby | `ruby`
-{%- ifversion codeql-swift-beta %}
| Swift | `swift`
-{%- endif %}
{% endif %}
diff --git a/data/reusables/code-scanning/codeql-languages-bullets.md b/data/reusables/code-scanning/codeql-languages-bullets.md
index 866b73507612..a18f355da740 100644
--- a/data/reusables/code-scanning/codeql-languages-bullets.md
+++ b/data/reusables/code-scanning/codeql-languages-bullets.md
@@ -2,21 +2,17 @@
* C/C++
* C#
* Go
-* Java{% ifversion codeql-kotlin-beta %}/Kotlin{% endif %}
+* Java/Kotlin
* JavaScript/TypeScript
* Python
* Ruby
-{% ifversion codeql-swift-beta %}- Swift{% endif %}
+* Swift
{% note %}
**Notes**:
-{% ifversion codeql-swift-beta %}
-* {% data variables.product.prodname_codeql %} analysis for Swift is currently in beta. During the beta, analysis of Swift will be less comprehensive than {% data variables.product.prodname_codeql %} analysis of other languages. Additionally, Swift 5.8 is not yet supported.{% endif %}
-{% ifversion codeql-kotlin-beta %}
-* {% data variables.product.prodname_codeql %} analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin will be less comprehensive than {% data variables.product.prodname_codeql %} analysis of other languages.
-* Use {% ifversion codeql-language-identifiers-311 %}`java-kotlin`{% else %}`java`{% endif %} to analyze code written in Java, Kotlin or both.{% endif %}
+* Use {% ifversion codeql-language-identifiers-311 %}`java-kotlin`{% else %}`java`{% endif %} to analyze code written in Java, Kotlin or both.
* Use {% ifversion codeql-language-identifiers-311 %}`javascript-typescript`{% else %}`javascript`{% endif %} to analyze code written in JavaScript, TypeScript or both.
{% endnote %}
diff --git a/data/reusables/code-scanning/codeql-languages-keywords.md b/data/reusables/code-scanning/codeql-languages-keywords.md
index 9d9e0975b7e4..f48194a2a506 100644
--- a/data/reusables/code-scanning/codeql-languages-keywords.md
+++ b/data/reusables/code-scanning/codeql-languages-keywords.md
@@ -1 +1 @@
-{% ifversion codeql-language-identifiers-311 %}`c-cpp`, `csharp`, `go`, `java-kotlin`, `javascript-typescript`, `python`, {% ifversion codeql-swift-beta %}`ruby`, and `swift`{% else %}and `ruby`{% endif %}{% else %}`cpp`, `csharp`, `go`, `java`, `javascript`, `python`, {% ifversion codeql-swift-beta %}`ruby`, and `swift`{% else %}and `ruby`{% endif %}{% endif %}
+{% ifversion codeql-language-identifiers-311 %}`c-cpp`, `csharp`, `go`, `java-kotlin`, `javascript-typescript`, `python`, `ruby`, and `swift`{% else %}`cpp`, `csharp`, `go`, `java`, `javascript`, `python`, `ruby`, and `swift`{% endif %}
diff --git a/data/reusables/code-scanning/codeql-model-packs-availability.md b/data/reusables/code-scanning/codeql-model-packs-availability.md
deleted file mode 100644
index 3f173f791610..000000000000
--- a/data/reusables/code-scanning/codeql-model-packs-availability.md
+++ /dev/null
@@ -1 +0,0 @@
-{% ifversion codeql-model-packs-org %}During the beta, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. {% else %}During the beta, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis at the repository level.{% endif %}
diff --git a/data/reusables/code-scanning/codeql-query-tables/cpp.md b/data/reusables/code-scanning/codeql-query-tables/cpp.md
index b5861f64785a..c62a6bb36c98 100644
--- a/data/reusables/code-scanning/codeql-query-tables/cpp.md
+++ b/data/reusables/code-scanning/codeql-query-tables/cpp.md
@@ -1,6 +1,6 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Bad check for overflow of integer addition](https://codeql.github.com/codeql-query-help/cpp/cpp-bad-addition-overflow-check/) | 190, 192 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Badly bounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-badly-bounded-write/) | 120, 787, 805 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -18,6 +18,7 @@
| [Failure to use HTTPS URLs](https://codeql.github.com/codeql-query-help/cpp/cpp-non-https-url/) | 319, 345 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [File opened with O_CREAT flag but without mode argument](https://codeql.github.com/codeql-query-help/cpp/cpp-open-call-with-mode-argument/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incorrect return-value check for a 'scanf'-like function](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrectly-checked-scanf/) | 253 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Iterator to expired container](https://codeql.github.com/codeql-query-help/cpp/cpp-iterator-to-expired-container/) | 416, 664 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Likely overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-very-likely-overrunning-write/) | 120, 787, 805 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Mismatching new/free or malloc/delete](https://codeql.github.com/codeql-query-help/cpp/cpp-new-free-mismatch/) | 401 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Multiplication result converted to larger type](https://codeql.github.com/codeql-query-help/cpp/cpp-integer-multiplication-cast-to-long/) | 190, 192, 197, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -26,6 +27,7 @@
| [Potential double free](https://codeql.github.com/codeql-query-help/cpp/cpp-double-free/) | 415 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Potential use after free](https://codeql.github.com/codeql-query-help/cpp/cpp-use-after-free/) | 416 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially overflowing call to snprintf](https://codeql.github.com/codeql-query-help/cpp/cpp-overflowing-snprintf/) | 190, 253 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Potentially unsafe call to strncat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strncat/) | 788, 676, 119, 251 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Redundant null check due to previous dereference](https://codeql.github.com/codeql-query-help/cpp/cpp-redundant-null-check-simple/) | 476 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Returning stack-allocated memory](https://codeql.github.com/codeql-query-help/cpp/cpp-return-stack-allocated-memory/) | 825 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Setting a DACL to NULL in a SECURITY_DESCRIPTOR](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-dacl-security-descriptor/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -39,6 +41,7 @@
| [Uncontrolled data used in OS command](https://codeql.github.com/codeql-query-help/cpp/cpp-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe use of this in constructor](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-use-of-this/) | 670 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Unsigned difference expression compared to zero](https://codeql.github.com/codeql-query-help/cpp/cpp-unsigned-difference-expression-compared-zero/) | 191 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Upcast array used in pointer arithmetic](https://codeql.github.com/codeql-query-help/cpp/cpp-upcast-array-pointer-arithmetic/) | 119, 843 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/cpp/cpp-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Use of a cryptographic algorithm with insufficient key size](https://codeql.github.com/codeql-query-help/cpp/cpp-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -49,44 +52,41 @@
| [Use of unique pointer after lifetime ends](https://codeql.github.com/codeql-query-help/cpp/cpp-use-of-unique-pointer-after-lifetime-ends/) | 416, 664 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Wrong type of arguments to formatting function](https://codeql.github.com/codeql-query-help/cpp/cpp-wrong-type-format-argument/) | 686 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/cpp/cpp-external-entity-expansion/) | 611 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Array offset used before range check](https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/) | 120, 125 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Array offset used before range check](https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/) | 120, 125 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Authentication bypass by spoofing](https://codeql.github.com/codeql-query-help/cpp/cpp-user-controlled-bypass/) | 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [boost::asio TLS settings misconfiguration](https://codeql.github.com/codeql-query-help/cpp/cpp-boost-tls-settings-misconfiguration/) | 326 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [boost::asio use of deprecated hardcoded protocol](https://codeql.github.com/codeql-query-help/cpp/cpp-boost-use-of-deprecated-hardcoded-security-protocol/) | 327 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Certificate not checked](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-not-checked/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Certificate result conflation](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-result-conflation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Cleartext storage of sensitive information in an SQLite database](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-database/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [boost::asio TLS settings misconfiguration](https://codeql.github.com/codeql-query-help/cpp/cpp-boost-tls-settings-misconfiguration/) | 326 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [boost::asio use of deprecated hardcoded protocol](https://codeql.github.com/codeql-query-help/cpp/cpp-boost-use-of-deprecated-hardcoded-security-protocol/) | 327 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Certificate not checked](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-not-checked/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Certificate result conflation](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-result-conflation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext storage of sensitive information in an SQLite database](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-database/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in buffer](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-buffer/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Comma before misleading indentation](https://codeql.github.com/codeql-query-help/cpp/cpp-comma-before-misleading-indentation/) | 1078, 670 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [File created without restricting permissions](https://codeql.github.com/codeql-query-help/cpp/cpp-world-writable-file-creation/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Incorrect 'not' operator usage](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-not-operator-usage/) | 480 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Incorrect allocation-error handling](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-allocation-error-handling/) | 570, 252, 755 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Invalid pointer dereference](https://codeql.github.com/codeql-query-help/cpp/cpp-invalid-pointer-deref/) | 119, 125, 193, 787 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Iterator to expired container](https://codeql.github.com/codeql-query-help/cpp/cpp-iterator-to-expired-container/) | 416, 664 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Missing return-value check for a 'scanf'-like function](https://codeql.github.com/codeql-query-help/cpp/cpp-missing-check-scanf/) | 252, 253 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Non-constant format string](https://codeql.github.com/codeql-query-help/cpp/cpp-non-constant-format/) | 134 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Not enough memory allocated for array of pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-allocation-size/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Not enough memory allocated for pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-allocation-too-small/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [NULL application name with an unquoted path in call to CreateProcess](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-create-process-call/) | 428 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Overflow in uncontrolled allocation size](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-allocation-size/) | 190, 789 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-overrun-write/) | 119, 131 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Possibly wrong buffer size in string copy](https://codeql.github.com/codeql-query-help/cpp/cpp-bad-strncpy-size/) | 676, 119, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Potential exposure of sensitive system data to an unauthorized control sphere](https://codeql.github.com/codeql-query-help/cpp/cpp-potential-system-data-exposure/) | 497 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Potentially overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-overrunning-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Potentially overrunning write with float to string conversion](https://codeql.github.com/codeql-query-help/cpp/cpp-overrunning-write-with-float/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Potentially uninitialized local variable](https://codeql.github.com/codeql-query-help/cpp/cpp-uninitialized-local/) | 665, 457 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Potentially unsafe call to strncat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strncat/) | 788, 676, 119, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Potentially unsafe use of strcat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strcat/) | 676, 120, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Suspicious 'sizeof' use](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-sizeof/) | 467 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Comma before misleading indentation](https://codeql.github.com/codeql-query-help/cpp/cpp-comma-before-misleading-indentation/) | 1078, 670 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [File created without restricting permissions](https://codeql.github.com/codeql-query-help/cpp/cpp-world-writable-file-creation/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Incorrect 'not' operator usage](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-not-operator-usage/) | 480 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Incorrect allocation-error handling](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-allocation-error-handling/) | 570, 252, 755 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Invalid pointer dereference](https://codeql.github.com/codeql-query-help/cpp/cpp-invalid-pointer-deref/) | 119, 125, 193, 787 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Missing return-value check for a 'scanf'-like function](https://codeql.github.com/codeql-query-help/cpp/cpp-missing-check-scanf/) | 252, 253 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Non-constant format string](https://codeql.github.com/codeql-query-help/cpp/cpp-non-constant-format/) | 134 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Not enough memory allocated for array of pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-allocation-size/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Not enough memory allocated for pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-allocation-too-small/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [NULL application name with an unquoted path in call to CreateProcess](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-create-process-call/) | 428 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-overrun-write/) | 119, 131 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Possibly wrong buffer size in string copy](https://codeql.github.com/codeql-query-help/cpp/cpp-bad-strncpy-size/) | 676, 119, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Potential exposure of sensitive system data to an unauthorized control sphere](https://codeql.github.com/codeql-query-help/cpp/cpp-potential-system-data-exposure/) | 497 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Potentially overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-overrunning-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Potentially overrunning write with float to string conversion](https://codeql.github.com/codeql-query-help/cpp/cpp-overrunning-write-with-float/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Potentially uninitialized local variable](https://codeql.github.com/codeql-query-help/cpp/cpp-uninitialized-local/) | 665, 457 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Potentially unsafe use of strcat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strcat/) | 676, 120, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Suspicious 'sizeof' use](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-sizeof/) | 467 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious pointer scaling](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Suspicious pointer scaling to void](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling-void/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Type confusion](https://codeql.github.com/codeql-query-help/cpp/cpp-type-confusion/) | 843 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Unbounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-unbounded-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/cpp/cpp-path-injection/) | 022, 023, 036, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Uncontrolled process operation](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/) | 114 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Unsigned difference expression compared to zero](https://codeql.github.com/codeql-query-help/cpp/cpp-unsigned-difference-expression-compared-zero/) | 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Unterminated variadic call](https://codeql.github.com/codeql-query-help/cpp/cpp-unterminated-variadic-call/) | 121 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Untrusted input for a condition](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-permissions-check/) | 807 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Use of potentially dangerous function](https://codeql.github.com/codeql-query-help/cpp/cpp-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Suspicious pointer scaling to void](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling-void/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Type confusion](https://codeql.github.com/codeql-query-help/cpp/cpp-type-confusion/) | 843 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Unbounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-unbounded-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Uncontrolled allocation size](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-allocation-size/) | 190, 789 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/cpp/cpp-path-injection/) | 022, 023, 036, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Uncontrolled process operation](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/) | 114 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Unterminated variadic call](https://codeql.github.com/codeql-query-help/cpp/cpp-unterminated-variadic-call/) | 121 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Untrusted input for a condition](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-permissions-check/) | 807 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Use of potentially dangerous function](https://codeql.github.com/codeql-query-help/cpp/cpp-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}
diff --git a/data/reusables/code-scanning/codeql-query-tables/csharp.md b/data/reusables/code-scanning/codeql-query-tables/csharp.md
index b5bcb27b5d53..c83631a838bd 100644
--- a/data/reusables/code-scanning/codeql-query-tables/csharp.md
+++ b/data/reusables/code-scanning/codeql-query-tables/csharp.md
@@ -1,6 +1,6 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| ['requireSSL' attribute is not set to true](https://codeql.github.com/codeql-query-help/csharp/cs-web-requiressl-not-set/) | 319, 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/csharp/cs-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -28,7 +28,7 @@
| [Missing cross-site request forgery token validation](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-token-validation/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing global error handler](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-global-error-handler/) | 12, 248 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing X-Frame-Options HTTP header](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-x-frame-options/) | 451, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Page request validation is disabled](https://codeql.github.com/codeql-query-help/csharp/cs-web-request-validation-disabled/) | 16 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Page request validation is disabled](https://codeql.github.com/codeql-query-help/csharp/cs-web-request-validation-disabled/) | 16 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/csharp/cs-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resource injection](https://codeql.github.com/codeql-query-help/csharp/cs-resource-injection/) | 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [SQL query built from user-controlled sources](https://codeql.github.com/codeql-query-help/csharp/cs-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/go.md b/data/reusables/code-scanning/codeql-query-tables/go.md
index 55f377cea870..338f42ef2561 100644
--- a/data/reusables/code-scanning/codeql-query-tables/go.md
+++ b/data/reusables/code-scanning/codeql-query-tables/go.md
@@ -1,6 +1,6 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/go/go-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Arbitrary file write extracting an archive containing symbolic links](https://codeql.github.com/codeql-query-help/go/go-unsafe-unzip-symlink/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -15,13 +15,13 @@
| [Incorrect conversion between integer types](https://codeql.github.com/codeql-query-help/go/go-incorrect-integer-conversion/) | 190, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/go/go-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure TLS configuration](https://codeql.github.com/codeql-query-help/go/go-insecure-tls/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Missing JWT signature check](https://codeql.github.com/codeql-query-help/go/go-missing-jwt-signature-check/) | 347 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Missing JWT signature check](https://codeql.github.com/codeql-query-help/go/go-missing-jwt-signature-check/) | 347 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/go/go-regex-missing-regexp-anchor/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Open URL redirect](https://codeql.github.com/codeql-query-help/go/go-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially unsafe quoting](https://codeql.github.com/codeql-query-help/go/go-unsafe-quoting/) | 078, 089, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Reflected cross-site scripting](https://codeql.github.com/codeql-query-help/go/go-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Size computation for allocation may overflow](https://codeql.github.com/codeql-query-help/go/go-allocation-size-overflow/) | 190 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Slice memory allocation with excessive size value](https://codeql.github.com/codeql-query-help/go/go-uncontrolled-allocation-size/) | 770 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Slice memory allocation with excessive size value](https://codeql.github.com/codeql-query-help/go/go-uncontrolled-allocation-size/) | 770 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious characters in a regular expression](https://codeql.github.com/codeql-query-help/go/go-suspicious-character-in-regex/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in network request](https://codeql.github.com/codeql-query-help/go/go-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/go/go-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/java.md b/data/reusables/code-scanning/codeql-query-tables/java.md
index a185ed31210c..550998ae4513 100644
--- a/data/reusables/code-scanning/codeql-query-tables/java.md
+++ b/data/reusables/code-scanning/codeql-query-tables/java.md
@@ -1,6 +1,6 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [`TrustManager` that accepts all certificates](https://codeql.github.com/codeql-query-help/java/java-insecure-trustmanager/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android `WebView` that accepts all certificates](https://codeql.github.com/codeql-query-help/java/java-improper-webview-certificate-validation/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -30,9 +30,10 @@
| [Improper verification of intent by broadcast receiver](https://codeql.github.com/codeql-query-help/java/java-improper-intent-verification/) | 925 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/java/java-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/java/java-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Information exposure through an error message](https://codeql.github.com/codeql-query-help/java/java-error-message-exposure/) | 209 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Insecure Bean Validation](https://codeql.github.com/codeql-query-help/java/java-insecure-bean-validation/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure LDAP authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-ldap-auth/) | 522, 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Insecure local authentication](https://codeql.github.com/codeql-query-help/java/java-android-insecure-local-authentication/) | 287 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Insecure local authentication](https://codeql.github.com/codeql-query-help/java/java-android-insecure-local-authentication/) | 287 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure randomness](https://codeql.github.com/codeql-query-help/java/java-insecure-randomness/) | 330, 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Intent URI permission manipulation](https://codeql.github.com/codeql-query-help/java/java-android-intent-uri-permission-manipulation/) | 266, 926 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [JNDI lookup with user-controlled name](https://codeql.github.com/codeql-query-help/java/java-jndi-injection/) | 074 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -52,7 +53,7 @@
| [Uncontrolled data used in content resolution](https://codeql.github.com/codeql-query-help/java/java-android-unsafe-content-uri-resolution/) | 441, 610 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/java/java-path-injection/) | 022, 023, 036, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe hostname verification](https://codeql.github.com/codeql-query-help/java/java-unsafe-hostname-verification/) | 297 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [URL forward from a remote source](https://codeql.github.com/codeql-query-help/java/java-unvalidated-url-forward/) | 552 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [URL forward from a remote source](https://codeql.github.com/codeql-query-help/java/java-unvalidated-url-forward/) | 552 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [URL redirection from remote source](https://codeql.github.com/codeql-query-help/java/java-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a cryptographic algorithm with insufficient key size](https://codeql.github.com/codeql-query-help/java/java-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -73,21 +74,21 @@
| [Android WebView JavaScript settings](https://codeql.github.com/codeql-query-help/java/java-android-websettings-javascript-enabled/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android WebView settings allows access to content links](https://codeql.github.com/codeql-query-help/java/java-android-websettings-allow-content-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Application backup allowed](https://codeql.github.com/codeql-query-help/java/java-android-backup-enabled/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Building a command with an injected environment variable](https://codeql.github.com/codeql-query-help/java/java-exec-tainted-environment/) | 078, 088, 454 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Building a command with an injected environment variable](https://codeql.github.com/codeql-query-help/java/java-exec-tainted-environment/) | 078, 088, 454 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in the Android filesystem](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-filesystem/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information using 'Properties' class](https://codeql.github.com/codeql-query-help/java/java-cleartext-storage-in-properties/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information using `SharedPreferences` on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-shared-prefs/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information using a local database on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-database/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/java/java-comparison-with-wider-type/) | 190, 197 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Executing a command with a relative path](https://codeql.github.com/codeql-query-help/java/java-relative-path-command/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Exposure of sensitive information to notifications](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-notification/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Exposure of sensitive information to UI text views](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-text/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Exposure of sensitive information to notifications](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-notification/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Exposure of sensitive information to UI text views](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-text/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credential in API call](https://codeql.github.com/codeql-query-help/java/java-hardcoded-credential-api-call/) | 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Improper validation of user-provided array index](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-index/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper validation of user-provided size used for array construction](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-construction/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure basic authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-basic-auth/) | 522, 319 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure JavaMail SSL Configuration](https://codeql.github.com/codeql-query-help/java/java-insecure-smtp-ssl/) | 297 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Insecurely generated keys for local authentication](https://codeql.github.com/codeql-query-help/java/java-android-insecure-local-key-gen/) | 287 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Insecurely generated keys for local authentication](https://codeql.github.com/codeql-query-help/java/java-android-insecure-local-key-gen/) | 287 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insertion of sensitive information into log files](https://codeql.github.com/codeql-query-help/java/java-sensitive-log/) | 532 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Leaking sensitive information through a ResultReceiver](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-result-receiver/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Leaking sensitive information through an implicit Intent](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-communication/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/javascript.md b/data/reusables/code-scanning/codeql-query-tables/javascript.md
index 2684745bdc12..60ac5902e6bc 100644
--- a/data/reusables/code-scanning/codeql-query-tables/javascript.md
+++ b/data/reusables/code-scanning/codeql-query-tables/javascript.md
@@ -1,6 +1,6 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/javascript/js-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/javascript/js-bad-tag-filter/) | 020, 080, 116, 184, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -31,7 +31,7 @@
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/javascript/js-hardcoded-credentials/) | 259, 321, 798 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Host header poisoning in email generation](https://codeql.github.com/codeql-query-help/javascript/js-host-header-forgery-in-email-generation/) | 640 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper code sanitization](https://codeql.github.com/codeql-query-help/javascript/js-bad-code-sanitization/) | 094, 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Inclusion of functionality from an untrusted source](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-source/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Inclusion of functionality from an untrusted source](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-source/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Incomplete HTML attribute sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-html-attribute-sanitization/) | 079, 116, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete multi-character sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-multi-character-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -41,6 +41,7 @@
| [Incorrect suffix check](https://codeql.github.com/codeql-query-help/javascript/js-incorrect-suffix-check/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/javascript/js-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/javascript/js-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Insecure configuration of Helmet security middleware](https://codeql.github.com/codeql-query-help/javascript/js-insecure-helmet-configuration/) | 693, 1021 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Insecure randomness](https://codeql.github.com/codeql-query-help/javascript/js-insecure-randomness/) | 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure URL whitelist](https://codeql.github.com/codeql-query-help/javascript/js-angular-insecure-url-whitelist/) | 183, 625 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [JWT missing secret or public key verification](https://codeql.github.com/codeql-query-help/javascript/js-jwt-missing-verification/) | 347 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -76,6 +77,7 @@
| [Unsafe HTML constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-html-constructed-from-input/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe jQuery plugin](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-jquery-plugin/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-shell-command-constructed-from-input/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Untrusted domain used in script or other content](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-domain/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Unvalidated dynamic method call](https://codeql.github.com/codeql-query-help/javascript/js-unvalidated-dynamic-method-call/) | 754 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/javascript/js-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a weak cryptographic key](https://codeql.github.com/codeql-query-help/javascript/js-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/python.md b/data/reusables/code-scanning/codeql-query-tables/python.md
index 7a4a702d785f..7ab4b4f69618 100644
--- a/data/reusables/code-scanning/codeql-query-tables/python.md
+++ b/data/reusables/code-scanning/codeql-query-tables/python.md
@@ -1,6 +1,6 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Accepting unknown SSH host keys when using Paramiko](https://codeql.github.com/codeql-query-help/python/py-paramiko-missing-host-key-validation/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/python/py-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -8,19 +8,21 @@
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/python/py-clear-text-logging-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text storage of sensitive information](https://codeql.github.com/codeql-query-help/python/py-clear-text-storage-sensitive-data/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/python/py-code-injection/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Construction of a cookie using user-supplied input](https://codeql.github.com/codeql-query-help/python/py-cookie-injection/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/python/py-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Default version of SSL/TLS may be insecure](https://codeql.github.com/codeql-query-help/python/py-insecure-default-protocol/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/python/py-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Failure to use secure cookies](https://codeql.github.com/codeql-query-help/python/py-insecure-cookie/) | 614, 1004, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Flask app is run in debug mode](https://codeql.github.com/codeql-query-help/python/py-flask-debug/) | 215, 489 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Full server-side request forgery](https://codeql.github.com/codeql-query-help/python/py-full-ssrf/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [HTTP Response Splitting](https://codeql.github.com/codeql-query-help/python/py-http-response-splitting/) | 113, 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [HTTP Response Splitting](https://codeql.github.com/codeql-query-help/python/py-http-response-splitting/) | 113, 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/python/py-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/python/py-incomplete-url-substring-sanitization/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/python/py-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Information exposure through an exception](https://codeql.github.com/codeql-query-help/python/py-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure temporary file](https://codeql.github.com/codeql-query-help/python/py-insecure-temporary-file/) | 377 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [LDAP query built from user-controlled sources](https://codeql.github.com/codeql-query-help/python/py-ldap-injection/) | 090 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [NoSQL Injection](https://codeql.github.com/codeql-query-help/python/py-nosql-injection/) | 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [NoSQL Injection](https://codeql.github.com/codeql-query-help/python/py-nosql-injection/) | 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/python/py-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [PAM authorization bypass due to incorrect usage](https://codeql.github.com/codeql-query-help/python/py-pam-auth-bypass/) | 285 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/python/py-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/ruby.md b/data/reusables/code-scanning/codeql-query-tables/ruby.md
index 15024d6ba418..02485583481a 100644
--- a/data/reusables/code-scanning/codeql-query-tables/ruby.md
+++ b/data/reusables/code-scanning/codeql-query-tables/ruby.md
@@ -1,13 +1,13 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended | Autofix |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/ruby/rb-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Badly anchored regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-regex-badly-anchored-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/ruby/rb-clear-text-logging-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text storage of sensitive information](https://codeql.github.com/codeql-query-help/ruby/rb-clear-text-storage-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/ruby/rb-code-injection/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [CSRF protection not enabled](https://codeql.github.com/codeql-query-help/ruby/rb-csrf-protection-not-enabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [CSRF protection not enabled](https://codeql.github.com/codeql-query-help/ruby/rb-csrf-protection-not-enabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/ruby/rb-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Dependency download using unencrypted communication channel](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-dependency/) | 300, 319, 494, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/ruby/rb-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -18,7 +18,7 @@
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-url-substring-sanitization/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Information exposure through an exception](https://codeql.github.com/codeql-query-help/ruby/rb-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Insecure Mass Assignment](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-mass-assignment/) | 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Insecure Mass Assignment](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-mass-assignment/) | 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/ruby/rb-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/ruby/rb-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Reflected server-side cross-site scripting](https://codeql.github.com/codeql-query-help/ruby/rb-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -35,6 +35,7 @@
| [Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input](https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/ruby/rb-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/ruby/rb-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Weak cookie configuration](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cookie-configuration/) | 732, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/ruby/rb-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/swift.md b/data/reusables/code-scanning/codeql-query-tables/swift.md
index cce0f99a6bac..b036413620a8 100644
--- a/data/reusables/code-scanning/codeql-query-tables/swift.md
+++ b/data/reusables/code-scanning/codeql-query-tables/swift.md
@@ -1,33 +1,33 @@
{% rowheaders %}
-| Query name | Related CWEs | Default | Extended |
-| --- | --- | --- | --- |
-| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/swift/swift-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Cleartext logging of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Cleartext storage of sensitive information in a local database](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-storage-database/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Cleartext storage of sensitive information in an application preference store](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-storage-preferences/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-transmission/) | 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Constant password](https://codeql.github.com/codeql-query-help/swift/swift-constant-password/) | 259 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Encryption using ECB](https://codeql.github.com/codeql-query-help/swift/swift-ecb-encryption/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Hard-coded encryption key](https://codeql.github.com/codeql-query-help/swift/swift-hardcoded-key/) | 321 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/swift/swift-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/swift/swift-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Insecure TLS configuration](https://codeql.github.com/codeql-query-help/swift/swift-insecure-tls/) | 757 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Insufficient hash iterations](https://codeql.github.com/codeql-query-help/swift/swift-insufficient-hash-iterations/) | 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/swift/swift-missing-regexp-anchor/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Predicate built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-predicate-injection/) | 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Regular expression injection](https://codeql.github.com/codeql-query-help/swift/swift-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Resolving XML external entity in user-controlled data](https://codeql.github.com/codeql-query-help/swift/swift-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Static initialization vector for encryption](https://codeql.github.com/codeql-query-help/swift/swift-static-initialization-vector/) | 329, 1204 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [String length conflation](https://codeql.github.com/codeql-query-help/swift/swift-string-length-conflation/) | 135 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [System command built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/swift/swift-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/swift/swift-uncontrolled-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Unsafe WebView fetch](https://codeql.github.com/codeql-query-help/swift/swift-unsafe-webview-fetch/) | 079, 095, 749 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/swift/swift-weak-sensitive-data-hashing/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Use of an inappropriate cryptographic hashing algorithm on passwords](https://codeql.github.com/codeql-query-help/swift/swift-weak-password-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Use of constant salts](https://codeql.github.com/codeql-query-help/swift/swift-constant-salt/) | 760 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [JavaScript Injection](https://codeql.github.com/codeql-query-help/swift/swift-unsafe-js-eval/) | 094, 095, 749 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
+| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
+| --- | --- | --- | --- | --- |
+| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/swift/swift-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext logging of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext storage of sensitive information in a local database](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-storage-database/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext storage of sensitive information in an application preference store](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-storage-preferences/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-transmission/) | 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Constant password](https://codeql.github.com/codeql-query-help/swift/swift-constant-password/) | 259 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Encryption using ECB](https://codeql.github.com/codeql-query-help/swift/swift-ecb-encryption/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Hard-coded encryption key](https://codeql.github.com/codeql-query-help/swift/swift-hardcoded-key/) | 321 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/swift/swift-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/swift/swift-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Insecure TLS configuration](https://codeql.github.com/codeql-query-help/swift/swift-insecure-tls/) | 757 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Insufficient hash iterations](https://codeql.github.com/codeql-query-help/swift/swift-insufficient-hash-iterations/) | 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/swift/swift-missing-regexp-anchor/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Predicate built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-predicate-injection/) | 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Regular expression injection](https://codeql.github.com/codeql-query-help/swift/swift-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Resolving XML external entity in user-controlled data](https://codeql.github.com/codeql-query-help/swift/swift-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Static initialization vector for encryption](https://codeql.github.com/codeql-query-help/swift/swift-static-initialization-vector/) | 329, 1204 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [String length conflation](https://codeql.github.com/codeql-query-help/swift/swift-string-length-conflation/) | 135 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [System command built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/swift/swift-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/swift/swift-uncontrolled-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Unsafe WebView fetch](https://codeql.github.com/codeql-query-help/swift/swift-unsafe-webview-fetch/) | 079, 095, 749 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/swift/swift-weak-sensitive-data-hashing/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Use of an inappropriate cryptographic hashing algorithm on passwords](https://codeql.github.com/codeql-query-help/swift/swift-weak-password-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Use of constant salts](https://codeql.github.com/codeql-query-help/swift/swift-constant-salt/) | 760 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [JavaScript Injection](https://codeql.github.com/codeql-query-help/swift/swift-unsafe-js-eval/) | 094, 095, 749 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}
diff --git a/data/reusables/codespaces/codespaces-jetbrains-beta-note.md b/data/reusables/codespaces/codespaces-jetbrains-beta-note.md
index a53231d54c6f..6f5630fdeb55 100644
--- a/data/reusables/codespaces/codespaces-jetbrains-beta-note.md
+++ b/data/reusables/codespaces/codespaces-jetbrains-beta-note.md
@@ -3,6 +3,6 @@
**Notes:**
* Using {% data variables.product.prodname_github_codespaces %} with JetBrains IDEs is currently in public beta and is subject to change.
-* To work on a codespace in a JetBrains IDE you must use release 2023.3.\* or 2024.1.\* of the JetBrains Gateway.
+* To work on a codespace in a JetBrains IDE you must use release 2023.3.\* or 2024.1.\* of the JetBrains Gateway.
{% endnote %}
diff --git a/data/reusables/command-palette/default.md b/data/reusables/command-palette/default.md
new file mode 100644
index 000000000000..1cdb2670f58f
--- /dev/null
+++ b/data/reusables/command-palette/default.md
@@ -0,0 +1 @@
+The {% data variables.product.prodname_command_palette %} is deactivated by default. You can enable the {% data variables.product.prodname_command_palette %} with feature preview. See "[AUTOTITLE](/get-started/using-github/exploring-early-access-releases-with-feature-preview)."
diff --git a/data/reusables/contributing/content-linter-rules.md b/data/reusables/contributing/content-linter-rules.md
index f6fce7f6e10c..e399af383ead 100644
--- a/data/reusables/contributing/content-linter-rules.md
+++ b/data/reusables/contributing/content-linter-rules.md
@@ -62,4 +62,5 @@
| GHD035 | rai-reusable-usage | RAI articles and reusables can only reference reusable content in the data/reusables/rai directory | error | feature, rai |
| GHD036 | image-no-gif | Image must not be a gif, styleguide reference: contributing/style-guide-and-content-model/style-guide.md#images | error | images |
| GHD038 | expired-content | Expired content must be remediated. | error | expired |
-| GHD039 | expiring-soon | Content that expires soon should be proactively addressed. | warning | expired |
\ No newline at end of file
+| GHD039 | expiring-soon | Content that expires soon should be proactively addressed. | warning | expired |
+| [GHD040](https://github.com/github/docs/blob/main/src/content-linter/README.md) | table-liquid-versioning | Tables must use the correct liquid versioning format | error | tables |
\ No newline at end of file
diff --git a/data/reusables/copilot-business-for-non-ghe/assign-licenses.md b/data/reusables/copilot-business-for-non-ghe/assign-licenses.md
new file mode 100644
index 000000000000..7515c6d4111c
--- /dev/null
+++ b/data/reusables/copilot-business-for-non-ghe/assign-licenses.md
@@ -0,0 +1,12 @@
+When you have created a team in the enterprise, you can assign licenses to all members of the team.
+
+{% data reusables.enterprise-accounts.settings-tab %}
+1. Under {% octicon "gear" aria-hidden="true" %} **Settings**, click **Enterprise licensing**.
+1. In the "{% data variables.product.prodname_copilot_business_short %}" section, click **Manage seats**.
+
+ 
+
+1. Click **Add teams**.
+1. In the dialog, select the teams you want to add, review how your bill will be affected, then click **Add teams**.
+
+You can add or remove users from a team at any time. After you remove a user from a team, the user's license and access to {% data variables.product.prodname_copilot_short %} will be removed the next time the user attempts to authenticate. This can take **up to 30 minutes**.
diff --git a/data/reusables/copilot-business-for-non-ghe/enable-copilot.md b/data/reusables/copilot-business-for-non-ghe/enable-copilot.md
new file mode 100644
index 000000000000..af28fff45a71
--- /dev/null
+++ b/data/reusables/copilot-business-for-non-ghe/enable-copilot.md
@@ -0,0 +1,7 @@
+Before you can assign licenses, an **enterprise owner** must enable {% data variables.product.prodname_copilot_short %} for the enterprise and select policies for certain features.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. Under "{% data variables.product.prodname_copilot %} policies", click **Allowed**, then click **Save**.
+1. Review the policies for suggestions matching public code and {% data variables.product.prodname_copilot_chat_short %}, and update the dropdown menus to enable or disable the features as required.
diff --git a/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md b/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md
new file mode 100644
index 000000000000..71e35bd53779
--- /dev/null
+++ b/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md
@@ -0,0 +1,4 @@
+To pay for licenses, you must connect your enterprise to an Azure subscription. For instructions, read the following sections in the "Connecting an Azure subscription" article:
+
+* "[Prerequisites](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#prerequisites)"
+* "[Connecting your Azure subscription to an enterprise account](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-enterprise-account)"
diff --git a/data/reusables/copilot-business-for-non-ghe/manage-your-enterprise.md b/data/reusables/copilot-business-for-non-ghe/manage-your-enterprise.md
new file mode 100644
index 000000000000..f57328a1a10a
--- /dev/null
+++ b/data/reusables/copilot-business-for-non-ghe/manage-your-enterprise.md
@@ -0,0 +1,23 @@
+For next steps that apply to any enterprise using {% data variables.product.prodname_copilot_business_short %}, see "[AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise)." The step for granting access to organizations does not apply.
+
+The following sections contain specific information for your enterprise.
+
+### Automate license management
+
+You can use the REST API to automate license management. For example, you can list assigned licenses and latest activity, then remove access for users who haven't been using their license.
+
+To do this in your enterprise, you can use the "[List all {% data variables.product.prodname_copilot_short %} seat assignments for an enterprise](/rest/copilot/copilot-user-management#list-all-copilot-seat-assignments-for-an-enterprise)" endpoint, then use the API to manage access to enterprise teams. To request documentation for the API endpoints for enterprise teams, please contact your account manager.
+
+### Manage billing
+
+Your enterprise has access to the enhanced billing platform, which allows you to estimate upcoming spending, control overspending with budgets, and track spending changes over time.
+
+See "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises)."
+
+### Configure content exclusions
+
+You can prevent specified files or repositories from being used to inform code completion suggestions made by {% data variables.product.prodname_copilot %}. {% data variables.product.prodname_copilot %} will not be available in excluded files.
+
+{% data reusables.enterprise-accounts.policies-tab %}
+1. Click the **Content exclusion** tab.
+1. Use paths to specify which content to exclude. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot)."
diff --git a/data/reusables/copilot-business-for-non-ghe/prerequisites.md b/data/reusables/copilot-business-for-non-ghe/prerequisites.md
new file mode 100644
index 000000000000..f02e3f704e57
--- /dev/null
+++ b/data/reusables/copilot-business-for-non-ghe/prerequisites.md
@@ -0,0 +1,2 @@
+* To pay for licenses, you will need a **Microsoft Azure subscription**, which you will connect to your enterprise account.
+* Before you enable {% data variables.product.prodname_copilot_short %}, ensure you have reviewed the [{% data variables.product.prodname_copilot %} Product Specific Terms](https://github.com/customer-terms/github-copilot-product-specific-terms).
diff --git a/data/reusables/copilot-business-for-non-ghe/request-access.md b/data/reusables/copilot-business-for-non-ghe/request-access.md
new file mode 100644
index 000000000000..9e64467b0983
--- /dev/null
+++ b/data/reusables/copilot-business-for-non-ghe/request-access.md
@@ -0,0 +1 @@
+To create an enterprise account, request access from your account team by contacting {% data variables.contact.contact_enterprise_sales %}.
diff --git a/data/reusables/copilot/code-examples-limitations.md b/data/reusables/copilot/code-examples-limitations.md
index f007a693d6e1..8b32865a0324 100644
--- a/data/reusables/copilot/code-examples-limitations.md
+++ b/data/reusables/copilot/code-examples-limitations.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** If you have duplication detection enabled for {% data variables.product.prodname_copilot %}, you may receive limited suggestions, or no suggestions, when using the code examples provided. As an alternative, you can start by typing your own code to see suggestions from {% data variables.product.prodname_copilot %}. For more information on duplication detection, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-your-personal-github-copilot-settings-on-githubcom#enabling-or-disabling-suggestions-matching-public-code)."
-
-{% endnote %}
+> [!NOTE] If you have duplication detection enabled for {% data variables.product.prodname_copilot %}, you may receive limited suggestions, or no suggestions, when using the code examples provided. As an alternative, you can start by typing your own code to see suggestions from {% data variables.product.prodname_copilot %}. For more information on duplication detection, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-your-personal-github-copilot-settings-on-githubcom#enabling-or-disabling-suggestions-matching-public-code)."
diff --git a/data/reusables/copilot/content-exclusion-fnmatch-tip.md b/data/reusables/copilot/content-exclusion-fnmatch-tip.md
new file mode 100644
index 000000000000..16deb3797691
--- /dev/null
+++ b/data/reusables/copilot/content-exclusion-fnmatch-tip.md
@@ -0,0 +1 @@
+You can use fnmatch pattern matching notation to specify file paths. Patterns are case insensitive. See "[File](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch)" in the ruby-doc.org documentation.
diff --git a/data/reusables/copilot/content-exclusion-limitations.md b/data/reusables/copilot/content-exclusion-limitations.md
index 168b73a5e35b..e1ad696bb919 100644
--- a/data/reusables/copilot/content-exclusion-limitations.md
+++ b/data/reusables/copilot/content-exclusion-limitations.md
@@ -1,3 +1,2 @@
-* With the exception of {% data variables.product.prodname_vscode %}, content exclusion is currently not supported for {% data variables.product.prodname_copilot_chat %}.
-* Content exclusion is not applied, in {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %}, when you use the `@github` {% data variables.product.prodname_copilot_short %} chat participant in your question.
+* In {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}, content exclusions are not applied when you use the `@github` chat participant in your question.
* It's possible that {% data variables.product.prodname_copilot_short %} may use semantic information from an excluded file if the information is provided by the IDE in a non-excluded file. Examples of such content include type information and hover-over definitions for symbols used in code.
diff --git a/data/reusables/copilot/content-exclusion-note.md b/data/reusables/copilot/content-exclusion-note.md
index c0bb1457c601..15cc76619e98 100644
--- a/data/reusables/copilot/content-exclusion-note.md
+++ b/data/reusables/copilot/content-exclusion-note.md
@@ -1,2 +1 @@
-* Excluding content from {% data variables.product.prodname_copilot %} is currently in public beta and is subject to change.
-* This feature is supported for {% data variables.product.prodname_copilot %} code completion in {% data variables.product.prodname_vs %}, {% data variables.product.prodname_vscode %}, JetBrains IDEs, and neovim. It is also supported for {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_vscode_shortname %}. For details of supported JetBrains IDEs, see "[AUTOTITLE](/copilot/getting-started-with-github-copilot?tool=jetbrains#prerequisites)."
+> [!NOTE] Excluding content from {% data variables.product.prodname_copilot %} is currently in public beta and is subject to change.
diff --git a/data/reusables/copilot/content-exclusion-permissions.md b/data/reusables/copilot/content-exclusion-permissions.md
new file mode 100644
index 000000000000..3878844cfb1e
--- /dev/null
+++ b/data/reusables/copilot/content-exclusion-permissions.md
@@ -0,0 +1,3 @@
+Repository administrators and organization owners can manage content exclusion settings.
+
+People with the "Maintain" role for a repository can view, but not edit, content exclusion settings for that repository.
diff --git a/data/reusables/copilot/content-exclusion-tooltip.md b/data/reusables/copilot/content-exclusion-tooltip.md
index 3a23a6aa12d5..b977ee8fc75e 100644
--- a/data/reusables/copilot/content-exclusion-tooltip.md
+++ b/data/reusables/copilot/content-exclusion-tooltip.md
@@ -2,4 +2,4 @@ If a file has been configured as excluded content for {% data variables.product.
-For more information, see "[AUTOTITLE](/copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot)."
+For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot)."
diff --git a/data/reusables/copilot/content-exclusions-availability-and-beta-note.md b/data/reusables/copilot/content-exclusions-availability-and-beta-note.md
new file mode 100644
index 000000000000..04833f747455
--- /dev/null
+++ b/data/reusables/copilot/content-exclusions-availability-and-beta-note.md
@@ -0,0 +1,3 @@
+> [!NOTE]
+> * Excluding content from {% data variables.product.prodname_copilot %} is currently in public beta and is subject to change.
+> * Content exclusions are currently supported in select IDEs. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot#availability-of-content-exclusions)."
diff --git a/data/reusables/copilot/content-exclusions-delay.md b/data/reusables/copilot/content-exclusions-delay.md
index f459f8dee6ba..6a74d032910f 100644
--- a/data/reusables/copilot/content-exclusions-delay.md
+++ b/data/reusables/copilot/content-exclusions-delay.md
@@ -1 +1 @@
-After you add or change content exclusions it can take up to 30 minutes for this to take effect in IDEs where the settings are already loaded. You can apply changes to your own IDE forcing it to reload the content exclusion settings.
+After you add or change content exclusions, it can take up to 30 minutes to take effect in IDEs where the settings are already loaded. You can apply changes to your own IDE, forcing it to reload the content exclusion settings.
diff --git a/data/reusables/copilot/content-exclusions-scope.md b/data/reusables/copilot/content-exclusions-scope.md
index 22d0102e2a80..a93d9ac08418 100644
--- a/data/reusables/copilot/content-exclusions-scope.md
+++ b/data/reusables/copilot/content-exclusions-scope.md
@@ -1,3 +1,11 @@
-{% data variables.product.prodname_copilot %} content exclusion settings do not apply to everyone who uses {% data variables.product.prodname_copilot_short %}.
+{% ifversion fpt %}
-A content exclusion setting only applies to people who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription and are members of the same {% ifversion fpt %}organization{% else %}enterprise{% endif %} in which the content exclusion is configured. Other users who can access the specified files will not be affected by the content exclusion and will still see code completion suggestions.
+Content exclusion settings only apply to members of the organization in which the content exclusion is configured, who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+
+{% else %}
+
+You can only specify content exclusions in the settings for an organization or repository, not in the settings for an enterprise. Content exclusion settings defined in an organization or repository within an enterprise will apply to all members of the enterprise who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+
+{% endif %}
+
+Anyone else who can access the specified files will still see code completion suggestions and {% data variables.product.prodname_copilot_chat %} responses referencing the specified files.
diff --git a/data/reusables/copilot/copilot-business-features.md b/data/reusables/copilot/copilot-business-features.md
index 38b8b280d565..035fb587fe45 100644
--- a/data/reusables/copilot/copilot-business-features.md
+++ b/data/reusables/copilot/copilot-business-features.md
@@ -1,10 +1,10 @@
-## Administrative features
+## Administrative features for {% data variables.product.prodname_copilot_short %}
These features are available to organization owners and administrators to manage {% data variables.product.prodname_copilot %} in their organization.
### Content exclusion
-Content exclusions allow you to configure {% data variables.product.prodname_copilot %} to ignore certain files in your repository. This can be useful if you have files that you don't want to be available to {% data variables.product.prodname_copilot %}. For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot)."
+Content exclusions allow you to configure {% data variables.product.prodname_copilot %} to ignore certain files in your repository. This can be useful if you have files that you don't want to be available to {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot)."
### Managing access to {% data variables.product.prodname_copilot %}
@@ -16,4 +16,4 @@ Organization owners can manage policies for {% data variables.product.prodname_c
### Audit logs
-Organization owners can review audit logs for {% data variables.product.prodname_copilot %} in their organization, to understand what actions have been taken and by which users. For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/reviewing-audit-logs-for-copilot-business)."
+Organization owners can review audit logs for {% data variables.product.prodname_copilot %} in their organization, to understand what actions have been taken and by which users. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization/reviewing-audit-logs-for-copilot-business)."
diff --git a/data/reusables/copilot/copilot-chat-mobile-enable.md b/data/reusables/copilot/copilot-chat-mobile-enable.md
index 5e687903f979..941bd5ed4d50 100644
--- a/data/reusables/copilot/copilot-chat-mobile-enable.md
+++ b/data/reusables/copilot/copilot-chat-mobile-enable.md
@@ -1,8 +1,4 @@
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.copilot-tab %}
1. Click the **Policies** tab.
-1. To the right of "{% data variables.product.prodname_copilot_mobile_short %}", select the dropdown menu, then choose the appropriate option.
-
- * To allow each of your organizations to set their own policy, select **No policy**.
- * To enable {% data variables.product.prodname_copilot_cli_short %} for all organizations under your enterprise, select **Enabled**.
- * To disable {% data variables.product.prodname_copilot_cli_short %} for all organizations under your enterprise, select **Disabled**.
+1. To the right of "{% data variables.product.prodname_copilot_mobile_short %}", select the dropdown menu, then choose the appropriate option. By default, {% data variables.product.prodname_copilot_mobile_short %} is disabled at the organization level.
diff --git a/data/reusables/copilot/copilot-enterprise-enable.md b/data/reusables/copilot/copilot-enterprise-enable.md
index 7912eab3c099..b66386f65fbc 100644
--- a/data/reusables/copilot/copilot-enterprise-enable.md
+++ b/data/reusables/copilot/copilot-enterprise-enable.md
@@ -1,26 +1,15 @@
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.copilot-tab %}
{% data reusables.enterprise-accounts.copilot-policies-tab %}
-1. Next to "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," click the dropdown menu and select the policy you want to enforce.
-
- * **No policy** - Allow each of your organizations to set their own policy. "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" will initially be disabled for all organizations, but can be enabled by organization owners in their organization settings.
- * **Enabled** - Allow use of "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" by all members of organizations in your enterprise who have been granted access to {% data variables.product.prodname_copilot_short %}.
- * **Disabled** - Prevent organizations from assigning {% data variables.product.prodname_copilot_enterprise_short %} seats to members under the enterprise's {% data variables.product.prodname_copilot_enterprise_short %} subscription.
-
-1. If you select **Enabled** for the "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" policy, the **Opt in to user feedback collection** check box is displayed.
-
- Clear the **Opt in to user feedback collection** check box to prevent the display of the thumbs up and thumbs down feedback icons after {% data variables.product.prodname_copilot_short %} generates a pull request summary. The thumbs up and thumbs down feedback icons will still be displayed below each response in the {% data variables.product.prodname_copilot_chat_short %} panel, and users will still be able to submit written feedback to {% data variables.product.prodname_dotcom %} about {% data variables.product.prodname_copilot_short %} generally via the "Give feedback" link in the chat panel.
-
- If you select the **Opt in to user feedback collection** check box, then when a user clicks the thumbs up or thumbs down icon, after a pull request summary is generated, the summary will be returned to {% data variables.product.prodname_dotcom %} to provide context for the user's feedback.
+1. Next to "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," click the dropdown menu and select the policy you want to enforce. By default, {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} is disabled at the organization level.
+1. Optionally, if you select **Enabled** for the "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" policy, you can also choose to allow or disallow feedback on pull request summaries.
+ * To allow feedback after {% data variables.product.prodname_copilot_short %} generates a pull request summary, select **Opt in to user feedback collection**. Developers will be able to provide feedback after {% data variables.product.prodname_copilot_short %} generates a pull request summary, and the summary will be sent to {% data variables.product.prodname_dotcom %} for context.
+ * To disallow feedback after {% data variables.product.prodname_copilot_short %} generates a pull request summary, deselect **Opt in to user feedback collection**. Developers will still be able to provide feedback on {% data variables.product.prodname_copilot_short %} with the feedback icons attached to each {% data variables.product.prodname_copilot_chat_short %} response, and via the "Give feedback" link in conversations.
For more information about user feedback collection for {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#sharing-feedback-about-github-copilot-chat-in-githubcom)."
- > [!NOTE] If you choose **No policy** for the "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" option, user feedback collection will initially be enabled at the organization level, but organization owners can choose to opt out for their organization.
-
-1. Next to "Give {% data variables.product.prodname_copilot_short %} access to Bing," click the dropdown menu and select the policy you want to enforce.
+ > [!NOTE] If you choose **No policy** for the "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" option, and an organization owner enables "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" in their organization, user feedback collection is enabled by default, and can be managed at the organization level.
- * **No policy** - Allow each of your organizations to set their own policy. Access to Bing will initially be disabled for all organizations, but can be enabled by organization owners in their organization settings.
- * **Enabled** - Allow {% data variables.product.prodname_copilot_chat_short %} to use results from a Bing web search to provide information for its responses. See "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-a-general-question-about-software-development)" and "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide#using-github-skills-for-copilot)."
- * **Disabled** - Prevent {% data variables.product.prodname_copilot_chat_short %} from accessing Bing.
+1. Next to "Give {% data variables.product.prodname_copilot_short %} access to Bing," click the dropdown menu and select the policy you want to enforce. By default, Bing is disabled at the organization level.
- > [!NOTE] Bing search integration into {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_vscode_shortname %}, and {% data variables.product.prodname_vs %} is currently in beta and is subject to change.
+ > [!NOTE] Bing search integration into {% data variables.product.prodname_copilot_chat_dotcom_short %}, {% data variables.product.prodname_vscode_shortname %}, and {% data variables.product.prodname_vs %} is currently in beta and is subject to change.
diff --git a/data/reusables/copilot/copilot-enterprise-features.md b/data/reusables/copilot/copilot-enterprise-features.md
index f6996d84c4f8..89203fb6c108 100644
--- a/data/reusables/copilot/copilot-enterprise-features.md
+++ b/data/reusables/copilot/copilot-enterprise-features.md
@@ -6,6 +6,10 @@
{% data variables.product.prodname_copilot_for_prs %} is an AI-powered feature that allows you to create a summary of the changes that were made in a pull request, which files they impact, and what a reviewer should focus on when they conduct their review. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries)."
+### {% data variables.product.prodname_copilot_autocomplete_pr %} (beta)
+
+{% data variables.product.prodname_copilot_autocomplete_pr %} is a feature that provides AI-generated autocompletions to help you write pull request descriptions quickly and accurately. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/using-copilot-pull-request-autocomplete)."
+
### {% data variables.product.prodname_copilot_short %} knowledge bases
-Knowledge bases are collections of Markdown documentation from one or more repositories. When you ask a question in {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_dotcom_the_website %} and in {% data variables.product.prodname_vscode_shortname %} you can specify a knowledge base as the context for your question. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/managing-copilot-knowledge-bases)."
+Knowledge bases are collections of Markdown documentation from one or more repositories. When you ask {% data variables.product.prodname_copilot_chat_short %} a question in {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_vscode_shortname %}, and {% data variables.product.prodname_vs %} you can specify a knowledge base as the context for your question. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-copilot-knowledge-bases)."
diff --git a/data/reusables/copilot/copilot-extensions/beta-note.md b/data/reusables/copilot/copilot-extensions/beta-note.md
index 437998946480..7181c8c835bf 100644
--- a/data/reusables/copilot/copilot-extensions/beta-note.md
+++ b/data/reusables/copilot/copilot-extensions/beta-note.md
@@ -1 +1 @@
-> [!NOTE] {% data variables.product.prodname_copilot_extensions %} are in limited public beta and subject to change.
+> [!NOTE] {% data variables.product.prodname_copilot_extensions %} are in limited public beta and subject to change. To request access to {% data variables.product.prodname_copilot_extensions_short %}, join the [waitlist](https://gh.io/join-copilot-extensions).
diff --git a/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md b/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md
index 2ea05a94b614..0adea2c1c65b 100644
--- a/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md
+++ b/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md
@@ -1,3 +1,3 @@
* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %}
* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}
-* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_dotcom_the_website %} (with a {% data variables.product.prodname_copilot_enterprise_short %} subscription)
+* {% data variables.product.prodname_copilot_chat_dotcom_short %} (with a {% data variables.product.prodname_copilot_enterprise_short %} subscription)
diff --git a/data/reusables/copilot/copilot-extensions/copilot-extensions-on-marketplace.md b/data/reusables/copilot/copilot-extensions/copilot-extensions-on-marketplace.md
index 4dbc1273045a..19e500aceba4 100644
--- a/data/reusables/copilot/copilot-extensions/copilot-extensions-on-marketplace.md
+++ b/data/reusables/copilot/copilot-extensions/copilot-extensions-on-marketplace.md
@@ -1 +1 @@
-{% data variables.product.prodname_copilot_extensions_short %} are a type of {% data variables.product.prodname_github_app %}, and can be installed from {% data variables.product.prodname_marketplace %}. You can discover available {% data variables.product.prodname_copilot_extensions_short %} by opening [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=apps&copilot_app=true), then clicking {% octicon "copilot" aria-hidden="true" %} **{% data variables.product.prodname_copilot_extensions_short %}** in the sidebar.
+{% data variables.product.prodname_copilot_extensions_short %} are a type of {% data variables.product.prodname_github_app %} that you can install on your {% data variables.product.prodname_dotcom %} account, to add additional capabilities to {% data variables.product.prodname_copilot_short %}.
diff --git a/data/reusables/copilot/copilot-one-account-short.md b/data/reusables/copilot/copilot-one-account-short.md
index d653aa5f11bb..0d3c766079a6 100644
--- a/data/reusables/copilot/copilot-one-account-short.md
+++ b/data/reusables/copilot/copilot-one-account-short.md
@@ -1 +1 @@
-If you have an active {% data variables.product.prodname_copilot_for_individuals %} subscription, and are then assigned a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription, your personal {% data variables.product.prodname_copilot %} subscription will be automatically canceled. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)."
+If you have an active {% data variables.product.prodname_copilot_for_individuals %} subscription, and are then assigned a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription, your personal {% data variables.product.prodname_copilot %} subscription will be automatically canceled. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/about-billing-for-github-copilot-individual)."
diff --git a/data/reusables/copilot/differences-cfi-cfb-table.md b/data/reusables/copilot/differences-cfi-cfb-table.md
index ef6e8abc80f5..a518d53d47e3 100644
--- a/data/reusables/copilot/differences-cfi-cfb-table.md
+++ b/data/reusables/copilot/differences-cfi-cfb-table.md
@@ -1,23 +1,27 @@
{% rowheaders %}
| | {% data variables.product.prodname_copilot_individuals_short %} | {% data variables.product.prodname_copilot_business_short %} | {% data variables.product.prodname_copilot_enterprise_short %} |
-|--- | --- | --- | --- |
-| Pricing | {% data variables.copilot.cfi_price_per_month %} per month {% data variables.copilot.cfi_price_per_year %} per year | {% data variables.copilot.cfb_price_per_month %} per user per month | {% data variables.copilot.ce_price_per_month %} per user per month |
-| Types of {% data variables.product.prodname_dotcom %} accounts | Personal accounts | Organization or enterprise accounts | Enterprise accounts on {% data variables.product.prodname_ghe_cloud %} |
-| {% data variables.product.prodname_copilot_chat_short %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| {% data variables.product.prodname_copilot_cli %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| Code snippet collection | {% octicon "check" aria-label="Included" %} (Unless disabled) | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} |
-| Blocks suggestions matching public code | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| Plugs right into your editor | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| Offers multi-line function suggestions | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| --- | --- | --- | --- |
+| Pricing | {% data variables.copilot.cfi_price_per_month %} per month, or {% data variables.copilot.cfi_price_per_year %} per year (free for some users) | {% data variables.copilot.cfb_price_per_month %} per granted seat per month | {% data variables.copilot.ce_price_per_month %} per granted seat per month |
+| Code completion in IDEs[^1] | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| {% data variables.product.prodname_copilot_chat_short %} in IDEs[^2] | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| {% data variables.product.prodname_copilot_mobile_short %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| {% data variables.product.prodname_copilot_cli_short %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| Block suggestions matching public code | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| Exclude specified files from {% data variables.product.prodname_copilot_short %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| Organization-wide policy management | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| Exclude specified files | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| Audit logs | {% octicon "x" aria-label="Not included" %} |{% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| Increased {% data variables.product.prodname_github_models %} rate limits[^3] | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| {% data variables.product.prodname_copilot_chat_dotcom_short %} | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
-| {% data variables.product.prodname_copilot_chat_short %} skills in {% data variables.product.prodname_vscode_shortname %} | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
-| {% data variables.product.prodname_copilot_chat_short %} skills in {% data variables.product.prodname_vs %} | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
-| {% data variables.product.prodname_copilot_mobile_short %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| {% data variables.product.prodname_copilot_chat_short %} skills in IDEs[^4] | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| {% data variables.product.prodname_copilot_for_prs %} | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| {% data variables.product.prodname_copilot_short %} knowledge bases | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
+| Fine tuning a custom large language model[^5] | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}
+
+[^1]: Code completion in IDEs is available in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, Azure Data Studio, and Vim/Neovim.
+[^2]: {% data variables.product.prodname_copilot_chat_short %} in IDEs is available in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and JetBrains IDEs.
+[^3]: For details about the increased rate limits, see "[AUTOTITLE](/github-models/prototyping-with-ai-models)."
+[^4]: {% data variables.product.prodname_copilot_chat_short %} skills in IDEs is available in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}.
+[^5]: For details about fine tuning the model, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot)."
diff --git a/data/reusables/copilot/duplication-setting-org.md b/data/reusables/copilot/duplication-setting-org.md
index f76d4dbd109b..aea3e881731d 100644
--- a/data/reusables/copilot/duplication-setting-org.md
+++ b/data/reusables/copilot/duplication-setting-org.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** If you are a member of an organization on {% data variables.product.prodname_ghe_cloud %} who has been assigned a {% data variables.product.prodname_copilot %} seat through your organization, you will not be able to configure duplication detection in your personal account settings. Your duplication detection setting will be inherited from your organization or enterprise.
-
-{% endnote %}
+> [!NOTE] If you are a member of an organization on {% data variables.product.prodname_ghe_cloud %} who has been assigned a {% data variables.product.prodname_copilot %} seat through your organization, you will not be able to configure duplication detection in your personal account settings. Your duplication detection setting will be inherited from your organization or enterprise.
diff --git a/data/reusables/copilot/enabling-copilot-chat-beta.md b/data/reusables/copilot/enabling-copilot-chat-beta.md
index 25e7f5127206..f52cc8aee101 100644
--- a/data/reusables/copilot/enabling-copilot-chat-beta.md
+++ b/data/reusables/copilot/enabling-copilot-chat-beta.md
@@ -1,10 +1,6 @@
## Enabling or disabling {% data variables.product.prodname_copilot_chat %}
-{% note %}
-
-**Note:** If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to {% data variables.product.prodname_copilot_chat %}.
-
-{% endnote %}
+> [!NOTE] If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to {% data variables.product.prodname_copilot_chat %}.
{% data variables.product.prodname_copilot_chat %} is available to all organizations and enterprises that have an active {% data variables.product.prodname_copilot_for_business %} license. You can enable or disable {% data variables.product.prodname_copilot_chat %} for your organization or enterprise in the {% data variables.product.prodname_copilot_for_business %} settings page.
diff --git a/data/reusables/copilot/enabling-or-disabling-copilot.md b/data/reusables/copilot/enabling-or-disabling-copilot.md
index f8c7dfb602f6..0065c4d989bf 100644
--- a/data/reusables/copilot/enabling-or-disabling-copilot.md
+++ b/data/reusables/copilot/enabling-or-disabling-copilot.md
@@ -1,8 +1,4 @@
-{% note %}
-
-**Note:** If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to {% data variables.product.prodname_copilot_chat %}.
-
-{% endnote %}
+> [!NOTE] If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to {% data variables.product.prodname_copilot_chat %}.
{% data variables.product.prodname_copilot_chat %} is available to all organizations {% ifversion ghec %}and enterprises{% endif %} that have an active {% data variables.product.prodname_copilot_for_business %} {% ifversion ghec %}or {% data variables.product.prodname_copilot_enterprise %}{% endif %} subscription. You can enable or disable {% data variables.product.prodname_copilot_chat %} for your organization {% ifversion ghec %}or enterprise{% endif %} in the settings page for {% data variables.product.prodname_copilot_short %}.
diff --git a/data/reusables/copilot/enterprise-fpt-link.md b/data/reusables/copilot/enterprise-fpt-link.md
index ff639beaaf96..c1eed7af89fd 100644
--- a/data/reusables/copilot/enterprise-fpt-link.md
+++ b/data/reusables/copilot/enterprise-fpt-link.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** You are currently viewing the documentation for Free, Pro, and Team plans. {% data variables.product.prodname_copilot_enterprise %} is only available to customers on the {% data variables.product.prodname_ghe_cloud %} plan. For full documentation of {% data variables.product.prodname_copilot_enterprise_short %}, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise)." in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
-{% endnote %}
+> [!NOTE] You are currently viewing the documentation for Free, Pro, and Team plans. {% data variables.product.prodname_copilot_enterprise %} is only available to customers on the {% data variables.product.prodname_ghe_cloud %} plan. For full documentation of {% data variables.product.prodname_copilot_enterprise_short %}, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise)." in the {% data variables.product.prodname_ghe_cloud %} documentation.
diff --git a/data/reusables/copilot/indexing-note.md b/data/reusables/copilot/indexing-note.md
index ffce1e1ae0d7..10e5f25e9f21 100644
--- a/data/reusables/copilot/indexing-note.md
+++ b/data/reusables/copilot/indexing-note.md
@@ -1,7 +1 @@
-{% note %}
-
-**Note:**
-
-Initial indexing can take up to 30 minutes for large repositories. Once a repository has been indexed for the first time, updates should be indexed much more quickly (typically within 5 minutes).
-
-{% endnote %}
+> [!NOTE] Initial indexing can take up to 30 minutes for large repositories. Once a repository has been indexed for the first time, updates should be indexed much more quickly (typically within 5 minutes).
diff --git a/data/reusables/copilot/indexing-who-can-do-this.md b/data/reusables/copilot/indexing-who-can-do-this.md
new file mode 100644
index 000000000000..4583f128f6c8
--- /dev/null
+++ b/data/reusables/copilot/indexing-who-can-do-this.md
@@ -0,0 +1 @@
+Anyone with a subscription to {% data variables.product.prodname_copilot_enterprise %} who has write access to a repository can index that repository.
diff --git a/data/reusables/copilot/more-details-content-exclusion-logs.md b/data/reusables/copilot/more-details-content-exclusion-logs.md
new file mode 100644
index 000000000000..e7c4025ca179
--- /dev/null
+++ b/data/reusables/copilot/more-details-content-exclusion-logs.md
@@ -0,0 +1,5 @@
+1. Click the ellipsis (...) at the end of each entry to see more details.
+
+ If the "excluded_paths" entry is truncated, hover over the truncated value to show the full entry. This displays the content of the exclusion settings after the change was saved.
+
+ 
diff --git a/data/reusables/copilot/open-copilot.md b/data/reusables/copilot/open-copilot.md
index abc8866d399f..60f5fccbd07e 100644
--- a/data/reusables/copilot/open-copilot.md
+++ b/data/reusables/copilot/open-copilot.md
@@ -1,7 +1,5 @@
-1. Click the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon at the top right of the page.
+1. At the top right of the page, click the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon.
The {% data variables.product.prodname_copilot_chat %} panel is displayed. To resize the panel, click and drag the top or left edge.
1. If the panel contains a previous conversation you had with {% data variables.product.prodname_copilot_short %}, click the {% octicon "plus" aria-hidden="true" %} plus sign icon at the top right of the {% data variables.product.prodname_copilot_short %} panel to start a new conversation.
-
- 
diff --git a/data/reusables/copilot/policies-for-dotcom.md b/data/reusables/copilot/policies-for-dotcom.md
index ef6d27b57289..a17b2781a071 100644
--- a/data/reusables/copilot/policies-for-dotcom.md
+++ b/data/reusables/copilot/policies-for-dotcom.md
@@ -1,3 +1,6 @@
-* **Give {% data variables.product.prodname_copilot_short %} access to Bing**: Select this check box to allow {% data variables.product.prodname_copilot_chat_short %} to use Bing search results to provide information for its responses. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-a-general-question-about-software-development)."
+* **Opt in to user feedback collection**: If enabled, users can provide feedback on {% data variables.product.prodname_copilot_short %} pull request summaries. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot)."
+* **Previews of {% data variables.product.prodname_copilot_short %} features**: If enabled, users can test new {% data variables.product.prodname_copilot_short %} features that are not yet generally available. Be aware that previews of features may have flaws, and the features may be changed or discontinued at any time. Current previews of {% data variables.product.prodname_copilot_short %} features include:
-* **Opt in to user feedback collection**: Select this check box to allow users to provide feedback on {% data variables.product.prodname_copilot_short %} pull request summaries. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot)."
+ * {% data variables.product.prodname_copilot_autocomplete_pr %}. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/using-copilot-text-completion)."
+ * Asking {% data variables.product.prodname_copilot_short %} why a workflow has failed. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#ask-why-a-workflow-has-failed)."
+ * The ability for {% data variables.product.prodname_copilot_short %} to plan a strong response by asking for additional information when a prompt is unclear, then determining which skills it should use to respond. For more information on skills, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#powered-by-skills)."
diff --git a/data/reusables/copilot/procedural-intro.md b/data/reusables/copilot/procedural-intro.md
index 730c4680c9f0..0a6eb494f95a 100644
--- a/data/reusables/copilot/procedural-intro.md
+++ b/data/reusables/copilot/procedural-intro.md
@@ -1 +1 @@
-{% data variables.product.prodname_copilot %} offers coding suggestions as you type in your coding environment. For more information about other things that {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot)."
+{% data variables.product.prodname_copilot %} offers coding suggestions as you type in your coding environment. For more information about other things that {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)."
diff --git a/data/reusables/copilot/quickstart-intro.md b/data/reusables/copilot/quickstart-intro.md
index ce1e93ee180e..b164a6e09e35 100644
--- a/data/reusables/copilot/quickstart-intro.md
+++ b/data/reusables/copilot/quickstart-intro.md
@@ -1 +1 @@
-{% data variables.product.prodname_copilot %} provides coding suggestions as you type in your editor. You can also ask {% data variables.product.prodname_copilot_short %} coding-related questions, such as how best to code something, how to fix a bug, or how someone else's code works. For full details of what {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot)."
+{% data variables.product.prodname_copilot %} provides coding suggestions as you type in your editor. You can also ask {% data variables.product.prodname_copilot_short %} coding-related questions, such as how best to code something, how to fix a bug, or how someone else's code works. For full details of what {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)."
diff --git a/data/reusables/copilot/quickstart-signup.md b/data/reusables/copilot/quickstart-signup.md
index a8406e09793a..e9e64dbd441a 100644
--- a/data/reusables/copilot/quickstart-signup.md
+++ b/data/reusables/copilot/quickstart-signup.md
@@ -4,7 +4,7 @@
Start a free trial {% octicon "link-external" height:16 %}
-If you don't already have access to {% data variables.product.prodname_copilot %}, you can set up a free trial or subscription for {% data variables.product.prodname_copilot_for_individuals %} on your personal {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/copilot/copilot-individual/about-github-copilot-individual)."
+If you don't already have access to {% data variables.product.prodname_copilot %}, you can set up a free trial or subscription for {% data variables.product.prodname_copilot_for_individuals %} on your personal {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)."
{% elsif ghec %}
diff --git a/data/reusables/copilot/signup-procedure.md b/data/reusables/copilot/signup-procedure.md
index e099f684ed72..21cbc62b06f8 100644
--- a/data/reusables/copilot/signup-procedure.md
+++ b/data/reusables/copilot/signup-procedure.md
@@ -1,5 +1,5 @@
1. In the upper-right corner of any page, click your profile photo, then click **{% octicon "copilot" aria-hidden="true" %} Your {% data variables.product.prodname_copilot_short %}**.
-1. On the {% data variables.product.prodname_copilot %} settings page, click **Start free trial**.
+1. On the {% data variables.product.prodname_copilot %} settings page, click **Start free trial**. If you are not eligible for a free trial because you have already used the free trial or because you were part of the technical preview, you will be prompted to subscribe to {% data variables.product.prodname_copilot_short %} instead.
1. Choose whether you want to pay monthly or yearly, and click **Get access to {% data variables.product.prodname_copilot %}**.
If your personal account meets the criteria for a free {% data variables.product.prodname_copilot %} subscription instead of a trial or paid subscription, you will automatically be taken to step 5.
@@ -7,4 +7,6 @@
1. Follow the steps to enter and confirm your payment details, then click **Submit**.
1. Select your preferences, then click **Save and complete setup**.
- You can change these preferences at a later time by returning to your {% data variables.product.prodname_copilot %} settings. For more information, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-github-copilot-in-your-environment?tool=vscode#configuring-your-personal-github-copilot-settings-on-githubcom)."
+ The **Suggestions matching public code** preference controls whether {% data variables.product.prodname_copilot_short %} will provide code completion suggestions that match publicly available code.
+
+ For details about the preferences, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber)." You can change the preferences at any time.
diff --git a/data/reusables/copilot/sku-isolation.md b/data/reusables/copilot/sku-isolation.md
new file mode 100644
index 000000000000..ff5412bac310
--- /dev/null
+++ b/data/reusables/copilot/sku-isolation.md
@@ -0,0 +1,41 @@
+> [!NOTE] {% data variables.product.prodname_copilot_sku_isolation %} is currently in limited public beta and subject to change. This feature will be enabled for all users on October 31, 2024.
+
+## About {% data variables.product.prodname_copilot_sku_isolation %}
+
+As an {% ifversion ghec %}enterprise or {% endif %}organization owner, you can use your network firewall to explicitly allow access to {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}{% endif %}, and/or block access to {% data variables.product.prodname_copilot_for_individuals %}. This allows you to control which {% data variables.product.prodname_copilot %} plans your members can use within your network.
+
+Configuring {% data variables.product.prodname_copilot_sku_isolation %} will affect the following {% data variables.product.prodname_copilot %} features:
+
+* Code completions in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, and Vim/NeoVim
+* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and JetBrains IDEs
+* {% data variables.product.prodname_mobile %} Apps
+* {% data variables.product.prodname_copilot_cli_short %}
+
+
+On October 31, 2024, we will enable {% data variables.product.prodname_copilot_sku_isolation %} for all users. This will ensure that users are accessing {% data variables.product.prodname_copilot %} through an endpoint that is specific to their {% data variables.product.prodname_copilot_short %} subscription. Only {% data variables.product.prodname_copilot_business_short %} users will be able to connect to the {% data variables.product.prodname_copilot_business_short %} endpoint and only {% data variables.product.prodname_copilot_enterprise_short %} users will be able to connect to the {% data variables.product.prodname_copilot_enterprise_short %} endpoint.
+
+Optionally, if you are a customer with a {% data variables.product.prodname_dotcom %} account representative and you want to block access to {% data variables.product.prodname_copilot_individuals_short %} on your network before October 31, ask your representative about enabling {% data variables.product.prodname_copilot_sku_isolation %} ahead of this date.
+
+## Important steps to ensure continued access to {% data variables.product.prodname_copilot %}
+
+Between now and October 31, you should ensure that your firewall allows access to all of the hostnames listed in "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)."
+
+
+## Configuring {% data variables.product.prodname_copilot_sku_isolation %} for your enterprise
+
+
+Before October 31, 2024, you should perform the following steps to ensure users can continue to access {% data variables.product.prodname_copilot %}.
+
+
+1. Ensure your members have updated to at least the minimum version of their {% data variables.product.prodname_copilot_short %} client listed below.
+ * For {% data variables.product.prodname_vscode %}, use Copilot Chat version 0.17 or later.
+ * For JetBrains IDEs, use Copilot version 1.5.6.5692 or later.
+ * For {% data variables.product.prodname_vs %}, use version VS 2022 17.11 or later.
+
+1. Update your corporate network firewall to include one of these paths in your allow-list:
+ * For a {% data variables.product.prodname_copilot_business_short %} subscription, add `*.business.githubcopilot.com`
+ * For a {% data variables.product.prodname_copilot_enterprise_short %} subscription, add `*.enterprise.githubcopilot.com`
+
+ > [!NOTE] The `*` indicates a wildcard character. A wildcard is necessary as there are multiple subdomains required for {% data variables.product.prodname_copilot %} to function correctly.
+
+1. Update your corporate network firewall to include `*.individual.githubcopilot.com` in your block-list.
diff --git a/data/reusables/copilot/supported-languages.md b/data/reusables/copilot/supported-languages.md
index 96f735400016..5155877b14e6 100644
--- a/data/reusables/copilot/supported-languages.md
+++ b/data/reusables/copilot/supported-languages.md
@@ -1 +1 @@
-{% data variables.product.prodname_copilot %} provides suggestions for numerous languages and a wide variety of frameworks, but works especially well for Python, JavaScript, TypeScript, Ruby, Go, C# and C++. {% data variables.product.prodname_copilot %} can also assist in query generation for databases, or generating suggestions for APIs and frameworks.
+{% data variables.product.prodname_copilot %} provides suggestions for numerous languages and a wide variety of frameworks, but works especially well for Python, JavaScript, TypeScript, Ruby, Go, C# and C++. {% data variables.product.prodname_copilot %} can also assist in query generation for databases, generating suggestions for APIs and frameworks, and can help with infrastructure as code development.
diff --git a/data/reusables/copilot/test-content-exclusions-chat.md b/data/reusables/copilot/test-content-exclusions-chat.md
new file mode 100644
index 000000000000..a238165721ee
--- /dev/null
+++ b/data/reusables/copilot/test-content-exclusions-chat.md
@@ -0,0 +1 @@
+1. Ask {% data variables.product.prodname_copilot_chat_short %} a question about the excluded file. If your content is excluded successfully, {% data variables.product.prodname_copilot_short %} will be unable to answer your question, and will explain that some files were excluded from the conversation due to content exclusion rules.
diff --git a/data/reusables/copilot/tp-users-trial-eligibility.md b/data/reusables/copilot/tp-users-trial-eligibility.md
index bc3c0dc84607..21566d6527de 100644
--- a/data/reusables/copilot/tp-users-trial-eligibility.md
+++ b/data/reusables/copilot/tp-users-trial-eligibility.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** If you were part of the free {% data variables.product.prodname_copilot %} technical preview that was run between July 2021 and June 2022, you are not eligible for a {% data reusables.copilot.trial-period %}-day trial.
-
-{% endnote %}
+> [!NOTE] If you were part of the free {% data variables.product.prodname_copilot %} technical preview that was run between July 2021 and June 2022, you are not eligible for a {% data reusables.copilot.trial-period %}-day trial.
diff --git a/data/reusables/copilot/view-last-change-content-exclusions.md b/data/reusables/copilot/view-last-change-content-exclusions.md
new file mode 100644
index 000000000000..f33f68a5ef15
--- /dev/null
+++ b/data/reusables/copilot/view-last-change-content-exclusions.md
@@ -0,0 +1,3 @@
+1. Scroll to the bottom of the page.
+
+ You will see the name of the person who last changed the content exclusion settings, and information about when they made this change.
diff --git a/data/reusables/copilot/vs-for-mac-note.md b/data/reusables/copilot/vs-for-mac-note.md
index 8641f1860fdd..c6430bd2dd0e 100644
--- a/data/reusables/copilot/vs-for-mac-note.md
+++ b/data/reusables/copilot/vs-for-mac-note.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note**: {% data variables.product.prodname_copilot %} is not currently available for use with Visual Studio for Mac.
-
-{% endnote %}
+> [!NOTE] {% data variables.product.prodname_copilot %} is not currently available for use with Visual Studio for Mac.
diff --git a/data/reusables/copilot/vscode-version-compatibility.md b/data/reusables/copilot/vscode-version-compatibility.md
new file mode 100644
index 000000000000..8059310fb2b7
--- /dev/null
+++ b/data/reusables/copilot/vscode-version-compatibility.md
@@ -0,0 +1,3 @@
+Changes to {% data variables.product.prodname_copilot_chat %} coincide with {% data variables.product.prodname_vscode %} releases, due to {% data variables.product.prodname_copilot_chat_short %}'s deep UI integration. As a result, every new version of {% data variables.product.prodname_copilot_chat_short %} is only compatible with the latest release of {% data variables.product.prodname_vscode %}. This means that if you are using an older version of {% data variables.product.prodname_vscode %}, you will not be able to use the latest {% data variables.product.prodname_copilot_chat_short %}.
+
+Only the latest {% data variables.product.prodname_copilot_chat_short %} versions will use the latest large language model provided by the {% data variables.product.prodname_copilot_short %} service, as even minor model upgrades require prompt changes and fixes in the extension. An older version of {% data variables.product.prodname_copilot_chat_short %} will still use the latest version of {% data variables.product.prodname_copilot_short %} code completions.
diff --git a/data/reusables/dependabot/about-the-dependency-graph.md b/data/reusables/dependabot/about-the-dependency-graph.md
index 9f0afb0c2fa3..5eeb3f69dda0 100644
--- a/data/reusables/dependabot/about-the-dependency-graph.md
+++ b/data/reusables/dependabot/about-the-dependency-graph.md
@@ -1,4 +1,4 @@
-The dependency graph is a summary of the manifest and lock files stored in a repository and any dependencies that are submitted for the repository using the {% data variables.dependency-submission-api.name %} (beta). For each repository, it shows{% ifversion fpt or ghec %}:
+The dependency graph is a summary of the manifest and lock files stored in a repository and any dependencies that are submitted for the repository using the {% data variables.dependency-submission-api.name %}. For each repository, it shows{% ifversion fpt or ghec %}:
* Dependencies, the ecosystems and packages it depends on
* Dependents, the repositories and packages that depend on it{% else %} dependencies, the ecosystems and packages it depends on.{% endif %}
diff --git a/data/reusables/dependabot/configuration-options.md b/data/reusables/dependabot/configuration-options.md
index 2d293149bf5b..44ee05d7dcf6 100644
--- a/data/reusables/dependabot/configuration-options.md
+++ b/data/reusables/dependabot/configuration-options.md
@@ -2,12 +2,17 @@
|:---|:---:|:---:|:---:|:---|
| [`package-ecosystem`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | Package manager to use |
| [`directory`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directory) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Location of package manifests |
+| {% ifversion dependabot-updates-multidirectory-support %} |
+| [`directories`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Locations of package manifests (multiple directories) |
+| {% endif %} |
| [`schedule.interval`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval) | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | How often to check for updates |
| [`allow`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow) | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Customize which updates are allowed |
| [`assignees`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#assignees) | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Assignees to set on pull requests |
| [`commit-message`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#commit-message) | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Commit message preferences |
-| [`enable-beta-ecosystems`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#enable-beta-ecosystems) | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | Enable ecosystems that have beta-level support |{% ifversion dependabot-version-updates-groups %}
-| [`groups`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) | {% octicon "x" aria-label="Not supported" %} | {% ifversion dependabot-grouped-security-updates-config %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "check" aria-label="Supported" %} | Group updates for certain dependencies |{% endif %}
+| [`enable-beta-ecosystems`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#enable-beta-ecosystems) | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | Enable ecosystems that have beta-level support |
+| {% ifversion dependabot-version-updates-groups %} |
+| [`groups`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) | {% octicon "x" aria-label="Not supported" %} | {% ifversion dependabot-grouped-security-updates-config %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "check" aria-label="Supported" %} | Group updates for certain dependencies |
+| {% endif %} |
| [`ignore`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore) | {% octicon "x" aria-label="Not supported" %} | See [`ignore`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore) | See [`ignore`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore) | Ignore certain dependencies or versions |
| [`insecure-external-code-execution`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#insecure-external-code-execution) | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Allow or deny code execution in manifest files |
| [`labels`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#labels) | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Labels to set on pull requests |
diff --git a/data/reusables/dependabot/dependabot-alerts-dependency-scope.md b/data/reusables/dependabot/dependabot-alerts-dependency-scope.md
index 4458211e8134..276e17bebd5f 100644
--- a/data/reusables/dependabot/dependabot-alerts-dependency-scope.md
+++ b/data/reusables/dependabot/dependabot-alerts-dependency-scope.md
@@ -2,17 +2,17 @@ The table below summarizes whether dependency scope is supported for various eco
| **Language** | **Ecosystem** | **Manifest file** | **Dependency scope supported** |
|:---|:---:|:---:|:---|
-{%- ifversion dependency-graph-dart-support %}
+| {% ifversion dependency-graph-dart-support %} |
| Dart | pub | pubspec.yaml | {% octicon "check" aria-label="Supported" %} |
| Dart | pub | pubspec.lock | {% octicon "check" aria-label="Supported" %} |
-{%- endif %}
+| {% endif %} |
| Go | Go modules | go.mod | No, defaults to runtime |
| Java | Maven | pom.xml | {% octicon "check" aria-label="Supported" %} `test` maps to development, else scope defaults to runtime |
| JavaScript | npm | package.json | {% octicon "check" aria-label="Supported" %} |
| JavaScript | npm | package-lock.json | {% octicon "check" aria-label="Supported" %} |
-{%- ifversion dependabot-dependency-graph-pnpm %}
+| {% ifversion dependabot-dependency-graph-pnpm %} |
| JavaScript | npm | pnpm-lock.yaml | {% octicon "check" aria-label="Supported" %} |
-{%- endif %}
+| {% endif %} |
| JavaScript | yarn v1 | yarn.lock | No, defaults to runtime |
| PHP | Composer | composer.json | {% octicon "check" aria-label="Supported" %} |
| PHP | Composer | composer.lock | {% octicon "check" aria-label="Supported" %} |
diff --git a/data/reusables/dependabot/dependabot-alerts-filters.md b/data/reusables/dependabot/dependabot-alerts-filters.md
index fc2d93f30280..2851b76963f0 100644
--- a/data/reusables/dependabot/dependabot-alerts-filters.md
+++ b/data/reusables/dependabot/dependabot-alerts-filters.md
@@ -3,12 +3,16 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %}
| Option | Description | Example |
|:---|:---|:---|
| `ecosystem` | Displays alerts for the selected ecosystem | Use `ecosystem:npm` to show {% data variables.product.prodname_dependabot_alerts %} for npm |
-| `has` | Displays alerts meeting the selected filter criteria | Use `has:patch` to show alerts related to advisories that have a patch{% ifversion dependabot-alerts-vulnerable-calls %}Use `has:vulnerable-calls` to show alerts relating to calls to vulnerable functions |{% endif %}
+| `has` | Displays alerts meeting the selected filter criteria | Use `has:patch` to show alerts related to advisories that have a patch{% ifversion dependabot-alerts-vulnerable-calls %}Use `has:vulnerable-calls` to show alerts relating to calls to vulnerable functions{% endif %} |
| `is` | Displays alerts based on their state | Use `is:open` to show open alerts |
| `manifest` | Displays alerts for the selected manifest | Use `manifest:webwolf/pom.xml` to show alerts on the pom.xml file of the webwolf application |
| `package` | Displays alerts for the selected package | Use `package:django` to show alerts for django |
| `resolution` | Displays alerts of the selected resolution status | Use `resolution:no-bandwidth` to show alerts previously parked due to lack of resources or time to fix them |
-| `repo` | Displays alerts based on the repository they relate toNote that this filter is only available for security overview. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)" | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` |{%- ifversion dependabot-alerts-development-label %}
-| `scope` | Displays alerts based on the scope of the dependency they relate to | Use `scope:development` to show alerts for dependencies that are only used during development |{% endif %}
-| `severity` | Displays alerts based on their level of severity | Use `severity:high` to show alerts with a severity of High |{%- ifversion dependabot-most-important-sort-option %}
-| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importanceUse `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %} |{% endif %}
+| `repo` | Displays alerts based on the repository they relate toNote that this filter is only available for security overview. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)" | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` |
+| {% ifversion dependabot-alerts-development-label %} |
+| `scope` | Displays alerts based on the scope of the dependency they relate to | Use `scope:development` to show alerts for dependencies that are only used during development |
+| {% endif %} |
+| `severity` | Displays alerts based on their level of severity | Use `severity:high` to show alerts with a severity of High |
+| {% ifversion dependabot-most-important-sort-option %} |
+| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importanceUse `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %} |
+| {% endif %} |
diff --git a/data/reusables/dependabot/dependabot-auto-triage-rules-beta.md b/data/reusables/dependabot/dependabot-auto-triage-rules-beta.md
deleted file mode 100644
index ba49049714d8..000000000000
--- a/data/reusables/dependabot/dependabot-auto-triage-rules-beta.md
+++ /dev/null
@@ -1,5 +0,0 @@
-{% note %}
-
-**Note:** {% data variables.dependabot.auto_triage_rules %} are currently in beta and are subject to change.
-
-{% endnote %}
diff --git a/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md b/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md
index 1f11883c6ea1..788893bb5cbe 100644
--- a/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md
+++ b/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md
@@ -1,3 +1,4 @@
You can enable grouped pull requests for {% data variables.product.prodname_dependabot_security_updates %} in one, or both, of the following ways.
-* To group as many available security updates together as possible, across directories and per ecosystem, enable grouping in the "Code security and analysis" settings for your organization or repository.
-* For more granular control of grouping, such as grouping by package name, development/production dependencies, or SemVer level, add configuration options to the `dependabot.yml` configuration file in your repository.
+
+* To group as many available security updates together as possible, across directories and per ecosystem, enable grouping in the "Code security and analysis" settings for your repository{% ifversion security-configurations-beta-and-pre-beta %}or organization{% elsif security-configurations-ga %}, or in "Global settings" under "Code security" for your organization{% endif %}.
+* For more granular control of grouping, such as grouping by package name, development/production dependencies,{% ifversion dependabot-updates-multidirectory-support %} SemVer level, or across multiple directories per ecosystem{% else %} or SemVer level{% endif %}, add configuration options to the `dependabot.yml` configuration file in your repository.
diff --git a/data/reusables/dependabot/dependabot-updates-supported-repos-ecosystems.md b/data/reusables/dependabot/dependabot-updates-supported-repos-ecosystems.md
new file mode 100644
index 000000000000..bd4589dfc894
--- /dev/null
+++ b/data/reusables/dependabot/dependabot-updates-supported-repos-ecosystems.md
@@ -0,0 +1 @@
+For information on the supported repositories and ecosystems, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)."
diff --git a/data/reusables/dependabot/dependabot-version-updates-groups-yaml-example.md b/data/reusables/dependabot/dependabot-version-updates-groups-yaml-example.md
index fca591da5a54..022e01b0423d 100644
--- a/data/reusables/dependabot/dependabot-version-updates-groups-yaml-example.md
+++ b/data/reusables/dependabot/dependabot-version-updates-groups-yaml-example.md
@@ -33,8 +33,12 @@ A `dependabot.yml` file with a customized Bundler configuration, which has been
version: 2
updates:
# Keep bundler dependencies up to date
- - package-ecosystem: "bundler"
- directory: "/"
+ - package-ecosystem: "bundler"{% ifversion dependabot-updates-multidirectory-support %}
+ directories:
+ - "/frontend"
+ - "/backend"
+ - "/admin"{% else %}
+ directory: "/"{% endif %}
schedule:
interval: "weekly"
# Create a group of dependencies to be updated together in one pull request
diff --git a/data/reusables/dependabot/directories-option-overview.md b/data/reusables/dependabot/directories-option-overview.md
new file mode 100644
index 000000000000..a8373f8e0660
--- /dev/null
+++ b/data/reusables/dependabot/directories-option-overview.md
@@ -0,0 +1 @@
+You can use `directories` instead of `directory` to apply the same configuration to a list of multiple directories. The `directory` or `directories` entries must be unique and cannot overlap with the `directory` or `directories` entries in blocks that have the same ecosystem and `target-branch`. You can have one block specifying multiple directories and another block with specifications for one directory only, but both keys can't be present in the same block.
diff --git a/data/reusables/dependabot/directory-directories-required.md b/data/reusables/dependabot/directory-directories-required.md
new file mode 100644
index 000000000000..a4fa210919a9
--- /dev/null
+++ b/data/reusables/dependabot/directory-directories-required.md
@@ -0,0 +1,5 @@
+{% note %}
+
+**Note:** You cannot use both `directory` and `directories` in the same configuration block. Only one option is required, not both.
+
+{% endnote %}
diff --git a/data/reusables/dependabot/directory-vs-directories-guidance.md b/data/reusables/dependabot/directory-vs-directories-guidance.md
new file mode 100644
index 000000000000..a4960b2abef4
--- /dev/null
+++ b/data/reusables/dependabot/directory-vs-directories-guidance.md
@@ -0,0 +1 @@
+Using `directory`, `directories`, or a mixture of both, are all valid approaches. You should tailor your configuration to your requirements. We recommend you use `directories` when you want to apply the exact same configuration to multiple directories or group dependency updates across multiple directories, and `directory` when you want to apply a configuration to only one directory, or if you want each directory to have a different configuration.
diff --git a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md
index c2d335aa022c..960f8b662c97 100644
--- a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md
+++ b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md
@@ -2,7 +2,7 @@ Repository administrators can enable or disable the dependency graph for private
You can enable or disable the dependency graph for all repositories owned by your user account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account)".
-You can also enable the dependency graph for multiple repositories in an organization at the same time. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-organization)."
+You can also enable the dependency graph for multiple repositories in an organization at the same time. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
diff --git a/data/reusables/dependabot/multidirectory-vs-pr-grouping.md b/data/reusables/dependabot/multidirectory-vs-pr-grouping.md
new file mode 100644
index 000000000000..5d4b30736769
--- /dev/null
+++ b/data/reusables/dependabot/multidirectory-vs-pr-grouping.md
@@ -0,0 +1,5 @@
+Multidirectory support is different than update grouping in pull requests.
+* The `directories` option in the `dependabot.yml` file allows you to apply {% data variables.product.prodname_dependabot_updates %} to multiple directories at the same time.
+* The `groups` option in the `dependabot.yml` file creates sets of dependencies (per package manager) for {% data variables.product.prodname_dependabot %} to put in the same single pull request.
+
+If you want to use both features on your repositories, you need to enable these features independently and explicitly by using the two keys described above.
diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md
index f5848e6076df..179ce078210f 100644
--- a/data/reusables/dependabot/supported-package-managers.md
+++ b/data/reusables/dependabot/supported-package-managers.md
@@ -1,35 +1,37 @@
-The following table shows, for each package manager:
-* The YAML value to use in the `dependabot.yml` file
-* The supported versions of the package manager
-* Whether dependencies in private {% data variables.product.prodname_dotcom %} repositories or registries are supported
-* Whether vendored dependencies are supported
-
-Package manager | YAML value | Supported versions | Private repositories | Private registries | Vendoring
----------------|------------------|------------------|:---:|:---:|:---:
-Bundler | `bundler` | v1, v2 | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
-[Cargo](#cargo) | `cargo` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} |
-Composer | `composer` | v1, v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-{% ifversion dependabot-version-updates-devcontainer-support %}[Dev containers](#dev-containers) | `devcontainers` | Not applicable | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
-{% endif %}{% ifversion dependabot-version-updates-enhanced-docker-support %}[Docker](#docker){% else %}Docker{% endif %} | `docker` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
-Hex | `mix` | v1 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-elm-package | `elm` | v0.19 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-git submodule | `gitsubmodule` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
-[{% data variables.product.prodname_actions %}](#github-actions) | `github-actions` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
-Go modules | `gomod` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
-[Gradle](#gradle) | `gradle` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-[Maven](#maven) | `maven` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-npm | `npm` | v6, v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-[NuGet](#nuget-cli) | `nuget` | {% ifversion dependabot-updates-v680-nuget-support %}<=6.8.0{% elsif ghes = 3.12 %}<= 6.7.0{% else %}<= 4.8{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-{% ifversion dependabot-PEP621-support %}[pip](#pip-and-pip-compile){% else %}pip{% endif %} | `pip` | v21.1.2 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-pipenv | `pip` | <= 2021-05-29 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-{% ifversion dependabot-PEP621-support %}[pip-compile](#pip-and-pip-compile){% else %}pip-compile{% endif %} | `pip` | 6.1.0 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-{% ifversion dependabot-updates-pnpm-support %}[pnpm](#pnpm) | `npm` | v7, v8 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-{% endif %}poetry | `pip` | v1 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-[pub](#pub) | `pub` | v2 | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} |{% ifversion dependabot-updates-swift-support %}
-[Swift](#swift) | `swift` | v5 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} |{% endif %}
-[Terraform](#terraform) | `terraform` | >= 0.13, <= 1.8.x | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
-{% ifversion dependabot-yarn-v3-update %}[yarn](#yarn) | `npm` | v1, v2, v3 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}|{% else %}yarn | `npm` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | |
-{% endif %}
+Package manager | YAML value | Supported versions | Version updates | Security updates | Private repositories | Private registries | Vendoring |
+---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:|
+Bundler | `bundler` | v1, v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+[Cargo](#cargo) | `cargo` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} |
+Composer | `composer` | v1, v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-version-updates-devcontainer-support %} |
+[Dev containers](#dev-containers) | `devcontainers` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
+| {% ifversion dependabot-version-updates-enhanced-docker-support %} |
+[Docker](#docker){% else %}Docker{% endif %} | `docker` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
+Hex | `mix` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+elm-package | `elm` | v0.19 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+git submodule | `gitsubmodule` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
+[{% data variables.product.prodname_actions %}](#github-actions) | `github-actions` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
+Go modules | `gomod` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} |
+[Gradle](#gradle) | `gradle` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+[Maven](#maven) | `maven` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+npm | `npm` | v6, v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+[NuGet](#nuget-cli) | `nuget` | {% ifversion dependabot-updates-v680-nuget-support %}<=6.8.0{% elsif ghes = 3.12 %}<= 6.7.0{% else %}<= 4.8{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-PEP621-support %}[pip](#pip-and-pip-compile){% else %}pip{% endif %} | `pip` | v21.1.2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+pipenv | `pip` | <= 2021-05-29 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-PEP621-support %}[pip-compile](#pip-and-pip-compile){% else %}pip-compile{% endif %} | `pip` | 6.1.0 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-updates-pnpm-support %} |
+[pnpm](#pnpm) | `npm` | v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
+poetry | `pip` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+[pub](#pub) | `pub` | v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-updates-swift-support %} |
+[Swift](#swift) | `swift` | v5 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
+[Terraform](#terraform) | `terraform` | >= 0.13, <= 1.8.x | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
+| {% ifversion dependabot-yarn-v3-update %} |
+[yarn](#yarn) | `npm` | v1, v2, v3 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}|{% else %}yarn | `npm` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | |
+| {% endif %} |
{% tip %}
@@ -37,6 +39,8 @@ pipenv | `pip` | <= 2021-05-29 | {% octicon "x" aria-label
{% endtip %}
+For further information about ecosystem support for {% data variables.product.prodname_dependabot_security_updates %}, see also "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems)."
+
#### Cargo
{% ifversion dependabot-updates-cargo-private-registry-support %}Private registry support includes cargo registries, so you can use {% data variables.product.prodname_dependabot %} to keep your Rust dependencies up-to-date. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#cargo)."{% else %}Private registry support applies to Git registries, and doesn't include cargo registries.{% endif %}
@@ -143,8 +147,6 @@ You can use {% data variables.product.prodname_dependabot %} to keep Dart depend
Private registry support applies to git registries only. Swift registries are not supported. Non-declarative manifests are not supported. For more information on non-declarative manifests, see [Editing Non-Declarative Manifests](https://github.com/apple/swift-evolution/blob/7003da1439ad60896ec14657dfce829f04b0632c/proposals/0301-package-editing-commands.md#editing-non-declarative-manifests) in the Swift Evolution documentation.
{% endif %}
-{% ifversion dependabot-yarn-v3-update %}
-
#### Terraform
Terraform support includes:
@@ -155,4 +157,3 @@ Terraform support includes:
#### yarn
Dependabot supports vendored dependencies for v2 onwards.
-{% endif %}
diff --git a/data/reusables/dependency-graph/dependency-submission-API-short.md b/data/reusables/dependency-graph/dependency-submission-API-short.md
index 955fb919cff9..f14316eda0b6 100644
--- a/data/reusables/dependency-graph/dependency-submission-API-short.md
+++ b/data/reusables/dependency-graph/dependency-submission-API-short.md
@@ -1,5 +1,5 @@
{% ifversion dependency-graph-repository-view-update %}
-Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} (beta) will show which detector was used for their submission and when they were submitted.
+Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted.
{% elsif ghes %}
The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files.
{% else %}{% endif %}
diff --git a/data/reusables/dependency-graph/sbom-intro.md b/data/reusables/dependency-graph/sbom-intro.md
index 599a49e00cab..2635121b2341 100644
--- a/data/reusables/dependency-graph/sbom-intro.md
+++ b/data/reusables/dependency-graph/sbom-intro.md
@@ -1,4 +1,4 @@
-An SBOM is a formal, machine-readable inventory of a project's dependencies and associated information (such as {%ifversion ghes %}versions and package identifiers{%else %}versions, package identifiers, and licenses{% endif %}). SBOMs help reduced supply chain risks by:
+An SBOM is a formal, machine-readable inventory of a project's dependencies and associated information (such as {% ifversion ghes %}versions and package identifiers{% else %}versions, package identifiers, licenses, and copyright information{% endif %}). SBOMs help reduced supply chain risks by:
* providing transparency about the dependencies used by your repository
* allowing vulnerabilities to be identified early in the process
diff --git a/data/reusables/dependency-review/about-dependency-review-action.md b/data/reusables/dependency-review/about-dependency-review-action.md
index d65c99a42516..0cd8fa7e0f73 100644
--- a/data/reusables/dependency-review/about-dependency-review-action.md
+++ b/data/reusables/dependency-review/about-dependency-review-action.md
@@ -1,5 +1 @@
You can use the [`dependency-review-action`](https://github.com/actions/dependency-review-action) in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository.
-
-
-
-By default, the {% data variables.dependency-review.action_name %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)."
diff --git a/data/reusables/dependency-review/about-dependency-review-action2.md b/data/reusables/dependency-review/about-dependency-review-action2.md
new file mode 100644
index 000000000000..09a9ec45eab5
--- /dev/null
+++ b/data/reusables/dependency-review/about-dependency-review-action2.md
@@ -0,0 +1 @@
+By default, the {% data variables.dependency-review.action_name %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)."
diff --git a/data/reusables/dependency-review/org-level-enforcement.md b/data/reusables/dependency-review/org-level-enforcement.md
new file mode 100644
index 000000000000..724247407a63
--- /dev/null
+++ b/data/reusables/dependency-review/org-level-enforcement.md
@@ -0,0 +1,5 @@
+{% ifversion repo-rules %}
+
+Organization owners can roll out dependency review at scale by enforcing the use of the {% data variables.dependency-review.action_name %} across repositories in the organization. This involves the use of repository rulesets for which you'll set the {% data variables.dependency-review.action_name %} as a required workflow, which means that pull requests can only be merged once the workflow passes all the required checks. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization)."
+
+{% endif %}
diff --git a/data/reusables/dependency-review/works-with-submission-api-beta.md b/data/reusables/dependency-review/works-with-submission-api-beta.md
index 59360fb04ae5..a7d5302a7b7e 100644
--- a/data/reusables/dependency-review/works-with-submission-api-beta.md
+++ b/data/reusables/dependency-review/works-with-submission-api-beta.md
@@ -1,5 +1,4 @@
{% note %}
-**Note:** The dependency review API and the {% data variables.dependency-submission-api.name %} work together. This means that the dependency review API will include dependencies submitted via the {% data variables.dependency-submission-api.name %}. This feature is currently in public beta and subject to change.
-
+**Note:** The dependency review API and the {% data variables.dependency-submission-api.name %} work together. This means that the dependency review API will include dependencies submitted via the {% data variables.dependency-submission-api.name %}.
{% endnote %}
diff --git a/data/reusables/dependency-submission/dependency-submission-api-beta.md b/data/reusables/dependency-submission/dependency-submission-api-beta.md
deleted file mode 100644
index b4246765bb65..000000000000
--- a/data/reusables/dependency-submission/dependency-submission-api-beta.md
+++ /dev/null
@@ -1,5 +0,0 @@
-{% note %}
-
-**Note:** The ability to use the REST API for dependency submission is currently in public beta and subject to change.
-
-{% endnote %}
diff --git a/data/reusables/dependency-submission/dependency-submission-link.md b/data/reusables/dependency-submission/dependency-submission-link.md
index 63f4d25cc108..82431bf45ddf 100644
--- a/data/reusables/dependency-submission/dependency-submission-link.md
+++ b/data/reusables/dependency-submission/dependency-submission-link.md
@@ -1,2 +1,2 @@
-Additionally, you can use the {% data variables.dependency-submission-api.name %} (beta) to submit dependencies from the package manager or ecosystem of your choice, even if the ecosystem is not supported by dependency graph for manifest or lock file analysis.
-{% ifversion dependency-graph-repository-view-update %}Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} (beta) will show which detector was used for their submission and when they were submitted.{% elsif ghes %} The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files.{% else %}{% endif %} For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
+Additionally, you can use the {% data variables.dependency-submission-api.name %} to submit dependencies from the package manager or ecosystem of your choice, even if the ecosystem is not supported by dependency graph for manifest or lock file analysis.
+{% ifversion dependency-graph-repository-view-update %}Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted.{% elsif ghes %} The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files.{% else %}{% endif %} For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
diff --git a/data/reusables/discussions/enabling-or-disabling-github-discussions-for-your-organization.md b/data/reusables/discussions/enabling-or-disabling-github-discussions-for-your-organization.md
index 308981c83641..6dbe0a4b1a44 100644
--- a/data/reusables/discussions/enabling-or-disabling-github-discussions-for-your-organization.md
+++ b/data/reusables/discussions/enabling-or-disabling-github-discussions-for-your-organization.md
@@ -1,4 +1,4 @@
-1. On {% data variables.location.product_location %}, navigate to the main page of your organization.
+1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of your organization.
1. Under your organization name, click {% octicon "gear" aria-label="The gear icon" %}
**Settings**.
diff --git a/data/reusables/discussions/navigate-to-repo-or-org.md b/data/reusables/discussions/navigate-to-repo-or-org.md
index 17ca81827c85..11d0d36c32a6 100644
--- a/data/reusables/discussions/navigate-to-repo-or-org.md
+++ b/data/reusables/discussions/navigate-to-repo-or-org.md
@@ -1 +1 @@
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization.
+1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of the repository or organization.
diff --git a/data/reusables/discussions/starting-a-discussion.md b/data/reusables/discussions/starting-a-discussion.md
index 9e0de6a2615a..7e33f133ea10 100644
--- a/data/reusables/discussions/starting-a-discussion.md
+++ b/data/reusables/discussions/starting-a-discussion.md
@@ -1,4 +1,4 @@
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository or organization where you want to start a discussion.
+1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of the repository or organization where you want to start a discussion.
{% data reusables.discussions.discussions-tab %}
1. On the right side of the page, click **New discussion**.
1. Select a discussion category by clicking **Get started**.
diff --git a/data/reusables/dotcom_billing/payment-methods.md b/data/reusables/dotcom_billing/payment-methods.md
index 77dd030dea12..792afc555669 100644
--- a/data/reusables/dotcom_billing/payment-methods.md
+++ b/data/reusables/dotcom_billing/payment-methods.md
@@ -1 +1,13 @@
+{% ifversion metered-ghe-ghas %}
+
+If your {% data variables.product.prodname_ghe_cloud %} account uses metered billing, you can pay for your licenses with a credit card, PayPal, or through an Azure subscription. For purchase orders, contact your account manager in {% data variables.contact.contact_enterprise_sales %}.
+
+> [!IMPORTANT] If you currently pay for your {% data variables.product.prodname_enterprise %} licenses through a volume, subscription, or prepaid agreement, you will continue to be billed in this way until your agreement expires. At renewal, you have the option to switch to the metered billing model. See, "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/getting-started-with-the-enhanced-billing-platform)."
+>
+> If you do not have an account manager and pay for {% data variables.product.prodname_enterprise %} via credit card or PayPal, the transition to usage-based billing will be prompted by the product in the future, but this is not currently supported.
+
+{% else %}
+
You can pay for {% data variables.product.product_name %} with a credit card or with a PayPal account.
+
+{% endif %}
diff --git a/data/reusables/dotcom_billing/view-all-subscriptions.md b/data/reusables/dotcom_billing/view-all-subscriptions.md
index 41f0921edddc..5c427d90d515 100644
--- a/data/reusables/dotcom_billing/view-all-subscriptions.md
+++ b/data/reusables/dotcom_billing/view-all-subscriptions.md
@@ -1 +1 @@
-To view all the subscriptions for your account on {% data variables.location.product_location %}, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/viewing-your-subscriptions-and-billing-date)."
+To view all the subscriptions for your account on {% data variables.product.prodname_dotcom %}, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/viewing-your-subscriptions-and-billing-date)."
diff --git a/data/reusables/emus/about-team-management-with-idp.md b/data/reusables/emus/about-team-management-with-idp.md
index d84f82cbc43c..318903fe8764 100644
--- a/data/reusables/emus/about-team-management-with-idp.md
+++ b/data/reusables/emus/about-team-management-with-idp.md
@@ -1 +1 @@
-With {% data variables.product.prodname_emus %}, you can manage team and organization membership within your enterprise through your IdP by connecting teams on {% data variables.location.product_location %} with groups on your IdP.
+{% ifversion ghec %}With {% data variables.product.prodname_emus %}{% else %}If you have configured SCIM provisioning{% endif %}, you can manage team and organization membership within your enterprise through your IdP by connecting teams on {% data variables.location.product_location %} with groups on your IdP.
diff --git a/data/reusables/enterprise-accounts/change-role-to-billing-manager.md b/data/reusables/enterprise-accounts/change-role-to-billing-manager.md
new file mode 100644
index 000000000000..8fc6da17cea9
--- /dev/null
+++ b/data/reusables/enterprise-accounts/change-role-to-billing-manager.md
@@ -0,0 +1,5 @@
+1. Confirm that your client is listed as an enterprise owner.
+1. To the right of your username, select the {% octicon "kebab-horizontal" aria-label="Administrator settings" %} dropdown menu, then click **Change role**.
+
+ 
+1. Select **Billing manager**, then click **Change role**.
diff --git a/data/reusables/enterprise-accounts/dormant-user-activity.md b/data/reusables/enterprise-accounts/dormant-user-activity.md
index 05fb420183fc..585134a42ca6 100644
--- a/data/reusables/enterprise-accounts/dormant-user-activity.md
+++ b/data/reusables/enterprise-accounts/dormant-user-activity.md
@@ -2,8 +2,8 @@ A user is considered active if the user has performed any of the following activ
* {% ifversion ghec%}Authenticating to access your enterprise's resources via SAML SSO{% else %}Signing into {% data variables.location.product_location %} {% endif %}
* Creating a repository
-* Pushing to a repository via HTTPS
-{% ifversion ghes %}- Pushing to a repository via SSH{% endif %}
+* Pushing to a repository via HTTPS{% ifversion ghes %}
+* Pushing to a repository via SSH{% endif %}
* Being added to a repository
* Changing the visibility of a repository
* Creating an issue or pull request
diff --git a/data/reusables/enterprise-accounts/emu-forks.md b/data/reusables/enterprise-accounts/emu-forks.md
index 558a3b591aed..998f21001626 100644
--- a/data/reusables/enterprise-accounts/emu-forks.md
+++ b/data/reusables/enterprise-accounts/emu-forks.md
@@ -1 +1 @@
-{% data variables.enterprise.prodname_managed_users_caps %} cannot fork repositories from outside of the enterprise. {% data variables.enterprise.prodname_managed_users_caps %} can fork private or internal repositories owned by organizations in the enterprise into their user account namespace or other organizations owned by the enterprise, as specified by enterprise policy.
+{% data variables.enterprise.prodname_managed_users_caps %} cannot fork repositories from outside of the enterprise. They can fork private or internal repositories owned by organizations in the enterprise into their user account namespace or other organizations owned by the enterprise, as specified by enterprise policy.
diff --git a/data/reusables/enterprise-accounts/emu-password-reset-session.md b/data/reusables/enterprise-accounts/emu-password-reset-session.md
index 21c343745513..182b04701857 100644
--- a/data/reusables/enterprise-accounts/emu-password-reset-session.md
+++ b/data/reusables/enterprise-accounts/emu-password-reset-session.md
@@ -1 +1 @@
-If you need to reset the password for your setup user, contact {% data variables.contact.github_support %} through the {% data variables.contact.contact_enterprise_portal %}.
+If you need to reset the password for your setup user, contact {% data variables.contact.github_support %} through the {% data variables.contact.contact_enterprise_portal %}. The usual password reset option by providing your email address will not work.
diff --git a/data/reusables/enterprise-accounts/enterprise-accounts-compliance-tab.md b/data/reusables/enterprise-accounts/enterprise-accounts-compliance-tab.md
index 2bd1da8a734b..f00be2214dcf 100644
--- a/data/reusables/enterprise-accounts/enterprise-accounts-compliance-tab.md
+++ b/data/reusables/enterprise-accounts/enterprise-accounts-compliance-tab.md
@@ -1 +1 @@
-1. In the enterprise account sidebar, click {% octicon "checklist" aria-hidden="true" %} **Compliance**.
+1. On the left side of the page, in the enterprise account sidebar, click {% octicon "checklist" aria-hidden="true" %} **Compliance**.
diff --git a/data/reusables/enterprise-accounts/license-tab.md b/data/reusables/enterprise-accounts/license-tab.md
index 4c958c7ad868..240d26d875fa 100644
--- a/data/reusables/enterprise-accounts/license-tab.md
+++ b/data/reusables/enterprise-accounts/license-tab.md
@@ -1,5 +1,3 @@
-1. Under {% octicon "gear" aria-hidden="true" %} **Settings**, click **{% ifversion ghec %}Enterprise licensing{% elsif ghes %}License{% endif %}**. {% ifversion ghec %}
+1. Under {% octicon "gear" aria-hidden="true" %} **Settings**, click **{% ifversion ghec %}Licensing{% elsif ghes %}License{% endif %}**. {% ifversion enhanced-billing-platform %}
- >[!NOTE] Enterprise accounts, and organizations owned by enterprise accounts, created after June 2, 2024, have access to the enhanced billing platform. Enterprises that participated in the beta program also have access to the enhanced billing platform.
- >
- > As part of the enhanced billing platform, the licensing page has been relocated. See "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/gathering-insights-on-your-spending#viewing-license-usage)."{% endif %}
+ >[!NOTE] If you are on the enhanced billing platform, the licensing page has been relocated. See "[AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/gathering-insights-on-your-spending#viewing-license-usage)."{% endif %}
diff --git a/data/reusables/enterprise-accounts/people-tab.md b/data/reusables/enterprise-accounts/people-tab.md
index d6821f0e1cad..3ec2dc0b4482 100644
--- a/data/reusables/enterprise-accounts/people-tab.md
+++ b/data/reusables/enterprise-accounts/people-tab.md
@@ -1 +1 @@
-1. In the enterprise account sidebar, click {% octicon "person" aria-hidden="true" %} **People**.
+1. On the left side of the page, in the enterprise account sidebar, click {% octicon "person" aria-hidden="true" %} **People**.
diff --git a/data/reusables/enterprise-accounts/policies-tab.md b/data/reusables/enterprise-accounts/policies-tab.md
index 405962dee8d6..6f84d00ce27a 100644
--- a/data/reusables/enterprise-accounts/policies-tab.md
+++ b/data/reusables/enterprise-accounts/policies-tab.md
@@ -1 +1 @@
-1. In the enterprise account sidebar, click {% octicon "law" aria-hidden="true" %} **Policies**.
+1. On the left side of the page, in the enterprise account sidebar, click {% octicon "law" aria-hidden="true" %} **Policies**.
diff --git a/data/reusables/enterprise-accounts/settings-tab.md b/data/reusables/enterprise-accounts/settings-tab.md
index f2e8bb807ee5..b53042f25f5d 100644
--- a/data/reusables/enterprise-accounts/settings-tab.md
+++ b/data/reusables/enterprise-accounts/settings-tab.md
@@ -1 +1 @@
-1. In the enterprise account sidebar, click {% octicon "gear" aria-hidden="true" %} **Settings**.
+1. On the left side of the page, in the enterprise account sidebar, click {% octicon "gear" aria-hidden="true" %} **Settings**.
diff --git a/data/reusables/enterprise-accounts/tenant-app-permissions.md b/data/reusables/enterprise-accounts/tenant-app-permissions.md
index 334177b2d500..0218bba525d6 100644
--- a/data/reusables/enterprise-accounts/tenant-app-permissions.md
+++ b/data/reusables/enterprise-accounts/tenant-app-permissions.md
@@ -1 +1 @@
-To select an Azure subscription, you must have owner permissions to the subscription. If the default tenant does not have the right permissions, you may need to specify a different tenant ID. For more information, see "[Prerequisites](#prerequisites)" and [Microsoft identity platform and OAuth 2.0 authorization code flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code) in Microsoft Docs.
+To select an Azure subscription, you must have owner permissions to the subscription. If the default tenant does not have the right permissions, you may need to specify a different tenant ID. For more information, see "[Prerequisites](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#prerequisites)" and [Microsoft identity platform and OAuth 2.0 authorization code flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code) in Microsoft Docs.
diff --git a/data/reusables/enterprise-managed/assigning-roles.md b/data/reusables/enterprise-managed/assigning-roles.md
index 23a6a1232996..c5e787bc27c2 100644
--- a/data/reusables/enterprise-managed/assigning-roles.md
+++ b/data/reusables/enterprise-managed/assigning-roles.md
@@ -1 +1 @@
-When assigning users, you can use the "Roles" attribute in the {% data variables.product.prodname_emu_idp_application %} application to set a user's role in your enterprise on {% data variables.product.product_name %}. For more information about the roles available to assign, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
+When assigning users, you can use the "Roles" attribute in the application on your IdP to set a user's role in your enterprise on {% data variables.product.product_name %}. For more information about the roles available to assign, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
diff --git a/data/reusables/enterprise-managed/assigning-users.md b/data/reusables/enterprise-managed/assigning-users.md
index 8b61074a4ad6..20cc229e0138 100644
--- a/data/reusables/enterprise-managed/assigning-users.md
+++ b/data/reusables/enterprise-managed/assigning-users.md
@@ -1 +1 @@
-After you have configured authentication and provisioning, you will be able to provision new users on {% data variables.product.prodname_dotcom %} by assigning users or groups to the {% data variables.product.prodname_emu_idp_application %} application.
+After you have configured authentication and provisioning, you will be able to provision new users on {% data variables.product.prodname_dotcom %} by assigning users or groups to the {% ifversion ghec %}{% data variables.product.prodname_emu_idp_application %} application{% else %}relevant application in your IdP{% endif %}.
diff --git a/data/reusables/enterprise-migration-tool/about-the-migrator-role.md b/data/reusables/enterprise-migration-tool/about-the-migrator-role.md
index 7822564a1f2e..96b203361391 100644
--- a/data/reusables/enterprise-migration-tool/about-the-migrator-role.md
+++ b/data/reusables/enterprise-migration-tool/about-the-migrator-role.md
@@ -1,7 +1,10 @@
-To remove the need for organization owners to complete migrations, {% data variables.product.prodname_dotcom_the_website %} includes a distinct role for using {% data variables.product.prodname_importer_proper_name %}. Granting the migrator role allows you to designate other teams or individuals to handle your migrations. You can only grant the migrator role for an organization on {% data variables.product.prodname_dotcom_the_website %}.
+To remove the need for organization owners to complete migrations, {% data variables.product.prodname_dotcom %} includes a distinct role for using {% data variables.product.prodname_importer_proper_name %}. Granting the migrator role allows you to designate other teams or individuals to handle your migrations. You can only grant the migrator role for an organization on {% data variables.product.prodname_dotcom_the_website %}.
You can grant the migrator role to an individual user or a team. We strongly recommend that you assign the migrator role to a team. Then, you can further customize who can run a migration by adjusting team membership. For more information about changing team membership, see "[AUTOTITLE](/organizations/organizing-members-into-teams/adding-organization-members-to-a-team)" or "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)."
+> [!WARNING]
+> When you grant the migrator role in an organization to a user or team, you are granting them the ability to import or export any repository in that organization.
+
To grant the migrator role, see "[Granting the migrator role](#granting-the-migrator-role)."
After you grant the migrator role, make sure the migrator uses a {% data variables.product.pat_generic %} that meets all the requirements for running migrations.
diff --git a/data/reusables/enterprise-migration-tool/deploy-key-bypass.md b/data/reusables/enterprise-migration-tool/deploy-key-bypass.md
new file mode 100644
index 000000000000..28ada4675f88
--- /dev/null
+++ b/data/reusables/enterprise-migration-tool/deploy-key-bypass.md
@@ -0,0 +1,3 @@
+> [!NOTE] If the repository you are migrating has rulesets that the incoming repository doesn't match, the migration will be blocked. To bypass these rulesets and allow the migration, you can apply a ruleset bypass for all deploy keys in the target organization.
+>
+> Repository rulesets can be set at the organization level. If the incoming repository does not match any of these rulesets, you will need to use the deploy key bypass for each one. See "[AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#granting-bypass-permissions-for-your-branch-or-tag-ruleset)."
diff --git a/data/reusables/enterprise-migration-tool/limitations-of-migrated-data.md b/data/reusables/enterprise-migration-tool/limitations-of-migrated-data.md
index cb9198dde7d1..63034fdd8c5d 100644
--- a/data/reusables/enterprise-migration-tool/limitations-of-migrated-data.md
+++ b/data/reusables/enterprise-migration-tool/limitations-of-migrated-data.md
@@ -1,6 +1,6 @@
-There are limits to what {% data variables.product.prodname_importer_proper_name %} can migrate. Some are due to limitations of {% data variables.product.prodname_dotcom_the_website %}, while others are limitations of {% data variables.product.prodname_importer_proper_name %} itself.
+There are limits to what {% data variables.product.prodname_importer_proper_name %} can migrate. Some are due to limitations of {% data variables.product.prodname_dotcom %}, while others are limitations of {% data variables.product.prodname_importer_proper_name %} itself.
-### Limitations of {% data variables.product.prodname_dotcom_the_website %}
+### Limitations of {% data variables.product.prodname_dotcom %}
* **2 GB size limit for a single Git commit:** No single commit in your Git repository can be larger than 2 GB. If any of your commits are larger than 2 GB, you will need to split the commit into smaller commits that are each 2 GB or smaller.
* **255 byte limit for Git references:** No single [Git reference](https://git-scm.com/book/en/v2/Git-Internals-Git-References), commonly known as a "ref", can have a name larger than 255 bytes. Usually, this means that your references cannot be more than 255 characters long, but any non-[ASCII](https://en.wikipedia.org/wiki/ASCII) characters, such as emojis, may consume more than one byte. If any of your Git references are too large, we'll return a clear error message.
diff --git a/data/reusables/enterprise/about-enterprise-accounts.md b/data/reusables/enterprise/about-enterprise-accounts.md
index 296d96a5b15d..a83c07d4739a 100644
--- a/data/reusables/enterprise/about-enterprise-accounts.md
+++ b/data/reusables/enterprise/about-enterprise-accounts.md
@@ -1 +1 @@
-Your enterprise account on {% data variables.product.prodname_dotcom_the_website %} allows you to manage multiple organizations. Your enterprise account must have a handle, like an organization or user account on {% data variables.product.prodname_dotcom %}.
+Your enterprise account on {% data variables.product.prodname_dotcom %} allows you to manage multiple organizations. Your enterprise account must have a handle, like an organization or user account on {% data variables.product.prodname_dotcom %}.
diff --git a/data/reusables/enterprise/azure-maps-auth-deprecation-link.md b/data/reusables/enterprise/azure-maps-auth-deprecation-link.md
index 9a47796ad8ee..825e0b4ba316 100644
--- a/data/reusables/enterprise/azure-maps-auth-deprecation-link.md
+++ b/data/reusables/enterprise/azure-maps-auth-deprecation-link.md
@@ -1 +1 @@
-For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes.
+For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes.
diff --git a/data/reusables/enterprise/editor-role-note.md b/data/reusables/enterprise/editor-role-note.md
index 7c4c818525ef..2a368351cf3b 100644
--- a/data/reusables/enterprise/editor-role-note.md
+++ b/data/reusables/enterprise/editor-role-note.md
@@ -3,8 +3,7 @@
{%- ifversion ghes = 3.12 %} 3.12.2{%- endif %}
{%- ifversion ghes = 3.11 %} 3.11.8{%- endif %}
{%- ifversion ghes = 3.10 %} 3.10.10{%- endif %}
-{%- ifversion ghes = 3.9 %} 3.9.13{%- endif %}. For more information, see
+. For more information, see
{%- ifversion ghes = 3.12 %} "[AUTOTITLE](/enterprise-server@3.12/admin/release-notes#3.12.2-security-fixes)."{%- endif %}
{%- ifversion ghes = 3.11 %} "[AUTOTITLE](/enterprise-server@3.11/admin/release-notes#3.11.8-security-fixes)."{%- endif %}
{%- ifversion ghes = 3.10 %} "[AUTOTITLE](/enterprise-server@3.10/admin/release-notes#3.10.10-security-fixes)."{%- endif %}
-{%- ifversion ghes = 3.9 %} "[AUTOTITLE](/enterprise-server@3.9/admin/release-notes#3.9.13-security-fixes)."{%- endif %}
diff --git a/data/reusables/enterprise/enterprise-types.md b/data/reusables/enterprise/enterprise-types.md
new file mode 100644
index 000000000000..794f9364e245
--- /dev/null
+++ b/data/reusables/enterprise/enterprise-types.md
@@ -0,0 +1,8 @@
+## About enterprise types
+
+While setting up your trial of {% data variables.product.prodname_ghe_cloud %}, you'll choose an enterprise type.
+
+* Enterprise with personal accounts
+* Enterprise with managed users
+
+To help you decide which choice is best for your enterprise, see "[AUTOTITLE]({% ifversion not ghec%}/enterprise-cloud@latest{% endif %}/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
diff --git a/data/reusables/enterprise/ghec-authentication-options.md b/data/reusables/enterprise/ghec-authentication-options.md
index d7e3d5b18a00..139d8f9a6c77 100644
--- a/data/reusables/enterprise/ghec-authentication-options.md
+++ b/data/reusables/enterprise/ghec-authentication-options.md
@@ -1 +1 @@
-You can allow people to use a personal account on {% data variables.product.prodname_dotcom_the_website %} to access your enterprise's resources and optionally configure additional SAML access restriction, or you can provision and control the accounts for your enterprise using your identity provider (IdP) with {% data variables.product.prodname_emus %}.
+You can allow people to use a personal account on {% data variables.product.prodname_dotcom %} to access your enterprise's resources and optionally configure additional SAML access restriction, or you can provision and control the accounts for your enterprise using your identity provider (IdP) with {% data variables.product.prodname_emus %}.
diff --git a/data/reusables/enterprise/ghes-is-a-self-hosted-platform.md b/data/reusables/enterprise/ghes-is-a-self-hosted-platform.md
index c69176c7ade7..efe19260189c 100644
--- a/data/reusables/enterprise/ghes-is-a-self-hosted-platform.md
+++ b/data/reusables/enterprise/ghes-is-a-self-hosted-platform.md
@@ -1 +1 @@
-{% data variables.product.product_name %} is a self-hosted platform for software development within your enterprise.
+{% data variables.product.product_name %} is a self-hosted version of the {% data variables.product.prodname_dotcom %} platform.
diff --git a/data/reusables/enterprise/invoiced-customer-to-access-ghes.md b/data/reusables/enterprise/invoiced-customer-to-access-ghes.md
deleted file mode 100644
index 38849e45f4d3..000000000000
--- a/data/reusables/enterprise/invoiced-customer-to-access-ghes.md
+++ /dev/null
@@ -1,5 +0,0 @@
-{% note %}
-
-**Note:** Only invoiced customers can access {% data variables.product.prodname_ghe_server %}. To switch to invoicing, contact {% data variables.contact.contact_enterprise_sales %}.
-
-{% endnote %}
diff --git a/data/reusables/enterprise/single-organizations-enterprise-migration.md b/data/reusables/enterprise/single-organizations-enterprise-migration.md
new file mode 100644
index 000000000000..eddc10f9abec
--- /dev/null
+++ b/data/reusables/enterprise/single-organizations-enterprise-migration.md
@@ -0,0 +1,3 @@
+> [!NOTE] Starting September 3, 2024, {% data variables.product.prodname_ghe_cloud %} customers who use a single organization will be automatically upgraded to an enterprise account at no additional cost.
+
+
\ No newline at end of file
diff --git a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md b/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md
index b001dd82c477..5d8b19019b1b 100644
--- a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md
+++ b/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md
@@ -1 +1 @@
-After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
+After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
diff --git a/data/reusables/enterprise_clustering/cluster-ip-note.md b/data/reusables/enterprise_clustering/cluster-ip-note.md
index 991f39392d26..bd88734d5371 100644
--- a/data/reusables/enterprise_clustering/cluster-ip-note.md
+++ b/data/reusables/enterprise_clustering/cluster-ip-note.md
@@ -3,11 +3,11 @@
{%- ifversion ghes = 3.12 %} 3.12.2{%- endif %}
{%- ifversion ghes = 3.11 %} 3.11.8{%- endif %}
{%- ifversion ghes = 3.10 %} 3.10.10{%- endif %}
-{%- ifversion ghes = 3.9 %} 3.9.13{%- endif %}. For more information, see
+. For more information, see
{%- ifversion ghes = 3.12 %} "[AUTOTITLE](/enterprise-server@3.12/admin/release-notes#3.12.2-security-fixes)."{%- endif %}
{%- ifversion ghes = 3.11 %} "[AUTOTITLE](/enterprise-server@3.11/admin/release-notes#3.11.8-security-fixes)."{%- endif %}
{%- ifversion ghes = 3.10 %} "[AUTOTITLE](/enterprise-server@3.10/admin/release-notes#3.10.10-security-fixes)."{%- endif %}
-{%- ifversion ghes = 3.9 %} "[AUTOTITLE](/enterprise-server@3.9/admin/release-notes#3.9.13-security-fixes)."{%- endif %}
+
>
> {% data reusables.enterprise_clustering.failover-blocks-ips %}
>
diff --git a/data/reusables/enterprise_clustering/high-availability-requires-391.md b/data/reusables/enterprise_clustering/high-availability-requires-391.md
deleted file mode 100644
index df4da015579b..000000000000
--- a/data/reusables/enterprise_clustering/high-availability-requires-391.md
+++ /dev/null
@@ -1,9 +0,0 @@
-{% ifversion ghes = 3.9 %}
-
-{% note %}
-
-**Note:** High availability replication is available on {% data variables.product.prodname_ghe_server %} version 3.9.1 and later.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/enterprise_clustering/replacing-a-cluster-node-modify-cluster-conf.md b/data/reusables/enterprise_clustering/replacing-a-cluster-node-modify-cluster-conf.md
index 51659fafec18..806974a25297 100644
--- a/data/reusables/enterprise_clustering/replacing-a-cluster-node-modify-cluster-conf.md
+++ b/data/reusables/enterprise_clustering/replacing-a-cluster-node-modify-cluster-conf.md
@@ -5,6 +5,7 @@
hostname = ghe-replacement-data-node-3
ipv4 = 192.168.0.7
# ipv6 = fd12:3456:789a:1::7
+ consul-datacenter = PRIMARY-DATACENTER
git-server = true
pages-server = true
mysql-server = true
@@ -15,4 +16,4 @@
storage-server = true
- You can choose to defer database seeding of a new MySQL replica node, resulting in being able to open your appliance to traffic sooner. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)."
+ You can choose to defer database seeding of a new MySQL replica node, resulting in being able to open your appliance to traffic sooner. For more information, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-clustering/deferring-database-seeding)."
diff --git a/data/reusables/enterprise_clustering/x-forwarded-for.md b/data/reusables/enterprise_clustering/x-forwarded-for.md
index 69c89c26ae54..b15a07f7d56f 100644
--- a/data/reusables/enterprise_clustering/x-forwarded-for.md
+++ b/data/reusables/enterprise_clustering/x-forwarded-for.md
@@ -1 +1 @@
-Use the X-Forwarded-For protocol **only** when the PROXY protocol is unavailable. The `X-Forwarded-For` header only works with HTTP and HTTPS. The IP address reported for Git connections over SSH will show the load balancer IP.
+Use the `X-Forwarded-For` protocol **only** when the PROXY protocol is unavailable. The `X-Forwarded-For` header is compatible with HTTP and HTTPS only. For Git connections over SSH, the IP address reported will be that of the load balancer. In some environments, client IP addresses in the instance's audit log may incorrectly appear as `127.0.0.1`.
diff --git a/data/reusables/enterprise_deprecation/deprecation_details.md b/data/reusables/enterprise_deprecation/deprecation_details.md
index 22d41352244f..2087c65d72e7 100644
--- a/data/reusables/enterprise_deprecation/deprecation_details.md
+++ b/data/reusables/enterprise_deprecation/deprecation_details.md
@@ -1,2 +1,2 @@
-No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server.
+No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server.
For help with the upgrade, contact GitHub Enterprise support.
diff --git a/data/reusables/enterprise_installation/disable-maintenance-mode-after-replica-upgrade.md b/data/reusables/enterprise_installation/disable-maintenance-mode-after-replica-upgrade.md
new file mode 100644
index 000000000000..5bdc08d3ad6d
--- /dev/null
+++ b/data/reusables/enterprise_installation/disable-maintenance-mode-after-replica-upgrade.md
@@ -0,0 +1 @@
+1. After you have upgraded the last replica node and the resync is complete, disable maintenance mode so users can use {% data variables.location.product_location %}.
diff --git a/data/reusables/enterprise_installation/download-note.md b/data/reusables/enterprise_installation/download-note.md
index dfd67e2671fe..6e995939bad1 100644
--- a/data/reusables/enterprise_installation/download-note.md
+++ b/data/reusables/enterprise_installation/download-note.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** If you've enabled automatic update checks, you don't need to download the upgrade package and can use the file that was automatically downloaded. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks)."
-
-{% endnote %}
+> [!NOTE] If you've enabled automatic update checks, you don't need to download the upgrade package and can use the file that was automatically downloaded. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks)."
diff --git a/data/reusables/enterprise_installation/hotpatching-explanation.md b/data/reusables/enterprise_installation/hotpatching-explanation.md
index 56b4aac4b9ab..78fd20a44b09 100644
--- a/data/reusables/enterprise_installation/hotpatching-explanation.md
+++ b/data/reusables/enterprise_installation/hotpatching-explanation.md
@@ -4,4 +4,4 @@ You can use hotpatching to upgrade to a newer patch release, but not a feature r
Hotpatches do not generally require a reboot. If a hotpatch does require a reboot, the {% data variables.product.product_name %} release notes will indicate the requirement.
-Hotpatches require a configuration run, which can cause a brief period of errors or unresponsiveness for some or all services on {% data variables.location.product_location %}. You are not required to enable maintenance mode during installation of a hotpatch, but doing so will guarantee that users see a maintenance page instead of errors or timeouts. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+Hotpatches require a configuration run, which can cause a brief period of errors or unresponsiveness for some or all services on {% data variables.location.product_location %}. You are not required to enable maintenance mode during installation of a hotpatch, but doing so will guarantee that users see a maintenance page instead of errors or timeouts. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
diff --git a/data/reusables/enterprise_installation/replication-status-upgrade.md b/data/reusables/enterprise_installation/replication-status-upgrade.md
new file mode 100644
index 000000000000..e0ab1ad5e44c
--- /dev/null
+++ b/data/reusables/enterprise_installation/replication-status-upgrade.md
@@ -0,0 +1,21 @@
+If the command returns `Replication is not running`, the replication may still be starting. Wait about one minute before running `ghe-repl-status` again.
+
+ {% note %}
+
+ **Notes:**
+
+ * While the resync is in progress `ghe-repl-status` may indicate that replication is behind. For example, you may see the following message.
+
+ ```text
+ CRITICAL: git replication is behind the primary by more than 1007 repositories and/or gists
+ ```
+
+ * If {% data variables.product.prodname_actions %} is enabled on {% data variables.location.product_location %}, you may see a message like the following. This message is expected when replication is paused due to maintenance mode being set on the primary appliance. Once maintenance mode is unset, this message should be resolved.
+
+ ```text
+ CRITICAL: mssql replication is down, didn't find Token_Configuration!
+ ```
+
+ {% endnote %}
+
+ If `ghe-repl-status` did not return `OK`, and the explanation isn't listed in the note above, contact {% data variables.contact.enterprise_support %}. For more information, see "[AUTOTITLE](/support/contacting-github-support)."
diff --git a/data/reusables/enterprise_user_management/about-scim-provisioning.md b/data/reusables/enterprise_user_management/about-scim-provisioning.md
index 67624225acfd..a9b2da90d281 100644
--- a/data/reusables/enterprise_user_management/about-scim-provisioning.md
+++ b/data/reusables/enterprise_user_management/about-scim-provisioning.md
@@ -1 +1 @@
-To create, manage, and deactivate user accounts for your enterprise members on {% data variables.location.product_location %}, your IdP must implement SCIM for communication with {% data variables.product.prodname_dotcom %}. SCIM is an open specification for management of user identities between systems. Different IdPs provide different experiences for the configuration of SCIM provisioning.
+To create, manage, and deactivate user accounts for your enterprise members on {% data variables.location.product_location %}, your IdP {% ifversion ghec %}must{% else %}can{% endif %} implement SCIM for communication with {% data variables.product.prodname_dotcom %}. SCIM is an open specification for management of user identities between systems. Different IdPs provide different experiences for the configuration of SCIM provisioning.
diff --git a/data/reusables/enterprise_user_management/emu-paved-path-iam-integrations.md b/data/reusables/enterprise_user_management/emu-paved-path-iam-integrations.md
index d5c628178aca..9609a4fd0318 100644
--- a/data/reusables/enterprise_user_management/emu-paved-path-iam-integrations.md
+++ b/data/reusables/enterprise_user_management/emu-paved-path-iam-integrations.md
@@ -1 +1 @@
-{% data variables.product.company_short %} partners with some developers of identity management systems to provide a "paved-path" integration with {% data variables.product.prodname_emus %}. To simplify your configuration and ensure full support, **use a single partner IdP for both authentication and provisioning.**
+{% data variables.product.company_short %} partners with some developers of identity management systems to provide a "paved-path" integration with {% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}{% data variables.product.product_name %}{% endif %}. To simplify your configuration and ensure full support, **use a single partner IdP for both authentication and provisioning.**
diff --git a/data/reusables/enterprise_user_management/scim-manages-user-lifecycle.md b/data/reusables/enterprise_user_management/scim-manages-user-lifecycle.md
new file mode 100644
index 000000000000..16669f53db39
--- /dev/null
+++ b/data/reusables/enterprise_user_management/scim-manages-user-lifecycle.md
@@ -0,0 +1,10 @@
+With SCIM, you manage the lifecycle of user accounts from your IdP:
+
+* {% ifversion ghec %}After you configure provisioning for {% data variables.product.prodname_emus %}, your IdP uses SCIM to provision user accounts on {% data variables.location.product_location %} and add the accounts to your enterprise.{% else %}When you provision a new user, your IdP will prompt {% data variables.location.product_location %} to create an account and send an onboarding email to the user.{% endif %} If you assign a group to the application in your IdP, your IdP will provision accounts for all members of the group.
+* When you update information associated with a user's identity on your IdP, your IdP will update the user's account on {% data variables.product.prodname_dotcom %}.
+* When you unassign the user from the IdP application or deactivate a user's account on your IdP, your IdP will communicate with {% data variables.product.prodname_dotcom %} to invalidate any sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username{% ifversion ghec %} with the short code appended{% endif %}.
+* If you reassign a user to the IdP application or reactivate their account on your IdP, the user account will be reactivated, and the username will be restored.
+
+{% ifversion ghec or ghes > 3.13 %}
+To configure team and organization membership, repository access, and permissions on {% data variables.product.product_name %}, you can use groups on your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+{% endif %}
diff --git a/data/reusables/files/choose-commit-email.md b/data/reusables/files/choose-commit-email.md
index 05c43e8519d5..32cff80d725f 100644
--- a/data/reusables/files/choose-commit-email.md
+++ b/data/reusables/files/choose-commit-email.md
@@ -1,5 +1,5 @@
{%- ifversion fpt or ghec %}
-1. If you have more than one email address associated with your account on {% data variables.location.product_location %}, click the email address drop-down menu and select the email address to use as the Git author email address. Only verified email addresses appear in this drop-down menu. If you enabled email address privacy, then a no-reply will be the default commit author email address. For more information about the exact form the no-reply email address can take, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)."
+1. If you have more than one email address associated with your account on {% data variables.product.prodname_dotcom %}, click the email address drop-down menu and select the email address to use as the Git author email address. Only verified email addresses appear in this drop-down menu. If you enabled email address privacy, then a no-reply will be the default commit author email address. For more information about the exact form the no-reply email address can take, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)."
{%- endif %}
diff --git a/data/reusables/gated-features/copilot-business-and-enterprise.md b/data/reusables/gated-features/copilot-business-and-enterprise.md
index 6772a9fe8ca5..1b1e6dc9089c 100644
--- a/data/reusables/gated-features/copilot-business-and-enterprise.md
+++ b/data/reusables/gated-features/copilot-business-and-enterprise.md
@@ -1 +1 @@
-Organizations with a subscription to [{% data variables.product.prodname_copilot_for_business %}](/copilot/copilot-business/about-github-copilot-business) or [{% data variables.product.prodname_copilot_enterprise %}](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise).
+Organizations with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}
diff --git a/data/reusables/gated-features/dependabot-alerts.md b/data/reusables/gated-features/dependabot-alerts.md
index 261e5e61be57..f045661c37a6 100644
--- a/data/reusables/gated-features/dependabot-alerts.md
+++ b/data/reusables/gated-features/dependabot-alerts.md
@@ -1,5 +1,5 @@
{%- ifversion fpt or ghec %}
-{% data variables.product.prodname_dependabot_alerts %} are free to use for all repositories on {% data variables.product.prodname_dotcom_the_website %}. {% ifversion fpt%}Advanced capabilities, like the ability to create {% data variables.dependabot.custom_rules %} for {% data variables.product.prodname_dependabot_alerts %}, are available (for free) on public repositories only.{% elsif ghec %} Advanced capabilities, like reachability analysis and the ability to create {% data variables.dependabot.custom_rules %}, are available on any organization-owned repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
+{% data variables.product.prodname_dependabot_alerts %} are free to use for all repositories on {% data variables.product.prodname_dotcom %}. {% ifversion fpt%}Advanced capabilities, like the ability to create {% data variables.dependabot.custom_rules %} for {% data variables.product.prodname_dependabot_alerts %}, are available (for free) on public repositories only.{% elsif ghec %} Advanced capabilities, like reachability analysis and the ability to create {% data variables.dependabot.custom_rules %}, are available on any organization-owned repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
{%- elsif ghes %}
{% data variables.product.prodname_dependabot_alerts %} are free to use for repositories (user-owned and organization-owned) on {% data variables.product.prodname_ghe_server %}, provided enterprise administrators enable the feature for your enterprise.{% ifversion dependabot-auto-triage-rules %} Advanced capabilities, like the ability to create {% data variables.dependabot.custom_rules %}, are available to all organization-owned repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
diff --git a/data/reusables/gated-features/dependabot-security-updates.md b/data/reusables/gated-features/dependabot-security-updates.md
index 4f8c47cf4dc5..3df6ba6b58f5 100644
--- a/data/reusables/gated-features/dependabot-security-updates.md
+++ b/data/reusables/gated-features/dependabot-security-updates.md
@@ -1,5 +1,5 @@
{%- ifversion fpt or ghec %}
-{% data variables.product.prodname_dependabot_security_updates %} are free to use for all repositories on {% data variables.product.prodname_dotcom_the_website %}.
+{% data variables.product.prodname_dependabot_security_updates %} are free to use for all repositories on {% data variables.product.prodname_dotcom %}.
{%- else %}
{% data variables.product.prodname_dependabot_security_updates %} are free to use for repositories (user-owned and organization-owned) on {% data variables.product.prodname_ghe_server %}, provided enterprise administrators enable the feature for your enterprise.
diff --git a/data/reusables/gated-features/dependabot-version-updates.md b/data/reusables/gated-features/dependabot-version-updates.md
index bc8e28ebc36b..3414618d9b72 100644
--- a/data/reusables/gated-features/dependabot-version-updates.md
+++ b/data/reusables/gated-features/dependabot-version-updates.md
@@ -1,5 +1,5 @@
{%- ifversion fpt or ghec %}
-{% data variables.product.prodname_dependabot_version_updates %} are free to use for all repositories on {% data variables.product.prodname_dotcom_the_website %}.
+{% data variables.product.prodname_dependabot_version_updates %} are free to use for all repositories on {% data variables.product.prodname_dotcom %}.
{%- else %}
{% data variables.product.prodname_dependabot_version_updates %} are free to use for repositories (user-owned and organization-owned) on {% data variables.product.prodname_ghe_server %}, provided enterprise administrators enable the feature for your enterprise.
diff --git a/data/reusables/gated-features/dependency-review-action.md b/data/reusables/gated-features/dependency-review-action.md
new file mode 100644
index 000000000000..1daebd5626b0
--- /dev/null
+++ b/data/reusables/gated-features/dependency-review-action.md
@@ -0,0 +1,10 @@
+{%- ifversion fpt %}
+The {% data variables.dependency-review.action_name %} is available for public repositories. The {% data variables.dependency-review.action_name %} is also available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}.
+
+{%- elsif ghec %}
+The {% data variables.dependency-review.action_name %} is available for public repositories. To configure the {% data variables.dependency-review.action_name %} in private repositories owned by organizations, you must have a license for {% data variables.product.prodname_GH_advanced_security %}.
+
+{%- elsif ghes %}
+The {% data variables.dependency-review.action_name %} is available for organization-owned repositories in {% data variables.product.product_name %}. This feature requires a license for {% data variables.product.prodname_GH_advanced_security %}.
+
+{%- endif %} {% data reusables.advanced-security.more-info-ghas %}
diff --git a/data/reusables/gated-features/draft-prs.md b/data/reusables/gated-features/draft-prs.md
index 78ed43a2d2a7..26184e4d403b 100644
--- a/data/reusables/gated-features/draft-prs.md
+++ b/data/reusables/gated-features/draft-prs.md
@@ -1 +1 @@
-Draft pull requests are available in public repositories with {% data variables.product.prodname_free_team %} for organizations and legacy per-repository billing plans, and in public and private repositories with {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_server %}, and {% data variables.product.prodname_ghe_cloud %}. {% ifversion fpt or ghec %}{% data reusables.gated-features.more-info %}{% endif %}
+Draft pull requests are available in public repositories with {% data variables.product.prodname_free_team %} for organizations and legacy per-repository billing plans. Draft pull requests are also available in public and private repositories with {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}.{% ifversion fpt or ghec %}{% data reusables.gated-features.more-info %}{% endif %}
diff --git a/data/reusables/gated-features/emus.md b/data/reusables/gated-features/emus.md
index 8104d90ebd64..d50d56ff8638 100644
--- a/data/reusables/gated-features/emus.md
+++ b/data/reusables/gated-features/emus.md
@@ -1 +1,5 @@
+{% ifversion ghec %}
+
{% data variables.product.prodname_emus %} is available for new enterprise accounts on {% data variables.product.prodname_ghe_cloud %}. See "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+
+{% endif %}
diff --git a/data/reusables/gated-features/ghas-ghec.md b/data/reusables/gated-features/ghas-ghec.md
index c45d1db3899b..d8a91c01565c 100644
--- a/data/reusables/gated-features/ghas-ghec.md
+++ b/data/reusables/gated-features/ghas-ghec.md
@@ -1,3 +1,3 @@
-{% data variables.product.prodname_GH_advanced_security %} is available for enterprise accounts on {% data variables.product.prodname_ghe_cloud %}.{% ifversion fpt or ghec %} Some features of {% data variables.product.prodname_GH_advanced_security %} are also available for public repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)."{% endif %}{% ifversion ghas-for-azure-devops %}
{% endif %}
+{% data variables.product.prodname_GH_advanced_security %} is available for enterprise accounts on {% data variables.product.prodname_ghe_cloud %}.{% ifversion fpt or ghec %} Some features of {% data variables.product.prodname_GH_advanced_security %} are also available for public repositories on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)."{% endif %}{% ifversion ghas-for-azure-devops %}
{% endif %}
{% data reusables.advanced-security.ghas-for-azdo-link %}
diff --git a/data/reusables/gated-features/ghas.md b/data/reusables/gated-features/ghas.md
index e51824d0709f..c450ecae940b 100644
--- a/data/reusables/gated-features/ghas.md
+++ b/data/reusables/gated-features/ghas.md
@@ -1,3 +1,3 @@
-{% data variables.product.prodname_GH_advanced_security %} is available for enterprise accounts on {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}.{% ifversion fpt or ghec %} Some features of {% data variables.product.prodname_GH_advanced_security %} are also available for public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)."
+{% data variables.product.prodname_GH_advanced_security %} is available for enterprise accounts on {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}.{% ifversion fpt or ghec %} Some features of {% data variables.product.prodname_GH_advanced_security %} are also available for public repositories on {% data variables.product.prodname_dotcom %}.{% endif %} For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)."
{% ifversion ghas-for-azure-devops %}
{% endif %}
{% data reusables.advanced-security.ghas-for-azdo-link %}
diff --git a/data/reusables/gated-features/pages.md b/data/reusables/gated-features/pages.md
index cbc49d808df2..94ceae037c62 100644
--- a/data/reusables/gated-features/pages.md
+++ b/data/reusables/gated-features/pages.md
@@ -1,3 +1,3 @@
{% data variables.product.prodname_pages %} is available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}. {% ifversion fpt or ghec %}{% data reusables.gated-features.more-info %}{% endif %}
-{% ifversion fpt or ghec %}All {% data variables.product.prodname_pages %} builds will use {% data variables.product.prodname_actions %} from June 30, 2024. No other changes are required but {% data variables.product.prodname_actions %} must be enabled in your repository for builds to continue. For more information on enabling {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository)."{% endif %}
+{% ifversion fpt or ghec %}{% data variables.product.prodname_pages %} now uses {% data variables.product.prodname_actions %} to execute the Jekyll build. When using a branch as the source of your build, {% data variables.product.prodname_actions %} must be enabled in your repository if you want to use the built-in Jekyll workflow. Alternatively, if {% data variables.product.prodname_actions %} is unavailable or disabled, adding a `.nojekyll` file to the root of your source branch will bypass the Jekyll build process and deploy the content directly. For more information on enabling {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository)."{% endif %}
diff --git a/data/reusables/gated-features/partner-pattern-validity-check-ghas.md b/data/reusables/gated-features/partner-pattern-validity-check-ghas.md
index fb2b9bd79ce0..236d1d4d1bee 100644
--- a/data/reusables/gated-features/partner-pattern-validity-check-ghas.md
+++ b/data/reusables/gated-features/partner-pattern-validity-check-ghas.md
@@ -1,5 +1,5 @@
{% ifversion ghec %}
-Validity checks for partner patterns is available on all types of repositories on {% data variables.product.prodname_dotcom_the_website %}. To use this feature, you must have a license for {% data variables.product.prodname_GH_advanced_security %}.
+Validity checks for partner patterns is available on all types of repositories on {% data variables.product.prodname_dotcom %}. To use this feature, you must have a license for {% data variables.product.prodname_GH_advanced_security %}.
{% elsif ghes %}
Validity checks for partner patterns is available on all types of repositories in {% data variables.product.product_name %}. This feature requires a license for {% data variables.product.prodname_GH_advanced_security %}.
diff --git a/data/reusables/gated-features/protected-branches.md b/data/reusables/gated-features/protected-branches.md
index 73968f25639c..ccefc323b30e 100644
--- a/data/reusables/gated-features/protected-branches.md
+++ b/data/reusables/gated-features/protected-branches.md
@@ -1 +1 @@
-Protected branches are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}. {% ifversion fpt or ghec %}{% data reusables.gated-features.more-info %}{% endif %}
+Protected branches are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations. Protected branches are also available in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}.{% ifversion fpt or ghec %}{% data reusables.gated-features.more-info %}{% endif %}
diff --git a/data/reusables/gated-features/push-protection-users-and-repos.md b/data/reusables/gated-features/push-protection-users-and-repos.md
index 1ad4a05bdc9c..d3cb5795c740 100644
--- a/data/reusables/gated-features/push-protection-users-and-repos.md
+++ b/data/reusables/gated-features/push-protection-users-and-repos.md
@@ -10,4 +10,4 @@ Push protection for repositories and organizations is available for {% ifversion
{%- elsif ghes %}
Push protection is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
-For more information, see {% ifversion secret-scanning-push-protection-for-users %}"[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)" and {% endif %}"[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."
+For more information, see {% ifversion secret-scanning-push-protection-for-users %}"[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)" and {% endif %}"[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
diff --git a/data/reusables/getting-started/configuring-security-features.md b/data/reusables/getting-started/configuring-security-features.md
index 666b0a16a841..dc9eae2257b6 100644
--- a/data/reusables/getting-started/configuring-security-features.md
+++ b/data/reusables/getting-started/configuring-security-features.md
@@ -1 +1 @@
-To keep {% ifversion ghes %}the organizations in {% data variables.location.product_location %}{% else %}your organization{% endif %} secure, you can use a variety of {% data variables.product.prodname_dotcom %} security features, including security policies, dependency graphs, secret scanning and Dependabot security and version updates. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-organization)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+To keep {% ifversion ghes %}the organizations in {% data variables.location.product_location %}{% else %}your organization{% endif %} secure, you can use a variety of {% data variables.product.prodname_dotcom %} security features, including security policies, dependency graphs, secret scanning and Dependabot security and version updates. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %}
diff --git a/data/reusables/gpg/copy-gpg-key-id.md b/data/reusables/gpg/copy-gpg-key-id.md
index 57d5bb00af5d..f041b3e819c9 100644
--- a/data/reusables/gpg/copy-gpg-key-id.md
+++ b/data/reusables/gpg/copy-gpg-key-id.md
@@ -1,7 +1,6 @@
1. From the list of GPG keys, copy the long form of the GPG key ID you'd like to use. In this example, the GPG key ID is `3AA5C34371567BD2`:
```shell copy
-
$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
diff --git a/data/reusables/gpg/paste-gpg-key-id.md b/data/reusables/gpg/paste-gpg-key-id.md
index 75a4f71bc3ad..81a71192cbf7 100644
--- a/data/reusables/gpg/paste-gpg-key-id.md
+++ b/data/reusables/gpg/paste-gpg-key-id.md
@@ -4,8 +4,10 @@
git config --global user.signingkey 3AA5C34371567BD2
```
- Alternatively, when setting a subkey include the `!` suffix. In this example, the GPG subkey ID is `4BB6D45482678BE3`:
+ Alternatively, you may want to use a subkey. In this example, the GPG subkey ID is `4BB6D45482678BE3`:
```shell
- git config --global user.signingkey 4BB6D45482678BE3!
+ git config --global user.signingkey 4BB6D45482678BE3
```
+
+ If you use multiple keys and subkeys, then you should append an exclamation mark `!` to the key to tell git that this is your preferred key. Sometimes you may need to escape the exclamation mark with a back slash: `\!`.
diff --git a/data/reusables/identity-and-permissions/ip-allow-lists-example-and-restrictions.md b/data/reusables/identity-and-permissions/ip-allow-lists-example-and-restrictions.md
index 626f7f26b7aa..7b2af0794464 100644
--- a/data/reusables/identity-and-permissions/ip-allow-lists-example-and-restrictions.md
+++ b/data/reusables/identity-and-permissions/ip-allow-lists-example-and-restrictions.md
@@ -1,19 +1,9 @@
For example, you can allow access to the private resources exclusively from the IP address of your office network.
-If the list allows an IP address, an authenticated user connecting to {% data variables.location.product_location %} from that address can access private resources. If the user's IP address is not allowed, that user cannot access private resources until they connect from an allowed address.
+After you configure an IP allow list, the list determines whether users can access protected resources through the web UI, APIs, or Git, using any of the following authentication methods:
-After you configure an IP allow list, the list determines whether users can access protected resources through the web UI, APIs, or Git, using any of the following authentication methods.
-
-* Username and password, using {% data variables.product.prodname_dotcom %} authentication or SAML SSO
+* Username and password, using {% data variables.product.prodname_dotcom %} authentication or SAML SSO
* {% data variables.product.pat_generic_caps %}
* SSH key
The IP allow list applies to users with any role or access, including enterprise and organization owners, repository administrators, and external collaborators.
-
-{% ifversion ghec %}
-
-If a user is signed into {% data variables.location.product_location %}, the IP allow list determines whether the user can access the organization's public resources. The list does not apply to anonymous access to public resources.
-
-Only access to organization-owned repositories is determined by an IP allow list. The list does not control access to repositories or forks of repositories owned by a {% data variables.enterprise.prodname_managed_user %}.
-
-{% endif %}
diff --git a/data/reusables/identity-and-permissions/ip-allow-lists-which-resources-are-protected.md b/data/reusables/identity-and-permissions/ip-allow-lists-which-resources-are-protected.md
new file mode 100644
index 000000000000..3a5013ae1dc3
--- /dev/null
+++ b/data/reusables/identity-and-permissions/ip-allow-lists-which-resources-are-protected.md
@@ -0,0 +1,15 @@
+## Which resources are protected?
+
+IP allow lists **do** restrict access to:
+
+* Organization-owned repositories
+* Private and internal repositories
+* Public resources, when a user is signed into {% data variables.product.prodname_dotcom %}
+* Raw URLs for files in repositories, such as `https://raw.githubusercontent.com/octo-org/octo-repo/main/README.md?token=ABC10001`
+
+IP allow lists do **not** restrict access to:
+
+* Repositories, including forks, owned by {% data variables.enterprise.prodname_managed_users %}
+* Public resources, when accessed anonymously
+* {% data variables.product.prodname_copilot %} features that do not require directly fetching private or organizational data from {% data variables.product.prodname_dotcom %}
+* Anonymized URLs for images and videos uploaded to issues or pull requests, such as `https://private-user-images.githubusercontent.com/10001/20002.png?jwt=ABC10001`
diff --git a/data/reusables/identity-and-permissions/team-sync-azure-permissions.md b/data/reusables/identity-and-permissions/team-sync-azure-permissions.md
index 98f470b8b532..067ad11784b4 100644
--- a/data/reusables/identity-and-permissions/team-sync-azure-permissions.md
+++ b/data/reusables/identity-and-permissions/team-sync-azure-permissions.md
@@ -1,4 +1,4 @@
To enable team synchronization for Entra ID, your Entra ID installation needs the following permissions.
-* Read all users’ full profiles
-* Sign in and read user profile
-* Read directory data
+* [Read all group memberships](https://learn.microsoft.com/en-us/graph/permissions-reference#groupmemberreadall) : GitHub gets a list of Entra groups so users can select one to synchronize to a specific GitHub team.
+* [Read all users’ full profiles](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) : GitHub gets a list of members' Entra ID and Entra display/full names for syncing an Entra group and a GitHub team.
+* [Sign in and read user profile](https://learn.microsoft.com/en-us/graph/permissions-reference#userread) : When SAML SSO is enabled, users must single sign-on to the Entra application as a prerequisite for team syncing.
diff --git a/data/reusables/marketplace/visit-marketplace.md b/data/reusables/marketplace/visit-marketplace.md
index 9375295891bc..f82ecd8da968 100644
--- a/data/reusables/marketplace/visit-marketplace.md
+++ b/data/reusables/marketplace/visit-marketplace.md
@@ -1,3 +1,3 @@
-1. To open {% data variables.product.prodname_marketplace %}, in the top-left corner of {% data variables.location.product_location %}, select {% octicon "three-bars" aria-label="Open global navigation menu" %}, then click {% octicon "gift" aria-hidden="true" %} **Marketplace**.
+1. To open {% data variables.product.prodname_marketplace %}, in the top-left corner of {% data variables.product.prodname_dotcom %}, select {% octicon "three-bars" aria-label="Open global navigation menu" %}, then click {% octicon "gift" aria-hidden="true" %} **Marketplace**.
diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md
index b5a175c27679..3c42b8de0ae4 100644
--- a/data/reusables/notifications/vulnerable-dependency-notification-options.md
+++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md
@@ -1,9 +1,9 @@
{% ifversion fpt or ghec %}By default, you will receive notifications:{% endif %}{% ifversion ghes %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
-* in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**On {% data variables.product.prodname_dotcom %}** option).
-* by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email** option).
-* on the command line, warnings are displayed as callbacks when you push to repositories with any insecure dependencies (**CLI** option).
-* on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#enabling-push-notifications-with-github-mobile)."
+* In your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**On {% data variables.product.prodname_dotcom %}** option).
+* By email. An email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email** option).
+* On the command line. Warnings are displayed as callbacks when you push to repositories with any insecure dependencies (**CLI** option).
+* On {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#enabling-push-notifications-with-github-mobile)."
{% note %}
diff --git a/data/reusables/organizations/additional-permissions.md b/data/reusables/organizations/additional-permissions.md
new file mode 100644
index 000000000000..998fe0a25ef6
--- /dev/null
+++ b/data/reusables/organizations/additional-permissions.md
@@ -0,0 +1,65 @@
+{% ifversion discussions %}
+
+### Discussions
+
+* Create a discussion category
+* Edit a discussion category
+* Delete a discussion category
+* Mark or unmark discussion answers
+* Hide or unhide discussion comments
+* Convert issues to discussions
+
+For more information, see "[AUTOTITLE](/discussions)."
+{% endif %}
+
+### Issue and Pull Requests
+
+* Assign or remove a user
+* Add or remove a label
+
+### Issue
+
+* Close an issue
+* Reopen a closed issue
+* Delete an issue
+* Mark an issue as a duplicate
+
+### Pull Request
+
+* Close a pull request
+* Reopen a closed pull request
+* Request a pull request review
+
+### Repository
+
+* Set milestones
+* Manage wiki settings
+* Manage project settings
+* Manage pull request merging settings
+* Manage {% data variables.product.prodname_pages %} settings (see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)")
+* Manage webhooks
+* Manage deploy keys
+* Edit repository metadata
+{%- ifversion ghec %}
+* Set interaction limits
+{%- endif %}
+* Set the social preview
+* Push commits to protected branches
+ * Base role must be `write`
+ * Branch protection rules will still apply
+* Create protected tags
+* Delete protected tags
+* Bypass branch protections
+{%- ifversion edit-repository-rules %}
+* Edit repository rules
+{%- endif %}
+
+### Security
+
+* View {% data variables.product.prodname_code_scanning %} results
+* Dismiss or reopen {% data variables.product.prodname_code_scanning %} results
+* Delete {% data variables.product.prodname_code_scanning %} results
+* View {% data variables.product.prodname_dependabot_alerts %}
+* Dismiss or reopen {% data variables.product.prodname_dependabot_alerts %}
+* View {% data variables.product.prodname_secret_scanning %} results
+* Dismiss or reopen {% data variables.product.prodname_secret_scanning %} results
diff --git a/data/reusables/organizations/custom-org-roles-assign-role-step.md b/data/reusables/organizations/custom-org-roles-assign-role-step.md
new file mode 100644
index 000000000000..9726236c8bb4
--- /dev/null
+++ b/data/reusables/organizations/custom-org-roles-assign-role-step.md
@@ -0,0 +1,4 @@
+1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Role assignments**.
+1. Click **New role assignment**.
+1. Search for users or teams that you want to assign a role to, then select the role you want to give to these users and teams.
+1. Click **Add new assignment**.
diff --git a/data/reusables/organizations/custom-org-roles-create-new-step.md b/data/reusables/organizations/custom-org-roles-create-new-step.md
new file mode 100644
index 000000000000..99715e5c42ff
--- /dev/null
+++ b/data/reusables/organizations/custom-org-roles-create-new-step.md
@@ -0,0 +1,14 @@
+1. Click **Create a role**.
+1. Type a name and description for the custom role.{% ifversion org-custom-role-with-repo-permissions %}
+1. Under "Add permissions", click the **Organization** or **Repository** tab to select the type of permissions you want to add to the custom role.
+
+ * To add permissions for the organization, click the **Organization** tab, then select the dropdown menu and click the permissions you want your custom role to include.
+ * To choose a base repository role to inherit, click the **Repository** tab, then select the dropdown menu and click the base role you want to include in the custom role. For more information about the available base repository roles, see "[Base roles for repository access](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#base-roles-for-repository-access)."
+
+ Once you've selected a base repository role, you can add additional permissions to the custom role. For more information about the available permissions, see "[Additional permissions for repository access](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#additional-permissions-for-repository-access)."
+
+ >[!NOTE] Adding a repository role and permissions to a custom organization role is currently in public beta and subject to change.
+
+{% else %}
+1. Under "Add permissions", click the text field, then select the permissions you want to add to the custom role. For more information about the available permissions, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#additional-permissions-for-custom-roles)."{% endif %}
+1. Click **Create role**.
diff --git a/data/reusables/organizations/custom-org-roles-delete-role-step.md b/data/reusables/organizations/custom-org-roles-delete-role-step.md
new file mode 100644
index 000000000000..bc1297fbdde2
--- /dev/null
+++ b/data/reusables/organizations/custom-org-roles-delete-role-step.md
@@ -0,0 +1,2 @@
+1. Next to the role you want to edit, select {% octicon "kebab-horizontal" aria-label="Show custom role actions" %}, then click **Delete role**.
+1. Read the details in the dialog to confirm you want to delete the role, then click **Delete role**.
diff --git a/data/reusables/organizations/custom-org-roles-edit-role-step.md b/data/reusables/organizations/custom-org-roles-edit-role-step.md
new file mode 100644
index 000000000000..bd9a58e85006
--- /dev/null
+++ b/data/reusables/organizations/custom-org-roles-edit-role-step.md
@@ -0,0 +1,2 @@
+1. Next to the role you want to edit, select {% octicon "kebab-horizontal" aria-label="Show custom role actions" %}, then click **Edit role**.
+1. Change the role as required, then click **Update role**.
diff --git a/data/reusables/organizations/custom-org-roles-ghec-only.md b/data/reusables/organizations/custom-org-roles-ghec-only.md
deleted file mode 100644
index 7f57bb6cdcc4..000000000000
--- a/data/reusables/organizations/custom-org-roles-ghec-only.md
+++ /dev/null
@@ -1,7 +0,0 @@
-{% ifversion ghec %}
-{% note %}
-
-**Note:** Only organizations that use {% data variables.product.prodname_ghe_cloud %} can create custom organization roles. {% data reusables.enterprise.link-to-ghec-trial %}
-
-{% endnote %}
-{% endif %}
diff --git a/data/reusables/organizations/custom-org-roles-intro.md b/data/reusables/organizations/custom-org-roles-intro.md
index c65d27902085..fb8681aea216 100644
--- a/data/reusables/organizations/custom-org-roles-intro.md
+++ b/data/reusables/organizations/custom-org-roles-intro.md
@@ -1 +1 @@
-You can have more granular control over the access you grant to your organization's settings by creating custom organization roles. A custom organization role is a way to grant an organization member the ability to administer certain subsets of settings without granting full administrative control of the organization and its repositories. For example, you could create a role that contains the "View organization audit log" permission.
+You can have more granular control over the access you grant to your {% ifversion org-custom-role-with-repo-permissions %}organization and repository's{% else %} organization's{% endif %} settings by creating custom organization roles. Organization roles are a way to grant an organization member the ability to administer certain subsets of settings without granting full administrative control of the organization and its repositories. For example, you could create a role that contains the "View organization audit log" permission.
diff --git a/data/reusables/organizations/custom-org-roles-remove-assignment-step.md b/data/reusables/organizations/custom-org-roles-remove-assignment-step.md
new file mode 100644
index 000000000000..c494eefa368d
--- /dev/null
+++ b/data/reusables/organizations/custom-org-roles-remove-assignment-step.md
@@ -0,0 +1,4 @@
+1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Role assignments**.
+{% data reusables.organizations.custom-org-roles-filter %}
+1. To delete a role, to the right of the role, click **NUMBER roles**. Then click **Remove**.
+1. In the pop-up window, click **Remove**.
diff --git a/data/reusables/organizations/custom-org-roles-settings-step.md b/data/reusables/organizations/custom-org-roles-settings-step.md
index d394896702c5..c6d1d49f2600 100644
--- a/data/reusables/organizations/custom-org-roles-settings-step.md
+++ b/data/reusables/organizations/custom-org-roles-settings-step.md
@@ -1 +1 @@
-1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Custom roles**.
+1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click {% ifversion org-pre-defined-roles %}**Role management**{% else %}**Custom roles**{% endif %}.
diff --git a/data/reusables/organizations/custom-org-roles-view-assignments-step.md b/data/reusables/organizations/custom-org-roles-view-assignments-step.md
new file mode 100644
index 000000000000..9e895a3e6cc0
--- /dev/null
+++ b/data/reusables/organizations/custom-org-roles-view-assignments-step.md
@@ -0,0 +1,3 @@
+1. In the "Access" section of the sidebar, click **{% octicon "organization" aria-hidden="true" %} Organization roles**, then click **Role assignments**.
+{% data reusables.organizations.custom-org-roles-filter %}
+1. To view role assignments, to the right of the user or team, click **NUMBER roles**.
diff --git a/data/reusables/organizations/custom-repo-roles-ghec-only.md b/data/reusables/organizations/custom-repo-roles-ghec-only.md
index 566d55d1abf0..92269d71e1a6 100644
--- a/data/reusables/organizations/custom-repo-roles-ghec-only.md
+++ b/data/reusables/organizations/custom-repo-roles-ghec-only.md
@@ -1,7 +1,7 @@
{% ifversion ghec %}
{% note %}
-**Note:** Only organizations that use {% data variables.product.prodname_ghe_cloud %} can create custom repository roles. {% data reusables.enterprise.link-to-ghec-trial %}
+**Note:** Only organizations that use {% data variables.product.prodname_ghe_cloud %} can create custom repository roles.{% data reusables.enterprise.link-to-ghec-trial %}
{% endnote %}
{% endif %}
diff --git a/data/reusables/organizations/navigate-to-org.md b/data/reusables/organizations/navigate-to-org.md
index ef3f95d2c287..4e98e4318bf4 100644
--- a/data/reusables/organizations/navigate-to-org.md
+++ b/data/reusables/organizations/navigate-to-org.md
@@ -1 +1 @@
-1. On {% data variables.location.product_location %}, navigate to the main page of the organization.
+1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of the organization.
diff --git a/data/reusables/organizations/pre-defined-organization-roles.md b/data/reusables/organizations/pre-defined-organization-roles.md
new file mode 100644
index 000000000000..a3887070d6b9
--- /dev/null
+++ b/data/reusables/organizations/pre-defined-organization-roles.md
@@ -0,0 +1,9 @@
+Pre-defined organization roles are roles that are available by default in every organization - no need to create them yourself. They can include both organization permissions that let the recipient manage the organization, as well as repository permissions that apply to all of the repositories in the organization. The following pre-defined roles are built into every organization based on common patterns of permissions organizations usually need.
+
+The current set of pre-defined roles are:
+
+* **All-repository read**: Grants read access to all repositories in the organization.
+* **All-repository write**: Grants write access to all repositories in the organization.
+* **All-repository triage**: Grants triage access to all repositories in the organization.
+* **All-repository maintain**: Grants maintenance access to all repositories in the organization.
+* **All-repository admin**: Grants admin access to all repositories in the organization.
diff --git a/data/reusables/organizations/precedence-for-different-levels.md b/data/reusables/organizations/precedence-for-different-levels.md
new file mode 100644
index 000000000000..a6047d830830
--- /dev/null
+++ b/data/reusables/organizations/precedence-for-different-levels.md
@@ -0,0 +1,9 @@
+Roles and permissions are additive. If a person is given different levels of access through different avenues, such as team membership and the base permissions for an organization, the user has the sum of all access grants. For example, if an organization owner gives an organization member a custom role that uses the "Read" inherited role, and then an organization owner sets the organization's base permission to "Write", then members with the custom role will have write access, along with any additional permissions included in the custom role.
+
+{% data reusables.organizations.mixed-roles-warning %}
+
+To resolve conflicting access, you can adjust your organization's base permissions or the team's access, or edit the custom role. For more information, see:
+* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/setting-base-permissions-for-an-organization)"
+* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)"
+* "[Editing a repository role](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization#editing-a-repository-role)"{% ifversion custom-org-roles %}
+* "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#editing-a-custom-role)"{% endif %}
diff --git a/data/reusables/organizations/sponsors-dashboard.md b/data/reusables/organizations/sponsors-dashboard.md
new file mode 100644
index 000000000000..e941e61d1d01
--- /dev/null
+++ b/data/reusables/organizations/sponsors-dashboard.md
@@ -0,0 +1 @@
+1. On {% data variables.location.product_location %}, navigate to the main page of your organization that you want to manage sponsorships for.
diff --git a/data/reusables/organizations/team-api.md b/data/reusables/organizations/team-api.md
index c170115ca21a..0b9b41e9ae87 100644
--- a/data/reusables/organizations/team-api.md
+++ b/data/reusables/organizations/team-api.md
@@ -1 +1,3 @@
These endpoints are only available to authenticated members of the team's [organization](/rest/orgs). OAuth access tokens require the `read:org` [scope](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps). {% data variables.product.prodname_dotcom %} generates the team's `slug` from the team `name`.
+
+Where `pull` and `push` permissions are accepted, these will map to the **Read** and **Write** roles for an organization repository. For more information about repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)."
diff --git a/data/reusables/organizations/team-discussions-api-deprecation.md b/data/reusables/organizations/team-discussions-api-deprecation.md
index e9f8c629b306..cfd25d32c827 100644
--- a/data/reusables/organizations/team-discussions-api-deprecation.md
+++ b/data/reusables/organizations/team-discussions-api-deprecation.md
@@ -1,4 +1,4 @@
-{% ifversion ghes > 3.9 %}
+{% ifversion ghes %}
{% note %}
diff --git a/data/reusables/organizations/team-discussions-deprecation.md b/data/reusables/organizations/team-discussions-deprecation.md
index 2c7aaf2eb193..a05e814aab4f 100644
--- a/data/reusables/organizations/team-discussions-deprecation.md
+++ b/data/reusables/organizations/team-discussions-deprecation.md
@@ -8,7 +8,7 @@ You can use {% data variables.product.prodname_discussions %} to create organiza
{% endnote %}
-{% elsif ghes > 3.9 %}
+{% elsif ghes %}
{% note %}
diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md
index 8f064a1d417e..19f92eb5d01f 100644
--- a/data/reusables/package_registry/publish-docker-image.md
+++ b/data/reusables/package_registry/publish-docker-image.md
@@ -61,6 +61,11 @@ jobs:
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
{% ifversion artifact-attestations %}
# This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
- {% data reusables.actions.artifact-attestations-step-for-container-images %}
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %}
+ subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
+ push-to-registry: true
{% endif %}
```
diff --git a/data/reusables/pages/pages-about-publishing-source.md b/data/reusables/pages/pages-about-publishing-source.md
index f48ff37d079d..8296f9c31eaa 100644
--- a/data/reusables/pages/pages-about-publishing-source.md
+++ b/data/reusables/pages/pages-about-publishing-source.md
@@ -4,7 +4,7 @@ You can publish your site when changes are pushed to a specific branch, or you c
If you do not need any control over the build process for your site, we recommend that you publish your site when changes are pushed to a specific branch. {% data reusables.pages.pages-about-branch-source %}
-If you want to use a build process other than Jekyll or you do not want a dedicated branch to hold your compiled static files, we recommend that you write a {% data variables.product.prodname_actions %} workflow to publish your site. {% data variables.product.product_name %} provides starter workflows for common publishing scenarios to help you write your workflow.
+If you want to use a build process other than Jekyll or you do not want a dedicated branch to hold your compiled static files, we recommend that you write a {% data variables.product.prodname_actions %} workflow to publish your site. {% data variables.product.product_name %} provides workflow templates for common publishing scenarios to help you write your workflow.
{% else %}
diff --git a/data/reusables/pages/private_pages_are_public_warning.md b/data/reusables/pages/private_pages_are_public_warning.md
index 37156d7cf61f..fb37f4fcfe63 100644
--- a/data/reusables/pages/private_pages_are_public_warning.md
+++ b/data/reusables/pages/private_pages_are_public_warning.md
@@ -1,7 +1,7 @@
{% warning %}
{% ifversion fpt %}
-**Warning**: {% data variables.product.prodname_pages %} sites are publicly available on the internet, even if the repository for the site is private. If you have sensitive data in your site's repository, you may want to remove the data before publishing. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
+**Warning**: {% data variables.product.prodname_pages %} sites are publicly available on the internet, even if the repository for the site is private (if your plan or organization allows it). If you have sensitive data in your site's repository, you may want to remove the data before publishing. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
{% elsif ghec %}
**Warning**: Unless your enterprise uses {% data variables.product.prodname_emus %}, {% data variables.product.prodname_pages %} sites are publicly available on the internet by default, even if the repository for the site is private or internal. You can publish a site privately by managing access control for the site. Otherwise, if you have sensitive data in your site's repository, you may want to remove the data before publishing. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)" and "[AUTOTITLE](/pages/getting-started-with-github-pages/changing-the-visibility-of-your-github-pages-site)."
{% elsif ghes %}
diff --git a/data/reusables/passkeys/about-passkeys.md b/data/reusables/passkeys/about-passkeys.md
index b31483422501..ac335376a7c1 100644
--- a/data/reusables/passkeys/about-passkeys.md
+++ b/data/reusables/passkeys/about-passkeys.md
@@ -1 +1,3 @@
-Passkeys allow you to sign in securely to {% data variables.product.prodname_dotcom %}, without having to input your password. If you use two-factor authentication (2FA), passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. You can also use passkeys for sudo mode and resetting your password.
+Passkeys allow you to sign in securely to {% data variables.product.prodname_dotcom %} in your browser, without having to input your password.
+
+If you use two-factor authentication (2FA), passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. If you don't use 2FA, using a passkey will skip the requirement to verify a new device via email. You can also use passkeys for sudo mode and resetting your password.
diff --git a/data/reusables/passkeys/add-passkey-option.md b/data/reusables/passkeys/add-passkey-option.md
index ff0d2a27de61..9046e342f2bf 100644
--- a/data/reusables/passkeys/add-passkey-option.md
+++ b/data/reusables/passkeys/add-passkey-option.md
@@ -1 +1 @@
-Optionally, add a passkey to your account to enable a secure, passwordless login. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."
+Optionally, add a passkey to your account to enable a secure, passwordless login. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."
diff --git a/data/reusables/passkeys/ghes-disable.md b/data/reusables/passkeys/ghes-disable.md
new file mode 100644
index 000000000000..4484de53e7b4
--- /dev/null
+++ b/data/reusables/passkeys/ghes-disable.md
@@ -0,0 +1,5 @@
+{% ifversion ghes %}
+
+> [!NOTE] You may not be able to use passkeys, if a site administrator has disabled them for your instance.
+
+{% endif %}
diff --git a/data/reusables/profile/create-profile-readme.md b/data/reusables/profile/create-profile-readme.md
index 57d906865f06..da5cd64cbc8b 100644
--- a/data/reusables/profile/create-profile-readme.md
+++ b/data/reusables/profile/create-profile-readme.md
@@ -1,5 +1,5 @@
{% data reusables.repositories.create_new %}
-1. Under "Repository name", type a repository name that matches your {% data variables.product.prodname_dotcom %} username. For example, if your username is "octocat", the repository name must be "octocat".
+1. Under "Repository name", type a repository name that matches your {% data variables.product.prodname_dotcom %} username. For example, if your username is "octocat", the repository name must be "octocat."
1. Optionally, in the "Description" field, type a description of your repository. For example, "My personal repository."
1. Select **Public**.
{% data reusables.repositories.initialize-with-readme %}
diff --git a/data/reusables/projects/create-project.md b/data/reusables/projects/create-project.md
index aecbc2d0845b..a54106f3b084 100644
--- a/data/reusables/projects/create-project.md
+++ b/data/reusables/projects/create-project.md
@@ -6,16 +6,16 @@
1. Click **New project**.
{%- ifversion projects-v2-org-templates-GA-updates %}
1. Select which type of project or template you want to use.
- * To create a blank project, under "Start from scratch", click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
+ * To create a blank project, under "Start from scratch", click **Table**, **Roadmap**, or **Board**.
* To create a project from a template, click the template you want to use. You can select from the built-in templates curated by {% data variables.product.company_short %}, the templates created by your organization, and the recommended templates that have been chosen by your organization.
1. Optionally, if you selected a template, review the fields, views, workflows, and insights that will be created.
1. In the text box under "Project name", type a name for your new project.
1. Click **Create project**.
{%- else %}
1. Optionally, in the text box under "Project name", type a name for your new project.
-
+
-
-1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
+
+1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table**, **Roadmap**, or **Board**.
1. Click **Create**.
{%- endif %}
diff --git a/data/reusables/projects/create-user-project.md b/data/reusables/projects/create-user-project.md
index c11fbe1c8a43..2a8625a88b6e 100644
--- a/data/reusables/projects/create-user-project.md
+++ b/data/reusables/projects/create-user-project.md
@@ -1,21 +1,21 @@
{% data reusables.profile.access_profile %}
1. On your profile, click {% octicon "table" aria-hidden="true" %} **Projects**.
-
+
-
+
1. Click **New project**.
{%- ifversion projects-v2-org-templates-GA-updates %}
1. Select which type of project or template you want to use.
- * To create a blank project, under "Start from scratch", click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
+ * To create a blank project, under "Start from scratch", click **Table**, **Roadmap**, or **Board**.
* To create a project from a template, click the built-in template that you want to use.
1. Optionally, if you selected a template, review the fields, views, workflows, and insights that will be created.
1. In the text box under "Project name", type a name for your new project.
1. Click **Create project**.
{%- else %}
1. Optionally, in the text box under "Project name", type a name for your new project.
-
+
-
-1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
+
+1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table**, **Roadmap**, or **Board**.
1. Click **Create**.
{%- endif %}
diff --git a/data/reusables/projects/customize/group-fields.md b/data/reusables/projects/customize/group-fields.md
index 838539455cfd..eec9d9d02c12 100644
--- a/data/reusables/projects/customize/group-fields.md
+++ b/data/reusables/projects/customize/group-fields.md
@@ -8,5 +8,3 @@
1. Click {% octicon "rows" aria-hidden="true" %} **Group by**.
1. Click the field you want to group by.
1. Optionally, to disable grouping, click {% octicon "x" aria-hidden="true" %} **No grouping** at the bottom of the list.
-
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Group by."
diff --git a/data/reusables/projects/customize/show-hide-field.md b/data/reusables/projects/customize/show-hide-field.md
index 064ce9b23873..b2bc50e97869 100644
--- a/data/reusables/projects/customize/show-hide-field.md
+++ b/data/reusables/projects/customize/show-hide-field.md
@@ -1,5 +1,3 @@
{% data reusables.projects.open-view-menu %}
1. Under "Configuration", click {% octicon "note" aria-hidden="true" %} **Fields**.
1. Select or deselect the fields you want to show or hide.
-
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "show", "hide", or the name of the field.
diff --git a/data/reusables/projects/customize/sort.md b/data/reusables/projects/customize/sort.md
index 357a5dafabce..cf95db92ec2c 100644
--- a/data/reusables/projects/customize/sort.md
+++ b/data/reusables/projects/customize/sort.md
@@ -7,5 +7,3 @@
{% ifversion projects-v2-sorting-update %}{% else %}{% endif %}
1. Optionally, to remove a sort,{% ifversion projects-v2-sorting-update %} click one of the sorted fields, or{% endif %} {% octicon "x" aria-hidden="true" %} click **No sorting** at the bottom of the list.
-
-Alternatively, open the project command palette by pressing {% data variables.projects.command-palette-shortcut %} and start typing "Sort by."
diff --git a/data/reusables/projects/customize/sum.md b/data/reusables/projects/customize/sum.md
index 201bdafcd08b..7c9a9ffcc8f2 100644
--- a/data/reusables/projects/customize/sum.md
+++ b/data/reusables/projects/customize/sum.md
@@ -1,6 +1,6 @@
You can configure a view to show the sum of one of more number fields, including a count of items in the group or column. For example, if you have a number field tracking the number of hours each item may take to complete, you can display of sum of those hours for each group or column.
-In a board layout, field sums are displayed at the top of each column. In table{% ifversion projects-v2-roadmaps %} and roadmap layouts{% else %} layout{% endif %}, when you enable grouping by a field, field sums are included in each group's header.
+In a board layout, field sums are displayed at the top of each column. In table and roadmap layouts, when you enable grouping by a field, field sums are included in each group's header.
{% data reusables.projects.open-view-menu %}
1. Click {% octicon "number" aria-hidden="true" %} **Field sum**.
diff --git a/data/reusables/projects/open-item-menu.md b/data/reusables/projects/open-item-menu.md
index c2971b78efb5..4c16b8edea43 100644
--- a/data/reusables/projects/open-item-menu.md
+++ b/data/reusables/projects/open-item-menu.md
@@ -1 +1 @@
-1. Click {% octicon "triangle-down" aria-label="Row actions" %} (in table{% ifversion projects-v2-roadmaps %} or roadmap{% endif %} layout) or {% octicon "kebab-horizontal" aria-hidden="true" %} (in board layout).
+1. Click {% octicon "triangle-down" aria-label="Row actions" %} (in table or roadmap layout) or {% octicon "kebab-horizontal" aria-hidden="true" %} (in board layout).
diff --git a/data/reusables/projects/projects-beta.md b/data/reusables/projects/projects-beta.md
deleted file mode 100644
index 99f30725552b..000000000000
--- a/data/reusables/projects/projects-beta.md
+++ /dev/null
@@ -1,9 +0,0 @@
-{% ifversion ghes = 3.9 %}
-
-{% note %}
-
-**Note:** Projects (beta) is currently in public beta and subject to change.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/projects/select-an-item.md b/data/reusables/projects/select-an-item.md
index 85480df51936..f2bb5ccf9a65 100644
--- a/data/reusables/projects/select-an-item.md
+++ b/data/reusables/projects/select-an-item.md
@@ -1,4 +1,4 @@
-1. {% ifversion projects-v2-roadmaps %}If you're using a table or board layout, first select{% else %}Select{% endif %} the item:
+1. If you're using a table or board layout, first select the item:
* In a table layout, click on the row number.
* In a board layout, click on the card.
diff --git a/data/reusables/pull_requests/configure_pull_request_merges_intro.md b/data/reusables/pull_requests/configure_pull_request_merges_intro.md
index 86d2aa1ebf0a..653022fd8215 100644
--- a/data/reusables/pull_requests/configure_pull_request_merges_intro.md
+++ b/data/reusables/pull_requests/configure_pull_request_merges_intro.md
@@ -1 +1 @@
-You can configure pull request merge options on {% data variables.location.product_location %} to meet your workflow needs and preferences for managing Git history. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges)."
+You can configure pull request merge options to meet your workflow needs and preferences for managing Git history. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges)."
diff --git a/data/reusables/pull_requests/default_merge_option.md b/data/reusables/pull_requests/default_merge_option.md
index 8765dc9b3258..567e15ba4d9c 100644
--- a/data/reusables/pull_requests/default_merge_option.md
+++ b/data/reusables/pull_requests/default_merge_option.md
@@ -1,4 +1,4 @@
-When you click the default **Merge pull request** option on a pull request on {% data variables.location.product_location %}, all commits from the feature branch are added to the base branch in a merge commit. The pull request is merged using [the `--no-ff` option](https://git-scm.com/docs/git-merge#_fast_forward_merge).
+When you click the default **Merge pull request** option on a pull request, all commits from the feature branch are added to the base branch in a merge commit. The pull request is merged using [the `--no-ff` option](https://git-scm.com/docs/git-merge#_fast_forward_merge).
To merge pull requests, you must have [write permissions](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization) in the repository.
diff --git a/data/reusables/pull_requests/rebase_and_merge_summary.md b/data/reusables/pull_requests/rebase_and_merge_summary.md
index 702600dbf5dd..8b99cca07cdd 100644
--- a/data/reusables/pull_requests/rebase_and_merge_summary.md
+++ b/data/reusables/pull_requests/rebase_and_merge_summary.md
@@ -1,4 +1,4 @@
-When you select the **Rebase and merge** option on a pull request on {% data variables.location.product_location %}, all commits from the topic branch (or head branch) are added onto the base branch individually without a merge commit. In that way, the rebase and merge behavior resembles a [fast-forward merge](https://git-scm.com/docs/git-merge#_fast_forward_merge) by maintaining a linear project history. However, rebasing achieves this by re-writing the commit history on the base branch with new commits.
+When you select the **Rebase and merge** option on a pull request, all commits from the topic branch (or head branch) are added onto the base branch individually without a merge commit. In that way, the rebase and merge behavior resembles a [fast-forward merge](https://git-scm.com/docs/git-merge#_fast_forward_merge) by maintaining a linear project history. However, rebasing achieves this by re-writing the commit history on the base branch with new commits.
The rebase and merge behavior on {% data variables.product.product_name %} deviates slightly from `git rebase`. Rebase and merge on {% data variables.product.prodname_dotcom %} will always update the committer information and create new commit SHAs, whereas `git rebase` outside of {% data variables.product.prodname_dotcom %} does not change the committer information when the rebase happens on top of an ancestor commit. For more information about `git rebase`, see [git-rebase](https://git-scm.com/docs/git-rebase) in the Git documentation.
diff --git a/data/reusables/pull_requests/retention-checks-data.md b/data/reusables/pull_requests/retention-checks-data.md
index b4f16ef0673f..71f0d6f5e47b 100644
--- a/data/reusables/pull_requests/retention-checks-data.md
+++ b/data/reusables/pull_requests/retention-checks-data.md
@@ -1,6 +1,6 @@
{% ifversion fpt or ghec %}
-{% data variables.location.product_location %} retains checks data for 400 days. After 400 days, the data is archived. 10 days after archival, the data is permanently deleted.
+{% data variables.product.prodname_dotcom %} retains checks data for 400 days. After 400 days, the data is archived. 10 days after archival, the data is permanently deleted.
{% elsif ghes %}
@@ -8,4 +8,4 @@ Site administrators can control the retention policy for checks data on {% data
{% endif %}
-{% ifversion ghes < 3.10 %} For archived checks data, a rollup commit status appears that represents the state of all of the checks for the commit. {% endif %} To merge a pull request with checks that are both required and archived, you must rerun the checks.
+To merge a pull request with checks that are both required and archived, you must rerun the checks.
diff --git a/data/reusables/pull_requests/squash_and_merge_summary.md b/data/reusables/pull_requests/squash_and_merge_summary.md
index 630bcc531465..4dce73ebf837 100644
--- a/data/reusables/pull_requests/squash_and_merge_summary.md
+++ b/data/reusables/pull_requests/squash_and_merge_summary.md
@@ -1,4 +1,4 @@
-When you select the **Squash and merge** option on a pull request on {% data variables.location.product_location %}, the pull request's commits are squashed into a single commit. Instead of seeing all of a contributor's individual commits from a topic branch, the commits are combined into one commit and merged into the default branch. Pull requests with squashed commits are merged using the [fast-forward option](https://git-scm.com/docs/git-merge#_fast_forward_merge).
+When you select the **Squash and merge** option on a pull request, the pull request's commits are squashed into a single commit. Instead of seeing all of a contributor's individual commits from a topic branch, the commits are combined into one commit and merged into the default branch. Pull requests with squashed commits are merged using the [fast-forward option](https://git-scm.com/docs/git-merge#_fast_forward_merge).
To squash and merge pull requests, you must have [write permissions](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization) in the repository, and the repository must [allow squash merging](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests).
diff --git a/data/reusables/rai/code-scanning/autofix-note.md b/data/reusables/rai/code-scanning/autofix-note.md
new file mode 100644
index 000000000000..7da858dcc0a7
--- /dev/null
+++ b/data/reusables/rai/code-scanning/autofix-note.md
@@ -0,0 +1,6 @@
+{% ifversion code-scanning-autofix or fpt %}
+
+> [!NOTE]
+> {% data variables.product.prodname_copilot_autofix %} is restricted to alerts identified by {% data variables.product.prodname_codeql %} for private and internal repositories. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to {% data variables.product.prodname_copilot_autofix_short %}.
+
+{% endif %}
diff --git a/data/reusables/rai/code-scanning/beta-autofix.md b/data/reusables/rai/code-scanning/beta-autofix.md
deleted file mode 100644
index 2764e14e9ec2..000000000000
--- a/data/reusables/rai/code-scanning/beta-autofix.md
+++ /dev/null
@@ -1,6 +0,0 @@
-{% ifversion code-scanning-autofix or fpt %}
-
-> [!NOTE]
-> {% data variables.product.prodname_dotcom %} autofix for {% data variables.product.prodname_code_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to C#, Go, Java, JavaScript/TypeScript, Python, and Ruby alerts identified by {% data variables.product.prodname_codeql %} for private and internal repositories. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to the beta.
-
-{% endif %}
diff --git a/data/reusables/rai/code-scanning/gated-feature-autofix.md b/data/reusables/rai/code-scanning/gated-feature-autofix.md
index 6d7c696532a6..f168c1f7bfac 100644
--- a/data/reusables/rai/code-scanning/gated-feature-autofix.md
+++ b/data/reusables/rai/code-scanning/gated-feature-autofix.md
@@ -1 +1 @@
-Autofix for {% data variables.product.prodname_code_scanning %} is available only to {% data variables.product.prodname_ghe_cloud %} users who have {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+{% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available only to {% data variables.product.prodname_ghe_cloud %} users who have {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
diff --git a/data/reusables/rai/copilot-dotcom-feedback-collection.md b/data/reusables/rai/copilot-dotcom-feedback-collection.md
index f985858a3a04..8c00524a9e4c 100644
--- a/data/reusables/rai/copilot-dotcom-feedback-collection.md
+++ b/data/reusables/rai/copilot-dotcom-feedback-collection.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** The ability to provide feedback to {% data variables.product.prodname_dotcom %} about {% data variables.product.prodname_copilot_for_prs %} is dependent on enterprise settings. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise-features#enabling-or-disabling-github-copilot-enterprise-features-for-an-enterprise)."
-
-{% endnote %}
+> [!NOTE] The ability to provide feedback to {% data variables.product.prodname_dotcom %} about {% data variables.product.prodname_copilot_for_prs %} is dependent on enterprise settings. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)."
diff --git a/data/reusables/rai/copilot/about-copilot-chat-ide.md b/data/reusables/rai/copilot/about-copilot-chat-ide.md
index 58fe0e8bd702..9c7508bf52bc 100644
--- a/data/reusables/rai/copilot/about-copilot-chat-ide.md
+++ b/data/reusables/rai/copilot/about-copilot-chat-ide.md
@@ -1,6 +1,6 @@
## About {% data variables.product.prodname_copilot_chat %}
-{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_dotcom_the_website %} and supported IDEs. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)", "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)," and "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)."
+{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_dotcom_the_website %} and supported IDEs. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. For more information, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)."
{% data variables.product.prodname_copilot_chat %} can answer a wide range of coding-related questions on topics including syntax, programming concepts, test cases, debugging, and more. {% data variables.product.prodname_copilot_chat %} is not designed to answer non-coding questions or provide general information on topics outside of coding.
diff --git a/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md b/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md
index 7f14ef50d88a..d1d7a8eaf2bf 100644
--- a/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md
+++ b/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md
@@ -21,7 +21,7 @@ The response generated by {% data variables.product.prodname_copilot_chat_short
The options available to you in {% data variables.product.prodname_copilot_mobile_short %} vary depending on the {% data variables.product.prodname_copilot %} plan you are using.
* Only people with a {% data variables.product.prodname_copilot_enterprise %} subscription can access and have conversations using the data from private indexed repositories.
-* If you have a {% data variables.product.prodname_copilot_enterprise %} subscription and you have enabled Bing search integration (beta), {% data variables.product.prodname_copilot_mobile_short %} may respond using information based on the results of a Bing search. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-features-on-githubcom){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+* If you have a {% data variables.product.prodname_copilot_enterprise %} subscription and you have enabled Bing search integration (beta), {% data variables.product.prodname_copilot_mobile_short %} may respond using information based on the results of a Bing search. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
* In addition to general coding conversations or conversations about a single file, people with a {% data variables.product.prodname_copilot_individuals_short %} subscription have the ability to discuss top popular public repositories using embeddings.
If you do not have a {% data variables.product.prodname_copilot %} subscription, you can purchase a {% data variables.product.prodname_copilot_individuals_short %} subscription directly in the iOS version of {% data variables.product.prodname_mobile %}, or in the Google Play Store for the Android version of {% data variables.product.prodname_mobile %}.
diff --git a/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md b/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md
index 94561ca7726e..b493506aa134 100644
--- a/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md
+++ b/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md
@@ -6,6 +6,6 @@
When you use the `@github` chat participant, {% data variables.product.prodname_copilot_chat %} can use a Bing search to help answer your question if this has been enabled by your administrator.
-Your {% data variables.product.prodname_enterprise %} administrator can enable Bing for your whole enterprise, or can delegate this decision to the organizational administrator. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-features-on-githubcom)."
+Your {% data variables.product.prodname_enterprise %} administrator can enable Bing for your whole enterprise, or can delegate this decision to the organizational administrator. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise)."
When leveraging Bing, {% data variables.product.prodname_copilot_short %} will use the content of your prompt, as well as additional available context, to generate a Bing search query on your behalf that is sent to the Bing Search API. {% data variables.product.prodname_copilot_short %} will provide a link to the search results with its response. The search query sent to Bing is governed by [Microsoft's Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement).
diff --git a/data/reusables/rai/copilot/enterprise-fpt-link.md b/data/reusables/rai/copilot/enterprise-fpt-link.md
index ff639beaaf96..c1eed7af89fd 100644
--- a/data/reusables/rai/copilot/enterprise-fpt-link.md
+++ b/data/reusables/rai/copilot/enterprise-fpt-link.md
@@ -1,5 +1 @@
-{% note %}
-
-**Note:** You are currently viewing the documentation for Free, Pro, and Team plans. {% data variables.product.prodname_copilot_enterprise %} is only available to customers on the {% data variables.product.prodname_ghe_cloud %} plan. For full documentation of {% data variables.product.prodname_copilot_enterprise_short %}, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise)." in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
-{% endnote %}
+> [!NOTE] You are currently viewing the documentation for Free, Pro, and Team plans. {% data variables.product.prodname_copilot_enterprise %} is only available to customers on the {% data variables.product.prodname_ghe_cloud %} plan. For full documentation of {% data variables.product.prodname_copilot_enterprise_short %}, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise)." in the {% data variables.product.prodname_ghe_cloud %} documentation.
diff --git a/data/reusables/rai/secret-scanning/beta-custom-pattern-regular-expression-generator.md b/data/reusables/rai/secret-scanning/beta-custom-pattern-regular-expression-generator.md
deleted file mode 100644
index ff90d3225ebf..000000000000
--- a/data/reusables/rai/secret-scanning/beta-custom-pattern-regular-expression-generator.md
+++ /dev/null
@@ -1,18 +0,0 @@
-
-{% ifversion secret-scanning-custom-pattern-ai-generated %}
-
-{% note %}
-
-**Note:** The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is in beta. Functionality and documentation are subject to change.
-
-{% endnote %}
-
-{% elsif fpt %}
-
-{% note %}
-
-**Note:** The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is in beta. Functionality and documentation are subject to change. The feature is available for enterprise accounts that use {% data variables.product.prodname_GH_advanced_security %} on {% data variables.product.prodname_ghe_cloud %}.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/release-notes/.2024-08-resolvconf-wont-start.md.swp b/data/reusables/release-notes/.2024-08-resolvconf-wont-start.md.swp
new file mode 100644
index 000000000000..ad1d97a73f96
Binary files /dev/null and b/data/reusables/release-notes/.2024-08-resolvconf-wont-start.md.swp differ
diff --git a/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md b/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md
index b10b2eef3744..4c4e63915e5c 100644
--- a/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md
+++ b/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md
@@ -1,10 +1,10 @@
-In GitHub Enterprise Server 3.10 and later, the requirements for TLS security levels have changed due to an upgrade to containers in the underlying OS. {% ifversion ghes < 3.10 %}After upgrading from GitHub Enterprise Server {{ allVersions[currentVersion].currentRelease }}, on{% elsif ghes > 3.9 %}On{% endif %} an instance with GitHub Actions enabled and a custom TLS certificate, users may experience disruptions with workflow runs if the TLS certificate uses weak encryption. Workflow runs will not trigger, and the following error message will appear in system logs for `babeld`.
+In GitHub Enterprise Server 3.10 and later, the requirements for TLS security levels have changed due to an upgrade to containers in the underlying OS. On an instance with GitHub Actions enabled and a custom TLS certificate, users may experience disruptions with workflow runs if the TLS certificate uses weak encryption. Workflow runs will not trigger, and the following error message will appear in system logs for `babeld`.
```text
CA certificate key too weak
```
To resolve this issue, confirm that your certificate complies
-with level 2 of the OpenSSL security specification. For more information, see [SSL_CTX_set_security_level](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR) in the OpenSSL docs. For more information about reviewing your instance's logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs#system-logs-in-the-systemd-journal)".
+with level 2 of the OpenSSL security specification. For more information, see [SSL_CTX_set_security_level](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR) in the OpenSSL docs. For more information about reviewing your instance's logs, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs#system-logs-in-the-systemd-journal)".
If the error appears in `babeld` logs because your TLS certificate does not comply with level 2 of the specification, you must create and upload a new certificate with stronger security before you upgrade to GitHub Enterprise Server 3.10 or later. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/configuring-tls)."
diff --git a/data/reusables/release-notes/2023-12-networking-issue-in-ghes-3-11-1.md b/data/reusables/release-notes/2023-12-networking-issue-in-ghes-3-11-1.md
index aa6e29a55786..d21b23ab57d9 100644
--- a/data/reusables/release-notes/2023-12-networking-issue-in-ghes-3-11-1.md
+++ b/data/reusables/release-notes/2023-12-networking-issue-in-ghes-3-11-1.md
@@ -1,3 +1,3 @@
-[Hotpatch upgrades](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-a-hotpatch) from GitHub Enterprise Server version `3.11.0` to `3.11.1` will result in the appliance losing network connectivity after a reboot.
+[Hotpatch upgrades](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-a-hotpatch) from GitHub Enterprise Server version `3.11.0` to `3.11.1` will result in the appliance losing network connectivity after a reboot.
If you have upgraded to GitHub Enterprise Server `3.11.1` from `3.11.0` using a hotpatch upgrade, please contact [GitHub Support](https://support.github.com/) for assistance.
If you have upgraded directly to GitHub Enterprise Server `3.11.1` from previous versions (for example, from any version of GitHub Enterprise Server in the 3.9 or 3.10 series), your instance is not affected by this issue.
diff --git a/data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md b/data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md
index e0a38525731d..18239c0d9bef 100644
--- a/data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md
+++ b/data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md
@@ -3,10 +3,8 @@ is upgraded as part of a hotpatch upgrade to a {% data variables.product.prodnam
These elevated error rates should resolve within 5 minutes of the hotpatch being applied.
Please note, when performing a hotpatch upgrade to
-{% ifversion ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.7 or higher
-{% elsif ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.4 or higher
+{% ifversion ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.4 or higher
{% elsif ghes = 3.11 %} {% data variables.product.prodname_ghe_server %} version 3.11.1 or higher
{% endif %} you will encounter this known issue only if you are hotpatching from
-{% ifversion ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.6 or lower
-{% elsif ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.3 or lower
+{% ifversion ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.3 or lower
{% elsif ghes = 3.11 %} {% data variables.product.prodname_ghe_server %} version 3.11.0{% endif %}.
diff --git a/data/reusables/release-notes/2024-08-resolvconf-wont-start.md b/data/reusables/release-notes/2024-08-resolvconf-wont-start.md
new file mode 100644
index 000000000000..5b8a6540e1d0
--- /dev/null
+++ b/data/reusables/release-notes/2024-08-resolvconf-wont-start.md
@@ -0,0 +1,16 @@
+On boot, the `resolvconf` service may fail to start because the `/run/resolvconf` directory does not exist when the service attempts to `touch` a file there, with the error:
+
+```shell
+/bin/touch: cannot touch '/run/resolvconf/postponed-update': No such file or directory
+```
+
+If this occurs, workaround this issue with the following commands — this change will persist on reboots, but not upgrades:
+
+```shell
+sudo sed -i.bak \
+'/\[Service\]/a ExecStartPre\=\/bin\/mkdir \-p \/run\/resolvconf' \
+/etc/systemd/system/resolvconf.service.d/local.conf
+
+sudo systemctl daemon-reload
+sudo systemctl start resolvconf
+```
diff --git a/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md b/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md
index ce6e9cc8944e..0f0bb540a84d 100644
--- a/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md
+++ b/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md
@@ -1 +1 @@
-After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
+After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
diff --git a/data/reusables/release-notes/scim-in-3-6-series.md b/data/reusables/release-notes/scim-in-3-6-series.md
index 09bbd6bef709..81c035702f26 100644
--- a/data/reusables/release-notes/scim-in-3-6-series.md
+++ b/data/reusables/release-notes/scim-in-3-6-series.md
@@ -1 +1 @@
-Releases in the 3.6 series of GitHub Enterprise Server are no longer suitable for testing SCIM. To continue using the private beta of SCIM, upgrade your instance to version 3.7.3 or later. For more information, see "[Upgrading GitHub Enterprise Server](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+Releases in the 3.6 series of GitHub Enterprise Server are no longer suitable for testing SCIM. To continue using the private beta of SCIM, upgrade your instance to version 3.7.3 or later. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
diff --git a/data/reusables/repositories/create-pull-request.md b/data/reusables/repositories/create-pull-request.md
index 705771b6ccf3..ca33d46b5c42 100644
--- a/data/reusables/repositories/create-pull-request.md
+++ b/data/reusables/repositories/create-pull-request.md
@@ -1,2 +1,2 @@
1. To create a pull request that is ready for review, click **Create Pull Request**.
-To create a draft pull request, use the drop-down and select **Create Draft Pull Request**, then click **Draft Pull Request**. For more information about draft pull requests, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests#draft-pull-requests)."
+To create a draft pull request, use the drop-down and select **Create Draft Pull Request**, then click **Draft Pull Request**. If you are the member of an organization, you may need to request access to draft pull requests from an organization owner. See "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests#draft-pull-requests)."
diff --git a/data/reusables/repositories/navigate-to-repo.md b/data/reusables/repositories/navigate-to-repo.md
index 6069ceab1fce..61741cb65766 100644
--- a/data/reusables/repositories/navigate-to-repo.md
+++ b/data/reusables/repositories/navigate-to-repo.md
@@ -1 +1 @@
-1. On {% data variables.location.product_location %}, navigate to the main page of the repository.
+1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of the repository.
diff --git a/data/reusables/repositories/repositories-insights-graphs-download-steps.md b/data/reusables/repositories/repositories-insights-graphs-download-steps.md
new file mode 100644
index 000000000000..47b27ef8988a
--- /dev/null
+++ b/data/reusables/repositories/repositories-insights-graphs-download-steps.md
@@ -0,0 +1,2 @@
+1. Optionally, to view the graph as a table, in the top-right corner of the graph, click {% octicon "kebab-horizontal" aria-label="Chart options" %}. Then click **View as table**.
+1. Optionally, to download a CSV or PNG, in the top-right corner of the graph, click {% octicon "kebab-horizontal" aria-label="Chart options" %}. Then click **Download CSV** or **Download PNG**.
diff --git a/data/reusables/repositories/you-can-fork.md b/data/reusables/repositories/you-can-fork.md
index 6b99dabb8ca7..085a45dc1404 100644
--- a/data/reusables/repositories/you-can-fork.md
+++ b/data/reusables/repositories/you-can-fork.md
@@ -1,5 +1,5 @@
{% ifversion ghes or ghec %}
-You can fork a private or internal repository to your personal account or to an organization on {% data variables.location.product_location %} where you have permission to create repositories, provided that the settings for the repository and your enterprise policies allow forking. Generally, you can fork any public repository to your personal account or to an organization where you have permission to create repositories{% ifversion ghec %}, unless you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}{% endif %}.
+You can fork a private or internal repository to your personal account or to an organization on {% data variables.product.prodname_dotcom %} where you have permission to create repositories, provided that the settings for the repository and your enterprise policies allow forking. Generally, you can fork any public repository to your personal account or to an organization where you have permission to create repositories{% ifversion ghec %}, unless you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}{% endif %}.
{% elsif fpt %}
You can fork any public repository to your personal account, or to an organization where you have permission to create repositories. If you have access to a private repository and the owner permits forking, you can fork the repository to your personal account, or to an organization on {% data variables.product.prodname_team %} where you have permission to create repositories. You cannot fork a private repository to an organization using {% data variables.product.prodname_free_team %}. For more information about {% data variables.product.prodname_team %} and {% data variables.product.prodname_free_team %}, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)."
diff --git a/data/reusables/saml/about-saml-access-enterprise-account.md b/data/reusables/saml/about-saml-access-enterprise-account.md
index 08cacea2fac1..ec59317aaa79 100644
--- a/data/reusables/saml/about-saml-access-enterprise-account.md
+++ b/data/reusables/saml/about-saml-access-enterprise-account.md
@@ -1 +1 @@
-To access each organization's resources on {% data variables.product.product_name %}, the member must have an active SAML session in their browser. To access each organization's protected resources using the API and Git, the member must use a {% data variables.product.pat_generic %} or SSH key that the member has authorized for use with the organization. Enterprise owners can view and revoke a member's linked identity, active sessions, or authorized credentials at any time.
+To access each organization's resources on {% data variables.product.product_name %}, the member must have an active SAML session in their browser.{% ifversion ghec %} To access each organization's protected resources using the API and Git, the member must use a {% data variables.product.pat_generic %} or SSH key that the member has authorized for use with the organization.{% endif %} Enterprise owners can view and revoke a member's {% ifversion ghec %}linked identity, active sessions, or authorized credentials{% else %}active SAML sessions{% endif %} at any time.
diff --git a/data/reusables/saml/create-a-machine-user.md b/data/reusables/saml/create-a-machine-user.md
index 337aa42bca5d..bfceee863d6d 100644
--- a/data/reusables/saml/create-a-machine-user.md
+++ b/data/reusables/saml/create-a-machine-user.md
@@ -1 +1 @@
-You must create and use a dedicated machine user account on your IdP to associate with {%ifversion scim-for-ghes %}an{% endif %} enterprise owner account on {% data variables.product.product_name %}. Store the credentials for the user account securely in a password manager. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise#enabling-user-provisioning-for-your-enterprise)."
+You must create and use a dedicated machine user account on your IdP to associate with an enterprise owner account on {% data variables.product.product_name %}. Store the credentials for the user account securely in a password manager. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise#enabling-user-provisioning-for-your-enterprise)."
diff --git a/data/reusables/saml/idp-saml-and-scim-explanation.md b/data/reusables/saml/idp-saml-and-scim-explanation.md
index d0444b7dadce..84876b521dfc 100644
--- a/data/reusables/saml/idp-saml-and-scim-explanation.md
+++ b/data/reusables/saml/idp-saml-and-scim-explanation.md
@@ -1,5 +1 @@
-When you use an IdP for IAM on {% data variables.product.product_name %}, SAML SSO controls and secures access to enterprise resources like repositories, issues, and pull requests. SCIM automatically creates user accounts and manages access to {% data variables.location.product_location %} when you make changes on the IdP. You can also synchronize teams on {% data variables.product.product_name %} with groups on your IdP. For more information, see the following articles.
-
-* "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)"
-* "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)"
-* "[AUTOTITLE](/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group)"
+When you use an IdP for IAM on {% data variables.product.product_name %}, SAML SSO controls and secures access to enterprise resources like repositories, issues, and pull requests. SCIM automatically creates user accounts and manages access to {% data variables.location.product_location %} when you make changes on your IdP. You can also synchronize teams on {% data variables.product.product_name %} with groups on your IdP.
diff --git a/data/reusables/scim/after-you-configure-saml.md b/data/reusables/scim/after-you-configure-saml.md
index 3578b52e6705..bedc6f0e1fd6 100644
--- a/data/reusables/scim/after-you-configure-saml.md
+++ b/data/reusables/scim/after-you-configure-saml.md
@@ -1,3 +1,3 @@
By default, your IdP does not communicate with {% data variables.product.product_name %} automatically when you assign or unassign the application. {% data variables.product.product_name %} {% ifversion fpt or ghec %}provisions access to your resources on {% else %}creates a user account {% endif %}using SAML Just-in-Time (JIT) provisioning the first time someone navigates to {% ifversion fpt or ghec %}your resources on {% endif %} {% data variables.product.product_name %} and signs in by authenticating through your IdP. You may need to manually notify users when you grant access to {% data variables.product.product_name %}, and you must manually {% ifversion fpt or ghec %}deprovision access {% else %}deactivate the user account on {% endif %}{% data variables.product.product_name %} during offboarding.
-Alternatively, instead of SAML JIT provisioning, you can use SCIM to {% ifversion ghec %}provision or deprovision{% elsif scim-for-ghes %}create or suspend{% endif %} {% ifversion fpt or ghec %}access to organizations owned by your enterprise on {% data variables.product.prodname_dotcom %} {% else %}user accounts and grant or deny access to {% data variables.location.product_location %} {% endif %}automatically after you assign or unassign the application on your IdP.{% ifversion scim-for-ghes %} SCIM for {% data variables.product.product_name %} is currently in private beta and is subject to change.{% endif %}
+Alternatively, instead of SAML JIT provisioning, you can use SCIM to {% ifversion ghec %}provision or deprovision{% elsif ghes %}create or suspend{% endif %} {% ifversion fpt or ghec %}access to organizations owned by your enterprise on {% data variables.product.prodname_dotcom %} {% else %}user accounts and grant or deny access to {% data variables.location.product_location %} {% endif %}automatically after you assign or unassign the application on your IdP.{% ifversion ghes %} SCIM for {% data variables.product.product_name %} is currently in {% ifversion scim-for-ghes-public-beta %}public{% else %}private{% endif %} beta and is subject to change.{% endif %}
diff --git a/data/reusables/scim/emu-scim-rate-limit-details.md b/data/reusables/scim/emu-scim-rate-limit-details.md
index ac97e2158f4d..ecc04ae90125 100644
--- a/data/reusables/scim/emu-scim-rate-limit-details.md
+++ b/data/reusables/scim/emu-scim-rate-limit-details.md
@@ -1 +1,5 @@
+{% ifversion ghec %}
To avoid exceeding the rate limit on {% data variables.product.product_name %}, do not assign more than 1,000 users per hour to the SCIM integration on your IdP. If you use groups to assign users to the IdP application, do not add more than 1,000 users to each group per hour. If you exceed these thresholds, attempts to provision users may fail with a "rate limit" error. You can review your IdP logs to confirm if attempted SCIM provisioning or push operations failed due to a rate limit error. The response to a failed provisioning attempt will depend on the IdP.
+{% elsif ghes %}
+A site administrator may have enabled API rate limits on your instance. If you exceed these thresholds, attempts to provision users may fail with a "rate limit" error. You can review your IdP logs to confirm if attempted SCIM provisioning or push operations failed due to a rate limit error. The response to a failed provisioning attempt will depend on the IdP.
+{% endif %}
diff --git a/data/reusables/scim/ghes-beta-note.md b/data/reusables/scim/ghes-beta-note.md
index f99cca885437..45c009bcdb23 100644
--- a/data/reusables/scim/ghes-beta-note.md
+++ b/data/reusables/scim/ghes-beta-note.md
@@ -1,15 +1,11 @@
-{% ifversion scim-for-ghes %}
+{% ifversion scim-for-ghes-public-beta %}
-{% note %}
+>[!NOTE] SCIM for {% data variables.product.product_name %} is currently in public beta and subject to change. {% data variables.product.company_short %} recommends testing with a staging instance first. See "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
-**Note:** SCIM for {% data variables.product.product_name %} is currently in private beta and is subject to change. For access to the beta, contact your account manager on {% data variables.contact.contact_enterprise_sales %}. Please provide feedback in the [{% data variables.product.prodname_github_community %} discussion](https://github.com/orgs/community/discussions/36825).
+{% elsif ghes < 3.14 %}
-{% endnote %}
+>[!NOTE] SCIM for {% data variables.product.product_name %} is currently in private beta and is subject to change. For access to the beta, contact your account manager on {% data variables.contact.contact_enterprise_sales %}. Please provide feedback in the [{% data variables.product.prodname_github_community %} discussion](https://github.com/orgs/community/discussions/36825).
-{% warning %}
-
-**Warning:** The beta is exclusively for testing and feedback, and no support is available. {% data variables.product.company_short %} recommends testing with a staging instance. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
-
-{% endwarning %}
+>[!WARNING] The beta is exclusively for testing and feedback, and no support is available. {% data variables.product.company_short %} recommends testing with a staging instance. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
{% endif %}
diff --git a/data/reusables/scim/ghes-scim-beta-note.md b/data/reusables/scim/ghes-scim-beta-note.md
deleted file mode 100644
index f5d3702ed50c..000000000000
--- a/data/reusables/scim/ghes-scim-beta-note.md
+++ /dev/null
@@ -1,9 +0,0 @@
-{% ifversion scim-for-ghes %}
-
-{% note %}
-
-**Note:** SCIM support for the following IdPs is currently in private beta and is subject to change.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/scim/ghes-scim-idp-table.md b/data/reusables/scim/ghes-scim-idp-table.md
deleted file mode 100644
index cc4cf30439de..000000000000
--- a/data/reusables/scim/ghes-scim-idp-table.md
+++ /dev/null
@@ -1,7 +0,0 @@
-{% ifversion scim-for-ghes %}
-
-IdP | SAML | User provisioning | Team mapping|
---- | --- | ---------------- | --------- |
-[Microsoft Entra ID](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad) (previously known as Azure AD) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}| {% octicon "check" aria-label="Supported" %} |
-
-{% endif %}
diff --git a/data/reusables/scim/public-scim-put-or-patch-group-audit-log-events.md b/data/reusables/scim/public-scim-put-or-patch-group-audit-log-events.md
index 714bea5f175b..43050093d416 100644
--- a/data/reusables/scim/public-scim-put-or-patch-group-audit-log-events.md
+++ b/data/reusables/scim/public-scim-put-or-patch-group-audit-log-events.md
@@ -1 +1 @@
-
`external_group.update`
If request updates the group's name, `external_group.update_display_name`
If request adds a user to the group, `external_group.add_member`
If request removes a user from the group, `external_group.remove_member`
Additional events may appear in the audit log depending on whether the user is already a member of the organization with the team that you linked to the IdP group. For more information, see "[Additional audit log events for changes to IdP groups](#additional-audit-log-events-for-changes-to-idp-groups)."
+
`external_group.update`
If request updates the group's name, `external_group.update_display_name`
If request adds a user to the group, `external_group.add_member`
If request removes a user from the group, `external_group.remove_member`
{% ifversion ghes %}
If request succeeds, `external_group.scim_api_success`
If request fails, `external_group.scim_api_failure`
{% endif %}
Additional events may appear in the audit log depending on whether the user is already a member of the organization with the team that you linked to the IdP group. For more information, see "[Additional audit log events for changes to IdP groups](#additional-audit-log-events-for-changes-to-idp-groups)."
`external_identity.update`, unless soft-deprovisioning or reprovisioning
If request adds the `enterprise_owner` role, `business.add_admin`
If request adds the `billing_manager`, `business.add_billing_manager`
If request removes the `enterprise_owner` role, `business.remove_admin`
If request removes the `billing_manager` role, `business.remove_billing_manager`
+
`external_identity.update`, unless soft-deprovisioning or reprovisioning
If request adds the `enterprise_owner` role, `business.add_admin`
If request adds the `billing_manager`, `business.add_billing_manager`
If request removes the `enterprise_owner` role, `business.remove_admin`
If request removes the `billing_manager` role, `business.remove_billing_manager`
{% ifversion ghes %}
If request succeeds, `external_identity.scim_api_success`
If request fails, `external_identity.scim_api_failure`
{% endif %}
diff --git a/data/reusables/scim/scim-standard-prerequisite.md b/data/reusables/scim/scim-standard-prerequisite.md
index eef6499e28fc..0233eb0adbb2 100644
--- a/data/reusables/scim/scim-standard-prerequisite.md
+++ b/data/reusables/scim/scim-standard-prerequisite.md
@@ -1,4 +1,4 @@
-To provision users and groups with {% data variables.product.prodname_dotcom %}'s REST API, your identity management system must support the SCIM 2.0 standard. For more information, see the following RFCs on the IETF website.
+* To provision users and groups with {% data variables.product.prodname_dotcom %}'s REST API, your identity management system must support the SCIM 2.0 standard. For more information, see the following RFCs on the IETF website.
* [RFC 7642: Definitions, Overview, Concepts, and Requirements](https://tools.ietf.org/html/rfc7642)
* [RFC 7643: Core Schema](https://tools.ietf.org/html/rfc7643)
diff --git a/data/reusables/scim/use-pat-from-setup-user.md b/data/reusables/scim/use-pat-from-setup-user.md
index 7f5425a5ce84..3d8ec668756d 100644
--- a/data/reusables/scim/use-pat-from-setup-user.md
+++ b/data/reusables/scim/use-pat-from-setup-user.md
@@ -1 +1 @@
-{% data variables.product.company_short %} recommends that you only authenticate requests with Okta's SCIM application using a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **admin:enterprise** scope. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
+{% data variables.product.company_short %} recommends that you only authenticate requests with Okta's SCIM application using a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **admin:enterprise** scope. For more information, see "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users#create-a-personal-access-token)."
diff --git a/data/reusables/search/code-nav-supported-languages.md b/data/reusables/search/code-nav-supported-languages.md
index d117e1a9d201..a3d42ca17a52 100644
--- a/data/reusables/search/code-nav-supported-languages.md
+++ b/data/reusables/search/code-nav-supported-languages.md
@@ -12,6 +12,7 @@
* PHP
* Protocol Buffers
* Python
+* R
* Ruby
* Rust
* Scala
diff --git a/data/reusables/secret-scanning/alert-type-links.md b/data/reusables/secret-scanning/alert-type-links.md
new file mode 100644
index 000000000000..d7c998acc2e2
--- /dev/null
+++ b/data/reusables/secret-scanning/alert-type-links.md
@@ -0,0 +1 @@
+For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts){% elsif ghes %}"[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-secret-scanning-alerts){% endif %}."
diff --git a/data/reusables/secret-scanning/alert-types.md b/data/reusables/secret-scanning/alert-types.md
new file mode 100644
index 000000000000..9a7b0cdbceef
--- /dev/null
+++ b/data/reusables/secret-scanning/alert-types.md
@@ -0,0 +1,5 @@
+There are {% ifversion fpt or ghec %}three{% else %}two{% endif %} types of {% data variables.secret-scanning.alerts %}:
+
+* **{% ifversion fpt or ghec %}User alerts{% else %}{% data variables.secret-scanning.alerts_caps %}{% endif %}**: Reported to users in the **Security** tab of the repository, when a supported secret is detected in the repository.
+* **Push protection alerts**: Reported to users in the **Security** tab of the repository, when a contributor bypasses push protection. {% ifversion fpt or ghec %}
+* **Partner alerts**: Reported directly to secret providers that are part of {% data variables.product.prodname_secret_scanning %}'s partner program. These alerts are not reported in the **Security** tab of the repository.{% endif %}
diff --git a/data/reusables/secret-scanning/beta-custom-pattern-regular-expression-generator.md b/data/reusables/secret-scanning/beta-custom-pattern-regular-expression-generator.md
deleted file mode 100644
index fafe6ca73283..000000000000
--- a/data/reusables/secret-scanning/beta-custom-pattern-regular-expression-generator.md
+++ /dev/null
@@ -1,18 +0,0 @@
-
-{% ifversion secret-scanning-custom-pattern-ai-generated %}
-
-{% note %}
-
-**Note:** The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is in beta. Functionality and documentation are subject to change.
-
-{% endnote %}
-
-{% elsif fpt %}
-
-{% note %}
-
-**Note:** The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is in beta. Functionality and documentation are subject to change. The feature is available for enterprise accounts that use {% data variables.product.prodname_GH_advanced_security %} on {% data variables.product.prodname_ghe_cloud %}.
-
-{% endnote %}
-
-{% endif %}
diff --git a/data/reusables/secret-scanning/beta-prs-discussions-wikis-scanned.md b/data/reusables/secret-scanning/beta-prs-discussions-wikis-scanned.md
index be8568d26d38..f5dce90b7421 100644
--- a/data/reusables/secret-scanning/beta-prs-discussions-wikis-scanned.md
+++ b/data/reusables/secret-scanning/beta-prs-discussions-wikis-scanned.md
@@ -1,3 +1,4 @@
+{% ifversion ghes < 3.15 %}
{% ifversion secret-scanning-enhancements-wikis or ifversion secret-scanning-enhancements-prs-discussions %}
{% note %}
@@ -7,3 +8,4 @@
{% endnote %}
{% endif %}
+{% endif %}
diff --git a/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md b/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md
index 86eb07c62173..ce395820816e 100644
--- a/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md
+++ b/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md
@@ -2,7 +2,7 @@
{% note %}
-**Note:** Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for {% data variables.location.product_location %} before you can use this feature. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)."
+**Note:** Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for the instance before you can use this feature. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)."
You may not be able to enable or disable {% data variables.product.prodname_secret_scanning %}, if an enterprise owner has set a policy at the enterprise level. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
diff --git a/data/reusables/secret-scanning/link-to-push-protection.md b/data/reusables/secret-scanning/link-to-push-protection.md
index eb0f3fee21ad..5975dd27ff60 100644
--- a/data/reusables/secret-scanning/link-to-push-protection.md
+++ b/data/reusables/secret-scanning/link-to-push-protection.md
@@ -1 +1 @@
-You can configure {% data variables.product.prodname_secret_scanning %} to check pushes for custom patterns before commits are merged into the default branch. For more information, see "[Enabling push protection for a custom pattern](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-push-protection-for-a-custom-pattern)."
+You can configure {% data variables.product.prodname_secret_scanning %} to check pushes for custom patterns before commits are merged into the default branch. For more information, see "[Enabling push protection for a custom pattern](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns#enabling-push-protection-for-a-custom-pattern)."
diff --git a/data/reusables/secret-scanning/partner-program-link.md b/data/reusables/secret-scanning/partner-program-link.md
index b91d5761706b..4d358da42e48 100644
--- a/data/reusables/secret-scanning/partner-program-link.md
+++ b/data/reusables/secret-scanning/partner-program-link.md
@@ -1,5 +1,5 @@
{% ifversion fpt or ghec %}
-To find out about our partner program, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partner-program)."
+To find out about our partner program, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)."
{% else %}
-To find out about our partner program, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-partner-program)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+To find out about our partner program, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
{% endif %}
diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md
new file mode 100644
index 000000000000..cffdc83e633d
--- /dev/null
+++ b/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md
@@ -0,0 +1 @@
+Delegated bypass for push protection lets you define contributors who can bypass push protection and adds an approval process for other contributors.
diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md
new file mode 100644
index 000000000000..d0e858288136
--- /dev/null
+++ b/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md
@@ -0,0 +1,13 @@
+When you enable push protection, by default, anyone with write access to the repository can choose to bypass the protection by specifying a reason for allowing the push containing a secret. With delegated bypass, only specific roles and teams can bypass push protection. All other contributors are instead obligated to make a request for "bypass privileges", which is sent to a designated group of reviewers who either approve or deny the request to bypass push protection.
+
+If the request to bypass push protection is approved, the contributor can push the commit containing the secret. If the request is denied, the contributor must remove the secret from the commit (or commits) containing the secret before pushing again.
+
+To configure delegated bypass, organization owners or repository administrators must change the "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}" setting in the UI from **Anyone with write access** to **Specific roles and teams**.
+
+Organization owners or repository administrators are then prompted to create a "bypass list". The bypass list comprises the specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)."
+
+{% ifversion push-protection-bypass-fine-grained-permissions %} Alternatively, instead of creating a bypass list, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %}
+
+Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review (approve or deny) bypass requests can manage these {% else %}of the bypass list can review and manage {% endif %}requests through the "Push protection bypass" page in the **Security** tab of the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)."
+
+Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list {% endif %}do not have to request bypass privileges from other members in order to override the block.
diff --git a/data/reusables/secret-scanning/push-protection-for-users.md b/data/reusables/secret-scanning/push-protection-for-users.md
index e9b8d79ef0c5..24e1b6ec94ac 100644
--- a/data/reusables/secret-scanning/push-protection-for-users.md
+++ b/data/reusables/secret-scanning/push-protection-for-users.md
@@ -1 +1 @@
-Additionally, push protection _for users_ automatically protects you from accidentally committing secrets to public repositories, regardless of whether the repository has {% data variables.product.prodname_secret_scanning %} enabled. Push protection for users is on by default, but you can disable the feature at any time through your personal account settings. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)."
+Additionally, push protection _for users_ automatically protects you from accidentally committing secrets to public repositories, regardless of whether the repository has {% data variables.product.prodname_secret_scanning %} enabled. Push protection for users is on by default, but you can disable the feature at any time through your personal account settings. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."
diff --git a/data/reusables/secret-scanning/push-protection-overview.md b/data/reusables/secret-scanning/push-protection-overview.md
index 72c31dfbf92d..09f4bf7aca5d 100644
--- a/data/reusables/secret-scanning/push-protection-overview.md
+++ b/data/reusables/secret-scanning/push-protection-overview.md
@@ -1 +1 @@
-When you enable push protection for your organization or repository, {% data variables.product.prodname_secret_scanning %} also checks pushes for supported secrets. {% data variables.product.prodname_secret_scanning_caps %} lists any secrets it detects so the author can review the secrets and remove them or, if {% ifversion push-protection-delegated-bypass %} permitted{%else%}needed{% endif %}, allow those secrets to be pushed.
+When you enable push protection for your organization or repository, {% data variables.product.prodname_secret_scanning %} also checks pushes for supported secrets. {% data variables.product.prodname_secret_scanning_caps %} lists any secrets it detects so the author can review the secrets and remove them or, if {% ifversion push-protection-delegated-bypass %} permitted{% else %}needed{% endif %}, allow those secrets to be pushed.
diff --git a/data/reusables/secret-scanning/push-protection-public-repos-bypass.md b/data/reusables/secret-scanning/push-protection-public-repos-bypass.md
index c44f50bed0ae..f30147f861dc 100644
--- a/data/reusables/secret-scanning/push-protection-public-repos-bypass.md
+++ b/data/reusables/secret-scanning/push-protection-public-repos-bypass.md
@@ -6,7 +6,7 @@
When pushing to a _public_ repository that doesn't have secret scanning enabled, you are still protected from accidentally pushing secrets thanks to _push protection for users_, which is on by default for your user account.
- With push protection for users, GitHub will automatically block pushes to public repositories if these pushes contain supported secrets, but you won't need to specify a reason for allowing the secret, and {% data variables.product.prodname_dotcom %} won't generate an alert. For more information, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-users)."
+ With push protection for users, GitHub will automatically block pushes to public repositories if these pushes contain supported secrets, but you won't need to specify a reason for allowing the secret, and {% data variables.product.prodname_dotcom %} won't generate an alert. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)."
{% endnote %}
diff --git a/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md b/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md
index f0322232bb00..30528001d260 100644
--- a/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md
+++ b/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md
@@ -1 +1 @@
-{% ifversion secret-scanning-user-owned-repos %}{% ifversion ghes %}Enterprise owners{% else %}Owners of an enterprise with {% data variables.product.prodname_emus %}{% endif %} can manage the automatic enablement of {% data variables.product.prodname_GH_advanced_security %} features such as {% data variables.product.prodname_secret_scanning %} for new user-owned repositories with an enterprise level setting. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."{% endif %}
+{% ifversion secret-scanning-user-owned-repos %}{% ifversion ghes %}Enterprise owners{% else %}Owners of an enterprise with {% data variables.product.prodname_emus %}{% endif %} can manage the automatic enablement of {% data variables.product.prodname_GH_advanced_security %} features such as {% data variables.product.prodname_secret_scanning %} for new user-owned repositories with an enterprise level setting. See "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."{% endif %}
diff --git a/data/reusables/secret-scanning/validity-check-partner-patterns-beta.md b/data/reusables/secret-scanning/validity-check-partner-patterns-beta.md
deleted file mode 100644
index 21be634705fd..000000000000
--- a/data/reusables/secret-scanning/validity-check-partner-patterns-beta.md
+++ /dev/null
@@ -1,2 +0,0 @@
-> [!NOTE]
-> Validity checks for partner patterns is currently in beta and subject to change.
diff --git a/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md b/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md
index 74b46ac43a75..229a0e3fc2b3 100644
--- a/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md
+++ b/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md
@@ -1 +1 @@
-To be able to filter by validity status, you need to have validity checks for partner patterns enabled at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)," "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)," and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)."
+To be able to filter by validity status, you need to have validity checks for partner patterns enabled at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository)," "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)," and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)."
diff --git a/data/reusables/secret-scanning/validity-checks-intro.md b/data/reusables/secret-scanning/validity-checks-intro.md
new file mode 100644
index 000000000000..506c7a0dad62
--- /dev/null
+++ b/data/reusables/secret-scanning/validity-checks-intro.md
@@ -0,0 +1,3 @@
+Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. An `active` secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority.
+
+By default, {% data variables.product.company_short %} checks the validity of {% data variables.product.company_short %} tokens and displays the validitation status of the token in the alert view.
diff --git a/data/reusables/secret-scanning/view-custom-pattern.md b/data/reusables/secret-scanning/view-custom-pattern.md
index 01fb785318be..be93ccf9d8cd 100644
--- a/data/reusables/secret-scanning/view-custom-pattern.md
+++ b/data/reusables/secret-scanning/view-custom-pattern.md
@@ -1,3 +1,3 @@
1. Navigate to where the custom pattern was created. A custom pattern can be created in a repository, organization, or enterprise account.
- * For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](#defining-a-custom-pattern-for-an-organization)".
- * For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see "[Defining a custom pattern for an enterprise account](#defining-a-custom-pattern-for-an-enterprise-account)" above.
+ * For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)".
+ * For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see "[Defining a custom pattern for an enterprise account](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account)."
diff --git a/data/reusables/secret-scanning/what-is-scanned.md b/data/reusables/secret-scanning/what-is-scanned.md
index 0b605a1cae5e..57d883051026 100644
--- a/data/reusables/secret-scanning/what-is-scanned.md
+++ b/data/reusables/secret-scanning/what-is-scanned.md
@@ -1,4 +1,6 @@
-{% ifversion fpt or ghec or ghes > 3.10 %}Additionally, {% data variables.product.prodname_secret_scanning %} scans:{% ifversion secret-scanning-issue-body-comments %}
+{% ifversion fpt or ghec or ghes > 3.10 %}
+
+Additionally, {% data variables.product.prodname_secret_scanning %} scans:{% ifversion secret-scanning-issue-body-comments %}
* Descriptions and comments in issues{% endif %}{% ifversion secret-scanning-backfills-historical-issues %}
* Titles, descriptions, and comments, in open and closed _historical_ issues{% ifversion ghec %}. A notification is sent to the relevant partner when a historical partner pattern is detected.{% endif %}{% endif %}{% ifversion secret-scanning-enhancements-prs-discussions %}
* Titles, descriptions, and comments in pull requests
@@ -8,6 +10,7 @@
{% ifversion fpt or ghec %}
This additional scanning is free for public repositories.
{% endif %}
-{% endif %}
{% data reusables.secret-scanning.beta-prs-discussions-wikis-scanned %}
+
+{% endif %}
diff --git a/data/reusables/security-configurations/managing-GHAS-licenses.md b/data/reusables/security-configurations/managing-GHAS-licenses.md
index aec91d13d099..beaf38038c30 100644
--- a/data/reusables/security-configurations/managing-GHAS-licenses.md
+++ b/data/reusables/security-configurations/managing-GHAS-licenses.md
@@ -1 +1,2 @@
-With {% data variables.product.prodname_security_configurations %}, you can manage {% data variables.product.prodname_GH_advanced_security %} feature enablement and license usage for your organization. See "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage)."
+>[!NOTE]
+> With {% data variables.product.prodname_security_configurations %}, you can manage {% data variables.product.prodname_GH_advanced_security %} feature enablement and license usage for your organization. See "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage)."
diff --git a/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md b/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md
index 8d84e200bfe2..2328d27f162c 100644
--- a/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md
+++ b/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md
@@ -1,7 +1,6 @@
-{% note %}
+{% ifversion security-configurations-beta-only %}
-**Note:** {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. To provide feedback on these features, see the [feedback discussion](https://github.com/orgs/community/discussions/114519).
+>[!NOTE]
+> {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change.
-{% ifversion fpt or ghec %} To learn how to opt out of {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/get-started/using-github/exploring-early-access-releases-with-feature-preview#exploring-beta-releases-with-feature-preview)."{% endif %}
-
-{% endnote %}
+{% endif %}
diff --git a/data/reusables/security-configurations/security-configurations-beta-note-short.md b/data/reusables/security-configurations/security-configurations-beta-note-short.md
index 61fc6eaec85f..7474434556d1 100644
--- a/data/reusables/security-configurations/security-configurations-beta-note-short.md
+++ b/data/reusables/security-configurations/security-configurations-beta-note-short.md
@@ -1 +1 @@
-{% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change.
+{% ifversion security-configurations-beta-only %} {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. {% endif %}
diff --git a/data/reusables/security-configurations/security-configurations-beta-note.md b/data/reusables/security-configurations/security-configurations-beta-note.md
index 6d411a55c649..b6412d518b5f 100644
--- a/data/reusables/security-configurations/security-configurations-beta-note.md
+++ b/data/reusables/security-configurations/security-configurations-beta-note.md
@@ -1,5 +1,6 @@
-{% note %}
+{% ifversion security-configurations-beta-only %}
-**Note:** {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. To provide feedback on these features, see the [feedback discussion](https://github.com/orgs/community/discussions/114519).
+>[!NOTE]
+> {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. To provide feedback on these features, see the [feedback discussion](https://github.com/orgs/community/discussions/114519).
-{% endnote %}
+{% endif %}
diff --git a/data/reusables/security-overview/alert-differences.md b/data/reusables/security-overview/alert-differences.md
index 659876193524..97d4b2ce7514 100644
--- a/data/reusables/security-overview/alert-differences.md
+++ b/data/reusables/security-overview/alert-differences.md
@@ -1,9 +1,5 @@
{% ifversion secret-scanning-non-provider-patterns %}
-{% note %}
-
-**Note:** The summary views ({% ifversion security-overview-dashboard %}"Overview", {% endif %}"Coverage" and "Risk") show data only for high confidence alerts. {% ifversion security-overview-additional-tools %}{% data variables.product.prodname_secret_scanning_caps %} {% else %}{% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %}{% endif %} alerts for ignored directories and non-provider alerts are all omitted from these views. Consequently, the individual alert views may include a larger number of open and closed alerts.
-
-{% endnote %}
+>[!NOTE] The summary views ({% ifversion security-overview-dashboard %}"Overview", {% endif %}"Coverage" and "Risk") show data only for high confidence alerts. {% ifversion security-overview-additional-tools %}{% data variables.product.prodname_secret_scanning_caps %} {% else %}{% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %}{% endif %} alerts for ignored directories and non-provider alerts are all omitted from these views. Consequently, the individual alert views may include a larger number of open and closed alerts.
{% endif %}
diff --git a/data/reusables/security-overview/beta-overview-dashboard.md b/data/reusables/security-overview/beta-overview-dashboard.md
index 7d29a2dd10af..0083ec470369 100644
--- a/data/reusables/security-overview/beta-overview-dashboard.md
+++ b/data/reusables/security-overview/beta-overview-dashboard.md
@@ -1,9 +1 @@
-{% note %}
-
-{% ifversion security-overview-dashboard-enterprise %}
-**Note:** The security overview dashboard is currently in beta and subject to change.
-{% else %}
-**Note:** The security overview dashboard is available at the organization level. The dashboard is currently in beta and subject to change.
-{% endif %}
-
-{% endnote %}
+> [!NOTE] The security overview dashboard is currently in beta and subject to change.
diff --git a/data/reusables/security-overview/download-csv-files.md b/data/reusables/security-overview/download-csv-files.md
index 918cdd7a77f7..ef40b639fd8d 100644
--- a/data/reusables/security-overview/download-csv-files.md
+++ b/data/reusables/security-overview/download-csv-files.md
@@ -1 +1 @@
-You can download comma-separated values (CSV) files containing data from the risk and coverage pages of security overview. These files can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets.
+You can download comma-separated values (CSV) files containing data from the {% ifversion security-overview-export-dashboard-data %} overview, {% endif %}risk and coverage pages of your organization's security overview. These files can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets.
diff --git a/data/reusables/security-overview/enterprise-filters-tip.md b/data/reusables/security-overview/enterprise-filters-tip.md
new file mode 100644
index 000000000000..96826857b416
--- /dev/null
+++ b/data/reusables/security-overview/enterprise-filters-tip.md
@@ -0,0 +1,2 @@
+> [!TIP]
+> You can use the `owner` filter in the search field to filter the data by organization. {% ifversion ghec %}If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can use the `owner-type` filter to filter the data by the type of repository owner, so that you can view data from either organization-owned repositories or user-owned repositories. {% endif %}For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview#repository-owner-name-and-type-filters)."
diff --git a/data/reusables/security-overview/filter-secret-scanning-metrics.md b/data/reusables/security-overview/filter-secret-scanning-metrics.md
new file mode 100644
index 000000000000..813b810b707b
--- /dev/null
+++ b/data/reusables/security-overview/filter-secret-scanning-metrics.md
@@ -0,0 +1,3 @@
+1. You can use the options at the top of the page to filter the group of repositories that you want to see {% data variables.product.prodname_secret_scanning %} metrics for.
+ * Use the date picker to set the time range that you want to view metrics for. Note that the date used by the date picker corresponds to the date a secret was bypassed on.
+ * Click in the search box to add further filters on the {% data variables.product.prodname_secret_scanning %} metrics displayed. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
diff --git a/data/reusables/security-overview/settings-limitations.md b/data/reusables/security-overview/settings-limitations.md
index f993c80bfe4b..6dc3ca95fe90 100644
--- a/data/reusables/security-overview/settings-limitations.md
+++ b/data/reusables/security-overview/settings-limitations.md
@@ -4,7 +4,7 @@
**Notes:**
* Enabling {% data variables.product.prodname_code_scanning %} default setup _will not_ override any existing configurations of advanced setup for the selected repositories, but it _will_ override any existing configurations of default setup.
-* Enabling "Alerts" for {% data variables.product.prodname_secret_scanning %} enables high-confidence alerts. If you want to enable non-provider alerts, you need to edit the repository, organization, or enterprise settings. For more information about alert types, see "[Supported secrets](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+* Enabling "Alerts" for {% data variables.product.prodname_secret_scanning %} enables high-confidence alerts. If you want to enable non-provider alerts, you need to edit the repository, organization, or enterprise settings. For more information about alert types, see "[Supported secrets](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."
{% endnote %}
diff --git a/data/reusables/security/note-securing-your-org.md b/data/reusables/security/note-securing-your-org.md
index 6cc2f462c9b6..e1f54636b674 100644
--- a/data/reusables/security/note-securing-your-org.md
+++ b/data/reusables/security/note-securing-your-org.md
@@ -1 +1 @@
-For more information about enabling security features across an organization, see "[AUTOTITLE](/code-security/getting-started/securing-your-organization)."
+For more information about enabling security features across an organization, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %}
diff --git a/data/reusables/sponsors/navigate-to-sponsors-dashboard.md b/data/reusables/sponsors/navigate-to-sponsors-dashboard.md
index 29d8945b0381..47097f14fda6 100644
--- a/data/reusables/sponsors/navigate-to-sponsors-dashboard.md
+++ b/data/reusables/sponsors/navigate-to-sponsors-dashboard.md
@@ -1,12 +1,2 @@
1. In the upper-right corner of any page, click your profile photo, then click **Your sponsors**.
-
-{% ifversion global-nav-update %}
-
- 
-
-{% else %}
-
- 
-
-{% endif %}
1. If a list of your sponsored and eligible accounts is shown, to the right of the account you want to manage, click **Dashboard**.
diff --git a/data/reusables/sponsors/select-sponsorship-billing.md b/data/reusables/sponsors/select-sponsorship-billing.md
index db0ef6969292..3ca0f861498d 100644
--- a/data/reusables/sponsors/select-sponsorship-billing.md
+++ b/data/reusables/sponsors/select-sponsorship-billing.md
@@ -1,3 +1,3 @@
1. In the "Billing information" and "Payment method" sections, review your payment details. If your organization pays for {% data variables.product.prodname_sponsors %} by invoice, "Invoice balance" will be listed as the payment method.
- Optionally, to change the payment details for your entire account on {% data variables.location.product_location %}, in the "Payment method" section, click **Edit**. Then, follow the prompts to complete the payment form.
+ Optionally, to change the payment details for your entire account on {% data variables.product.prodname_dotcom %}, in the "Payment method" section, click **Edit**. Then, follow the prompts to complete the payment form.
diff --git a/data/reusables/sponsors/tax-form-information-dev.md b/data/reusables/sponsors/tax-form-information-dev.md
index 8ebfdbc78fbf..245f6b69b6c6 100644
--- a/data/reusables/sponsors/tax-form-information-dev.md
+++ b/data/reusables/sponsors/tax-form-information-dev.md
@@ -1,4 +1,4 @@
For more information about the tax forms you need to complete, see the following instructions on the United States Internal Revenue Service website.
-* [Instructions for Form W-9](https://www.irs.gov/pub/irs-pdf/iw9.pdf), for US residents
-* [Instructions for Form W-8BEN](https://www.irs.gov/pub/irs-pdf/iw8ben.pdf), for non-US residents
+* [Instructions for Form W-9](https://www.irs.gov/pub/irs-pdf/iw9.pdf), for US residents and non-resident US citizens
+* [Instructions for Form W-8BEN](https://www.irs.gov/pub/irs-pdf/iw8ben.pdf), for non-US residents and citizens
diff --git a/data/reusables/ssh/about-ssh.md b/data/reusables/ssh/about-ssh.md
index 5fc2a49ebf70..d8cfb1156994 100644
--- a/data/reusables/ssh/about-ssh.md
+++ b/data/reusables/ssh/about-ssh.md
@@ -1 +1 @@
-You can access and write data in repositories on {% data variables.location.product_location %} using SSH (Secure Shell Protocol). When you connect via SSH, you authenticate using a private key file on your local machine.
+You can access and write data in repositories on {% data variables.product.prodname_dotcom %} using SSH (Secure Shell Protocol). When you connect via SSH, you authenticate using a private key file on your local machine.
diff --git a/data/reusables/ssh/key-type-support.md b/data/reusables/ssh/key-type-support.md
index f53bda259b1b..5714213b7319 100644
--- a/data/reusables/ssh/key-type-support.md
+++ b/data/reusables/ssh/key-type-support.md
@@ -3,7 +3,7 @@
**Note:** {% data variables.product.company_short %} improved security by dropping older, insecure key types on March 15, 2022.
-As of that date, DSA keys (`ssh-dss`) are no longer supported. You cannot add new DSA keys to your personal account on {% data variables.location.product_location %}.
+As of that date, DSA keys (`ssh-dss`) are no longer supported. You cannot add new DSA keys to your personal account on {% data variables.product.prodname_dotcom %}.
RSA keys (`ssh-rsa`) with a `valid_after` before November 2, 2021 may continue to use any signature algorithm. RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures.
diff --git a/data/reusables/support/scope-of-support.md b/data/reusables/support/scope-of-support.md
index 130bc9b9cc0c..1e142e3c1f4b 100644
--- a/data/reusables/support/scope-of-support.md
+++ b/data/reusables/support/scope-of-support.md
@@ -10,6 +10,9 @@ If your support request is outside of the scope of what our team can help you wi
* Writing or debugging new queries for {% data variables.product.prodname_codeql %}
* Cloud provider configurations, such as virtual network setup, custom firewall, or proxy rules.
* Container orchestration, such as Kubernetes setup, networking, etc.
+* Detailed assistance with workflows and data management
* Beta features. Support for beta features is out of {% data variables.contact.github_support %}'s scope. {% ifversion ghec or ghes %}For support with beta features, you can contact your account manager on {% data variables.contact.contact_enterprise_sales %}.{% endif %}
+For detailed assistance with workflows and data management, consult [GitHub Expert Services](https://github.com/services/), which offer specialized support to help you optimize your use of the platform.
+
If you're uncertain if the issue is out of scope, open a ticket and we're happy to help you determine the best way to proceed.
diff --git a/data/reusables/supported-languages/php.md b/data/reusables/supported-languages/php.md
index 43a5a2e09b29..7c5cf6848937 100644
--- a/data/reusables/supported-languages/php.md
+++ b/data/reusables/supported-languages/php.md
@@ -1 +1 @@
-| PHP {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
+| PHP {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} third-party | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} Composer | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
diff --git a/data/reusables/supported-languages/products-table-header.md b/data/reusables/supported-languages/products-table-header.md
index 12027fcbe443..e71c2c2c1253 100644
--- a/data/reusables/supported-languages/products-table-header.md
+++ b/data/reusables/supported-languages/products-table-header.md
@@ -1,3 +1,11 @@
-{% ifversion fpt or ghec %}| [GitHub Copilot](/copilot/overview-of-github-copilot/about-github-copilot-individual#about-github-copilot) | [Code navigation](/repositories/working-with-files/using-files/navigating-code-on-github) | [{% data variables.product.prodname_code_scanning_caps %}](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) | [Dependency graph, {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems) | [{% data variables.product.prodname_dependabot_version_updates %}, {% data variables.product.prodname_dependabot_security_updates %}](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems) | [{% data variables.product.prodname_actions %}](/actions/automating-builds-and-tests/about-continuous-integration#supported-languages) | [{% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages#supported-clients-and-formats) |
-| :-- | :-: | :-: | :-: | :-: | :-: | :-: | :-: |{% elsif ghes %}| [{% data variables.product.prodname_code_scanning_caps %}](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) | [Dependency graph, {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems) {% ifversion ghes %}| [{% data variables.product.prodname_dependabot_version_updates %}, {% data variables.product.prodname_dependabot_security_updates %}](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems){% endif %} | [{% data variables.product.prodname_actions %}](/actions/automating-builds-and-tests/about-continuous-integration#supported-languages) | [{% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages#supported-clients-and-formats) |
-| :-- | :-: | :-: {% ifversion ghes %}| :-: {% endif %}| :-: | :-: |{% endif %}
+{% ifversion fpt or ghec -%}
+
+| Language | [GitHub Copilot](/copilot/about-github-copilot/what-is-github-copilot) | [Code navigation](/repositories/working-with-files/using-files/navigating-code-on-github) | [{% data variables.product.prodname_code_scanning_caps %}](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) | [Dependency graph, {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems) | [{% data variables.product.prodname_dependabot_version_updates %}, {% data variables.product.prodname_dependabot_security_updates %}](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems) | [{% data variables.product.prodname_actions %}](/actions/automating-builds-and-tests/about-continuous-integration#supported-languages) | [{% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages#supported-clients-and-formats) |
+| :-- | :-: | :-: | :-: | :-: | :-: | :-: | :-: |
+
+{%- else -%}
+
+| Language | [{% data variables.product.prodname_code_scanning_caps %}](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) | [Dependency graph, {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems) | [{% data variables.product.prodname_dependabot_version_updates %}, {% data variables.product.prodname_dependabot_security_updates %}](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems) | [{% data variables.product.prodname_actions %}](/actions/automating-builds-and-tests/about-continuous-integration#supported-languages) | [{% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages#supported-clients-and-formats) |
+| :-- | :-: | :-: | :-: | :-: | :-: |
+
+{%- endif %}
diff --git a/data/reusables/supported-languages/rust.md b/data/reusables/supported-languages/rust.md
index 4b935b0ed1b6..91088362278f 100644
--- a/data/reusables/supported-languages/rust.md
+++ b/data/reusables/supported-languages/rust.md
@@ -1 +1 @@
-| Rust {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes > 3.13 %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% else %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
+| Rust {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} third-party | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes > 3.13 %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% else %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
diff --git a/data/reusables/supported-languages/scala.md b/data/reusables/supported-languages/scala.md
index 1385554f8206..1074fb728e5b 100644
--- a/data/reusables/supported-languages/scala.md
+++ b/data/reusables/supported-languages/scala.md
@@ -1 +1 @@
-| Scala {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} Maven | {% octicon "check" aria-label="Supported" %} Maven, Gradle | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} Maven, Gradle | {% octicon "check" aria-label="Supported" %} Maven, Gradle | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
+| Scala {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} third-party | {% octicon "check" aria-label="Supported" %} Maven | {% octicon "check" aria-label="Supported" %} Maven, Gradle | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} Maven, Gradle | {% octicon "check" aria-label="Supported" %} Maven, Gradle | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
diff --git a/data/reusables/two_fa/auth_methods_2fa.md b/data/reusables/two_fa/auth_methods_2fa.md
index 02a69ab6d856..bdafef416d6a 100644
--- a/data/reusables/two_fa/auth_methods_2fa.md
+++ b/data/reusables/two_fa/auth_methods_2fa.md
@@ -10,4 +10,6 @@
| {% endif %} |
| LDAP | Allows integration with your company directory service for authentication. | Supported and managed on the {% data variables.product.prodname_ghe_server %} appliance. Organization owners can require 2FA to be enabled for members of the organization. |
| SAML | Authentication is performed on an external identity provider. | {% data reusables.two_fa.2fa_not_supported_with_saml_and_cas %} |
-| CAS | Single sign-on service is provided by an external server. | {% data reusables.two_fa.2fa_not_supported_with_saml_and_cas %}{% endif %}
+| CAS | Single sign-on service is provided by an external server. | {% data reusables.two_fa.2fa_not_supported_with_saml_and_cas %} |
+
+{% endif %}
diff --git a/data/reusables/two_fa/backup_options_during_2fa_enrollment.md b/data/reusables/two_fa/backup_options_during_2fa_enrollment.md
index c65a16b17f3e..4f859c5b0e5c 100644
--- a/data/reusables/two_fa/backup_options_during_2fa_enrollment.md
+++ b/data/reusables/two_fa/backup_options_during_2fa_enrollment.md
@@ -1 +1 @@
-1. Optionally, you can configure additional 2FA methods to reduce your risk of account lockout. For more details on how to configure each additional method, see "[Configuring two-factor authentication using a security key](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)"{% ifversion fpt or ghec %} and "[Configuring two-factor authentication using {% data variables.product.prodname_mobile %}](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-github-mobile)"{% endif %}.
+1. Optionally, you can configure additional 2FA methods to reduce your risk of account lockout. For more details on how to configure each additional method, see "[Configuring two-factor authentication using a security key](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)"{% ifversion fpt or ghec %} and "[Configuring two-factor authentication using {% data variables.product.prodname_mobile %}](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-github-mobile)."{% endif %}
diff --git a/data/reusables/two_fa/enable-totp-app-method.md b/data/reusables/two_fa/enable-totp-app-method.md
index 297f6aa10300..5e2224f4fa12 100644
--- a/data/reusables/two_fa/enable-totp-app-method.md
+++ b/data/reusables/two_fa/enable-totp-app-method.md
@@ -5,4 +5,4 @@
-1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Verify the code from the app".
+1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Verify the code from the app."
diff --git a/data/reusables/two_fa/mandatory-2fa-contributors-2023-nested.md b/data/reusables/two_fa/mandatory-2fa-contributors-2023-nested.md
index 14829aafdfbe..1fcdb470c865 100644
--- a/data/reusables/two_fa/mandatory-2fa-contributors-2023-nested.md
+++ b/data/reusables/two_fa/mandatory-2fa-contributors-2023-nested.md
@@ -1 +1 @@
-Starting in March 2023 and through the end of 2023, {% data variables.product.prodname_dotcom %} will gradually begin to require all users who contribute code on {% data variables.product.prodname_dotcom_the_website %} to enable one or more forms of two-factor authentication (2FA). If you are in an eligible group, you will receive a notification email when that group is selected for enrollment, marking the beginning of a 45-day 2FA enrollment period, and you will see banners asking you to enroll in 2FA on {% data variables.product.prodname_dotcom_the_website %}. If you don't receive a notification, then you are not part of a group required to enable 2FA, though we strongly recommend it.
+As of March 2023, {% data variables.product.prodname_dotcom %} began to require all users who contribute code on {% data variables.product.prodname_dotcom_the_website %} to enable one or more forms of two-factor authentication (2FA). If you were in an eligible group, you would have received a notification email when that group was selected for enrollment, marking the beginning of a 45-day 2FA enrollment period, and you would have seen banners asking you to enroll in 2FA on {% data variables.product.prodname_dotcom_the_website %}. If you didn't receive a notification, then you were not part of a group required to enable 2FA, though we strongly recommend it.
diff --git a/data/reusables/user-settings/patv2-limitations.md b/data/reusables/user-settings/patv2-limitations.md
index 23dc88b02d87..e64a0e6bc9b7 100644
--- a/data/reusables/user-settings/patv2-limitations.md
+++ b/data/reusables/user-settings/patv2-limitations.md
@@ -4,4 +4,4 @@
* Only {% data variables.product.pat_v1_plural %} automatically have write access for internal repositories that are owned by your enterprise. {% data variables.product.pat_v2_caps %}s must be granted access to internal repositories.{% endif %}
* Outside collaborators can only use {% data variables.product.pat_v1_plural %} to access organization repositories that they are a collaborator on.{% ifversion ghec or ghes %}
* Only {% data variables.product.pat_v1_plural %} can access enterprises. ({% data variables.product.pat_v2_caps %} can access organizations owned by enterprises.){% endif %}
-* A few REST API endpoints are only available with a {% data variables.product.pat_v1_plural %}. To check whether an endpoint also supports {% data variables.product.pat_v2 %}s, see the documentation for that endpoint, or see "[AUTOTITLE](/rest/overview/endpoints-available-for-fine-grained-personal-access-tokens)".
+* A few REST API endpoints are only available with a {% data variables.product.pat_v1_plural %}. To check whether an endpoint also supports {% data variables.product.pat_v2 %}s, see the documentation for that endpoint, or see "[AUTOTITLE](/rest/overview/endpoints-available-for-fine-grained-personal-access-tokens)."
diff --git a/data/reusables/user-settings/token_access_capabilities.md b/data/reusables/user-settings/token_access_capabilities.md
new file mode 100644
index 000000000000..dcfa39a13a97
--- /dev/null
+++ b/data/reusables/user-settings/token_access_capabilities.md
@@ -0,0 +1 @@
+A token has the same capabilities to access resources and perform actions on those resources that the owner of the token has, and is further limited by any scopes or permissions granted to the token. A token cannot grant additional access capabilities to a user.
diff --git a/data/reusables/webhooks/webhooks-as-audit-log-alternative.md b/data/reusables/webhooks/webhooks-as-audit-log-alternative.md
index a80d618c2701..83e1754e71d5 100644
--- a/data/reusables/webhooks/webhooks-as-audit-log-alternative.md
+++ b/data/reusables/webhooks/webhooks-as-audit-log-alternative.md
@@ -1 +1 @@
-Webhooks might be a good alternative to the audit log or API polling for certain use cases. Webhooks are a way for {% data variables.product.company_short %} to notify your server when specific events occur for a repository, organization, or enterprise. Compared to the API or searching the audit log, webhooks can be more efficient if you just want to learn and possibly log when certain events occur on your enterprise, organization, or repository. For more information, see "[AUTOTITLE](/webhooks)."
+Webhooks might be a good alternative to the audit log or API polling for certain use cases. Webhooks are a way for {% data variables.product.company_short %} to notify your server when specific events occur for a repository, organization, or enterprise. Compared to the API or searching the audit log, webhooks can be more efficient if you just want to learn and possibly log when certain events occur on your enterprise, organization, or repository. See "[AUTOTITLE](/webhooks)."
diff --git a/data/ui.yml b/data/ui.yml
index 2fc8965e6124..e41931591939 100644
--- a/data/ui.yml
+++ b/data/ui.yml
@@ -56,18 +56,16 @@ support:
contact_support: Contact support
ask_community: Ask the GitHub community
survey:
- able_to_find: Did this doc help you?
+ able_to_find: Did you find what you needed?
yes: Yes
no: No
- comment_yes_label: Let us know what we do well
- comment_no_label: Let us know what we can do better
+ cancel: Cancel
+ additional_feedback: Can you tell us more about your rating? (Optional)
optional: Optional
required: Required
- email_placeholder: email@example.com
- email_label: If we can contact you with more questions, please enter your email address
+ email_label: Leave your email if we can contact you. (Optional)
email_validation: Please enter a valid email address
send: Send
- next: Next
feedback: Thank you! We received your feedback.
not_support: If you need a reply, please contact support.
privacy_policy: Privacy policy
@@ -236,6 +234,7 @@ product_landing:
view: View all
view_transcript: View video transcript
all_docs: 'All {{ title }} docs'
+ all_content: 'View all {{ title }} content'
product_guides:
learning_paths_title: '{{ name }} learning paths'
start_path: Start learning path
diff --git a/data/variables/code-scanning.yml b/data/variables/code-scanning.yml
index 6cff5b42f7f7..e99ffbd195d8 100644
--- a/data/variables/code-scanning.yml
+++ b/data/variables/code-scanning.yml
@@ -7,14 +7,16 @@ codeql_workflow: 'CodeQL analysis workflow'
tool_status_page: 'tool status page'
# List of compiled languages supported for `no-build` extraction
-no_build_support: 'Java{% ifversion codeql-no-build-csharp %} and C#{% endif %}'
+no_build_support: '{% ifversion codeql-no-build-csharp %}C# and{% endif %} Java'
# List of compiled languages
-compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif %} {% ifversion codeql-swift-beta %} Java, and Swift{% else %} and Java{% endif %}'
+compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif %} Java, and Swift'
# List of languages where the libraries support expansion using CodeQL model packs at the repository level.
-
-codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% elsif ghes > 3.10 %}Java/Kotlin{% endif %}'
+codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.14 %}C#, Java/Kotlin, Python, and Ruby{% elsif ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% elsif ghes > 3.10 %}Java/Kotlin{% endif %}'
# List of that allow threat models to be configurable for code scanning
code_scanning_threat_model_support: 'Java/Kotlin{% ifversion fpt or ghec or ghes > 3.12 %} and C#{% endif %}'
+
+# List of languages that Copilot Autofix Agent supports
+code_scanning_autofix_languages: ' C#, C/C++, Go, Java/Kotlin, Swift, JavaScript/TypeScript, Python, and Ruby'
diff --git a/data/variables/location.yml b/data/variables/location.yml
index 8f9a6271c8bc..243f6b42c0a7 100644
--- a/data/variables/location.yml
+++ b/data/variables/location.yml
@@ -1,4 +1,5 @@
## Use these variables when referring specifically to a location within a product
+## Unless the extra precision is needed, consider using `product.github` ("GitHub") instead
product_location: >-
{% ifversion ghes %}your GitHub Enterprise Server instance{% else %}GitHub.com{% endif %}
diff --git a/data/variables/product.yml b/data/variables/product.yml
index c0a3b5326385..750406b3ed7a 100644
--- a/data/variables/product.yml
+++ b/data/variables/product.yml
@@ -7,15 +7,23 @@
company_short: 'GitHub'
# GitHub's flagship products
+
+## Use this variable to refer generically to the "GitHub" platform or website (for example, when referring to GitHub.com, GHEC, or GHES as simply "GitHub").
+## Use another variable if it is important to specify the environment (e.g. GHES)
+github: 'GitHub'
+
+## DEPRECATED: Use the `github` variable instead. (Writers found the name of this variable to be misleading.)
+prodname_dotcom: 'GitHub'
+
product_name: >-
{% ifversion ghec %}GitHub Enterprise Cloud{% elsif ghes %}GitHub Enterprise Server{% else %}GitHub{% endif %}
-## Use this variable when referring to the product, when the output should always be GitHub. For example, "the GitHub REST API"
-prodname_dotcom: 'GitHub'
## Use this variable when the output should always be GitHub Enterprise, regardless of the product the user is using
prodname_enterprise: 'GitHub Enterprise'
## Use this variable only when the output should specifically be GitHub.com, to distinguish from GitHub the company or other GitHub products (e.g. connecting GHE to GitHub.com)
+## Note that many users access GitHub through a different URL
+## Do NOT use as a synonym for "The GitHub web interface" (for example, if you want to distinguish something from the GitHub Mobile interface), or in cases where the .com top-level domain is not relevant.
prodname_dotcom_the_website: 'GitHub.com'
## Use these variables when the output should reflect one of our two specific GitHub Enterprise offerings
@@ -89,10 +97,10 @@ prodname_codeql_cli: 'CodeQL CLI'
# CodeQL usually bumps its minor version for each minor version of GHES.
# Update this whenever a new enterprise version of CodeQL is being prepared.
codeql_cli_ghes_recommended_version: >-
- {% ifversion ghes < 3.10 %}2.12.7{% elsif ghes < 3.11 %}2.13.5{% elsif ghes < 3.12 %}2.14.6{% elsif ghes < 3.13 %}2.15.5{% elsif ghes < 3.14 %}2.16.5{% endif %}
+ {% ifversion ghes < 3.11 %}2.13.5{% elsif ghes < 3.12 %}2.14.6{% elsif ghes < 3.13 %}2.15.5{% elsif ghes < 3.14 %}2.16.5{% elsif ghes < 3.15 %}2.17.6{% endif %}
# Projects v2
-prodname_projects_v2: '{% ifversion ghes = 3.9 %}Projects (beta){% else %}Projects{% endif %}'
+prodname_projects_v2: 'Projects'
prodname_projects_v1: >-
projects (classic)
prodname_projects_v1_caps: >-
@@ -127,6 +135,7 @@ prodname_github_app: 'GitHub App'
prodname_github_apps: 'GitHub Apps'
prodname_oauth_app: 'OAuth app'
prodname_oauth_apps: 'OAuth apps'
+prodname_github_models: 'GitHub Models'
# API and developer docs
prodname_enterprise_api: 'GitHub Enterprise Server APIs'
@@ -137,7 +146,7 @@ prodname_unfurls: 'Content Attachments'
prodname_actions: 'GitHub Actions'
prodname_actions_runner_controller: 'Actions Runner Controller'
runner_required_version: >-
- {% ifversion ghes < 3.10 %}2.303.0{% elsif ghes < 3.11 %}2.304.0{% elsif ghes < 3.12 %}2.309.0{% elsif ghes < 3.13 %}2.311.0{% elsif ghes < 3.14 %}2.314.1{% endif %}
+ {% ifversion ghes < 3.11 %}2.304.0{% elsif ghes < 3.12 %}2.309.0{% elsif ghes < 3.13 %}2.311.0{% elsif ghes < 3.14 %}2.314.1{% elsif ghes < 3.15 %}2.317.0{% endif %}
# GitHub Debug
prodname_debug: 'GitHub Debug'
@@ -276,6 +285,10 @@ prodname_copilot_for_prs: 'Copilot pull request summaries'
prodname_copilot_prs_short: 'pull request summaries'
prodname_copilot_customization: 'Copilot Customization'
prodname_copilot_in_support: 'Copilot in GitHub Support'
+prodname_copilot_sku_isolation: 'Copilot subscription-based network routing'
+prodname_copilot_autocomplete_pr: 'Copilot text completion'
+prodname_copilot_autofix: 'GitHub Copilot Autofix'
+prodname_copilot_autofix_short: 'Copilot Autofix'
# Command Palette
prodname_command_palette: 'GitHub Command Palette'
diff --git a/package-lock.json b/package-lock.json
index a88dae9904fb..0f68c6a0106d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,17 +13,17 @@
"@horizon-rs/language-guesser": "0.1.1",
"@octokit/plugin-retry": "6.0.1",
"@octokit/request-error": "6.1.1",
- "@primer/behaviors": "^1.6.0",
+ "@primer/behaviors": "^1.7.0",
"@primer/css": "^21.3.1",
- "@primer/octicons": "^19.10.0",
- "@primer/octicons-react": "^19.10.0",
- "@primer/react": "36.21.0",
+ "@primer/octicons": "^19.11.0",
+ "@primer/octicons-react": "^19.11.0",
+ "@primer/react": "36.27.0",
"accept-language-parser": "^1.5.0",
- "ajv": "^8.16.0",
+ "ajv": "^8.17.1",
"ajv-errors": "^3.0.0",
"ajv-formats": "^3.0.1",
"bottleneck": "2.19.5",
- "boxen": "7.1.1",
+ "boxen": "8.0.1",
"cheerio": "^1.0.0-rc.11",
"cheerio-to-text": "0.2.4",
"classnames": "^2.5.1",
@@ -35,13 +35,13 @@
"dotenv": "^16.4.5",
"escape-string-regexp": "5.0.0",
"express": "4.19.2",
- "express-rate-limit": "7.3.0",
+ "express-rate-limit": "7.4.0",
"fastest-levenshtein": "1.0.16",
- "file-type": "19.0.0",
+ "file-type": "19.4.1",
"flat": "^6.0.1",
"github-slugger": "^2.0.0",
- "glob": "10.4.1",
- "got": "^13.0.0",
+ "glob": "11.0.0",
+ "got": "^14.4.2",
"gray-matter": "^4.0.3",
"hast-util-from-parse5": "^8.0.1",
"hast-util-to-string": "^2.0.0",
@@ -57,7 +57,7 @@
"javascript-stringify": "^2.1.0",
"js-cookie": "^3.0.1",
"js-yaml": "^4.1.0",
- "liquidjs": "^10.14.0",
+ "liquidjs": "^10.16.1",
"lodash": "^4.17.21",
"lodash-es": "^4.17.21",
"lowdb": "7.0.1",
@@ -106,7 +106,7 @@
"@graphql-inspector/core": "^6.1.0",
"@graphql-tools/load": "^8.0.0",
"@octokit/rest": "^20.1.0",
- "@playwright/test": "1.44.1",
+ "@playwright/test": "1.46.1",
"@types/accept-language-parser": "1.5.6",
"@types/connect-datadog": "0.0.10",
"@types/connect-timeout": "0.0.39",
@@ -123,8 +123,9 @@
"@types/react-dom": "^18.3.0",
"@types/semver": "^7.5.8",
"@types/tcp-port-used": "1.0.4",
- "@typescript-eslint/eslint-plugin": "^7.13.0",
- "@typescript-eslint/parser": "^7.13.0",
+ "@types/website-scraper": "^1.2.10",
+ "@typescript-eslint/eslint-plugin": "^8.4.0",
+ "@typescript-eslint/parser": "^7.18.0",
"chalk": "^5.0.1",
"change-case": "^5.4.4",
"commander": "^12.1.0",
@@ -136,15 +137,15 @@
"eslint-import-resolver-typescript": "^3.6.1",
"eslint-plugin-github": "^5.0.1",
"eslint-plugin-import": "^2.29.1",
- "eslint-plugin-jsx-a11y": "^6.8.0",
- "eslint-plugin-primer-react": "^5.3.0",
+ "eslint-plugin-jsx-a11y": "^6.9.0",
+ "eslint-plugin-primer-react": "^5.4.0",
"event-to-promise": "^0.8.0",
- "graphql": "^16.8.1",
+ "graphql": "^16.9.0",
"http-status-code": "^2.1.0",
- "husky": "^9.0.8",
+ "husky": "^9.1.4",
"json-schema-merge-allof": "^0.8.1",
"kill-port": "2.0.1",
- "lint-staged": "^15.2.2",
+ "lint-staged": "^15.2.9",
"markdownlint": "^0.34.0",
"markdownlint-rule-search-replace": "^1.2.0",
"mdast-util-gfm-table": "^2.0.0",
@@ -156,14 +157,14 @@
"npm-merge-driver-install": "^3.0.0",
"nth-check": "2.1.1",
"prettier": "^3.3.2",
- "rimraf": "^5.0.0",
+ "rimraf": "^6.0.0",
"robots-parser": "^3.0.0",
"sass": "^1.77.1",
"start-server-and-test": "^2.0.3",
- "typescript": "^5.4.4",
+ "typescript": "^5.5.2",
"unist-util-remove": "^4.0.0",
"unist-util-visit-parents": "6.0.1",
- "vitest": "1.6.0",
+ "vitest": "2.0.5",
"website-scraper": "^5.3.1"
},
"engines": {
@@ -222,12 +223,12 @@
}
},
"node_modules/@ampproject/remapping": {
- "version": "2.2.0",
- "license": "Apache-2.0",
- "peer": true,
+ "version": "2.3.0",
+ "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
+ "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
"dependencies": {
- "@jridgewell/gen-mapping": "^0.1.0",
- "@jridgewell/trace-mapping": "^0.3.9"
+ "@jridgewell/gen-mapping": "^0.3.5",
+ "@jridgewell/trace-mapping": "^0.3.24"
},
"engines": {
"node": ">=6.0.0"
@@ -389,18 +390,6 @@
"node": ">=6.9.0"
}
},
- "node_modules/@babel/generator/node_modules/@jridgewell/gen-mapping": {
- "version": "0.3.2",
- "license": "MIT",
- "dependencies": {
- "@jridgewell/set-array": "^1.0.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
- "@jridgewell/trace-mapping": "^0.3.9"
- },
- "engines": {
- "node": ">=6.0.0"
- }
- },
"node_modules/@babel/helper-annotate-as-pure": {
"version": "7.22.5",
"resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz",
@@ -804,13 +793,12 @@
"license": "MIT"
},
"node_modules/@esbuild/aix-ppc64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.20.2.tgz",
- "integrity": "sha512-D+EBOJHXdNZcLJRBkhENNG8Wji2kgc9AZ9KiPr1JuZjsNtyHzrsfLRrY0tk2H2aoFu6RANO1y1iPPUCDYWkb5g==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz",
+ "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==",
"cpu": [
"ppc64"
],
- "dev": true,
"optional": true,
"os": [
"aix"
@@ -820,13 +808,12 @@
}
},
"node_modules/@esbuild/android-arm": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.20.2.tgz",
- "integrity": "sha512-t98Ra6pw2VaDhqNWO2Oph2LXbz/EJcnLmKLGBJwEwXX/JAN83Fym1rU8l0JUWK6HkIbWONCSSatf4sf2NBRx/w==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.21.5.tgz",
+ "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==",
"cpu": [
"arm"
],
- "dev": true,
"optional": true,
"os": [
"android"
@@ -836,13 +823,12 @@
}
},
"node_modules/@esbuild/android-arm64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.20.2.tgz",
- "integrity": "sha512-mRzjLacRtl/tWU0SvD8lUEwb61yP9cqQo6noDZP/O8VkwafSYwZ4yWy24kan8jE/IMERpYncRt2dw438LP3Xmg==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz",
+ "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==",
"cpu": [
"arm64"
],
- "dev": true,
"optional": true,
"os": [
"android"
@@ -852,13 +838,12 @@
}
},
"node_modules/@esbuild/android-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.20.2.tgz",
- "integrity": "sha512-btzExgV+/lMGDDa194CcUQm53ncxzeBrWJcncOBxuC6ndBkKxnHdFJn86mCIgTELsooUmwUm9FkhSp5HYu00Rg==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.21.5.tgz",
+ "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"android"
@@ -868,13 +853,12 @@
}
},
"node_modules/@esbuild/darwin-arm64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.20.2.tgz",
- "integrity": "sha512-4J6IRT+10J3aJH3l1yzEg9y3wkTDgDk7TSDFX+wKFiWjqWp/iCfLIYzGyasx9l0SAFPT1HwSCR+0w/h1ES/MjA==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz",
+ "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==",
"cpu": [
"arm64"
],
- "dev": true,
"optional": true,
"os": [
"darwin"
@@ -884,13 +868,12 @@
}
},
"node_modules/@esbuild/darwin-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.20.2.tgz",
- "integrity": "sha512-tBcXp9KNphnNH0dfhv8KYkZhjc+H3XBkF5DKtswJblV7KlT9EI2+jeA8DgBjp908WEuYll6pF+UStUCfEpdysA==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz",
+ "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"darwin"
@@ -900,13 +883,12 @@
}
},
"node_modules/@esbuild/freebsd-arm64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.20.2.tgz",
- "integrity": "sha512-d3qI41G4SuLiCGCFGUrKsSeTXyWG6yem1KcGZVS+3FYlYhtNoNgYrWcvkOoaqMhwXSMrZRl69ArHsGJ9mYdbbw==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz",
+ "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==",
"cpu": [
"arm64"
],
- "dev": true,
"optional": true,
"os": [
"freebsd"
@@ -916,13 +898,12 @@
}
},
"node_modules/@esbuild/freebsd-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.20.2.tgz",
- "integrity": "sha512-d+DipyvHRuqEeM5zDivKV1KuXn9WeRX6vqSqIDgwIfPQtwMP4jaDsQsDncjTDDsExT4lR/91OLjRo8bmC1e+Cw==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz",
+ "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"freebsd"
@@ -932,13 +913,12 @@
}
},
"node_modules/@esbuild/linux-arm": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.20.2.tgz",
- "integrity": "sha512-VhLPeR8HTMPccbuWWcEUD1Az68TqaTYyj6nfE4QByZIQEQVWBB8vup8PpR7y1QHL3CpcF6xd5WVBU/+SBEvGTg==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz",
+ "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==",
"cpu": [
"arm"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -948,13 +928,12 @@
}
},
"node_modules/@esbuild/linux-arm64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.20.2.tgz",
- "integrity": "sha512-9pb6rBjGvTFNira2FLIWqDk/uaf42sSyLE8j1rnUpuzsODBq7FvpwHYZxQ/It/8b+QOS1RYfqgGFNLRI+qlq2A==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz",
+ "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==",
"cpu": [
"arm64"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -964,13 +943,12 @@
}
},
"node_modules/@esbuild/linux-ia32": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.20.2.tgz",
- "integrity": "sha512-o10utieEkNPFDZFQm9CoP7Tvb33UutoJqg3qKf1PWVeeJhJw0Q347PxMvBgVVFgouYLGIhFYG0UGdBumROyiig==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz",
+ "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==",
"cpu": [
"ia32"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -980,13 +958,12 @@
}
},
"node_modules/@esbuild/linux-loong64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.20.2.tgz",
- "integrity": "sha512-PR7sp6R/UC4CFVomVINKJ80pMFlfDfMQMYynX7t1tNTeivQ6XdX5r2XovMmha/VjR1YN/HgHWsVcTRIMkymrgQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz",
+ "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==",
"cpu": [
"loong64"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -996,13 +973,12 @@
}
},
"node_modules/@esbuild/linux-mips64el": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.20.2.tgz",
- "integrity": "sha512-4BlTqeutE/KnOiTG5Y6Sb/Hw6hsBOZapOVF6njAESHInhlQAghVVZL1ZpIctBOoTFbQyGW+LsVYZ8lSSB3wkjA==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz",
+ "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==",
"cpu": [
"mips64el"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -1012,13 +988,12 @@
}
},
"node_modules/@esbuild/linux-ppc64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.20.2.tgz",
- "integrity": "sha512-rD3KsaDprDcfajSKdn25ooz5J5/fWBylaaXkuotBDGnMnDP1Uv5DLAN/45qfnf3JDYyJv/ytGHQaziHUdyzaAg==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz",
+ "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==",
"cpu": [
"ppc64"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -1028,13 +1003,12 @@
}
},
"node_modules/@esbuild/linux-riscv64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.20.2.tgz",
- "integrity": "sha512-snwmBKacKmwTMmhLlz/3aH1Q9T8v45bKYGE3j26TsaOVtjIag4wLfWSiZykXzXuE1kbCE+zJRmwp+ZbIHinnVg==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz",
+ "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==",
"cpu": [
"riscv64"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -1044,13 +1018,12 @@
}
},
"node_modules/@esbuild/linux-s390x": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.20.2.tgz",
- "integrity": "sha512-wcWISOobRWNm3cezm5HOZcYz1sKoHLd8VL1dl309DiixxVFoFe/o8HnwuIwn6sXre88Nwj+VwZUvJf4AFxkyrQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz",
+ "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==",
"cpu": [
"s390x"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -1060,13 +1033,12 @@
}
},
"node_modules/@esbuild/linux-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.20.2.tgz",
- "integrity": "sha512-1MdwI6OOTsfQfek8sLwgyjOXAu+wKhLEoaOLTjbijk6E2WONYpH9ZU2mNtR+lZ2B4uwr+usqGuVfFT9tMtGvGw==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz",
+ "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"linux"
@@ -1076,13 +1048,12 @@
}
},
"node_modules/@esbuild/netbsd-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.20.2.tgz",
- "integrity": "sha512-K8/DhBxcVQkzYc43yJXDSyjlFeHQJBiowJ0uVL6Tor3jGQfSGHNNJcWxNbOI8v5k82prYqzPuwkzHt3J1T1iZQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz",
+ "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"netbsd"
@@ -1092,13 +1063,12 @@
}
},
"node_modules/@esbuild/openbsd-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.20.2.tgz",
- "integrity": "sha512-eMpKlV0SThJmmJgiVyN9jTPJ2VBPquf6Kt/nAoo6DgHAoN57K15ZghiHaMvqjCye/uU4X5u3YSMgVBI1h3vKrQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz",
+ "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"openbsd"
@@ -1108,13 +1078,12 @@
}
},
"node_modules/@esbuild/sunos-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.20.2.tgz",
- "integrity": "sha512-2UyFtRC6cXLyejf/YEld4Hajo7UHILetzE1vsRcGL3earZEW77JxrFjH4Ez2qaTiEfMgAXxfAZCm1fvM/G/o8w==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz",
+ "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"sunos"
@@ -1124,13 +1093,12 @@
}
},
"node_modules/@esbuild/win32-arm64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.20.2.tgz",
- "integrity": "sha512-GRibxoawM9ZCnDxnP3usoUDO9vUkpAxIIZ6GQI+IlVmr5kP3zUq+l17xELTHMWTWzjxa2guPNyrpq1GWmPvcGQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz",
+ "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==",
"cpu": [
"arm64"
],
- "dev": true,
"optional": true,
"os": [
"win32"
@@ -1140,13 +1108,12 @@
}
},
"node_modules/@esbuild/win32-ia32": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.20.2.tgz",
- "integrity": "sha512-HfLOfn9YWmkSKRQqovpnITazdtquEW8/SoHW7pWpuEeguaZI4QnCRW6b+oZTztdBnZOS2hqJ6im/D5cPzBTTlQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz",
+ "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==",
"cpu": [
"ia32"
],
- "dev": true,
"optional": true,
"os": [
"win32"
@@ -1156,13 +1123,12 @@
}
},
"node_modules/@esbuild/win32-x64": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.20.2.tgz",
- "integrity": "sha512-N49X4lJX27+l9jbLKSqZ6bKNjzQvHaT8IIFUy+YIqmXQdjYCToGWwOItDrfby14c78aDd5NHQl29xingXfCdLQ==",
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz",
+ "integrity": "sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"win32"
@@ -2054,25 +2020,14 @@
"url": "https://github.com/chalk/wrap-ansi?sponsor=1"
}
},
- "node_modules/@jest/schemas": {
- "version": "29.6.3",
- "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz",
- "integrity": "sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==",
- "dev": true,
- "dependencies": {
- "@sinclair/typebox": "^0.27.8"
- },
- "engines": {
- "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
- }
- },
"node_modules/@jridgewell/gen-mapping": {
- "version": "0.1.1",
- "license": "MIT",
- "peer": true,
+ "version": "0.3.5",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz",
+ "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==",
"dependencies": {
- "@jridgewell/set-array": "^1.0.0",
- "@jridgewell/sourcemap-codec": "^1.4.10"
+ "@jridgewell/set-array": "^1.2.1",
+ "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/trace-mapping": "^0.3.24"
},
"engines": {
"node": ">=6.0.0"
@@ -2087,24 +2042,25 @@
}
},
"node_modules/@jridgewell/set-array": {
- "version": "1.1.1",
- "license": "MIT",
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz",
+ "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==",
"engines": {
"node": ">=6.0.0"
}
},
"node_modules/@jridgewell/sourcemap-codec": {
- "version": "1.4.14",
- "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
- "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
+ "version": "1.5.0",
+ "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz",
+ "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="
},
"node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.18",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.18.tgz",
- "integrity": "sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA==",
+ "version": "0.3.25",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
+ "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
"dependencies": {
- "@jridgewell/resolve-uri": "3.1.0",
- "@jridgewell/sourcemap-codec": "1.4.14"
+ "@jridgewell/resolve-uri": "^3.1.0",
+ "@jridgewell/sourcemap-codec": "^1.4.14"
}
},
"node_modules/@lit-labs/react": {
@@ -2624,24 +2580,27 @@
}
},
"node_modules/@playwright/test": {
- "version": "1.44.1",
- "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.44.1.tgz",
- "integrity": "sha512-1hZ4TNvD5z9VuhNJ/walIjvMVvYkZKf71axoF/uiAqpntQJXpG64dlXhoDXE3OczPuTuvjf/M5KWFg5VAVUS3Q==",
+ "version": "1.46.1",
+ "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.46.1.tgz",
+ "integrity": "sha512-Fq6SwLujA/DOIvNC2EL/SojJnkKf/rAwJ//APpJJHRyMi1PdKrY3Az+4XNQ51N4RTbItbIByQ0jgd1tayq1aeA==",
"devOptional": true,
"dependencies": {
- "playwright": "1.44.1"
+ "playwright": "1.46.1"
},
"bin": {
"playwright": "cli.js"
},
"engines": {
- "node": ">=16"
+ "node": ">=18"
}
},
"node_modules/@primer/behaviors": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@primer/behaviors/-/behaviors-1.6.0.tgz",
- "integrity": "sha512-B5y6NbVQsiB+as3pKj3KaSFRt5l+hCcYOD/21tnfaeNt2o+J5mIv5NzHFdoX3cWYCjmYeFU36QJdk7M4e0l8Vg=="
+ "version": "1.7.0",
+ "resolved": "https://registry.npmjs.org/@primer/behaviors/-/behaviors-1.7.0.tgz",
+ "integrity": "sha512-C0yY6XqYaqmGANX+ALF259hGGaG2i70tDjzMR7YyahW6Iwv8a7znaQK58o2AVtlwxo6CC6Vn/ZJU0Ea1djiu2w==",
+ "optionalDependencies": {
+ "@rollup/rollup-linux-x64-gnu": "^4.18.0"
+ }
},
"node_modules/@primer/css": {
"version": "21.3.1",
@@ -2656,25 +2615,25 @@
}
},
"node_modules/@primer/live-region-element": {
- "version": "0.6.1",
- "resolved": "https://registry.npmjs.org/@primer/live-region-element/-/live-region-element-0.6.1.tgz",
- "integrity": "sha512-UvJ29igIhOzCfPgUJHPKgr2bY84niHYZagE2LC90ewXQfEFLC3q3ug+vYOzOpCqxspCvEpwPyQlnaOLu4mu87w==",
+ "version": "0.7.0",
+ "resolved": "https://registry.npmjs.org/@primer/live-region-element/-/live-region-element-0.7.0.tgz",
+ "integrity": "sha512-V3pPHlYDMU6UHDVSYeSzZJ5LHhM06k/CaegstoXUk6DzgNsT4z0IhnqeEtyNAqe21PDXNFCpCtxZZndEDgN7FQ==",
"dependencies": {
"@lit-labs/ssr-dom-shim": "^1.2.0"
}
},
"node_modules/@primer/octicons": {
- "version": "19.10.0",
- "resolved": "https://registry.npmjs.org/@primer/octicons/-/octicons-19.10.0.tgz",
- "integrity": "sha512-9eyr8PimExAIosTLyiSBDdnAol9EwIL55mUCJMYcvg85NaCxWoSSyC6dNFmNnfxxLWHR+8u+bg5Ve8onckn3aQ==",
+ "version": "19.11.0",
+ "resolved": "https://registry.npmjs.org/@primer/octicons/-/octicons-19.11.0.tgz",
+ "integrity": "sha512-dJfi3I7zF4JyqHyHpxaUliUa//w4AmTYAo0i5KgKbz92ZQ0IizRU1rlW+eVdYk5nitAebpUX7gnKceZBDGW3XQ==",
"dependencies": {
"object-assign": "^4.1.1"
}
},
"node_modules/@primer/octicons-react": {
- "version": "19.10.0",
- "resolved": "https://registry.npmjs.org/@primer/octicons-react/-/octicons-react-19.10.0.tgz",
- "integrity": "sha512-HyzoQckVGoSWmakrmBveiuXnxMkClqfxbVoE0+EC7oidDmpfkCERLtENtLlCkuELMRr+6bQItUjffqE1VnpdOQ==",
+ "version": "19.11.0",
+ "resolved": "https://registry.npmjs.org/@primer/octicons-react/-/octicons-react-19.11.0.tgz",
+ "integrity": "sha512-8PpCz7cpYY2GCGnJ/G9UARh9PH4C290l31YjriQHZ+WsagE37ntKXhFwq+s4OWoRqZ7fA7HeU81zGDFHQi0VKg==",
"engines": {
"node": ">=8"
},
@@ -2688,9 +2647,9 @@
"integrity": "sha512-/3lNloWONQMiasMAmJl5b85tP86e4uElU1d+kQQOBoVoXttni98DEigqQrKgIdwWaEcbp43IU2ks/9EZdwM2XA=="
},
"node_modules/@primer/react": {
- "version": "36.21.0",
- "resolved": "https://registry.npmjs.org/@primer/react/-/react-36.21.0.tgz",
- "integrity": "sha512-Z/PHXknBj7bn0L3b2XZE3YEGzL0/IXkTYKuDr8ZqY8to6bwRj2kjRe7fg/NvZpgl5E9BLAsjs0Q0mSTruT68vA==",
+ "version": "36.27.0",
+ "resolved": "https://registry.npmjs.org/@primer/react/-/react-36.27.0.tgz",
+ "integrity": "sha512-dVyp0f9zbbQYQZ6ztfMET43vVaWhvSz+qWirBzpRjDxvCk8vCQsvWrVGUU/PR0kAxxDHf6hqeLG7vcDL229NLA==",
"dependencies": {
"@github/combobox-nav": "^2.1.5",
"@github/markdown-toolbar-element": "^2.1.0",
@@ -2699,8 +2658,8 @@
"@github/tab-container-element": "^4.8.0",
"@lit-labs/react": "1.2.1",
"@oddbird/popover-polyfill": "^0.3.1",
- "@primer/behaviors": "^1.5.1",
- "@primer/live-region-element": "^0.6.1",
+ "@primer/behaviors": "^1.7.0",
+ "@primer/live-region-element": "^0.7.0",
"@primer/octicons-react": "^19.9.0",
"@primer/primitives": "^7.16.0",
"@styled-system/css": "^5.1.5",
@@ -2776,9 +2735,9 @@
}
},
"node_modules/@rollup/rollup-android-arm-eabi": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.17.2.tgz",
- "integrity": "sha512-NM0jFxY8bB8QLkoKxIQeObCaDlJKewVlIEkuyYKm5An1tdVZ966w2+MPQ2l8LBZLjR+SgyV+nRkTIunzOYBMLQ==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.20.0.tgz",
+ "integrity": "sha512-TSpWzflCc4VGAUJZlPpgAJE1+V60MePDQnBd7PPkpuEmOy8i87aL6tinFGKBFKuEDikYpig72QzdT3QPYIi+oA==",
"cpu": [
"arm"
],
@@ -2789,9 +2748,9 @@
]
},
"node_modules/@rollup/rollup-android-arm64": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.17.2.tgz",
- "integrity": "sha512-yeX/Usk7daNIVwkq2uGoq2BYJKZY1JfyLTaHO/jaiSwi/lsf8fTFoQW/n6IdAsx5tx+iotu2zCJwz8MxI6D/Bw==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.20.0.tgz",
+ "integrity": "sha512-u00Ro/nok7oGzVuh/FMYfNoGqxU5CPWz1mxV85S2w9LxHR8OoMQBuSk+3BKVIDYgkpeOET5yXkx90OYFc+ytpQ==",
"cpu": [
"arm64"
],
@@ -2802,9 +2761,9 @@
]
},
"node_modules/@rollup/rollup-darwin-arm64": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.17.2.tgz",
- "integrity": "sha512-kcMLpE6uCwls023+kknm71ug7MZOrtXo+y5p/tsg6jltpDtgQY1Eq5sGfHcQfb+lfuKwhBmEURDga9N0ol4YPw==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.20.0.tgz",
+ "integrity": "sha512-uFVfvzvsdGtlSLuL0ZlvPJvl6ZmrH4CBwLGEFPe7hUmf7htGAN+aXo43R/V6LATyxlKVC/m6UsLb7jbG+LG39Q==",
"cpu": [
"arm64"
],
@@ -2815,9 +2774,9 @@
]
},
"node_modules/@rollup/rollup-darwin-x64": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.17.2.tgz",
- "integrity": "sha512-AtKwD0VEx0zWkL0ZjixEkp5tbNLzX+FCqGG1SvOu993HnSz4qDI6S4kGzubrEJAljpVkhRSlg5bzpV//E6ysTQ==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.20.0.tgz",
+ "integrity": "sha512-xbrMDdlev53vNXexEa6l0LffojxhqDTBeL+VUxuuIXys4x6xyvbKq5XqTXBCEUA8ty8iEJblHvFaWRJTk/icAQ==",
"cpu": [
"x64"
],
@@ -2828,9 +2787,9 @@
]
},
"node_modules/@rollup/rollup-linux-arm-gnueabihf": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.17.2.tgz",
- "integrity": "sha512-3reX2fUHqN7sffBNqmEyMQVj/CKhIHZd4y631duy0hZqI8Qoqf6lTtmAKvJFYa6bhU95B1D0WgzHkmTg33In0A==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.20.0.tgz",
+ "integrity": "sha512-jMYvxZwGmoHFBTbr12Xc6wOdc2xA5tF5F2q6t7Rcfab68TT0n+r7dgawD4qhPEvasDsVpQi+MgDzj2faOLsZjA==",
"cpu": [
"arm"
],
@@ -2841,9 +2800,9 @@
]
},
"node_modules/@rollup/rollup-linux-arm-musleabihf": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.17.2.tgz",
- "integrity": "sha512-uSqpsp91mheRgw96xtyAGP9FW5ChctTFEoXP0r5FAzj/3ZRv3Uxjtc7taRQSaQM/q85KEKjKsZuiZM3GyUivRg==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.20.0.tgz",
+ "integrity": "sha512-1asSTl4HKuIHIB1GcdFHNNZhxAYEdqML/MW4QmPS4G0ivbEcBr1JKlFLKsIRqjSwOBkdItn3/ZDlyvZ/N6KPlw==",
"cpu": [
"arm"
],
@@ -2854,9 +2813,9 @@
]
},
"node_modules/@rollup/rollup-linux-arm64-gnu": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.17.2.tgz",
- "integrity": "sha512-EMMPHkiCRtE8Wdk3Qhtciq6BndLtstqZIroHiiGzB3C5LDJmIZcSzVtLRbwuXuUft1Cnv+9fxuDtDxz3k3EW2A==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.20.0.tgz",
+ "integrity": "sha512-COBb8Bkx56KldOYJfMf6wKeYJrtJ9vEgBRAOkfw6Ens0tnmzPqvlpjZiLgkhg6cA3DGzCmLmmd319pmHvKWWlQ==",
"cpu": [
"arm64"
],
@@ -2867,9 +2826,9 @@
]
},
"node_modules/@rollup/rollup-linux-arm64-musl": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.17.2.tgz",
- "integrity": "sha512-NMPylUUZ1i0z/xJUIx6VUhISZDRT+uTWpBcjdv0/zkp7b/bQDF+NfnfdzuTiB1G6HTodgoFa93hp0O1xl+/UbA==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.20.0.tgz",
+ "integrity": "sha512-+it+mBSyMslVQa8wSPvBx53fYuZK/oLTu5RJoXogjk6x7Q7sz1GNRsXWjn6SwyJm8E/oMjNVwPhmNdIjwP135Q==",
"cpu": [
"arm64"
],
@@ -2880,9 +2839,9 @@
]
},
"node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.17.2.tgz",
- "integrity": "sha512-T19My13y8uYXPw/L/k0JYaX1fJKFT/PWdXiHr8mTbXWxjVF1t+8Xl31DgBBvEKclw+1b00Chg0hxE2O7bTG7GQ==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.20.0.tgz",
+ "integrity": "sha512-yAMvqhPfGKsAxHN8I4+jE0CpLWD8cv4z7CK7BMmhjDuz606Q2tFKkWRY8bHR9JQXYcoLfopo5TTqzxgPUjUMfw==",
"cpu": [
"ppc64"
],
@@ -2893,9 +2852,9 @@
]
},
"node_modules/@rollup/rollup-linux-riscv64-gnu": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.17.2.tgz",
- "integrity": "sha512-BOaNfthf3X3fOWAB+IJ9kxTgPmMqPPH5f5k2DcCsRrBIbWnaJCgX2ll77dV1TdSy9SaXTR5iDXRL8n7AnoP5cg==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.20.0.tgz",
+ "integrity": "sha512-qmuxFpfmi/2SUkAw95TtNq/w/I7Gpjurx609OOOV7U4vhvUhBcftcmXwl3rqAek+ADBwSjIC4IVNLiszoj3dPA==",
"cpu": [
"riscv64"
],
@@ -2906,9 +2865,9 @@
]
},
"node_modules/@rollup/rollup-linux-s390x-gnu": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.17.2.tgz",
- "integrity": "sha512-W0UP/x7bnn3xN2eYMql2T/+wpASLE5SjObXILTMPUBDB/Fg/FxC+gX4nvCfPBCbNhz51C+HcqQp2qQ4u25ok6g==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.20.0.tgz",
+ "integrity": "sha512-I0BtGXddHSHjV1mqTNkgUZLnS3WtsqebAXv11D5BZE/gfw5KoyXSAXVqyJximQXNvNzUo4GKlCK/dIwXlz+jlg==",
"cpu": [
"s390x"
],
@@ -2919,22 +2878,21 @@
]
},
"node_modules/@rollup/rollup-linux-x64-gnu": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.17.2.tgz",
- "integrity": "sha512-Hy7pLwByUOuyaFC6mAr7m+oMC+V7qyifzs/nW2OJfC8H4hbCzOX07Ov0VFk/zP3kBsELWNFi7rJtgbKYsav9QQ==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.20.0.tgz",
+ "integrity": "sha512-y+eoL2I3iphUg9tN9GB6ku1FA8kOfmF4oUEWhztDJ4KXJy1agk/9+pejOuZkNFhRwHAOxMsBPLbXPd6mJiCwew==",
"cpu": [
"x64"
],
- "dev": true,
"optional": true,
"os": [
"linux"
]
},
"node_modules/@rollup/rollup-linux-x64-musl": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.17.2.tgz",
- "integrity": "sha512-h1+yTWeYbRdAyJ/jMiVw0l6fOOm/0D1vNLui9iPuqgRGnXA0u21gAqOyB5iHjlM9MMfNOm9RHCQ7zLIzT0x11Q==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.20.0.tgz",
+ "integrity": "sha512-hM3nhW40kBNYUkZb/r9k2FKK+/MnKglX7UYd4ZUy5DJs8/sMsIbqWK2piZtVGE3kcXVNj3B2IrUYROJMMCikNg==",
"cpu": [
"x64"
],
@@ -2945,9 +2903,9 @@
]
},
"node_modules/@rollup/rollup-win32-arm64-msvc": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.17.2.tgz",
- "integrity": "sha512-tmdtXMfKAjy5+IQsVtDiCfqbynAQE/TQRpWdVataHmhMb9DCoJxp9vLcCBjEQWMiUYxO1QprH/HbY9ragCEFLA==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.20.0.tgz",
+ "integrity": "sha512-psegMvP+Ik/Bg7QRJbv8w8PAytPA7Uo8fpFjXyCRHWm6Nt42L+JtoqH8eDQ5hRP7/XW2UiIriy1Z46jf0Oa1kA==",
"cpu": [
"arm64"
],
@@ -2958,9 +2916,9 @@
]
},
"node_modules/@rollup/rollup-win32-ia32-msvc": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.17.2.tgz",
- "integrity": "sha512-7II/QCSTAHuE5vdZaQEwJq2ZACkBpQDOmQsE6D6XUbnBHW8IAhm4eTufL6msLJorzrHDFv3CF8oCA/hSIRuZeQ==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.20.0.tgz",
+ "integrity": "sha512-GabekH3w4lgAJpVxkk7hUzUf2hICSQO0a/BLFA11/RMxQT92MabKAqyubzDZmMOC/hcJNlc+rrypzNzYl4Dx7A==",
"cpu": [
"ia32"
],
@@ -2971,9 +2929,9 @@
]
},
"node_modules/@rollup/rollup-win32-x64-msvc": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.17.2.tgz",
- "integrity": "sha512-TGGO7v7qOq4CYmSBVEYpI1Y5xDuCEnbVC5Vth8mOsW0gDSzxNrVERPc790IGHsrT2dQSimgMr9Ub3Y1Jci5/8w==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.20.0.tgz",
+ "integrity": "sha512-aJ1EJSuTdGnM6qbVC4B5DSmozPTqIag9fSzXRNNo+humQLG89XpPgdt16Ia56ORD7s+H8Pmyx44uczDQ0yDzpg==",
"cpu": [
"x64"
],
@@ -2983,6 +2941,11 @@
"win32"
]
},
+ "node_modules/@sec-ant/readable-stream": {
+ "version": "0.4.1",
+ "resolved": "https://registry.npmjs.org/@sec-ant/readable-stream/-/readable-stream-0.4.1.tgz",
+ "integrity": "sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg=="
+ },
"node_modules/@sideway/address": {
"version": "4.1.4",
"resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.4.tgz",
@@ -3004,14 +2967,9 @@
"integrity": "sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==",
"dev": true
},
- "node_modules/@sinclair/typebox": {
- "version": "0.27.8",
- "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz",
- "integrity": "sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==",
- "dev": true
- },
"node_modules/@sindresorhus/is": {
"version": "5.3.0",
+ "dev": true,
"license": "MIT",
"engines": {
"node": ">=14.16"
@@ -3149,7 +3107,8 @@
},
"node_modules/@tokenizer/token": {
"version": "0.3.0",
- "license": "MIT"
+ "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz",
+ "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A=="
},
"node_modules/@types/accept-language-parser": {
"version": "1.5.6",
@@ -3167,6 +3126,12 @@
"@types/node": "*"
}
},
+ "node_modules/@types/caseless": {
+ "version": "0.12.5",
+ "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz",
+ "integrity": "sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==",
+ "dev": true
+ },
"node_modules/@types/connect": {
"version": "3.4.38",
"resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz",
@@ -3278,8 +3243,9 @@
}
},
"node_modules/@types/http-cache-semantics": {
- "version": "4.0.1",
- "license": "MIT"
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz",
+ "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA=="
},
"node_modules/@types/http-errors": {
"version": "2.0.4",
@@ -3367,8 +3333,12 @@
"integrity": "sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA=="
},
"node_modules/@types/node": {
- "version": "18.14.6",
- "license": "MIT"
+ "version": "22.0.0",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-22.0.0.tgz",
+ "integrity": "sha512-VT7KSYudcPOzP5Q0wfbowyNLaVR8QWUdw+088uFWwfvpY6uCWaXpqV6ieLAu9WBcnTa7H4Z5RLK8I5t2FuOcqw==",
+ "dependencies": {
+ "undici-types": "~6.11.1"
+ }
},
"node_modules/@types/prop-types": {
"version": "15.7.4",
@@ -3412,6 +3382,32 @@
"@types/react": "*"
}
},
+ "node_modules/@types/request": {
+ "version": "2.48.12",
+ "resolved": "https://registry.npmjs.org/@types/request/-/request-2.48.12.tgz",
+ "integrity": "sha512-G3sY+NpsA9jnwm0ixhAFQSJ3Q9JkpLZpJbI3GMv0mIAT0y3mRabYeINzal5WOChIiaTEGQYlHOKgkaM9EisWHw==",
+ "dev": true,
+ "dependencies": {
+ "@types/caseless": "*",
+ "@types/node": "*",
+ "@types/tough-cookie": "*",
+ "form-data": "^2.5.0"
+ }
+ },
+ "node_modules/@types/request/node_modules/form-data": {
+ "version": "2.5.1",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.1.tgz",
+ "integrity": "sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==",
+ "dev": true,
+ "dependencies": {
+ "asynckit": "^0.4.0",
+ "combined-stream": "^1.0.6",
+ "mime-types": "^2.1.12"
+ },
+ "engines": {
+ "node": ">= 0.12"
+ }
+ },
"node_modules/@types/semver": {
"version": "7.5.8",
"resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz",
@@ -3474,36 +3470,51 @@
"integrity": "sha512-0vQ4fz9TTM4bCdllYWEJ2JHBUXR9xqPtc70dJ7BMRDVfvZyYdrgey3nP5RRcVj+qAgnHJM8r9fvgrfnPMxdnhA==",
"dev": true
},
+ "node_modules/@types/tough-cookie": {
+ "version": "4.0.5",
+ "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz",
+ "integrity": "sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==",
+ "dev": true
+ },
"node_modules/@types/unist": {
"version": "2.0.6",
"license": "MIT"
},
+ "node_modules/@types/website-scraper": {
+ "version": "1.2.10",
+ "resolved": "https://registry.npmjs.org/@types/website-scraper/-/website-scraper-1.2.10.tgz",
+ "integrity": "sha512-yJR4klQv1/7PuqMmgm331re3gQLKHt3dtCYQPPDwlCdthZgE/zHhWyb3XsXCVt6IPnMnOb62I5oJIZECqfvx1A==",
+ "dev": true,
+ "dependencies": {
+ "@types/request": "*"
+ }
+ },
"node_modules/@typescript-eslint/eslint-plugin": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.13.0.tgz",
- "integrity": "sha512-FX1X6AF0w8MdVFLSdqwqN/me2hyhuQg4ykN6ZpVhh1ij/80pTvDKclX1sZB9iqex8SjQfVhwMKs3JtnnMLzG9w==",
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.4.0.tgz",
+ "integrity": "sha512-rg8LGdv7ri3oAlenMACk9e+AR4wUV0yrrG+XKsGKOK0EVgeEDqurkXMPILG2836fW4ibokTB5v4b6Z9+GYQDEw==",
"dev": true,
"dependencies": {
"@eslint-community/regexpp": "^4.10.0",
- "@typescript-eslint/scope-manager": "7.13.0",
- "@typescript-eslint/type-utils": "7.13.0",
- "@typescript-eslint/utils": "7.13.0",
- "@typescript-eslint/visitor-keys": "7.13.0",
+ "@typescript-eslint/scope-manager": "8.4.0",
+ "@typescript-eslint/type-utils": "8.4.0",
+ "@typescript-eslint/utils": "8.4.0",
+ "@typescript-eslint/visitor-keys": "8.4.0",
"graphemer": "^1.4.0",
"ignore": "^5.3.1",
"natural-compare": "^1.4.0",
"ts-api-utils": "^1.3.0"
},
"engines": {
- "node": "^18.18.0 || >=20.0.0"
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
},
"peerDependencies": {
- "@typescript-eslint/parser": "^7.0.0",
- "eslint": "^8.56.0"
+ "@typescript-eslint/parser": "^8.0.0 || ^8.0.0-alpha.0",
+ "eslint": "^8.57.0 || ^9.0.0"
},
"peerDependenciesMeta": {
"typescript": {
@@ -3512,15 +3523,15 @@
}
},
"node_modules/@typescript-eslint/parser": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.13.0.tgz",
- "integrity": "sha512-EjMfl69KOS9awXXe83iRN7oIEXy9yYdqWfqdrFAYAAr6syP8eLEFI7ZE4939antx2mNgPRW/o1ybm2SFYkbTVA==",
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.18.0.tgz",
+ "integrity": "sha512-4Z+L8I2OqhZV8qA132M4wNL30ypZGYOQVBfMgxDH/K5UX0PNqTu1c6za9ST5r9+tavvHiTWmBnKzpCJ/GlVFtg==",
"dev": true,
"dependencies": {
- "@typescript-eslint/scope-manager": "7.13.0",
- "@typescript-eslint/types": "7.13.0",
- "@typescript-eslint/typescript-estree": "7.13.0",
- "@typescript-eslint/visitor-keys": "7.13.0",
+ "@typescript-eslint/scope-manager": "7.18.0",
+ "@typescript-eslint/types": "7.18.0",
+ "@typescript-eslint/typescript-estree": "7.18.0",
+ "@typescript-eslint/visitor-keys": "7.18.0",
"debug": "^4.3.4"
},
"engines": {
@@ -3539,14 +3550,14 @@
}
}
},
- "node_modules/@typescript-eslint/scope-manager": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.13.0.tgz",
- "integrity": "sha512-ZrMCe1R6a01T94ilV13egvcnvVJ1pxShkE0+NDjDzH4nvG1wXpwsVI5bZCvE7AEDH1mXEx5tJSVR68bLgG7Dng==",
+ "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.18.0.tgz",
+ "integrity": "sha512-jjhdIE/FPF2B7Z1uzc6i3oWKbGcHb87Qw7AWj6jmEqNOfDFbJWtjt/XfwCpvNkpGWlcJaog5vTR+VV8+w9JflA==",
"dev": true,
"dependencies": {
- "@typescript-eslint/types": "7.13.0",
- "@typescript-eslint/visitor-keys": "7.13.0"
+ "@typescript-eslint/types": "7.18.0",
+ "@typescript-eslint/visitor-keys": "7.18.0"
},
"engines": {
"node": "^18.18.0 || >=20.0.0"
@@ -3556,15 +3567,32 @@
"url": "https://opencollective.com/typescript-eslint"
}
},
- "node_modules/@typescript-eslint/type-utils": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.13.0.tgz",
- "integrity": "sha512-xMEtMzxq9eRkZy48XuxlBFzpVMDurUAfDu5Rz16GouAtXm0TaAoTFzqWUFPPuQYXI/CDaH/Bgx/fk/84t/Bc9A==",
+ "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.18.0.tgz",
+ "integrity": "sha512-iZqi+Ds1y4EDYUtlOOC+aUmxnE9xS/yCigkjA7XpTKV6nCBd3Hp/PRGGmdwnfkV2ThMyYldP1wRpm/id99spTQ==",
+ "dev": true,
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ }
+ },
+ "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.18.0.tgz",
+ "integrity": "sha512-aP1v/BSPnnyhMHts8cf1qQ6Q1IFwwRvAQGRvBFkWlo3/lH29OXA3Pts+c10nxRxIBrDnoMqzhgdwVe5f2D6OzA==",
"dev": true,
"dependencies": {
- "@typescript-eslint/typescript-estree": "7.13.0",
- "@typescript-eslint/utils": "7.13.0",
+ "@typescript-eslint/types": "7.18.0",
+ "@typescript-eslint/visitor-keys": "7.18.0",
"debug": "^4.3.4",
+ "globby": "^11.1.0",
+ "is-glob": "^4.0.3",
+ "minimatch": "^9.0.4",
+ "semver": "^7.6.0",
"ts-api-utils": "^1.3.0"
},
"engines": {
@@ -3574,8 +3602,63 @@
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
},
- "peerDependencies": {
- "eslint": "^8.56.0"
+ "peerDependenciesMeta": {
+ "typescript": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.18.0.tgz",
+ "integrity": "sha512-cDF0/Gf81QpY3xYyJKDV14Zwdmid5+uuENhjH2EqFaF0ni+yAyq/LzMaIJdhNJXZI7uLzwIlA+V7oWoyn6Curg==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/types": "7.18.0",
+ "eslint-visitor-keys": "^3.4.3"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ }
+ },
+ "node_modules/@typescript-eslint/scope-manager": {
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.4.0.tgz",
+ "integrity": "sha512-n2jFxLeY0JmKfUqy3P70rs6vdoPjHK8P/w+zJcV3fk0b0BwRXC/zxRTEnAsgYT7MwdQDt/ZEbtdzdVC+hcpF0A==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/types": "8.4.0",
+ "@typescript-eslint/visitor-keys": "8.4.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ }
+ },
+ "node_modules/@typescript-eslint/type-utils": {
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.4.0.tgz",
+ "integrity": "sha512-pu2PAmNrl9KX6TtirVOrbLPLwDmASpZhK/XU7WvoKoCUkdtq9zF7qQ7gna0GBZFN0hci0vHaSusiL2WpsQk37A==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/typescript-estree": "8.4.0",
+ "@typescript-eslint/utils": "8.4.0",
+ "debug": "^4.3.4",
+ "ts-api-utils": "^1.3.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
},
"peerDependenciesMeta": {
"typescript": {
@@ -3584,12 +3667,12 @@
}
},
"node_modules/@typescript-eslint/types": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.13.0.tgz",
- "integrity": "sha512-QWuwm9wcGMAuTsxP+qz6LBBd3Uq8I5Nv8xb0mk54jmNoCyDspnMvVsOxI6IsMmway5d1S9Su2+sCKv1st2l6eA==",
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.4.0.tgz",
+ "integrity": "sha512-T1RB3KQdskh9t3v/qv7niK6P8yvn7ja1mS7QK7XfRVL6wtZ8/mFs/FHf4fKvTA0rKnqnYxl/uHFNbnEt0phgbw==",
"dev": true,
"engines": {
- "node": "^18.18.0 || >=20.0.0"
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
},
"funding": {
"type": "opencollective",
@@ -3597,22 +3680,22 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.13.0.tgz",
- "integrity": "sha512-cAvBvUoobaoIcoqox1YatXOnSl3gx92rCZoMRPzMNisDiM12siGilSM4+dJAekuuHTibI2hVC2fYK79iSFvWjw==",
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.4.0.tgz",
+ "integrity": "sha512-kJ2OIP4dQw5gdI4uXsaxUZHRwWAGpREJ9Zq6D5L0BweyOrWsL6Sz0YcAZGWhvKnH7fm1J5YFE1JrQL0c9dd53A==",
"dev": true,
"dependencies": {
- "@typescript-eslint/types": "7.13.0",
- "@typescript-eslint/visitor-keys": "7.13.0",
+ "@typescript-eslint/types": "8.4.0",
+ "@typescript-eslint/visitor-keys": "8.4.0",
"debug": "^4.3.4",
- "globby": "^11.1.0",
+ "fast-glob": "^3.3.2",
"is-glob": "^4.0.3",
"minimatch": "^9.0.4",
"semver": "^7.6.0",
"ts-api-utils": "^1.3.0"
},
"engines": {
- "node": "^18.18.0 || >=20.0.0"
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
},
"funding": {
"type": "opencollective",
@@ -3625,38 +3708,38 @@
}
},
"node_modules/@typescript-eslint/utils": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.13.0.tgz",
- "integrity": "sha512-jceD8RgdKORVnB4Y6BqasfIkFhl4pajB1wVxrF4akxD2QPM8GNYjgGwEzYS+437ewlqqrg7Dw+6dhdpjMpeBFQ==",
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.4.0.tgz",
+ "integrity": "sha512-swULW8n1IKLjRAgciCkTCafyTHHfwVQFt8DovmaF69sKbOxTSFMmIZaSHjqO9i/RV0wIblaawhzvtva8Nmm7lQ==",
"dev": true,
"dependencies": {
"@eslint-community/eslint-utils": "^4.4.0",
- "@typescript-eslint/scope-manager": "7.13.0",
- "@typescript-eslint/types": "7.13.0",
- "@typescript-eslint/typescript-estree": "7.13.0"
+ "@typescript-eslint/scope-manager": "8.4.0",
+ "@typescript-eslint/types": "8.4.0",
+ "@typescript-eslint/typescript-estree": "8.4.0"
},
"engines": {
- "node": "^18.18.0 || >=20.0.0"
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
},
"peerDependencies": {
- "eslint": "^8.56.0"
+ "eslint": "^8.57.0 || ^9.0.0"
}
},
"node_modules/@typescript-eslint/visitor-keys": {
- "version": "7.13.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.13.0.tgz",
- "integrity": "sha512-nxn+dozQx+MK61nn/JP+M4eCkHDSxSLDpgE3WcQo0+fkjEolnaB5jswvIKC4K56By8MMgIho7f1PVxERHEo8rw==",
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.4.0.tgz",
+ "integrity": "sha512-zTQD6WLNTre1hj5wp09nBIDiOc2U5r/qmzo7wxPn4ZgAjHql09EofqhF9WF+fZHzL5aCyaIpPcT2hyxl73kr9A==",
"dev": true,
"dependencies": {
- "@typescript-eslint/types": "7.13.0",
+ "@typescript-eslint/types": "8.4.0",
"eslint-visitor-keys": "^3.4.3"
},
"engines": {
- "node": "^18.18.0 || >=20.0.0"
+ "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
},
"funding": {
"type": "opencollective",
@@ -3669,96 +3752,81 @@
"integrity": "sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ=="
},
"node_modules/@vitest/expect": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.6.0.tgz",
- "integrity": "sha512-ixEvFVQjycy/oNgHjqsL6AZCDduC+tflRluaHIzKIsdbzkLn2U/iBnVeJwB6HsIjQBdfMR8Z0tRxKUsvFJEeWQ==",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-2.0.5.tgz",
+ "integrity": "sha512-yHZtwuP7JZivj65Gxoi8upUN2OzHTi3zVfjwdpu2WrvCZPLwsJ2Ey5ILIPccoW23dd/zQBlJ4/dhi7DWNyXCpA==",
"dev": true,
"dependencies": {
- "@vitest/spy": "1.6.0",
- "@vitest/utils": "1.6.0",
- "chai": "^4.3.10"
+ "@vitest/spy": "2.0.5",
+ "@vitest/utils": "2.0.5",
+ "chai": "^5.1.1",
+ "tinyrainbow": "^1.2.0"
},
"funding": {
"url": "https://opencollective.com/vitest"
}
},
- "node_modules/@vitest/runner": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.6.0.tgz",
- "integrity": "sha512-P4xgwPjwesuBiHisAVz/LSSZtDjOTPYZVmNAnpHHSR6ONrf8eCJOFRvUwdHn30F5M1fxhqtl7QZQUk2dprIXAg==",
+ "node_modules/@vitest/pretty-format": {
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-2.0.5.tgz",
+ "integrity": "sha512-h8k+1oWHfwTkyTkb9egzwNMfJAEx4veaPSnMeKbVSjp4euqGSbQlm5+6VHwTr7u4FJslVVsUG5nopCaAYdOmSQ==",
"dev": true,
"dependencies": {
- "@vitest/utils": "1.6.0",
- "p-limit": "^5.0.0",
- "pathe": "^1.1.1"
+ "tinyrainbow": "^1.2.0"
},
"funding": {
"url": "https://opencollective.com/vitest"
}
},
- "node_modules/@vitest/runner/node_modules/p-limit": {
- "version": "5.0.0",
- "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-5.0.0.tgz",
- "integrity": "sha512-/Eaoq+QyLSiXQ4lyYV23f14mZRQcXnxfHrN0vCai+ak9G0pp9iEQukIIZq5NccEvwRB8PUnZT0KsOoDCINS1qQ==",
+ "node_modules/@vitest/runner": {
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-2.0.5.tgz",
+ "integrity": "sha512-TfRfZa6Bkk9ky4tW0z20WKXFEwwvWhRY+84CnSEtq4+3ZvDlJyY32oNTJtM7AW9ihW90tX/1Q78cb6FjoAs+ig==",
"dev": true,
"dependencies": {
- "yocto-queue": "^1.0.0"
- },
- "engines": {
- "node": ">=18"
- },
- "funding": {
- "url": "https://github.com/sponsors/sindresorhus"
- }
- },
- "node_modules/@vitest/runner/node_modules/yocto-queue": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.0.0.tgz",
- "integrity": "sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==",
- "dev": true,
- "engines": {
- "node": ">=12.20"
+ "@vitest/utils": "2.0.5",
+ "pathe": "^1.1.2"
},
"funding": {
- "url": "https://github.com/sponsors/sindresorhus"
+ "url": "https://opencollective.com/vitest"
}
},
"node_modules/@vitest/snapshot": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.6.0.tgz",
- "integrity": "sha512-+Hx43f8Chus+DCmygqqfetcAZrDJwvTj0ymqjQq4CvmpKFSTVteEOBzCusu1x2tt4OJcvBflyHUE0DZSLgEMtQ==",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-2.0.5.tgz",
+ "integrity": "sha512-SgCPUeDFLaM0mIUHfaArq8fD2WbaXG/zVXjRupthYfYGzc8ztbFbu6dUNOblBG7XLMR1kEhS/DNnfCZ2IhdDew==",
"dev": true,
"dependencies": {
- "magic-string": "^0.30.5",
- "pathe": "^1.1.1",
- "pretty-format": "^29.7.0"
+ "@vitest/pretty-format": "2.0.5",
+ "magic-string": "^0.30.10",
+ "pathe": "^1.1.2"
},
"funding": {
"url": "https://opencollective.com/vitest"
}
},
"node_modules/@vitest/spy": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.6.0.tgz",
- "integrity": "sha512-leUTap6B/cqi/bQkXUu6bQV5TZPx7pmMBKBQiI0rJA8c3pB56ZsaTbREnF7CJfmvAS4V2cXIBAh/3rVwrrCYgw==",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-2.0.5.tgz",
+ "integrity": "sha512-c/jdthAhvJdpfVuaexSrnawxZz6pywlTPe84LUB2m/4t3rl2fTo9NFGBG4oWgaD+FTgDDV8hJ/nibT7IfH3JfA==",
"dev": true,
"dependencies": {
- "tinyspy": "^2.2.0"
+ "tinyspy": "^3.0.0"
},
"funding": {
"url": "https://opencollective.com/vitest"
}
},
"node_modules/@vitest/utils": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.6.0.tgz",
- "integrity": "sha512-21cPiuGMoMZwiOHa2i4LXkMkMkCGzA+MVFV70jRwHo95dL4x/ts5GZhML1QWuy7yfp3WzK3lRvZi3JnXTYqrBw==",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-2.0.5.tgz",
+ "integrity": "sha512-d8HKbqIcya+GR67mkZbrzhS5kKhtp8dQLcmRZLGTscGVg7yImT82cIrhtn2L8+VujWcy6KZweApgNmPsTAO/UQ==",
"dev": true,
"dependencies": {
- "diff-sequences": "^29.6.3",
+ "@vitest/pretty-format": "2.0.5",
"estree-walker": "^3.0.3",
- "loupe": "^2.3.7",
- "pretty-format": "^29.7.0"
+ "loupe": "^3.1.1",
+ "tinyrainbow": "^1.2.0"
},
"funding": {
"url": "https://opencollective.com/vitest"
@@ -3805,24 +3873,15 @@
"acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
}
},
- "node_modules/acorn-walk": {
- "version": "8.3.2",
- "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz",
- "integrity": "sha512-cjkyv4OtNCIeqhHrfS81QWXoCBPExR/J62oyEqepVw8WaQeSqpW2uhuLPh1m9eWhDuOo/jUXVTlifvesOWp/4A==",
- "dev": true,
- "engines": {
- "node": ">=0.4.0"
- }
- },
"node_modules/ajv": {
- "version": "8.16.0",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz",
- "integrity": "sha512-F0twR8U1ZU67JIEtekUcLkXkoO5mMMmgGD8sK/xUFzJ805jxHQl92hImFAqqXMyMYjSPOyUPAwHYhB72g5sTXw==",
+ "version": "8.17.1",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
+ "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
"dependencies": {
"fast-deep-equal": "^3.1.3",
+ "fast-uri": "^3.0.1",
"json-schema-traverse": "^1.0.0",
- "require-from-string": "^2.0.2",
- "uri-js": "^4.4.1"
+ "require-from-string": "^2.0.2"
},
"funding": {
"type": "github",
@@ -3860,12 +3919,15 @@
}
},
"node_modules/ansi-escapes": {
- "version": "6.2.1",
- "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-6.2.1.tgz",
- "integrity": "sha512-4nJ3yixlEthEJ9Rk4vPcdBRkZvQZlYyu8j4/Mqz5sgIkddmEnH2Yj2ZrnP9S3tQOvSNRUIgVNF/1yPpRAGNRig==",
+ "version": "7.0.0",
+ "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-7.0.0.tgz",
+ "integrity": "sha512-GdYO7a61mR0fOlAsvC9/rIHf7L96sBc6dEWzeOu+KAea5bZyQRPIpojrVoI4AXGJS/ycu/fBTdLrUkA4ODrvjw==",
"dev": true,
+ "dependencies": {
+ "environment": "^1.0.0"
+ },
"engines": {
- "node": ">=14.16"
+ "node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
@@ -3922,13 +3984,16 @@
}
},
"node_modules/array-buffer-byte-length": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz",
- "integrity": "sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==",
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz",
+ "integrity": "sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "is-array-buffer": "^3.0.1"
+ "call-bind": "^1.0.5",
+ "is-array-buffer": "^3.0.4"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -3939,15 +4004,16 @@
"license": "MIT"
},
"node_modules/array-includes": {
- "version": "3.1.7",
- "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.7.tgz",
- "integrity": "sha512-dlcsNBIiWhPkHdOEEKnehA+RNUWDc4UqFtnIXU4uuYDPtA4LDkr7qip2p0VvFAEXNDr0yWZ9PJyIRiGjRLQzwQ==",
+ "version": "3.1.8",
+ "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.8.tgz",
+ "integrity": "sha512-itaWrbYbqpGXkGhZPGUulwnhVf5Hpy1xiCFsGqyIGglbBxmG5vSjxQen3/WGOjPpNEv1RtBLKxbmVXm8HpJStQ==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1",
- "get-intrinsic": "^1.2.1",
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1",
+ "es-abstract": "^1.23.2",
+ "es-object-atoms": "^1.0.0",
+ "get-intrinsic": "^1.2.4",
"is-string": "^1.0.7"
},
"engines": {
@@ -4022,17 +4088,18 @@
}
},
"node_modules/arraybuffer.prototype.slice": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.2.tgz",
- "integrity": "sha512-yMBKppFur/fbHu9/6USUe03bZ4knMYiwFBcyiaXB8Go0qNehwX6inYPzK9U0NeQvGxKthcmHcaR8P5MStSRBAw==",
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.3.tgz",
+ "integrity": "sha512-bMxMKAjg13EBSVscxTaYA4mRc5t1UAXa2kXiGTNfZ079HIWXEkKmkgFrh/nJqamaLSrXO5H4WFFkPEaLJWbs3A==",
"dev": true,
"dependencies": {
- "array-buffer-byte-length": "^1.0.0",
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1",
- "get-intrinsic": "^1.2.1",
- "is-array-buffer": "^3.0.2",
+ "array-buffer-byte-length": "^1.0.1",
+ "call-bind": "^1.0.5",
+ "define-properties": "^1.2.1",
+ "es-abstract": "^1.22.3",
+ "es-errors": "^1.2.1",
+ "get-intrinsic": "^1.2.3",
+ "is-array-buffer": "^3.0.4",
"is-shared-array-buffer": "^1.0.2"
},
"engines": {
@@ -4043,12 +4110,12 @@
}
},
"node_modules/assertion-error": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
- "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
+ "version": "2.0.1",
+ "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz",
+ "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==",
"dev": true,
"engines": {
- "node": "*"
+ "node": ">=12"
}
},
"node_modules/ast-types-flow": {
@@ -4057,15 +4124,6 @@
"integrity": "sha512-OH/2E5Fg20h2aPrbe+QL8JZQFko0YZaF+j4mnQ7BGhfavO7OpSLa8a0y9sBwomHdSbkhTS8TQNayBfnW5DwbvQ==",
"dev": true
},
- "node_modules/asynciterator.prototype": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/asynciterator.prototype/-/asynciterator.prototype-1.0.0.tgz",
- "integrity": "sha512-wwHYEIS0Q80f5mosx3L/dfG5t5rjEa9Ft51GTaNt862EnpyGHpgz2RkZvLPp1oF5TnAiTohkEKVEu8pQPJI7Vg==",
- "dev": true,
- "dependencies": {
- "has-symbols": "^1.0.3"
- }
- },
"node_modules/asynckit": {
"version": "0.4.0",
"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
@@ -4073,10 +4131,13 @@
"dev": true
},
"node_modules/available-typed-arrays": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz",
- "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz",
+ "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==",
"dev": true,
+ "dependencies": {
+ "possible-typed-array-names": "^1.0.0"
+ },
"engines": {
"node": ">= 0.4"
},
@@ -4094,23 +4155,23 @@
}
},
"node_modules/axios": {
- "version": "1.6.2",
- "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz",
- "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==",
+ "version": "1.7.4",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
+ "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
"dev": true,
"dependencies": {
- "follow-redirects": "^1.15.0",
+ "follow-redirects": "^1.15.6",
"form-data": "^4.0.0",
"proxy-from-env": "^1.1.0"
}
},
"node_modules/axobject-query": {
- "version": "3.2.1",
- "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-3.2.1.tgz",
- "integrity": "sha512-jsyHu61e6N4Vbz/v18DHwWYKK0bSWLqn47eeDSKPB7m8tqMHF9YJ+mhIk2lVteyZrY8tnSj/jHOv4YiTCuCJgg==",
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-3.1.1.tgz",
+ "integrity": "sha512-goKlv8DZrK9hUh975fnHzhNIO4jUnFCfv/dszV5VwUGDFjI6vQ2VwoyjYjYNEbBE8AH87TduWP5uyDR1D+Iteg==",
"dev": true,
"dependencies": {
- "dequal": "^2.0.3"
+ "deep-equal": "^2.0.5"
}
},
"node_modules/babel-plugin-styled-components": {
@@ -4232,86 +4293,47 @@
"license": "MIT"
},
"node_modules/boxen": {
- "version": "7.1.1",
- "resolved": "https://registry.npmjs.org/boxen/-/boxen-7.1.1.tgz",
- "integrity": "sha512-2hCgjEmP8YLWQ130n2FerGv7rYpfBmnmp9Uy2Le1vge6X3gZIfSmEzP5QTDElFxcvVcXlEn8Aq6MU/PZygIOog==",
+ "version": "8.0.1",
+ "resolved": "https://registry.npmjs.org/boxen/-/boxen-8.0.1.tgz",
+ "integrity": "sha512-F3PH5k5juxom4xktynS7MoFY+NUWH5LC4CnH11YB8NPew+HLpmBLCybSAEyb2F+4pRXhuhWqFesoQd6DAyc2hw==",
"dependencies": {
"ansi-align": "^3.0.1",
- "camelcase": "^7.0.1",
- "chalk": "^5.2.0",
+ "camelcase": "^8.0.0",
+ "chalk": "^5.3.0",
"cli-boxes": "^3.0.0",
- "string-width": "^5.1.2",
- "type-fest": "^2.13.0",
- "widest-line": "^4.0.1",
- "wrap-ansi": "^8.1.0"
+ "string-width": "^7.2.0",
+ "type-fest": "^4.21.0",
+ "widest-line": "^5.0.0",
+ "wrap-ansi": "^9.0.0"
},
"engines": {
- "node": ">=14.16"
+ "node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/boxen/node_modules/ansi-styles": {
- "version": "6.2.1",
- "license": "MIT",
- "engines": {
- "node": ">=12"
- },
- "funding": {
- "url": "https://github.com/chalk/ansi-styles?sponsor=1"
- }
- },
- "node_modules/boxen/node_modules/camelcase": {
- "version": "7.0.1",
- "license": "MIT",
- "engines": {
- "node": ">=14.16"
- },
- "funding": {
- "url": "https://github.com/sponsors/sindresorhus"
- }
+ "node_modules/boxen/node_modules/emoji-regex": {
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
+ "integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw=="
},
"node_modules/boxen/node_modules/string-width": {
- "version": "5.1.2",
- "license": "MIT",
+ "version": "7.2.0",
+ "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
+ "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
"dependencies": {
- "eastasianwidth": "^0.2.0",
- "emoji-regex": "^9.2.2",
- "strip-ansi": "^7.0.1"
- },
- "engines": {
- "node": ">=12"
+ "emoji-regex": "^10.3.0",
+ "get-east-asian-width": "^1.0.0",
+ "strip-ansi": "^7.1.0"
},
- "funding": {
- "url": "https://github.com/sponsors/sindresorhus"
- }
- },
- "node_modules/boxen/node_modules/type-fest": {
- "version": "2.18.1",
- "license": "(MIT OR CC0-1.0)",
"engines": {
- "node": ">=12.20"
+ "node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/boxen/node_modules/wrap-ansi": {
- "version": "8.1.0",
- "license": "MIT",
- "dependencies": {
- "ansi-styles": "^6.1.0",
- "string-width": "^5.0.1",
- "strip-ansi": "^7.0.1"
- },
- "engines": {
- "node": ">=12"
- },
- "funding": {
- "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
- }
- },
"node_modules/brace-expansion": {
"version": "2.0.1",
"license": "MIT",
@@ -4398,6 +4420,7 @@
},
"node_modules/cacheable-request": {
"version": "10.2.10",
+ "dev": true,
"license": "MIT",
"dependencies": {
"@types/http-cache-semantics": "^4.0.1",
@@ -4413,13 +4436,18 @@
}
},
"node_modules/call-bind": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz",
- "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
+ "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
"dependencies": {
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
"function-bind": "^1.1.2",
- "get-intrinsic": "^1.2.1",
- "set-function-length": "^1.1.1"
+ "get-intrinsic": "^1.2.4",
+ "set-function-length": "^1.2.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -4433,6 +4461,17 @@
"node": ">=6"
}
},
+ "node_modules/camelcase": {
+ "version": "8.0.0",
+ "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-8.0.0.tgz",
+ "integrity": "sha512-8WB3Jcas3swSvjIeA2yvCJ+Miyz5l1ZmB6HFb9R1317dt9LCQoswg/BGrmAmkWVEszSrrg4RwmO46qIm2OEnSA==",
+ "engines": {
+ "node": ">=16"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/camelize": {
"version": "1.0.0",
"license": "MIT"
@@ -4466,21 +4505,19 @@
}
},
"node_modules/chai": {
- "version": "4.4.1",
- "resolved": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz",
- "integrity": "sha512-13sOfMv2+DWduEU+/xbun3LScLoqN17nBeTLUsmDfKdoiC1fr0n9PU4guu4AhRcOVFk/sW8LyZWHuhWtQZiF+g==",
+ "version": "5.1.1",
+ "resolved": "https://registry.npmjs.org/chai/-/chai-5.1.1.tgz",
+ "integrity": "sha512-pT1ZgP8rPNqUgieVaEY+ryQr6Q4HXNg8Ei9UnLUrjN4IA7dvQC5JB+/kxVcPNDHyBcc/26CXPkbNzq3qwrOEKA==",
"dev": true,
"dependencies": {
- "assertion-error": "^1.1.0",
- "check-error": "^1.0.3",
- "deep-eql": "^4.1.3",
- "get-func-name": "^2.0.2",
- "loupe": "^2.3.6",
- "pathval": "^1.1.1",
- "type-detect": "^4.0.8"
+ "assertion-error": "^2.0.1",
+ "check-error": "^2.1.1",
+ "deep-eql": "^5.0.1",
+ "loupe": "^3.1.0",
+ "pathval": "^2.0.0"
},
"engines": {
- "node": ">=4"
+ "node": ">=12"
}
},
"node_modules/chalk": {
@@ -4527,15 +4564,12 @@
}
},
"node_modules/check-error": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz",
- "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==",
+ "version": "2.1.1",
+ "resolved": "https://registry.npmjs.org/check-error/-/check-error-2.1.1.tgz",
+ "integrity": "sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw==",
"dev": true,
- "dependencies": {
- "get-func-name": "^2.0.2"
- },
"engines": {
- "node": "*"
+ "node": ">= 16"
}
},
"node_modules/check-more-types": {
@@ -4668,15 +4702,15 @@
}
},
"node_modules/cli-truncate/node_modules/emoji-regex": {
- "version": "10.3.0",
- "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
- "integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw==",
+ "version": "10.4.0",
+ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.4.0.tgz",
+ "integrity": "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw==",
"dev": true
},
"node_modules/cli-truncate/node_modules/string-width": {
- "version": "7.1.0",
- "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz",
- "integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==",
+ "version": "7.2.0",
+ "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
+ "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
"dev": true,
"dependencies": {
"emoji-regex": "^10.3.0",
@@ -5052,6 +5086,57 @@
"integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==",
"dev": true
},
+ "node_modules/data-view-buffer": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/data-view-buffer/-/data-view-buffer-1.0.1.tgz",
+ "integrity": "sha512-0lht7OugA5x3iJLOWFhWK/5ehONdprk0ISXqVFn/NFrDu+cuc8iADFrGQz5BnRK7LLU3JmkbXSxaqX+/mXYtUA==",
+ "dev": true,
+ "dependencies": {
+ "call-bind": "^1.0.6",
+ "es-errors": "^1.3.0",
+ "is-data-view": "^1.0.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/data-view-byte-length": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/data-view-byte-length/-/data-view-byte-length-1.0.1.tgz",
+ "integrity": "sha512-4J7wRJD3ABAzr8wP+OcIcqq2dlUKp4DVflx++hs5h5ZKydWMI6/D/fAot+yh6g2tHh8fLFTvNOaVN357NvSrOQ==",
+ "dev": true,
+ "dependencies": {
+ "call-bind": "^1.0.7",
+ "es-errors": "^1.3.0",
+ "is-data-view": "^1.0.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/data-view-byte-offset": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/data-view-byte-offset/-/data-view-byte-offset-1.0.0.tgz",
+ "integrity": "sha512-t/Ygsytq+R995EJ5PZlD4Cu56sWa8InXySaViRzw9apusqsOO2bQP+SbYzAhR0pFKoB+43lYy8rWban9JSuXnA==",
+ "dev": true,
+ "dependencies": {
+ "call-bind": "^1.0.6",
+ "es-errors": "^1.3.0",
+ "is-data-view": "^1.0.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/dayjs": {
"version": "1.11.3",
"license": "MIT"
@@ -5107,15 +5192,44 @@
}
},
"node_modules/deep-eql": {
- "version": "4.1.3",
- "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz",
- "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==",
+ "version": "5.0.2",
+ "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-5.0.2.tgz",
+ "integrity": "sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==",
+ "dev": true,
+ "engines": {
+ "node": ">=6"
+ }
+ },
+ "node_modules/deep-equal": {
+ "version": "2.2.3",
+ "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.2.3.tgz",
+ "integrity": "sha512-ZIwpnevOurS8bpT4192sqAowWM76JDKSHYzMLty3BZGSswgq6pBaH3DhCSW5xVAZICZyKdOBPjwww5wfgT/6PA==",
"dev": true,
"dependencies": {
- "type-detect": "^4.0.0"
+ "array-buffer-byte-length": "^1.0.0",
+ "call-bind": "^1.0.5",
+ "es-get-iterator": "^1.1.3",
+ "get-intrinsic": "^1.2.2",
+ "is-arguments": "^1.1.1",
+ "is-array-buffer": "^3.0.2",
+ "is-date-object": "^1.0.5",
+ "is-regex": "^1.1.4",
+ "is-shared-array-buffer": "^1.0.2",
+ "isarray": "^2.0.5",
+ "object-is": "^1.1.5",
+ "object-keys": "^1.1.1",
+ "object.assign": "^4.1.4",
+ "regexp.prototype.flags": "^1.5.1",
+ "side-channel": "^1.0.4",
+ "which-boxed-primitive": "^1.0.2",
+ "which-collection": "^1.0.1",
+ "which-typed-array": "^1.1.13"
},
"engines": {
- "node": ">=6"
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/deep-is": {
@@ -5137,16 +5251,19 @@
}
},
"node_modules/define-data-property": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz",
- "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==",
+ "version": "1.1.4",
+ "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
+ "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
"dependencies": {
- "get-intrinsic": "^1.2.1",
- "gopd": "^1.0.1",
- "has-property-descriptors": "^1.0.0"
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
+ "gopd": "^1.0.1"
},
"engines": {
"node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/define-properties": {
@@ -5241,15 +5358,6 @@
"node": ">=0.3.1"
}
},
- "node_modules/diff-sequences": {
- "version": "29.6.3",
- "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz",
- "integrity": "sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==",
- "dev": true,
- "engines": {
- "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
- }
- },
"node_modules/dir-glob": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
@@ -5393,51 +5501,70 @@
"url": "https://github.com/fb55/entities?sponsor=1"
}
},
- "node_modules/es-abstract": {
- "version": "1.22.3",
- "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.22.3.tgz",
- "integrity": "sha512-eiiY8HQeYfYH2Con2berK+To6GrK2RxbPawDkGq4UiCQQfZHb6wX9qQqkbpPqaxQFcl8d9QzZqo0tGE0VcrdwA==",
+ "node_modules/environment": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/environment/-/environment-1.1.0.tgz",
+ "integrity": "sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==",
"dev": true,
- "dependencies": {
- "array-buffer-byte-length": "^1.0.0",
- "arraybuffer.prototype.slice": "^1.0.2",
- "available-typed-arrays": "^1.0.5",
- "call-bind": "^1.0.5",
- "es-set-tostringtag": "^2.0.1",
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/es-abstract": {
+ "version": "1.23.3",
+ "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.23.3.tgz",
+ "integrity": "sha512-e+HfNH61Bj1X9/jLc5v1owaLYuHdeHHSQlkhCBiTK8rBvKaULl/beGMxwrMXjpYrv4pz22BlY570vVePA2ho4A==",
+ "dev": true,
+ "dependencies": {
+ "array-buffer-byte-length": "^1.0.1",
+ "arraybuffer.prototype.slice": "^1.0.3",
+ "available-typed-arrays": "^1.0.7",
+ "call-bind": "^1.0.7",
+ "data-view-buffer": "^1.0.1",
+ "data-view-byte-length": "^1.0.1",
+ "data-view-byte-offset": "^1.0.0",
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
+ "es-object-atoms": "^1.0.0",
+ "es-set-tostringtag": "^2.0.3",
"es-to-primitive": "^1.2.1",
"function.prototype.name": "^1.1.6",
- "get-intrinsic": "^1.2.2",
- "get-symbol-description": "^1.0.0",
+ "get-intrinsic": "^1.2.4",
+ "get-symbol-description": "^1.0.2",
"globalthis": "^1.0.3",
"gopd": "^1.0.1",
- "has-property-descriptors": "^1.0.0",
- "has-proto": "^1.0.1",
+ "has-property-descriptors": "^1.0.2",
+ "has-proto": "^1.0.3",
"has-symbols": "^1.0.3",
- "hasown": "^2.0.0",
- "internal-slot": "^1.0.5",
- "is-array-buffer": "^3.0.2",
+ "hasown": "^2.0.2",
+ "internal-slot": "^1.0.7",
+ "is-array-buffer": "^3.0.4",
"is-callable": "^1.2.7",
- "is-negative-zero": "^2.0.2",
+ "is-data-view": "^1.0.1",
+ "is-negative-zero": "^2.0.3",
"is-regex": "^1.1.4",
- "is-shared-array-buffer": "^1.0.2",
+ "is-shared-array-buffer": "^1.0.3",
"is-string": "^1.0.7",
- "is-typed-array": "^1.1.12",
+ "is-typed-array": "^1.1.13",
"is-weakref": "^1.0.2",
"object-inspect": "^1.13.1",
"object-keys": "^1.1.1",
- "object.assign": "^4.1.4",
- "regexp.prototype.flags": "^1.5.1",
- "safe-array-concat": "^1.0.1",
- "safe-regex-test": "^1.0.0",
- "string.prototype.trim": "^1.2.8",
- "string.prototype.trimend": "^1.0.7",
- "string.prototype.trimstart": "^1.0.7",
- "typed-array-buffer": "^1.0.0",
- "typed-array-byte-length": "^1.0.0",
- "typed-array-byte-offset": "^1.0.0",
- "typed-array-length": "^1.0.4",
+ "object.assign": "^4.1.5",
+ "regexp.prototype.flags": "^1.5.2",
+ "safe-array-concat": "^1.1.2",
+ "safe-regex-test": "^1.0.3",
+ "string.prototype.trim": "^1.2.9",
+ "string.prototype.trimend": "^1.0.8",
+ "string.prototype.trimstart": "^1.0.8",
+ "typed-array-buffer": "^1.0.2",
+ "typed-array-byte-length": "^1.0.1",
+ "typed-array-byte-offset": "^1.0.2",
+ "typed-array-length": "^1.0.6",
"unbox-primitive": "^1.0.2",
- "which-typed-array": "^1.1.13"
+ "which-typed-array": "^1.1.15"
},
"engines": {
"node": ">= 0.4"
@@ -5446,37 +5573,91 @@
"url": "https://github.com/sponsors/ljharb"
}
},
- "node_modules/es-iterator-helpers": {
- "version": "1.0.15",
- "resolved": "https://registry.npmjs.org/es-iterator-helpers/-/es-iterator-helpers-1.0.15.tgz",
- "integrity": "sha512-GhoY8uYqd6iwUl2kgjTm4CZAf6oo5mHK7BPqx3rKgx893YSsy0LGHV6gfqqQvZt/8xM8xeOnfXBCfqclMKkJ5g==",
+ "node_modules/es-define-property": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
+ "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
+ "dependencies": {
+ "get-intrinsic": "^1.2.4"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
+ "node_modules/es-errors": {
+ "version": "1.3.0",
+ "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+ "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
+ "node_modules/es-get-iterator": {
+ "version": "1.1.3",
+ "resolved": "https://registry.npmjs.org/es-get-iterator/-/es-get-iterator-1.1.3.tgz",
+ "integrity": "sha512-sPZmqHBe6JIiTfN5q2pEi//TwxmAFHwj/XEuYjTuse78i8KxaqMTTzxPoFKuzRpDpTJ+0NAbpfenkmH2rePtuw==",
"dev": true,
"dependencies": {
- "asynciterator.prototype": "^1.0.0",
"call-bind": "^1.0.2",
+ "get-intrinsic": "^1.1.3",
+ "has-symbols": "^1.0.3",
+ "is-arguments": "^1.1.1",
+ "is-map": "^2.0.2",
+ "is-set": "^2.0.2",
+ "is-string": "^1.0.7",
+ "isarray": "^2.0.5",
+ "stop-iteration-iterator": "^1.0.0"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/es-iterator-helpers": {
+ "version": "1.0.19",
+ "resolved": "https://registry.npmjs.org/es-iterator-helpers/-/es-iterator-helpers-1.0.19.tgz",
+ "integrity": "sha512-zoMwbCcH5hwUkKJkT8kDIBZSz9I6mVG//+lDCinLCGov4+r7NIy0ld8o03M0cJxl2spVf6ESYVS6/gpIfq1FFw==",
+ "dev": true,
+ "dependencies": {
+ "call-bind": "^1.0.7",
"define-properties": "^1.2.1",
- "es-abstract": "^1.22.1",
- "es-set-tostringtag": "^2.0.1",
- "function-bind": "^1.1.1",
- "get-intrinsic": "^1.2.1",
+ "es-abstract": "^1.23.3",
+ "es-errors": "^1.3.0",
+ "es-set-tostringtag": "^2.0.3",
+ "function-bind": "^1.1.2",
+ "get-intrinsic": "^1.2.4",
"globalthis": "^1.0.3",
- "has-property-descriptors": "^1.0.0",
- "has-proto": "^1.0.1",
+ "has-property-descriptors": "^1.0.2",
+ "has-proto": "^1.0.3",
"has-symbols": "^1.0.3",
- "internal-slot": "^1.0.5",
+ "internal-slot": "^1.0.7",
"iterator.prototype": "^1.1.2",
- "safe-array-concat": "^1.0.1"
+ "safe-array-concat": "^1.1.2"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
+ "node_modules/es-object-atoms": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz",
+ "integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==",
+ "dev": true,
+ "dependencies": {
+ "es-errors": "^1.3.0"
+ },
+ "engines": {
+ "node": ">= 0.4"
}
},
"node_modules/es-set-tostringtag": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.2.tgz",
- "integrity": "sha512-BuDyupZt65P9D2D2vA/zqcI3G5xRsklm5N3xCwuiy+/vKy8i0ifdsQP1sLgO4tZDSCaQUSnmC48khknGMV3D2Q==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.3.tgz",
+ "integrity": "sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ==",
"dev": true,
"dependencies": {
- "get-intrinsic": "^1.2.2",
- "has-tostringtag": "^1.0.0",
- "hasown": "^2.0.0"
+ "get-intrinsic": "^1.2.4",
+ "has-tostringtag": "^1.0.2",
+ "hasown": "^2.0.1"
},
"engines": {
"node": ">= 0.4"
@@ -5508,10 +5689,9 @@
}
},
"node_modules/esbuild": {
- "version": "0.20.2",
- "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.20.2.tgz",
- "integrity": "sha512-WdOOppmUNU+IbZ0PaDiTst80zjnrOkyJNHoKupIcVyU8Lvla3Ugx94VzkQ32Ijqd7UhHJy75gNWDMUekcrSJ6g==",
- "dev": true,
+ "version": "0.21.5",
+ "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.21.5.tgz",
+ "integrity": "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==",
"hasInstallScript": true,
"bin": {
"esbuild": "bin/esbuild"
@@ -5520,29 +5700,29 @@
"node": ">=12"
},
"optionalDependencies": {
- "@esbuild/aix-ppc64": "0.20.2",
- "@esbuild/android-arm": "0.20.2",
- "@esbuild/android-arm64": "0.20.2",
- "@esbuild/android-x64": "0.20.2",
- "@esbuild/darwin-arm64": "0.20.2",
- "@esbuild/darwin-x64": "0.20.2",
- "@esbuild/freebsd-arm64": "0.20.2",
- "@esbuild/freebsd-x64": "0.20.2",
- "@esbuild/linux-arm": "0.20.2",
- "@esbuild/linux-arm64": "0.20.2",
- "@esbuild/linux-ia32": "0.20.2",
- "@esbuild/linux-loong64": "0.20.2",
- "@esbuild/linux-mips64el": "0.20.2",
- "@esbuild/linux-ppc64": "0.20.2",
- "@esbuild/linux-riscv64": "0.20.2",
- "@esbuild/linux-s390x": "0.20.2",
- "@esbuild/linux-x64": "0.20.2",
- "@esbuild/netbsd-x64": "0.20.2",
- "@esbuild/openbsd-x64": "0.20.2",
- "@esbuild/sunos-x64": "0.20.2",
- "@esbuild/win32-arm64": "0.20.2",
- "@esbuild/win32-ia32": "0.20.2",
- "@esbuild/win32-x64": "0.20.2"
+ "@esbuild/aix-ppc64": "0.21.5",
+ "@esbuild/android-arm": "0.21.5",
+ "@esbuild/android-arm64": "0.21.5",
+ "@esbuild/android-x64": "0.21.5",
+ "@esbuild/darwin-arm64": "0.21.5",
+ "@esbuild/darwin-x64": "0.21.5",
+ "@esbuild/freebsd-arm64": "0.21.5",
+ "@esbuild/freebsd-x64": "0.21.5",
+ "@esbuild/linux-arm": "0.21.5",
+ "@esbuild/linux-arm64": "0.21.5",
+ "@esbuild/linux-ia32": "0.21.5",
+ "@esbuild/linux-loong64": "0.21.5",
+ "@esbuild/linux-mips64el": "0.21.5",
+ "@esbuild/linux-ppc64": "0.21.5",
+ "@esbuild/linux-riscv64": "0.21.5",
+ "@esbuild/linux-s390x": "0.21.5",
+ "@esbuild/linux-x64": "0.21.5",
+ "@esbuild/netbsd-x64": "0.21.5",
+ "@esbuild/openbsd-x64": "0.21.5",
+ "@esbuild/sunos-x64": "0.21.5",
+ "@esbuild/win32-arm64": "0.21.5",
+ "@esbuild/win32-ia32": "0.21.5",
+ "@esbuild/win32-x64": "0.21.5"
}
},
"node_modules/escalade": {
@@ -5789,6 +5969,163 @@
"eslint": "^8.0.1"
}
},
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/eslint-plugin": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.18.0.tgz",
+ "integrity": "sha512-94EQTWZ40mzBc42ATNIBimBEDltSJ9RQHCC8vc/PDbxi4k8dVwUAv4o98dk50M1zB+JGFxp43FP7f8+FP8R6Sw==",
+ "dev": true,
+ "dependencies": {
+ "@eslint-community/regexpp": "^4.10.0",
+ "@typescript-eslint/scope-manager": "7.18.0",
+ "@typescript-eslint/type-utils": "7.18.0",
+ "@typescript-eslint/utils": "7.18.0",
+ "@typescript-eslint/visitor-keys": "7.18.0",
+ "graphemer": "^1.4.0",
+ "ignore": "^5.3.1",
+ "natural-compare": "^1.4.0",
+ "ts-api-utils": "^1.3.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ },
+ "peerDependencies": {
+ "@typescript-eslint/parser": "^7.0.0",
+ "eslint": "^8.56.0"
+ },
+ "peerDependenciesMeta": {
+ "typescript": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/scope-manager": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.18.0.tgz",
+ "integrity": "sha512-jjhdIE/FPF2B7Z1uzc6i3oWKbGcHb87Qw7AWj6jmEqNOfDFbJWtjt/XfwCpvNkpGWlcJaog5vTR+VV8+w9JflA==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/types": "7.18.0",
+ "@typescript-eslint/visitor-keys": "7.18.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ }
+ },
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/type-utils": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.18.0.tgz",
+ "integrity": "sha512-XL0FJXuCLaDuX2sYqZUUSOJ2sG5/i1AAze+axqmLnSkNEVMVYLF+cbwlB2w8D1tinFuSikHmFta+P+HOofrLeA==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/typescript-estree": "7.18.0",
+ "@typescript-eslint/utils": "7.18.0",
+ "debug": "^4.3.4",
+ "ts-api-utils": "^1.3.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ },
+ "peerDependencies": {
+ "eslint": "^8.56.0"
+ },
+ "peerDependenciesMeta": {
+ "typescript": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/types": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.18.0.tgz",
+ "integrity": "sha512-iZqi+Ds1y4EDYUtlOOC+aUmxnE9xS/yCigkjA7XpTKV6nCBd3Hp/PRGGmdwnfkV2ThMyYldP1wRpm/id99spTQ==",
+ "dev": true,
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ }
+ },
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/typescript-estree": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.18.0.tgz",
+ "integrity": "sha512-aP1v/BSPnnyhMHts8cf1qQ6Q1IFwwRvAQGRvBFkWlo3/lH29OXA3Pts+c10nxRxIBrDnoMqzhgdwVe5f2D6OzA==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/types": "7.18.0",
+ "@typescript-eslint/visitor-keys": "7.18.0",
+ "debug": "^4.3.4",
+ "globby": "^11.1.0",
+ "is-glob": "^4.0.3",
+ "minimatch": "^9.0.4",
+ "semver": "^7.6.0",
+ "ts-api-utils": "^1.3.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ },
+ "peerDependenciesMeta": {
+ "typescript": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/utils": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.18.0.tgz",
+ "integrity": "sha512-kK0/rNa2j74XuHVcoCZxdFBMF+aq/vH83CXAOHieC+2Gis4mF8jJXT5eAfyD3K0sAxtPuwxaIOIOvhwzVDt/kw==",
+ "dev": true,
+ "dependencies": {
+ "@eslint-community/eslint-utils": "^4.4.0",
+ "@typescript-eslint/scope-manager": "7.18.0",
+ "@typescript-eslint/types": "7.18.0",
+ "@typescript-eslint/typescript-estree": "7.18.0"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ },
+ "peerDependencies": {
+ "eslint": "^8.56.0"
+ }
+ },
+ "node_modules/eslint-plugin-github/node_modules/@typescript-eslint/visitor-keys": {
+ "version": "7.18.0",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.18.0.tgz",
+ "integrity": "sha512-cDF0/Gf81QpY3xYyJKDV14Zwdmid5+uuENhjH2EqFaF0ni+yAyq/LzMaIJdhNJXZI7uLzwIlA+V7oWoyn6Curg==",
+ "dev": true,
+ "dependencies": {
+ "@typescript-eslint/types": "7.18.0",
+ "eslint-visitor-keys": "^3.4.3"
+ },
+ "engines": {
+ "node": "^18.18.0 || >=20.0.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/typescript-eslint"
+ }
+ },
"node_modules/eslint-plugin-i18n-text": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/eslint-plugin-i18n-text/-/eslint-plugin-i18n-text-1.0.1.tgz",
@@ -5878,27 +6215,27 @@
}
},
"node_modules/eslint-plugin-jsx-a11y": {
- "version": "6.8.0",
- "resolved": "https://registry.npmjs.org/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.8.0.tgz",
- "integrity": "sha512-Hdh937BS3KdwwbBaKd5+PLCOmYY6U4f2h9Z2ktwtNKvIdIEu137rjYbcb9ApSbVJfWxANNuiKTD/9tOKjK9qOA==",
+ "version": "6.9.0",
+ "resolved": "https://registry.npmjs.org/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.9.0.tgz",
+ "integrity": "sha512-nOFOCaJG2pYqORjK19lqPqxMO/JpvdCZdPtNdxY3kvom3jTvkAbOvQvD8wuD0G8BYR0IGAGYDlzqWJOh/ybn2g==",
"dev": true,
"dependencies": {
- "@babel/runtime": "^7.23.2",
- "aria-query": "^5.3.0",
- "array-includes": "^3.1.7",
+ "aria-query": "~5.1.3",
+ "array-includes": "^3.1.8",
"array.prototype.flatmap": "^1.3.2",
"ast-types-flow": "^0.0.8",
- "axe-core": "=4.7.0",
- "axobject-query": "^3.2.1",
+ "axe-core": "^4.9.1",
+ "axobject-query": "~3.1.1",
"damerau-levenshtein": "^1.0.8",
"emoji-regex": "^9.2.2",
- "es-iterator-helpers": "^1.0.15",
- "hasown": "^2.0.0",
+ "es-iterator-helpers": "^1.0.19",
+ "hasown": "^2.0.2",
"jsx-ast-utils": "^3.3.5",
"language-tags": "^1.0.9",
"minimatch": "^3.1.2",
- "object.entries": "^1.1.7",
- "object.fromentries": "^2.0.7"
+ "object.fromentries": "^2.0.8",
+ "safe-regex-test": "^1.0.3",
+ "string.prototype.includes": "^2.0.0"
},
"engines": {
"node": ">=4.0"
@@ -5907,13 +6244,13 @@
"eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8"
}
},
- "node_modules/eslint-plugin-jsx-a11y/node_modules/axe-core": {
- "version": "4.7.0",
- "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.7.0.tgz",
- "integrity": "sha512-M0JtH+hlOL5pLQwHOLNYZaXuhqmvS8oExsqB1SBYgA4Dk7u/xx+YdGHXaK5pyUfed5mYXdlYiphWq3G8cRi5JQ==",
+ "node_modules/eslint-plugin-jsx-a11y/node_modules/aria-query": {
+ "version": "5.1.3",
+ "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.1.3.tgz",
+ "integrity": "sha512-R5iJ5lkuHybztUfuOAznmboyjWq8O6sqNqtK7CLOqdydi54VNbORp49mb14KbWgG1QD3JFO9hJdZ+y4KutfdOQ==",
"dev": true,
- "engines": {
- "node": ">=4"
+ "dependencies": {
+ "deep-equal": "^2.0.5"
}
},
"node_modules/eslint-plugin-jsx-a11y/node_modules/brace-expansion": {
@@ -5978,9 +6315,9 @@
}
},
"node_modules/eslint-plugin-primer-react": {
- "version": "5.3.0",
- "resolved": "https://registry.npmjs.org/eslint-plugin-primer-react/-/eslint-plugin-primer-react-5.3.0.tgz",
- "integrity": "sha512-Nw9pAZww4ZPgzffrvexbNytOkoyKm4RLOmrPio5VEZ5BIFNy+uLyiBE5WGRuig4a0KbbjjOM5haLCvC43daAvw==",
+ "version": "5.4.0",
+ "resolved": "https://registry.npmjs.org/eslint-plugin-primer-react/-/eslint-plugin-primer-react-5.4.0.tgz",
+ "integrity": "sha512-t3F8RGOG+88SOZTjC5+ZBDhLIJitlRN4qkdRmwDuaL5mkxIA4LzyhLf4KfM595NwDan8mj37Fjbt3Nj04PxUDQ==",
"dev": true,
"dependencies": {
"@styled-system/props": "^5.1.5",
@@ -6374,9 +6711,9 @@
}
},
"node_modules/express-rate-limit": {
- "version": "7.3.0",
- "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.3.0.tgz",
- "integrity": "sha512-ZPfWlcQQ1PsZonB/vqksOsBQV74z5osi/QcdoBCyKJXl/wOVjS1yRDmvkpMM52KJeLbiF2+djwVEnEgVCDdvtw==",
+ "version": "7.4.0",
+ "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.4.0.tgz",
+ "integrity": "sha512-v1204w3cXu5gCDmAvgvzI6qjzZzoMWKnyVDk3ACgfswTQLYiGen+r8w0VnXnGMmzEN/g8fwIQ4JrFFd4ZP6ssg==",
"engines": {
"node": ">= 16"
},
@@ -6452,9 +6789,9 @@
"dev": true
},
"node_modules/fast-glob": {
- "version": "3.3.1",
- "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz",
- "integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==",
+ "version": "3.3.2",
+ "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz",
+ "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==",
"dev": true,
"dependencies": {
"@nodelib/fs.stat": "^2.0.2",
@@ -6478,18 +6815,23 @@
"integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==",
"dev": true
},
+ "node_modules/fast-uri": {
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.1.tgz",
+ "integrity": "sha512-MWipKbbYiYI0UC7cl8m/i/IWTqfC8YXsqjzybjddLsFjStroQzsHXkc73JutMvBiXmOvapk+axIl79ig5t55Bw=="
+ },
"node_modules/fast-xml-parser": {
- "version": "4.2.5",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz",
- "integrity": "sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==",
+ "version": "4.4.1",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz",
+ "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==",
"funding": [
- {
- "type": "paypal",
- "url": "https://paypal.me/naturalintelligence"
- },
{
"type": "github",
"url": "https://github.com/sponsors/NaturalIntelligence"
+ },
+ {
+ "type": "paypal",
+ "url": "https://paypal.me/naturalintelligence"
}
],
"dependencies": {
@@ -6526,13 +6868,14 @@
}
},
"node_modules/file-type": {
- "version": "19.0.0",
- "resolved": "https://registry.npmjs.org/file-type/-/file-type-19.0.0.tgz",
- "integrity": "sha512-s7cxa7/leUWLiXO78DVVfBVse+milos9FitauDLG1pI7lNaJ2+5lzPnr2N24ym+84HVwJL6hVuGfgVE+ALvU8Q==",
+ "version": "19.4.1",
+ "resolved": "https://registry.npmjs.org/file-type/-/file-type-19.4.1.tgz",
+ "integrity": "sha512-RuWzwF2L9tCHS76KR/Mdh+DwJZcFCzrhrPXpOw6MlEfl/o31fjpTikzcKlYuyeV7e7ftdCGVJTNOCzkYD/aLbw==",
"dependencies": {
- "readable-web-to-node-stream": "^3.0.2",
- "strtok3": "^7.0.0",
- "token-types": "^5.0.1"
+ "get-stream": "^9.0.1",
+ "strtok3": "^8.1.0",
+ "token-types": "^6.0.0",
+ "uint8array-extras": "^1.3.0"
},
"engines": {
"node": ">=18"
@@ -6541,6 +6884,32 @@
"url": "https://github.com/sindresorhus/file-type?sponsor=1"
}
},
+ "node_modules/file-type/node_modules/get-stream": {
+ "version": "9.0.1",
+ "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz",
+ "integrity": "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA==",
+ "dependencies": {
+ "@sec-ant/readable-stream": "^0.4.1",
+ "is-stream": "^4.0.1"
+ },
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/file-type/node_modules/is-stream": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz",
+ "integrity": "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A==",
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/file-uri-to-path": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
@@ -6750,6 +7119,7 @@
},
"node_modules/form-data-encoder": {
"version": "2.1.4",
+ "dev": true,
"license": "MIT",
"engines": {
"node": ">= 14.17"
@@ -6878,21 +7248,26 @@
}
},
"node_modules/get-intrinsic": {
- "version": "1.2.2",
- "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz",
- "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==",
+ "version": "1.2.4",
+ "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
+ "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
"dependencies": {
+ "es-errors": "^1.3.0",
"function-bind": "^1.1.2",
"has-proto": "^1.0.1",
"has-symbols": "^1.0.3",
"hasown": "^2.0.0"
},
+ "engines": {
+ "node": ">= 0.4"
+ },
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/get-stream": {
"version": "6.0.1",
+ "dev": true,
"license": "MIT",
"engines": {
"node": ">=10"
@@ -6902,13 +7277,14 @@
}
},
"node_modules/get-symbol-description": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz",
- "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.2.tgz",
+ "integrity": "sha512-g0QYk1dZBxGwk+Ngc+ltRH2IBp2f7zBkBMBJZCDerh6EhlhSR6+9irMCuT/09zD6qkarHUSn529sK/yL4S27mg==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "get-intrinsic": "^1.1.1"
+ "call-bind": "^1.0.5",
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.4"
},
"engines": {
"node": ">= 0.4"
@@ -6938,21 +7314,22 @@
"license": "ISC"
},
"node_modules/glob": {
- "version": "10.4.1",
- "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz",
- "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==",
+ "version": "11.0.0",
+ "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.0.tgz",
+ "integrity": "sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==",
"dependencies": {
"foreground-child": "^3.1.0",
- "jackspeak": "^3.1.2",
- "minimatch": "^9.0.4",
+ "jackspeak": "^4.0.1",
+ "minimatch": "^10.0.0",
"minipass": "^7.1.2",
- "path-scurry": "^1.11.1"
+ "package-json-from-dist": "^1.0.0",
+ "path-scurry": "^2.0.0"
},
"bin": {
"glob": "dist/esm/bin.mjs"
},
"engines": {
- "node": ">=16 || 14 >=14.18"
+ "node": "20 || >=22"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
@@ -6969,10 +7346,24 @@
"node": ">= 6"
}
},
- "node_modules/globals": {
- "version": "11.12.0",
- "license": "MIT",
- "engines": {
+ "node_modules/glob/node_modules/minimatch": {
+ "version": "10.0.1",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.1.tgz",
+ "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==",
+ "dependencies": {
+ "brace-expansion": "^2.0.1"
+ },
+ "engines": {
+ "node": "20 || >=22"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/isaacs"
+ }
+ },
+ "node_modules/globals": {
+ "version": "11.12.0",
+ "license": "MIT",
+ "engines": {
"node": ">=4"
}
},
@@ -7032,29 +7423,99 @@
}
},
"node_modules/got": {
- "version": "13.0.0",
- "resolved": "https://registry.npmjs.org/got/-/got-13.0.0.tgz",
- "integrity": "sha512-XfBk1CxOOScDcMr9O1yKkNaQyy865NbYs+F7dr4H0LZMVgCj2Le59k6PqbNHoL5ToeaEQUYh6c6yMfVcc6SJxA==",
+ "version": "14.4.2",
+ "resolved": "https://registry.npmjs.org/got/-/got-14.4.2.tgz",
+ "integrity": "sha512-+Te/qEZ6hr7i+f0FNgXx/6WQteSM/QqueGvxeYQQFm0GDfoxLVJ/oiwUKYMTeioColWUTdewZ06hmrBjw6F7tw==",
"dependencies": {
- "@sindresorhus/is": "^5.2.0",
+ "@sindresorhus/is": "^7.0.0",
"@szmarczak/http-timer": "^5.0.1",
"cacheable-lookup": "^7.0.0",
- "cacheable-request": "^10.2.8",
+ "cacheable-request": "^12.0.1",
"decompress-response": "^6.0.0",
- "form-data-encoder": "^2.1.2",
- "get-stream": "^6.0.1",
- "http2-wrapper": "^2.1.10",
+ "form-data-encoder": "^4.0.2",
+ "http2-wrapper": "^2.2.1",
"lowercase-keys": "^3.0.0",
- "p-cancelable": "^3.0.0",
- "responselike": "^3.0.0"
+ "p-cancelable": "^4.0.1",
+ "responselike": "^3.0.0",
+ "type-fest": "^4.19.0"
},
"engines": {
- "node": ">=16"
+ "node": ">=20"
},
"funding": {
"url": "https://github.com/sindresorhus/got?sponsor=1"
}
},
+ "node_modules/got/node_modules/@sindresorhus/is": {
+ "version": "7.0.0",
+ "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-7.0.0.tgz",
+ "integrity": "sha512-WDTlVTyvFivSOuyvMeedzg2hdoBLZ3f1uNVuEida2Rl9BrfjrIRjWA/VZIrMRLvSwJYCAlCRA3usDt1THytxWQ==",
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sindresorhus/is?sponsor=1"
+ }
+ },
+ "node_modules/got/node_modules/cacheable-request": {
+ "version": "12.0.1",
+ "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-12.0.1.tgz",
+ "integrity": "sha512-Yo9wGIQUaAfIbk+qY0X4cDQgCosecfBe3V9NSyeY4qPC2SAkbCS4Xj79VP8WOzitpJUZKc/wsRCYF5ariDIwkg==",
+ "dependencies": {
+ "@types/http-cache-semantics": "^4.0.4",
+ "get-stream": "^9.0.1",
+ "http-cache-semantics": "^4.1.1",
+ "keyv": "^4.5.4",
+ "mimic-response": "^4.0.0",
+ "normalize-url": "^8.0.1",
+ "responselike": "^3.0.0"
+ },
+ "engines": {
+ "node": ">=18"
+ }
+ },
+ "node_modules/got/node_modules/form-data-encoder": {
+ "version": "4.0.2",
+ "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-4.0.2.tgz",
+ "integrity": "sha512-KQVhvhK8ZkWzxKxOr56CPulAhH3dobtuQ4+hNQ+HekH/Wp5gSOafqRAeTphQUJAIk0GBvHZgJ2ZGRWd5kphMuw==",
+ "engines": {
+ "node": ">= 18"
+ }
+ },
+ "node_modules/got/node_modules/get-stream": {
+ "version": "9.0.1",
+ "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz",
+ "integrity": "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA==",
+ "dependencies": {
+ "@sec-ant/readable-stream": "^0.4.1",
+ "is-stream": "^4.0.1"
+ },
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/got/node_modules/is-stream": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz",
+ "integrity": "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A==",
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/got/node_modules/p-cancelable": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-4.0.1.tgz",
+ "integrity": "sha512-wBowNApzd45EIKdO1LaU+LrMBwAcjfPaYtVzV3lmfM3gf8Z4CHZsiIqlM8TZZ8okYvh5A1cP6gTfCRQtwUpaUg==",
+ "engines": {
+ "node": ">=14.16"
+ }
+ },
"node_modules/graceful-fs": {
"version": "4.2.11",
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
@@ -7067,9 +7528,9 @@
"dev": true
},
"node_modules/graphql": {
- "version": "16.8.1",
- "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.8.1.tgz",
- "integrity": "sha512-59LZHPdGZVh695Ud9lRzPBVTtlX9ZCV150Er2W43ro37wVof0ctenSaskPPjN7lVTIN8mSZt8PHUNKZuNQUuxw==",
+ "version": "16.9.0",
+ "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.9.0.tgz",
+ "integrity": "sha512-GGTKBX4SD7Wdb8mqeDLni2oaRGYQWjWHGKPQ24ZMnUtKfcsVoiv4uX8+LJr1K6U5VW2Lu1BwJnj7uiori0YtRw==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0"
@@ -7135,18 +7596,20 @@
}
},
"node_modules/has-property-descriptors": {
- "version": "1.0.0",
- "license": "MIT",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
+ "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
"dependencies": {
- "get-intrinsic": "^1.1.1"
+ "es-define-property": "^1.0.0"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/has-proto": {
- "version": "1.0.1",
- "license": "MIT",
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz",
+ "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==",
"engines": {
"node": ">= 0.4"
},
@@ -7165,11 +7628,12 @@
}
},
"node_modules/has-tostringtag": {
- "version": "1.0.0",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+ "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "has-symbols": "^1.0.2"
+ "has-symbols": "^1.0.3"
},
"engines": {
"node": ">= 0.4"
@@ -7179,9 +7643,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz",
- "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+ "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
"dependencies": {
"function-bind": "^1.1.2"
},
@@ -7746,8 +8210,9 @@
}
},
"node_modules/http2-wrapper": {
- "version": "2.1.11",
- "license": "MIT",
+ "version": "2.2.1",
+ "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz",
+ "integrity": "sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ==",
"dependencies": {
"quick-lru": "^5.1.1",
"resolve-alpn": "^1.2.0"
@@ -7776,9 +8241,9 @@
}
},
"node_modules/husky": {
- "version": "9.0.8",
- "resolved": "https://registry.npmjs.org/husky/-/husky-9.0.8.tgz",
- "integrity": "sha512-/f3Oj+419kf2RkchD5GpFTPj8yAeMYuSs0vB+cgdi8pDxydI8zCFlK/kVQOCqAujahfW6fDBb7t/ZWxTfevOpA==",
+ "version": "9.1.4",
+ "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.4.tgz",
+ "integrity": "sha512-bho94YyReb4JV7LYWRWxZ/xr6TtOTt8cMfmQ39MQYJ7f/YE268s3GdghGwi+y4zAeqewE5zYLvuhV0M0ijsDEA==",
"dev": true,
"bin": {
"husky": "bin.js"
@@ -7803,6 +8268,8 @@
},
"node_modules/ieee754": {
"version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+ "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
"funding": [
{
"type": "github",
@@ -7816,8 +8283,7 @@
"type": "consulting",
"url": "https://feross.org/support"
}
- ],
- "license": "BSD-3-Clause"
+ ]
},
"node_modules/ignore": {
"version": "5.3.1",
@@ -7878,12 +8344,12 @@
"license": "MIT"
},
"node_modules/internal-slot": {
- "version": "1.0.6",
- "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.6.tgz",
- "integrity": "sha512-Xj6dv+PsbtwyPpEflsejS+oIZxmMlV44zAhG479uYu89MsjcYOhCFnNyKrkJrihbsiasQyY0afoCl/9BLR65bg==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.7.tgz",
+ "integrity": "sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g==",
"dev": true,
"dependencies": {
- "get-intrinsic": "^1.2.2",
+ "es-errors": "^1.3.0",
"hasown": "^2.0.0",
"side-channel": "^1.0.4"
},
@@ -7905,15 +8371,33 @@
"node": ">= 0.10"
}
},
+ "node_modules/is-arguments": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz",
+ "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==",
+ "dev": true,
+ "dependencies": {
+ "call-bind": "^1.0.2",
+ "has-tostringtag": "^1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/is-array-buffer": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.2.tgz",
- "integrity": "sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==",
+ "version": "3.0.4",
+ "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.4.tgz",
+ "integrity": "sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw==",
"dev": true,
"dependencies": {
"call-bind": "^1.0.2",
- "get-intrinsic": "^1.2.0",
- "is-typed-array": "^1.1.10"
+ "get-intrinsic": "^1.2.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -8018,6 +8502,21 @@
"url": "https://github.com/sponsors/ljharb"
}
},
+ "node_modules/is-data-view": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/is-data-view/-/is-data-view-1.0.1.tgz",
+ "integrity": "sha512-AHkaJrsUVW6wq6JS8y3JnM/GJF/9cf+k20+iDzlSaJrinEo5+7vRiteOSwBhHRiAyQATN1AmY4hwzxJKPmYf+w==",
+ "dev": true,
+ "dependencies": {
+ "is-typed-array": "^1.1.13"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/is-date-object": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz",
@@ -8103,18 +8602,21 @@
}
},
"node_modules/is-map": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/is-map/-/is-map-2.0.2.tgz",
- "integrity": "sha512-cOZFQQozTha1f4MxLFzlgKYPTyj26picdZTx82hbc/Xf4K/tZOOXSCkMvU4pKioRXGDLJRn0GM7Upe7kR721yg==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/is-map/-/is-map-2.0.3.tgz",
+ "integrity": "sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==",
"dev": true,
+ "engines": {
+ "node": ">= 0.4"
+ },
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/is-negative-zero": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz",
- "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.3.tgz",
+ "integrity": "sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==",
"dev": true,
"engines": {
"node": ">= 0.4"
@@ -8182,21 +8684,27 @@
}
},
"node_modules/is-set": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/is-set/-/is-set-2.0.2.tgz",
- "integrity": "sha512-+2cnTEZeY5z/iXGbLhPrOAaK/Mau5k5eXq9j14CpRTftq0pAJu2MwVRSZhyZWBzx3o6X795Lz6Bpb6R0GKf37g==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/is-set/-/is-set-2.0.3.tgz",
+ "integrity": "sha512-iPAjerrse27/ygGLxw+EBR9agv9Y6uLeYVJMu+QNCoouJ1/1ri0mGrcWpfCqFZuzzx3WjtwxG098X+n4OuRkPg==",
"dev": true,
+ "engines": {
+ "node": ">= 0.4"
+ },
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/is-shared-array-buffer": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz",
- "integrity": "sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA==",
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.3.tgz",
+ "integrity": "sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2"
+ "call-bind": "^1.0.7"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -8256,12 +8764,12 @@
}
},
"node_modules/is-typed-array": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.12.tgz",
- "integrity": "sha512-Z14TF2JNG8Lss5/HMqt0//T9JeHXttXy5pH/DBU4vi98ozO2btxzq9MwYDZYnKwU8nRsz/+GVFVRDq3DkVuSPg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.13.tgz",
+ "integrity": "sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==",
"dev": true,
"dependencies": {
- "which-typed-array": "^1.1.11"
+ "which-typed-array": "^1.1.14"
},
"engines": {
"node": ">= 0.4"
@@ -8286,10 +8794,13 @@
"license": "MIT"
},
"node_modules/is-weakmap": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/is-weakmap/-/is-weakmap-2.0.1.tgz",
- "integrity": "sha512-NSBR4kH5oVj1Uwvv970ruUkCV7O1mzgVFO4/rev2cLRda9Tm9HrL70ZPut4rOHgY0FNrUu9BCbXA2sdQ+x0chA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/is-weakmap/-/is-weakmap-2.0.2.tgz",
+ "integrity": "sha512-K5pXYOm9wqY1RgjpL3YTkF39tni1XajUIkawTLUo9EZEVUFga5gSQJF8nNS7ZwJQ02y+1YCNYcMh+HIf1ZqE+w==",
"dev": true,
+ "engines": {
+ "node": ">= 0.4"
+ },
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
@@ -8307,13 +8818,16 @@
}
},
"node_modules/is-weakset": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/is-weakset/-/is-weakset-2.0.2.tgz",
- "integrity": "sha512-t2yVvttHkQktwnNNmBQ98AhENLdPUTDTE21uPqAQ0ARwQfGeQKRVS0NNurH7bTf7RrvcVn1OOge45CnBeHCSmg==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/is-weakset/-/is-weakset-2.0.3.tgz",
+ "integrity": "sha512-LvIm3/KWzS9oRFHugab7d+M/GcBXuXX5xZkzPmN+NxihdQlZUQ4dWuSV1xR/sq6upL1TJEDrfBgRepHFdBtSNQ==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "get-intrinsic": "^1.1.1"
+ "call-bind": "^1.0.7",
+ "get-intrinsic": "^1.2.4"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -8343,14 +8857,14 @@
}
},
"node_modules/jackspeak": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz",
- "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==",
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.0.1.tgz",
+ "integrity": "sha512-cub8rahkh0Q/bw1+GxP7aeSe29hHHn2V4m29nnDlvCdlgU+3UGxkZp7Z53jLUdpX3jdTO0nJZUDl3xvbWc2Xog==",
"dependencies": {
"@isaacs/cliui": "^8.0.2"
},
"engines": {
- "node": ">=14"
+ "node": "20 || >=22"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
@@ -8459,12 +8973,6 @@
"node": ">=6"
}
},
- "node_modules/jsonc-parser": {
- "version": "3.2.1",
- "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz",
- "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==",
- "dev": true
- },
"node_modules/jsonfile": {
"version": "6.1.0",
"dev": true,
@@ -8492,8 +9000,9 @@
}
},
"node_modules/keyv": {
- "version": "4.5.2",
- "license": "MIT",
+ "version": "4.5.4",
+ "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
+ "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==",
"dependencies": {
"json-buffer": "3.0.1"
}
@@ -8565,12 +9074,15 @@
}
},
"node_modules/lilconfig": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz",
- "integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==",
+ "version": "3.1.2",
+ "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.2.tgz",
+ "integrity": "sha512-eop+wDAvpItUys0FWkHIKeC9ybYrTGbU41U5K7+bttZZeohvnY7M9dZ5kB21GNWiFT2q1OoPTvncPCgSOVO5ow==",
"dev": true,
"engines": {
"node": ">=14"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/antonk52"
}
},
"node_modules/linkify-it": {
@@ -8583,21 +9095,21 @@
}
},
"node_modules/lint-staged": {
- "version": "15.2.2",
- "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.2.tgz",
- "integrity": "sha512-TiTt93OPh1OZOsb5B7k96A/ATl2AjIZo+vnzFZ6oHK5FuTk63ByDtxGQpHm+kFETjEWqgkF95M8FRXKR/LEBcw==",
- "dev": true,
- "dependencies": {
- "chalk": "5.3.0",
- "commander": "11.1.0",
- "debug": "4.3.4",
- "execa": "8.0.1",
- "lilconfig": "3.0.0",
- "listr2": "8.0.1",
- "micromatch": "4.0.5",
- "pidtree": "0.6.0",
- "string-argv": "0.3.2",
- "yaml": "2.3.4"
+ "version": "15.2.9",
+ "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.9.tgz",
+ "integrity": "sha512-BZAt8Lk3sEnxw7tfxM7jeZlPRuT4M68O0/CwZhhaw6eeWu0Lz5eERE3m386InivXB64fp/mDID452h48tvKlRQ==",
+ "dev": true,
+ "dependencies": {
+ "chalk": "~5.3.0",
+ "commander": "~12.1.0",
+ "debug": "~4.3.6",
+ "execa": "~8.0.1",
+ "lilconfig": "~3.1.2",
+ "listr2": "~8.2.4",
+ "micromatch": "~4.0.7",
+ "pidtree": "~0.6.0",
+ "string-argv": "~0.3.2",
+ "yaml": "~2.5.0"
},
"bin": {
"lint-staged": "bin/lint-staged.js"
@@ -8609,13 +9121,21 @@
"url": "https://opencollective.com/lint-staged"
}
},
- "node_modules/lint-staged/node_modules/commander": {
- "version": "11.1.0",
- "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz",
- "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==",
+ "node_modules/lint-staged/node_modules/debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
"dev": true,
+ "dependencies": {
+ "ms": "2.1.2"
+ },
"engines": {
- "node": ">=16"
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
}
},
"node_modules/lint-staged/node_modules/execa": {
@@ -8753,9 +9273,9 @@
}
},
"node_modules/liquidjs": {
- "version": "10.14.0",
- "resolved": "https://registry.npmjs.org/liquidjs/-/liquidjs-10.14.0.tgz",
- "integrity": "sha512-Zjg35Yo3L/2aNy7QkICha/ulbXRtZS7oRenWyDDfw+J34Xy3fOKWWHxASC9r0gbxN661nrwmG/kOIKHfYcVk4Q==",
+ "version": "10.16.1",
+ "resolved": "https://registry.npmjs.org/liquidjs/-/liquidjs-10.16.1.tgz",
+ "integrity": "sha512-1JFL/Y7ONoajrfwav37yuz5yQHU3+Pgz1XWsg9E/2T8Fp65KalNfMF8QZ3+tNETqGUIB66waOSLOi64niYZE9A==",
"dependencies": {
"commander": "^10.0.0"
},
@@ -8780,16 +9300,16 @@
}
},
"node_modules/listr2": {
- "version": "8.0.1",
- "resolved": "https://registry.npmjs.org/listr2/-/listr2-8.0.1.tgz",
- "integrity": "sha512-ovJXBXkKGfq+CwmKTjluEqFi3p4h8xvkxGQQAQan22YCgef4KZ1mKGjzfGh6PL6AW5Csw0QiQPNuQyH+6Xk3hA==",
+ "version": "8.2.4",
+ "resolved": "https://registry.npmjs.org/listr2/-/listr2-8.2.4.tgz",
+ "integrity": "sha512-opevsywziHd3zHCVQGAj8zu+Z3yHNkkoYhWIGnq54RrCVwLz0MozotJEDnKsIBLvkfLGN6BLOyAeRrYI0pKA4g==",
"dev": true,
"dependencies": {
"cli-truncate": "^4.0.0",
"colorette": "^2.0.20",
"eventemitter3": "^5.0.1",
- "log-update": "^6.0.0",
- "rfdc": "^1.3.0",
+ "log-update": "^6.1.0",
+ "rfdc": "^1.4.1",
"wrap-ansi": "^9.0.0"
},
"engines": {
@@ -8802,22 +9322,6 @@
"integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==",
"dev": true
},
- "node_modules/local-pkg": {
- "version": "0.5.0",
- "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.0.tgz",
- "integrity": "sha512-ok6z3qlYyCDS4ZEU27HaU6x/xZa9Whf8jD4ptH5UZTQYZVYeb9bnZ3ojVhiJNLiXK1Hfc0GNbLXcmZ5plLDDBg==",
- "dev": true,
- "dependencies": {
- "mlly": "^1.4.2",
- "pkg-types": "^1.0.3"
- },
- "engines": {
- "node": ">=14"
- },
- "funding": {
- "url": "https://github.com/sponsors/antfu"
- }
- },
"node_modules/lodash": {
"version": "4.17.21",
"license": "MIT"
@@ -8892,14 +9396,14 @@
}
},
"node_modules/log-update": {
- "version": "6.0.0",
- "resolved": "https://registry.npmjs.org/log-update/-/log-update-6.0.0.tgz",
- "integrity": "sha512-niTvB4gqvtof056rRIrTZvjNYE4rCUzO6X/X+kYjd7WFxXeJ0NwEFnRxX6ehkvv3jTwrXnNdtAak5XYZuIyPFw==",
+ "version": "6.1.0",
+ "resolved": "https://registry.npmjs.org/log-update/-/log-update-6.1.0.tgz",
+ "integrity": "sha512-9ie8ItPR6tjY5uYJh8K/Zrv/RMZ5VOlOWvtZdEHYSTFKZfIBPQa9tOAEeAWhd+AnIneLJ22w5fjOYtoutpWq5w==",
"dev": true,
"dependencies": {
- "ansi-escapes": "^6.2.0",
- "cli-cursor": "^4.0.0",
- "slice-ansi": "^7.0.0",
+ "ansi-escapes": "^7.0.0",
+ "cli-cursor": "^5.0.0",
+ "slice-ansi": "^7.1.0",
"strip-ansi": "^7.1.0",
"wrap-ansi": "^9.0.0"
},
@@ -8922,6 +9426,21 @@
"url": "https://github.com/chalk/ansi-styles?sponsor=1"
}
},
+ "node_modules/log-update/node_modules/cli-cursor": {
+ "version": "5.0.0",
+ "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-5.0.0.tgz",
+ "integrity": "sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==",
+ "dev": true,
+ "dependencies": {
+ "restore-cursor": "^5.0.0"
+ },
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/log-update/node_modules/is-fullwidth-code-point": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.0.0.tgz",
@@ -8937,6 +9456,49 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
+ "node_modules/log-update/node_modules/onetime": {
+ "version": "7.0.0",
+ "resolved": "https://registry.npmjs.org/onetime/-/onetime-7.0.0.tgz",
+ "integrity": "sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==",
+ "dev": true,
+ "dependencies": {
+ "mimic-function": "^5.0.0"
+ },
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/log-update/node_modules/restore-cursor": {
+ "version": "5.1.0",
+ "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-5.1.0.tgz",
+ "integrity": "sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==",
+ "dev": true,
+ "dependencies": {
+ "onetime": "^7.0.0",
+ "signal-exit": "^4.1.0"
+ },
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/log-update/node_modules/signal-exit": {
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+ "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
+ "dev": true,
+ "engines": {
+ "node": ">=14"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/isaacs"
+ }
+ },
"node_modules/log-update/node_modules/slice-ansi": {
"version": "7.1.0",
"resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-7.1.0.tgz",
@@ -8972,9 +9534,9 @@
}
},
"node_modules/loupe": {
- "version": "2.3.7",
- "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz",
- "integrity": "sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==",
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/loupe/-/loupe-3.1.1.tgz",
+ "integrity": "sha512-edNu/8D5MKVfGVFRhFf8aAxiTM6Wumfz5XsaatSxlD3w4R1d/WEKUTydCdPGbl9K7QG/Ca3GnDV2sIKIpXRQcw==",
"dev": true,
"dependencies": {
"get-func-name": "^2.0.1"
@@ -9027,28 +9589,22 @@
}
},
"node_modules/lru-cache": {
- "version": "10.2.2",
- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz",
- "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==",
+ "version": "11.0.0",
+ "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.0.tgz",
+ "integrity": "sha512-Qv32eSV1RSCfhY3fpPE2GNZ8jgM9X7rdAfemLWqTUxwiyIC4jJ6Sy0fZ8H+oLWevO6i4/bizg7c8d8i6bxrzbA==",
"engines": {
- "node": "14 || >=16.14"
+ "node": "20 || >=22"
}
},
"node_modules/magic-string": {
- "version": "0.30.10",
- "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.10.tgz",
- "integrity": "sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==",
+ "version": "0.30.11",
+ "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.11.tgz",
+ "integrity": "sha512-+Wri9p0QHMy+545hKww7YAu5NyzF8iomPL/RQazugQ9+Ez4Ic3mERMd8ZTX5rfK944j+560ZJi8iAwgak1Ac7A==",
"dev": true,
"dependencies": {
- "@jridgewell/sourcemap-codec": "^1.4.15"
+ "@jridgewell/sourcemap-codec": "^1.5.0"
}
},
- "node_modules/magic-string/node_modules/@jridgewell/sourcemap-codec": {
- "version": "1.4.15",
- "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
- "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==",
- "dev": true
- },
"node_modules/map-stream": {
"version": "0.1.0",
"dev": true
@@ -10121,10 +10677,11 @@
]
},
"node_modules/micromatch": {
- "version": "4.0.5",
- "license": "MIT",
+ "version": "4.0.8",
+ "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+ "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
"dependencies": {
- "braces": "^3.0.2",
+ "braces": "^3.0.3",
"picomatch": "^2.3.1"
},
"engines": {
@@ -10165,6 +10722,18 @@
"node": ">=6"
}
},
+ "node_modules/mimic-function": {
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/mimic-function/-/mimic-function-5.0.1.tgz",
+ "integrity": "sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==",
+ "dev": true,
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/mimic-response": {
"version": "4.0.0",
"license": "MIT",
@@ -10179,6 +10748,7 @@
"version": "9.0.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
+ "dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -10219,18 +10789,6 @@
"url": "https://github.com/sponsors/isaacs"
}
},
- "node_modules/mlly": {
- "version": "1.6.1",
- "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.6.1.tgz",
- "integrity": "sha512-vLgaHvaeunuOXHSmEbZ9izxPx3USsk8KCQ8iC+aTlp5sKRSoZvwhHh5L9VbKSaVC6sJDqbyohIS76E2VmHIPAA==",
- "dev": true,
- "dependencies": {
- "acorn": "^8.11.3",
- "pathe": "^1.1.2",
- "pkg-types": "^1.0.3",
- "ufo": "^1.3.2"
- }
- },
"node_modules/mockdate": {
"version": "3.0.5",
"dev": true,
@@ -10494,8 +11052,9 @@
}
},
"node_modules/normalize-url": {
- "version": "8.0.0",
- "license": "MIT",
+ "version": "8.0.1",
+ "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz",
+ "integrity": "sha512-IO9QvjUMWxPQQhs60oOu10CRkWCiZzSUkzbXGGV9pviYl1fXYcvkzQ5jV9z8Y6un8ARoVRl4EtC6v6jNqbaJ/w==",
"engines": {
"node": ">=14.16"
},
@@ -10550,6 +11109,22 @@
"url": "https://github.com/sponsors/ljharb"
}
},
+ "node_modules/object-is": {
+ "version": "1.1.6",
+ "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.6.tgz",
+ "integrity": "sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q==",
+ "dev": true,
+ "dependencies": {
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/object-keys": {
"version": "1.1.1",
"dev": true,
@@ -10559,12 +11134,13 @@
}
},
"node_modules/object.assign": {
- "version": "4.1.4",
+ "version": "4.1.5",
+ "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz",
+ "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.1.4",
+ "call-bind": "^1.0.5",
+ "define-properties": "^1.2.1",
"has-symbols": "^1.0.3",
"object-keys": "^1.1.1"
},
@@ -10575,29 +11151,16 @@
"url": "https://github.com/sponsors/ljharb"
}
},
- "node_modules/object.entries": {
- "version": "1.1.7",
- "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.7.tgz",
- "integrity": "sha512-jCBs/0plmPsOnrKAfFQXRG2NFjlhZgjjcBLSmTnEhU8U6vVTsVe8ANeQJCHTl3gSsI4J+0emOoCgoKlmQPMgmA==",
- "dev": true,
- "dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1"
- },
- "engines": {
- "node": ">= 0.4"
- }
- },
"node_modules/object.fromentries": {
- "version": "2.0.7",
- "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.7.tgz",
- "integrity": "sha512-UPbPHML6sL8PI/mOqPwsH4G6iyXcCGzLin8KvEPenOZN5lpCNBZZQ+V62vdjB1mQHrmqGQt5/OJzemUA+KJmEA==",
+ "version": "2.0.8",
+ "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.8.tgz",
+ "integrity": "sha512-k6E21FzySsSK5a21KRADBd/NGneRegFO5pLHfdQLpRDETUNJueLXs3WCzyQ3tFRDYgbq3KHGXfTbi2bs8WQ6rQ==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1"
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1",
+ "es-abstract": "^1.23.2",
+ "es-object-atoms": "^1.0.0"
},
"engines": {
"node": ">= 0.4"
@@ -10734,6 +11297,7 @@
},
"node_modules/p-cancelable": {
"version": "3.0.0",
+ "dev": true,
"license": "MIT",
"engines": {
"node": ">=12.20"
@@ -10779,6 +11343,11 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
+ "node_modules/package-json-from-dist": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz",
+ "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw=="
+ },
"node_modules/parent-module": {
"version": "1.0.1",
"dev": true,
@@ -10858,15 +11427,15 @@
"license": "MIT"
},
"node_modules/path-scurry": {
- "version": "1.11.1",
- "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
- "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.0.tgz",
+ "integrity": "sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==",
"dependencies": {
- "lru-cache": "^10.2.0",
- "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
+ "lru-cache": "^11.0.0",
+ "minipass": "^7.1.2"
},
"engines": {
- "node": ">=16 || 14 >=14.18"
+ "node": "20 || >=22"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
@@ -10892,12 +11461,12 @@
"dev": true
},
"node_modules/pathval": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz",
- "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==",
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/pathval/-/pathval-2.0.0.tgz",
+ "integrity": "sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA==",
"dev": true,
"engines": {
- "node": "*"
+ "node": ">= 14.16"
}
},
"node_modules/pause-stream": {
@@ -10912,8 +11481,9 @@
}
},
"node_modules/peek-readable": {
- "version": "5.0.0",
- "license": "MIT",
+ "version": "5.1.4",
+ "resolved": "https://registry.npmjs.org/peek-readable/-/peek-readable-5.1.4.tgz",
+ "integrity": "sha512-E7mY2VmKqw9jYuXrSWGHFuPCW2SLQenzXLF3amGaY6lXXg4/b3gj5HVM7h8ZjCO/nZS9ICs0Cz285+32FvNd/A==",
"engines": {
"node": ">=14.16"
},
@@ -10923,8 +11493,9 @@
}
},
"node_modules/picocolors": {
- "version": "1.0.0",
- "license": "ISC"
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz",
+ "integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew=="
},
"node_modules/picomatch": {
"version": "2.3.1",
@@ -10947,45 +11518,43 @@
"node": ">=0.10"
}
},
- "node_modules/pkg-types": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.0.3.tgz",
- "integrity": "sha512-nN7pYi0AQqJnoLPC9eHFQ8AcyaixBUOwvqc5TDnIKCMEE6I0y8P7OKA7fPexsXGCGxQDl/cmrLAp26LhcwxZ4A==",
- "dev": true,
- "dependencies": {
- "jsonc-parser": "^3.2.0",
- "mlly": "^1.2.0",
- "pathe": "^1.1.0"
- }
- },
"node_modules/playwright": {
- "version": "1.44.1",
- "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.44.1.tgz",
- "integrity": "sha512-qr/0UJ5CFAtloI3avF95Y0L1xQo6r3LQArLIg/z/PoGJ6xa+EwzrwO5lpNr/09STxdHuUoP2mvuELJS+hLdtgg==",
+ "version": "1.46.1",
+ "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.46.1.tgz",
+ "integrity": "sha512-oPcr1yqoXLCkgKtD5eNUPLiN40rYEM39odNpIb6VE6S7/15gJmA1NzVv6zJYusV0e7tzvkU/utBFNa/Kpxmwng==",
"devOptional": true,
"dependencies": {
- "playwright-core": "1.44.1"
+ "playwright-core": "1.46.1"
},
"bin": {
"playwright": "cli.js"
},
"engines": {
- "node": ">=16"
+ "node": ">=18"
},
"optionalDependencies": {
"fsevents": "2.3.2"
}
},
"node_modules/playwright-core": {
- "version": "1.44.1",
- "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.44.1.tgz",
- "integrity": "sha512-wh0JWtYTrhv1+OSsLPgFzGzt67Y7BE/ZS3jEqgGBlp2ppp1ZDj8c+9IARNW4dwf1poq5MgHreEM2KV/GuR4cFA==",
+ "version": "1.46.1",
+ "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.46.1.tgz",
+ "integrity": "sha512-h9LqIQaAv+CYvWzsZ+h3RsrqCStkBHlgo6/TJlFst3cOTlLghBQlJwPOZKQJTKNaD3QIB7aAVQ+gfWbN3NXB7A==",
"devOptional": true,
"bin": {
"playwright-core": "cli.js"
},
"engines": {
- "node": ">=16"
+ "node": ">=18"
+ }
+ },
+ "node_modules/possible-typed-array-names": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz",
+ "integrity": "sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==",
+ "dev": true,
+ "engines": {
+ "node": ">= 0.4"
}
},
"node_modules/postcss": {
@@ -11055,32 +11624,6 @@
"node": ">=6.0.0"
}
},
- "node_modules/pretty-format": {
- "version": "29.7.0",
- "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz",
- "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==",
- "dev": true,
- "dependencies": {
- "@jest/schemas": "^29.6.3",
- "ansi-styles": "^5.0.0",
- "react-is": "^18.0.0"
- },
- "engines": {
- "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
- }
- },
- "node_modules/pretty-format/node_modules/ansi-styles": {
- "version": "5.2.0",
- "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
- "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
- "dev": true,
- "engines": {
- "node": ">=10"
- },
- "funding": {
- "url": "https://github.com/chalk/ansi-styles?sponsor=1"
- }
- },
"node_modules/prop-types": {
"version": "15.7.2",
"license": "MIT",
@@ -11148,6 +11691,7 @@
},
"node_modules/punycode": {
"version": "2.1.1",
+ "dev": true,
"license": "MIT",
"engines": {
"node": ">=6"
@@ -11869,32 +12413,6 @@
"url": "https://opencollective.com/unified"
}
},
- "node_modules/readable-stream": {
- "version": "3.6.0",
- "license": "MIT",
- "dependencies": {
- "inherits": "^2.0.3",
- "string_decoder": "^1.1.1",
- "util-deprecate": "^1.0.1"
- },
- "engines": {
- "node": ">= 6"
- }
- },
- "node_modules/readable-web-to-node-stream": {
- "version": "3.0.2",
- "license": "MIT",
- "dependencies": {
- "readable-stream": "^3.6.0"
- },
- "engines": {
- "node": ">=8"
- },
- "funding": {
- "type": "github",
- "url": "https://github.com/sponsors/Borewit"
- }
- },
"node_modules/readdirp": {
"version": "3.5.0",
"devOptional": true,
@@ -11907,15 +12425,16 @@
}
},
"node_modules/reflect.getprototypeof": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/reflect.getprototypeof/-/reflect.getprototypeof-1.0.4.tgz",
- "integrity": "sha512-ECkTw8TmJwW60lOTR+ZkODISW6RQ8+2CL3COqtiJKLd6MmB45hN51HprHFziKLGkAuTGQhBb91V8cy+KHlaCjw==",
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/reflect.getprototypeof/-/reflect.getprototypeof-1.0.6.tgz",
+ "integrity": "sha512-fmfw4XgoDke3kdI6h4xcUz1dG8uaiv5q9gcEwLS4Pnth2kxT+GZ7YehS1JTMGBQmtV7Y4GFGbs2re2NqhdozUg==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1",
- "get-intrinsic": "^1.2.1",
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1",
+ "es-abstract": "^1.23.1",
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.4",
"globalthis": "^1.0.3",
"which-builtin-type": "^1.1.3"
},
@@ -11932,14 +12451,15 @@
"integrity": "sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA=="
},
"node_modules/regexp.prototype.flags": {
- "version": "1.5.1",
- "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.1.tgz",
- "integrity": "sha512-sy6TXMN+hnP/wMy+ISxg3krXx7BAtWVO4UouuCN/ziM9UEne0euamVNafDfvC83bRNr95y0V5iijeDQFUNpvrg==",
+ "version": "1.5.2",
+ "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz",
+ "integrity": "sha512-NcDiDkTLuPR+++OCKB0nWafEmhg/Da8aUPLPMQbK+bxKKCm1/S5he+AqYa4PlMCVBalb4/yxIRub6qkEx5yJbw==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "set-function-name": "^2.0.0"
+ "call-bind": "^1.0.6",
+ "define-properties": "^1.2.1",
+ "es-errors": "^1.3.0",
+ "set-function-name": "^2.0.1"
},
"engines": {
"node": ">= 0.4"
@@ -12402,23 +12922,24 @@
}
},
"node_modules/rfdc": {
- "version": "1.3.1",
- "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz",
- "integrity": "sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==",
+ "version": "1.4.1",
+ "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.4.1.tgz",
+ "integrity": "sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==",
"dev": true
},
"node_modules/rimraf": {
- "version": "5.0.0",
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.0.0.tgz",
+ "integrity": "sha512-u+yqhM92LW+89cxUQK0SRyvXYQmyuKHx0jkx4W7KfwLGLqJnQM5031Uv1trE4gB9XEXBM/s6MxKlfW95IidqaA==",
"dev": true,
- "license": "ISC",
"dependencies": {
- "glob": "^10.0.0"
+ "glob": "11.0.0"
},
"bin": {
- "rimraf": "dist/cjs/src/bin.js"
+ "rimraf": "dist/esm/bin.mjs"
},
"engines": {
- "node": ">=14"
+ "node": "20 || >=22"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
@@ -12433,9 +12954,9 @@
}
},
"node_modules/rollup": {
- "version": "4.17.2",
- "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.17.2.tgz",
- "integrity": "sha512-/9ClTJPByC0U4zNLowV1tMBe8yMEAxewtR3cUNX5BoEpGH3dQEWpJLr6CLp0fPdYRF/fzVOgvDb1zXuakwF5kQ==",
+ "version": "4.20.0",
+ "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.20.0.tgz",
+ "integrity": "sha512-6rbWBChcnSGzIlXeIdNIZTopKYad8ZG8ajhl78lGRLsI2rX8IkaotQhVas2Ma+GPxJav19wrSzvRvuiv0YKzWw==",
"dev": true,
"dependencies": {
"@types/estree": "1.0.5"
@@ -12448,22 +12969,22 @@
"npm": ">=8.0.0"
},
"optionalDependencies": {
- "@rollup/rollup-android-arm-eabi": "4.17.2",
- "@rollup/rollup-android-arm64": "4.17.2",
- "@rollup/rollup-darwin-arm64": "4.17.2",
- "@rollup/rollup-darwin-x64": "4.17.2",
- "@rollup/rollup-linux-arm-gnueabihf": "4.17.2",
- "@rollup/rollup-linux-arm-musleabihf": "4.17.2",
- "@rollup/rollup-linux-arm64-gnu": "4.17.2",
- "@rollup/rollup-linux-arm64-musl": "4.17.2",
- "@rollup/rollup-linux-powerpc64le-gnu": "4.17.2",
- "@rollup/rollup-linux-riscv64-gnu": "4.17.2",
- "@rollup/rollup-linux-s390x-gnu": "4.17.2",
- "@rollup/rollup-linux-x64-gnu": "4.17.2",
- "@rollup/rollup-linux-x64-musl": "4.17.2",
- "@rollup/rollup-win32-arm64-msvc": "4.17.2",
- "@rollup/rollup-win32-ia32-msvc": "4.17.2",
- "@rollup/rollup-win32-x64-msvc": "4.17.2",
+ "@rollup/rollup-android-arm-eabi": "4.20.0",
+ "@rollup/rollup-android-arm64": "4.20.0",
+ "@rollup/rollup-darwin-arm64": "4.20.0",
+ "@rollup/rollup-darwin-x64": "4.20.0",
+ "@rollup/rollup-linux-arm-gnueabihf": "4.20.0",
+ "@rollup/rollup-linux-arm-musleabihf": "4.20.0",
+ "@rollup/rollup-linux-arm64-gnu": "4.20.0",
+ "@rollup/rollup-linux-arm64-musl": "4.20.0",
+ "@rollup/rollup-linux-powerpc64le-gnu": "4.20.0",
+ "@rollup/rollup-linux-riscv64-gnu": "4.20.0",
+ "@rollup/rollup-linux-s390x-gnu": "4.20.0",
+ "@rollup/rollup-linux-x64-gnu": "4.20.0",
+ "@rollup/rollup-linux-x64-musl": "4.20.0",
+ "@rollup/rollup-win32-arm64-msvc": "4.20.0",
+ "@rollup/rollup-win32-ia32-msvc": "4.20.0",
+ "@rollup/rollup-win32-x64-msvc": "4.20.0",
"fsevents": "~2.3.2"
}
},
@@ -12518,13 +13039,13 @@
}
},
"node_modules/safe-array-concat": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.0.1.tgz",
- "integrity": "sha512-6XbUAseYE2KtOuGueyeobCySj9L4+66Tn6KQMOPQJrAJEowYKW/YR/MGJZl7FdydUdaFu4LYyDZjxf4/Nmo23Q==",
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.2.tgz",
+ "integrity": "sha512-vj6RsCsWBCf19jIeHEfkRMw8DPiBb+DMXklQ/1SGDHOMlHdPUkZXFQ2YdplS23zESTijAcurb1aSgJA3AgMu1Q==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "get-intrinsic": "^1.2.1",
+ "call-bind": "^1.0.7",
+ "get-intrinsic": "^1.2.4",
"has-symbols": "^1.0.3",
"isarray": "^2.0.5"
},
@@ -12540,15 +13061,18 @@
"license": "MIT"
},
"node_modules/safe-regex-test": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.0.tgz",
- "integrity": "sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA==",
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.3.tgz",
+ "integrity": "sha512-CdASjNJPvRa7roO6Ra/gLYBTzYzzPyyBXxIMdGW3USQLyjWEls2RgW5UBTXaQVp+OrpeCK3bLem8smtmheoRuw==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "get-intrinsic": "^1.1.3",
+ "call-bind": "^1.0.6",
+ "es-errors": "^1.3.0",
"is-regex": "^1.1.4"
},
+ "engines": {
+ "node": ">= 0.4"
+ },
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
@@ -12687,28 +13211,31 @@
}
},
"node_modules/set-function-length": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz",
- "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==",
+ "version": "1.2.2",
+ "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
+ "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
"dependencies": {
- "define-data-property": "^1.1.1",
- "get-intrinsic": "^1.2.1",
+ "define-data-property": "^1.1.4",
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "get-intrinsic": "^1.2.4",
"gopd": "^1.0.1",
- "has-property-descriptors": "^1.0.0"
+ "has-property-descriptors": "^1.0.2"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/set-function-name": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.1.tgz",
- "integrity": "sha512-tMNCiqYVkXIZgc2Hnoy2IvC/f8ezc5koaRFkCjrpWzGpCd3qbZXPzVy9MAZzK1ch/X0jvSkojys3oqJN0qCmdA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.2.tgz",
+ "integrity": "sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==",
"dev": true,
"dependencies": {
- "define-data-property": "^1.0.1",
+ "define-data-property": "^1.1.4",
+ "es-errors": "^1.3.0",
"functions-have-names": "^1.2.3",
- "has-property-descriptors": "^1.0.0"
+ "has-property-descriptors": "^1.0.2"
},
"engines": {
"node": ">= 0.4"
@@ -12988,6 +13515,18 @@
"url": "https://github.com/sponsors/typicode"
}
},
+ "node_modules/stop-iteration-iterator": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/stop-iteration-iterator/-/stop-iteration-iterator-1.0.0.tgz",
+ "integrity": "sha512-iCGQj+0l0HOdZ2AEeBADlsRC+vsnDsZsbdSiH1yNSjcfKM7fdpCMfqAL/dwF5BLiw/XhRft/Wax6zQbhq2BcjQ==",
+ "dev": true,
+ "dependencies": {
+ "internal-slot": "^1.0.4"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
"node_modules/stream-combiner": {
"version": "0.0.4",
"dev": true,
@@ -13004,31 +13543,6 @@
"node": ">=10.0.0"
}
},
- "node_modules/string_decoder": {
- "version": "1.3.0",
- "license": "MIT",
- "dependencies": {
- "safe-buffer": "~5.2.0"
- }
- },
- "node_modules/string_decoder/node_modules/safe-buffer": {
- "version": "5.2.1",
- "funding": [
- {
- "type": "github",
- "url": "https://github.com/sponsors/feross"
- },
- {
- "type": "patreon",
- "url": "https://www.patreon.com/feross"
- },
- {
- "type": "consulting",
- "url": "https://feross.org/support"
- }
- ],
- "license": "MIT"
- },
"node_modules/string-argv": {
"version": "0.3.2",
"resolved": "https://registry.npmjs.org/string-argv/-/string-argv-0.3.2.tgz",
@@ -13094,15 +13608,26 @@
"node": ">=8"
}
},
+ "node_modules/string.prototype.includes": {
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/string.prototype.includes/-/string.prototype.includes-2.0.0.tgz",
+ "integrity": "sha512-E34CkBgyeqNDcrbU76cDjL5JLcVrtSdYq0MEh/B10r17pRP4ciHLwTgnuLV8Ay6cgEMLkcBkFCKyFZ43YldYzg==",
+ "dev": true,
+ "dependencies": {
+ "define-properties": "^1.1.3",
+ "es-abstract": "^1.17.5"
+ }
+ },
"node_modules/string.prototype.trim": {
- "version": "1.2.8",
- "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.8.tgz",
- "integrity": "sha512-lfjY4HcixfQXOfaqCvcBuOIapyaroTXhbkfJN3gcB1OtyupngWK4sEET9Knd0cXd28kTUqu/kHoV4HKSJdnjiQ==",
+ "version": "1.2.9",
+ "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.9.tgz",
+ "integrity": "sha512-klHuCNxiMZ8MlsOihJhJEBJAiMVqU3Z2nEXWfWnIqjN0gEFS9J9+IxKozWWtQGcgoa1WUZzLjKPTr4ZHNFTFxw==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1"
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1",
+ "es-abstract": "^1.23.0",
+ "es-object-atoms": "^1.0.0"
},
"engines": {
"node": ">= 0.4"
@@ -13112,28 +13637,31 @@
}
},
"node_modules/string.prototype.trimend": {
- "version": "1.0.7",
- "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.7.tgz",
- "integrity": "sha512-Ni79DqeB72ZFq1uH/L6zJ+DKZTkOtPIHovb3YZHQViE+HDouuU4mBrLOLDn5Dde3RF8qw5qVETEjhu9locMLvA==",
+ "version": "1.0.8",
+ "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.8.tgz",
+ "integrity": "sha512-p73uL5VCHCO2BZZ6krwwQE3kCzM7NKmis8S//xEC6fQonchbum4eP6kR4DLEjQFO3Wnj3Fuo8NM0kOSjVdHjZQ==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1"
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1",
+ "es-object-atoms": "^1.0.0"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/string.prototype.trimstart": {
- "version": "1.0.7",
- "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.7.tgz",
- "integrity": "sha512-NGhtDFu3jCEm7B4Fy0DpLewdJQOZcQ0rGbwQ/+stjnrp2i+rlKeCvos9hOIeCmqwratM47OBxY7uFZzjxHXmrg==",
+ "version": "1.0.8",
+ "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.8.tgz",
+ "integrity": "sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "define-properties": "^1.2.0",
- "es-abstract": "^1.22.1"
+ "call-bind": "^1.0.7",
+ "define-properties": "^1.2.1",
+ "es-object-atoms": "^1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -13215,37 +13743,20 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/strip-literal": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-2.1.0.tgz",
- "integrity": "sha512-Op+UycaUt/8FbN/Z2TWPBLge3jWrP3xj10f3fnYxf052bKuS3EKs1ZQcVGjnEMdsNVAM+plXRdmjrZ/KgG3Skw==",
- "dev": true,
- "dependencies": {
- "js-tokens": "^9.0.0"
- },
- "funding": {
- "url": "https://github.com/sponsors/antfu"
- }
- },
- "node_modules/strip-literal/node_modules/js-tokens": {
- "version": "9.0.0",
- "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.0.tgz",
- "integrity": "sha512-WriZw1luRMlmV3LGJaR6QOJjWwgLUTf89OwT2lUOyjX2dJGBwgmIkbcz+7WFZjrZM635JOIR517++e/67CP9dQ==",
- "dev": true
- },
"node_modules/strnum": {
"version": "1.0.5",
"license": "MIT"
},
"node_modules/strtok3": {
- "version": "7.0.0",
- "license": "MIT",
+ "version": "8.1.0",
+ "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-8.1.0.tgz",
+ "integrity": "sha512-ExzDvHYPj6F6QkSNe/JxSlBxTh3OrI6wrAIz53ulxo1c4hBJ1bT9C/JrAthEKHWG9riVH3Xzg7B03Oxty6S2Lw==",
"dependencies": {
"@tokenizer/token": "^0.3.0",
- "peek-readable": "^5.0.0"
+ "peek-readable": "^5.1.4"
},
"engines": {
- "node": ">=14.16"
+ "node": ">=16"
},
"funding": {
"type": "github",
@@ -13456,24 +13967,33 @@
"license": "MIT"
},
"node_modules/tinybench": {
- "version": "2.7.0",
- "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.7.0.tgz",
- "integrity": "sha512-Qgayeb106x2o4hNzNjsZEfFziw8IbKqtbXBjVh7VIZfBxfD5M4gWtpyx5+YTae2gJ6Y6Dz/KLepiv16RFeQWNA==",
+ "version": "2.9.0",
+ "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz",
+ "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==",
"dev": true
},
"node_modules/tinypool": {
- "version": "0.8.4",
- "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.8.4.tgz",
- "integrity": "sha512-i11VH5gS6IFeLY3gMBQ00/MmLncVP7JLXOw1vlgkytLmJK7QnEr7NXf0LBdxfmNPAeyetukOk0bOYrJrFGjYJQ==",
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.0.0.tgz",
+ "integrity": "sha512-KIKExllK7jp3uvrNtvRBYBWBOAXSX8ZvoaD8T+7KB/QHIuoJW3Pmr60zucywjAlMb5TeXUkcs/MWeWLu0qvuAQ==",
+ "dev": true,
+ "engines": {
+ "node": "^18.0.0 || >=20.0.0"
+ }
+ },
+ "node_modules/tinyrainbow": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-1.2.0.tgz",
+ "integrity": "sha512-weEDEq7Z5eTHPDh4xjX789+fHfF+P8boiFB+0vbWzpbnbsEr/GRaohi/uMKxg8RZMXnl1ItAi/IUHWMsjDV7kQ==",
"dev": true,
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/tinyspy": {
- "version": "2.2.1",
- "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-2.2.1.tgz",
- "integrity": "sha512-KYad6Vy5VDWV4GH3fjpseMQ/XU2BhIYP7Vzd0LG44qRWm/Yt2WCOTicFdvmgo6gWaqooMQCawTtILVQJupKu7A==",
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-3.0.0.tgz",
+ "integrity": "sha512-q5nmENpTHgiPVd1cJDDc9cVoYN5x4vCvwT3FMilvKPKneCBZAxn2YWQjDF0UMcE9k0Cay1gBiDfTMU0g+mPMQA==",
"dev": true,
"engines": {
"node": ">=14.0.0"
@@ -13506,8 +14026,9 @@
}
},
"node_modules/token-types": {
- "version": "5.0.1",
- "license": "MIT",
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.0.0.tgz",
+ "integrity": "sha512-lbDrTLVsHhOMljPscd0yitpozq7Ga2M5Cvez5AjGg8GASBjtt6iERCAJ93yommPmz62fb45oFIXHEZ3u9bfJEA==",
"dependencies": {
"@tokenizer/token": "^0.3.0",
"ieee754": "^1.2.1"
@@ -13624,407 +14145,25 @@
"fsevents": "~2.3.3"
}
},
- "node_modules/tsx/node_modules/@esbuild/aix-ppc64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz",
- "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==",
- "cpu": [
- "ppc64"
- ],
+ "node_modules/tsx/node_modules/fsevents": {
+ "version": "2.3.3",
+ "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+ "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+ "hasInstallScript": true,
"optional": true,
"os": [
- "aix"
+ "darwin"
],
"engines": {
- "node": ">=12"
+ "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
}
},
- "node_modules/tsx/node_modules/@esbuild/android-arm": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.21.5.tgz",
- "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==",
- "cpu": [
- "arm"
- ],
- "optional": true,
- "os": [
- "android"
- ],
+ "node_modules/tunnel": {
+ "version": "0.0.6",
+ "dev": true,
+ "license": "MIT",
"engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/android-arm64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz",
- "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==",
- "cpu": [
- "arm64"
- ],
- "optional": true,
- "os": [
- "android"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/android-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.21.5.tgz",
- "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "android"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/darwin-arm64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz",
- "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==",
- "cpu": [
- "arm64"
- ],
- "optional": true,
- "os": [
- "darwin"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/darwin-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz",
- "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "darwin"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/freebsd-arm64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz",
- "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==",
- "cpu": [
- "arm64"
- ],
- "optional": true,
- "os": [
- "freebsd"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/freebsd-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz",
- "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "freebsd"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-arm": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz",
- "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==",
- "cpu": [
- "arm"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-arm64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz",
- "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==",
- "cpu": [
- "arm64"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-ia32": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz",
- "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==",
- "cpu": [
- "ia32"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-loong64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz",
- "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==",
- "cpu": [
- "loong64"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-mips64el": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz",
- "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==",
- "cpu": [
- "mips64el"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-ppc64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz",
- "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==",
- "cpu": [
- "ppc64"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-riscv64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz",
- "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==",
- "cpu": [
- "riscv64"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-s390x": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz",
- "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==",
- "cpu": [
- "s390x"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/linux-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz",
- "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "linux"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/netbsd-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz",
- "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "netbsd"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/openbsd-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz",
- "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "openbsd"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/sunos-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz",
- "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "sunos"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/win32-arm64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz",
- "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==",
- "cpu": [
- "arm64"
- ],
- "optional": true,
- "os": [
- "win32"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/win32-ia32": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz",
- "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==",
- "cpu": [
- "ia32"
- ],
- "optional": true,
- "os": [
- "win32"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/@esbuild/win32-x64": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz",
- "integrity": "sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==",
- "cpu": [
- "x64"
- ],
- "optional": true,
- "os": [
- "win32"
- ],
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/tsx/node_modules/esbuild": {
- "version": "0.21.5",
- "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.21.5.tgz",
- "integrity": "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==",
- "hasInstallScript": true,
- "bin": {
- "esbuild": "bin/esbuild"
- },
- "engines": {
- "node": ">=12"
- },
- "optionalDependencies": {
- "@esbuild/aix-ppc64": "0.21.5",
- "@esbuild/android-arm": "0.21.5",
- "@esbuild/android-arm64": "0.21.5",
- "@esbuild/android-x64": "0.21.5",
- "@esbuild/darwin-arm64": "0.21.5",
- "@esbuild/darwin-x64": "0.21.5",
- "@esbuild/freebsd-arm64": "0.21.5",
- "@esbuild/freebsd-x64": "0.21.5",
- "@esbuild/linux-arm": "0.21.5",
- "@esbuild/linux-arm64": "0.21.5",
- "@esbuild/linux-ia32": "0.21.5",
- "@esbuild/linux-loong64": "0.21.5",
- "@esbuild/linux-mips64el": "0.21.5",
- "@esbuild/linux-ppc64": "0.21.5",
- "@esbuild/linux-riscv64": "0.21.5",
- "@esbuild/linux-s390x": "0.21.5",
- "@esbuild/linux-x64": "0.21.5",
- "@esbuild/netbsd-x64": "0.21.5",
- "@esbuild/openbsd-x64": "0.21.5",
- "@esbuild/sunos-x64": "0.21.5",
- "@esbuild/win32-arm64": "0.21.5",
- "@esbuild/win32-ia32": "0.21.5",
- "@esbuild/win32-x64": "0.21.5"
- }
- },
- "node_modules/tsx/node_modules/fsevents": {
- "version": "2.3.3",
- "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
- "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
- "hasInstallScript": true,
- "optional": true,
- "os": [
- "darwin"
- ],
- "engines": {
- "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
- }
- },
- "node_modules/tunnel": {
- "version": "0.0.6",
- "dev": true,
- "license": "MIT",
- "engines": {
- "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
+ "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
},
"node_modules/type-check": {
@@ -14039,13 +14178,15 @@
"node": ">= 0.8.0"
}
},
- "node_modules/type-detect": {
- "version": "4.0.8",
- "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
- "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
- "dev": true,
+ "node_modules/type-fest": {
+ "version": "4.23.0",
+ "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.23.0.tgz",
+ "integrity": "sha512-ZiBujro2ohr5+Z/hZWHESLz3g08BBdrdLMieYFULJO+tWc437sn8kQsWLJoZErY8alNhxre9K4p3GURAG11n+w==",
"engines": {
- "node": ">=4"
+ "node": ">=16"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/type-is": {
@@ -14061,29 +14202,30 @@
}
},
"node_modules/typed-array-buffer": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz",
- "integrity": "sha512-Y8KTSIglk9OZEr8zywiIHG/kmQ7KWyjseXs1CbSo8vC42w7hg2HgYTxSWwP0+is7bWDc1H+Fo026CpHFwm8tkw==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.2.tgz",
+ "integrity": "sha512-gEymJYKZtKXzzBzM4jqa9w6Q1Jjm7x2d+sh19AdsD4wqnMPDYyvwpsIc2Q/835kHuo3BEQ7CjelGhfTsoBb2MQ==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
- "get-intrinsic": "^1.2.1",
- "is-typed-array": "^1.1.10"
+ "call-bind": "^1.0.7",
+ "es-errors": "^1.3.0",
+ "is-typed-array": "^1.1.13"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/typed-array-byte-length": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.0.tgz",
- "integrity": "sha512-Or/+kvLxNpeQ9DtSydonMxCx+9ZXOswtwJn17SNLvhptaXYDJvkFFP5zbfU/uLmvnBJlI4yrnXRxpdWH/M5tNA==",
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.1.tgz",
+ "integrity": "sha512-3iMJ9q0ao7WE9tWcaYKIptkNBuOIcZCCT0d4MRvuuH88fEoEH62IuQe0OtraD3ebQEoTRk8XCBoknUNc1Y67pw==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
+ "call-bind": "^1.0.7",
"for-each": "^0.3.3",
- "has-proto": "^1.0.1",
- "is-typed-array": "^1.1.10"
+ "gopd": "^1.0.1",
+ "has-proto": "^1.0.3",
+ "is-typed-array": "^1.1.13"
},
"engines": {
"node": ">= 0.4"
@@ -14093,16 +14235,17 @@
}
},
"node_modules/typed-array-byte-offset": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.0.tgz",
- "integrity": "sha512-RD97prjEt9EL8YgAgpOkf3O4IF9lhJFr9g0htQkm0rchFp/Vx7LW5Q8fSXXub7BXAODyUQohRMyOc3faCPd0hg==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.2.tgz",
+ "integrity": "sha512-Ous0vodHa56FviZucS2E63zkgtgrACj7omjwd/8lTEMEPFFyjfixMZ1ZXenpgCFBBt4EC1J2XsyVS2gkG0eTFA==",
"dev": true,
"dependencies": {
- "available-typed-arrays": "^1.0.5",
- "call-bind": "^1.0.2",
+ "available-typed-arrays": "^1.0.7",
+ "call-bind": "^1.0.7",
"for-each": "^0.3.3",
- "has-proto": "^1.0.1",
- "is-typed-array": "^1.1.10"
+ "gopd": "^1.0.1",
+ "has-proto": "^1.0.3",
+ "is-typed-array": "^1.1.13"
},
"engines": {
"node": ">= 0.4"
@@ -14112,23 +14255,29 @@
}
},
"node_modules/typed-array-length": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.4.tgz",
- "integrity": "sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng==",
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.6.tgz",
+ "integrity": "sha512-/OxDN6OtAk5KBpGb28T+HZc2M+ADtvRxXrKKbUwtsLgdoxgX13hyy7ek6bFRl5+aBs2yZzB0c4CnQfAtVypW/g==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.2",
+ "call-bind": "^1.0.7",
"for-each": "^0.3.3",
- "is-typed-array": "^1.1.9"
+ "gopd": "^1.0.1",
+ "has-proto": "^1.0.3",
+ "is-typed-array": "^1.1.13",
+ "possible-typed-array-names": "^1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/typescript": {
- "version": "5.4.4",
- "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.4.tgz",
- "integrity": "sha512-dGE2Vv8cpVvw28v8HCPqyb08EzbBURxDpuhJvTrusShUfGnhHBafDsLdS1EhhxyL6BJQE+2cT3dDPAv+MQ6oLw==",
+ "version": "5.5.2",
+ "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.2.tgz",
+ "integrity": "sha512-NcRtPEOsPFFWjobJEtfihkLCZCXZt/os3zf8nTxjVH3RvTSxjrCamJpbExGvYOF+tFHc3pA65qpdwPbzjohhew==",
"dev": true,
"bin": {
"tsc": "bin/tsc",
@@ -14144,11 +14293,16 @@
"integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
"dev": true
},
- "node_modules/ufo": {
- "version": "1.5.3",
- "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.5.3.tgz",
- "integrity": "sha512-Y7HYmWaFwPUmkoQCUIAYpKqkOf+SbVj/2fJJZ4RJMCfZp0rTGwRbzQD+HghfnhKOjL9E01okqz+ncJskGYfBNw==",
- "dev": true
+ "node_modules/uint8array-extras": {
+ "version": "1.3.0",
+ "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.3.0.tgz",
+ "integrity": "sha512-npBAT0ZIX6mAIG7SF6G4LF1BIoRx3h+HVajSplHx0XmOD0Ug4qio5Yhcajn72i5OEj/qkk1OFaYh2PhqHBV33w==",
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
},
"node_modules/unbox-primitive": {
"version": "1.0.2",
@@ -14181,6 +14335,11 @@
"node": ">=14.0"
}
},
+ "node_modules/undici-types": {
+ "version": "6.11.1",
+ "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.11.1.tgz",
+ "integrity": "sha512-mIDEX2ek50x0OlRgxryxsenE5XaQD4on5U2inY7RApK3SOJpofyw7uW2AyfMKkhAxXIceo2DeWGVGwyvng1GNQ=="
+ },
"node_modules/unified": {
"version": "11.0.3",
"resolved": "https://registry.npmjs.org/unified/-/unified-11.0.3.tgz",
@@ -14478,6 +14637,7 @@
},
"node_modules/uri-js": {
"version": "4.4.1",
+ "dev": true,
"license": "BSD-2-Clause",
"dependencies": {
"punycode": "^2.1.0"
@@ -14503,10 +14663,6 @@
"dev": true,
"license": "WTFPL"
},
- "node_modules/util-deprecate": {
- "version": "1.0.2",
- "license": "MIT"
- },
"node_modules/utils-merge": {
"version": "1.0.1",
"license": "MIT",
@@ -14678,13 +14834,13 @@
}
},
"node_modules/vite": {
- "version": "5.2.11",
- "resolved": "https://registry.npmjs.org/vite/-/vite-5.2.11.tgz",
- "integrity": "sha512-HndV31LWW05i1BLPMUCE1B9E9GFbOu1MbenhS58FuK6owSO5qHm7GiCotrNY1YE5rMeQSFBGmT5ZaLEjFizgiQ==",
+ "version": "5.4.0",
+ "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.0.tgz",
+ "integrity": "sha512-5xokfMX0PIiwCMCMb9ZJcMyh5wbBun0zUzKib+L65vAZ8GY9ePZMXxFrHbr/Kyll2+LSCY7xtERPpxkBDKngwg==",
"dev": true,
"dependencies": {
- "esbuild": "^0.20.1",
- "postcss": "^8.4.38",
+ "esbuild": "^0.21.3",
+ "postcss": "^8.4.40",
"rollup": "^4.13.0"
},
"bin": {
@@ -14704,6 +14860,7 @@
"less": "*",
"lightningcss": "^1.21.0",
"sass": "*",
+ "sass-embedded": "*",
"stylus": "*",
"sugarss": "*",
"terser": "^5.4.0"
@@ -14721,6 +14878,9 @@
"sass": {
"optional": true
},
+ "sass-embedded": {
+ "optional": true
+ },
"stylus": {
"optional": true
},
@@ -14733,15 +14893,15 @@
}
},
"node_modules/vite-node": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.6.0.tgz",
- "integrity": "sha512-de6HJgzC+TFzOu0NTC4RAIsyf/DY/ibWDYQUcuEA84EMHhcefTUGkjFHKKEJhQN4A+6I0u++kr3l36ZF2d7XRw==",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-2.0.5.tgz",
+ "integrity": "sha512-LdsW4pxj0Ot69FAoXZ1yTnA9bjGohr2yNBU7QKRxpz8ITSkhuDl6h3zS/tvgz4qrNjeRnvrWeXQ8ZF7Um4W00Q==",
"dev": true,
"dependencies": {
"cac": "^6.7.14",
- "debug": "^4.3.4",
- "pathe": "^1.1.1",
- "picocolors": "^1.0.0",
+ "debug": "^4.3.5",
+ "pathe": "^1.1.2",
+ "tinyrainbow": "^1.2.0",
"vite": "^5.0.0"
},
"bin": {
@@ -14754,6 +14914,23 @@
"url": "https://opencollective.com/vitest"
}
},
+ "node_modules/vite-node/node_modules/debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+ "dev": true,
+ "dependencies": {
+ "ms": "2.1.2"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
"node_modules/vite/node_modules/fsevents": {
"version": "2.3.3",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
@@ -14769,9 +14946,9 @@
}
},
"node_modules/vite/node_modules/postcss": {
- "version": "8.4.38",
- "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz",
- "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==",
+ "version": "8.4.41",
+ "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.41.tgz",
+ "integrity": "sha512-TesUflQ0WKZqAvg52PWL6kHgLKP6xB6heTOdoYM0Wt2UHyxNa4K25EZZMgKns3BH1RLVbZCREPpLY0rhnNoHVQ==",
"dev": true,
"funding": [
{
@@ -14789,7 +14966,7 @@
],
"dependencies": {
"nanoid": "^3.3.7",
- "picocolors": "^1.0.0",
+ "picocolors": "^1.0.1",
"source-map-js": "^1.2.0"
},
"engines": {
@@ -14797,31 +14974,30 @@
}
},
"node_modules/vitest": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.6.0.tgz",
- "integrity": "sha512-H5r/dN06swuFnzNFhq/dnz37bPXnq8xB2xB5JOVk8K09rUtoeNN+LHWkoQ0A/i3hvbUKKcCei9KpbxqHMLhLLA==",
- "dev": true,
- "dependencies": {
- "@vitest/expect": "1.6.0",
- "@vitest/runner": "1.6.0",
- "@vitest/snapshot": "1.6.0",
- "@vitest/spy": "1.6.0",
- "@vitest/utils": "1.6.0",
- "acorn-walk": "^8.3.2",
- "chai": "^4.3.10",
- "debug": "^4.3.4",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/vitest/-/vitest-2.0.5.tgz",
+ "integrity": "sha512-8GUxONfauuIdeSl5f9GTgVEpg5BTOlplET4WEDaeY2QBiN8wSm68vxN/tb5z405OwppfoCavnwXafiaYBC/xOA==",
+ "dev": true,
+ "dependencies": {
+ "@ampproject/remapping": "^2.3.0",
+ "@vitest/expect": "2.0.5",
+ "@vitest/pretty-format": "^2.0.5",
+ "@vitest/runner": "2.0.5",
+ "@vitest/snapshot": "2.0.5",
+ "@vitest/spy": "2.0.5",
+ "@vitest/utils": "2.0.5",
+ "chai": "^5.1.1",
+ "debug": "^4.3.5",
"execa": "^8.0.1",
- "local-pkg": "^0.5.0",
- "magic-string": "^0.30.5",
- "pathe": "^1.1.1",
- "picocolors": "^1.0.0",
- "std-env": "^3.5.0",
- "strip-literal": "^2.0.0",
- "tinybench": "^2.5.1",
- "tinypool": "^0.8.3",
+ "magic-string": "^0.30.10",
+ "pathe": "^1.1.2",
+ "std-env": "^3.7.0",
+ "tinybench": "^2.8.0",
+ "tinypool": "^1.0.0",
+ "tinyrainbow": "^1.2.0",
"vite": "^5.0.0",
- "vite-node": "1.6.0",
- "why-is-node-running": "^2.2.2"
+ "vite-node": "2.0.5",
+ "why-is-node-running": "^2.3.0"
},
"bin": {
"vitest": "vitest.mjs"
@@ -14835,8 +15011,8 @@
"peerDependencies": {
"@edge-runtime/vm": "*",
"@types/node": "^18.0.0 || >=20.0.0",
- "@vitest/browser": "1.6.0",
- "@vitest/ui": "1.6.0",
+ "@vitest/browser": "2.0.5",
+ "@vitest/ui": "2.0.5",
"happy-dom": "*",
"jsdom": "*"
},
@@ -14861,6 +15037,23 @@
}
}
},
+ "node_modules/vitest/node_modules/debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+ "dev": true,
+ "dependencies": {
+ "ms": "2.1.2"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
"node_modules/vitest/node_modules/execa": {
"version": "8.0.1",
"resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz",
@@ -15164,31 +15357,34 @@
}
},
"node_modules/which-collection": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/which-collection/-/which-collection-1.0.1.tgz",
- "integrity": "sha512-W8xeTUwaln8i3K/cY1nGXzdnVZlidBcagyNFtBdD5kxnb4TvGKR7FfSIS3mYpwWS1QUCutfKz8IY8RjftB0+1A==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/which-collection/-/which-collection-1.0.2.tgz",
+ "integrity": "sha512-K4jVyjnBdgvc86Y6BkaLZEN933SwYOuBFkdmBu9ZfkcAbdVbpITnDmjvZ/aQjRXQrv5EPkTnD1s39GiiqbngCw==",
"dev": true,
"dependencies": {
- "is-map": "^2.0.1",
- "is-set": "^2.0.1",
- "is-weakmap": "^2.0.1",
- "is-weakset": "^2.0.1"
+ "is-map": "^2.0.3",
+ "is-set": "^2.0.3",
+ "is-weakmap": "^2.0.2",
+ "is-weakset": "^2.0.3"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/which-typed-array": {
- "version": "1.1.13",
- "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.13.tgz",
- "integrity": "sha512-P5Nra0qjSncduVPEAr7xhoF5guty49ArDTwzJ/yNuPIbZppyRxFQsRCWrocxIY+CnMVG+qfbU2FmDKyvSGClow==",
+ "version": "1.1.15",
+ "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.15.tgz",
+ "integrity": "sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==",
"dev": true,
"dependencies": {
- "available-typed-arrays": "^1.0.5",
- "call-bind": "^1.0.4",
+ "available-typed-arrays": "^1.0.7",
+ "call-bind": "^1.0.7",
"for-each": "^0.3.3",
"gopd": "^1.0.1",
- "has-tostringtag": "^1.0.0"
+ "has-tostringtag": "^1.0.2"
},
"engines": {
"node": ">= 0.4"
@@ -15198,9 +15394,9 @@
}
},
"node_modules/why-is-node-running": {
- "version": "2.2.2",
- "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.2.2.tgz",
- "integrity": "sha512-6tSwToZxTOcotxHeA+qGCq1mVzKR3CwcJGmVcY+QE8SHy6TnpFnh8PAvPNHYr7EcuVeG0QSMxtYCuO1ta/G/oA==",
+ "version": "2.3.0",
+ "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz",
+ "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==",
"dev": true,
"dependencies": {
"siginfo": "^2.0.0",
@@ -15214,28 +15410,35 @@
}
},
"node_modules/widest-line": {
- "version": "4.0.1",
- "license": "MIT",
+ "version": "5.0.0",
+ "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-5.0.0.tgz",
+ "integrity": "sha512-c9bZp7b5YtRj2wOe6dlj32MK+Bx/M/d+9VB2SHM1OtsUHR0aV0tdP6DWh/iMt0kWi1t5g1Iudu6hQRNd1A4PVA==",
"dependencies": {
- "string-width": "^5.0.1"
+ "string-width": "^7.0.0"
},
"engines": {
- "node": ">=12"
+ "node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
+ "node_modules/widest-line/node_modules/emoji-regex": {
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
+ "integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw=="
+ },
"node_modules/widest-line/node_modules/string-width": {
- "version": "5.1.2",
- "license": "MIT",
+ "version": "7.2.0",
+ "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
+ "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
"dependencies": {
- "eastasianwidth": "^0.2.0",
- "emoji-regex": "^9.2.2",
- "strip-ansi": "^7.0.1"
+ "emoji-regex": "^10.3.0",
+ "get-east-asian-width": "^1.0.0",
+ "strip-ansi": "^7.1.0"
},
"engines": {
- "node": ">=12"
+ "node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
@@ -15245,7 +15448,6 @@
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.0.tgz",
"integrity": "sha512-G8ura3S+3Z2G+mkgNRq8dqaFZAuxfsxpBB8OCTGRTCtp+l/v9nbFNmCUP1BZMts3G1142MsZfn6eeUKrr4PD1Q==",
- "dev": true,
"dependencies": {
"ansi-styles": "^6.2.1",
"string-width": "^7.0.0",
@@ -15290,7 +15492,6 @@
"version": "6.2.1",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
"integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
- "dev": true,
"engines": {
"node": ">=12"
},
@@ -15301,14 +15502,12 @@
"node_modules/wrap-ansi/node_modules/emoji-regex": {
"version": "10.3.0",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
- "integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw==",
- "dev": true
+ "integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw=="
},
"node_modules/wrap-ansi/node_modules/string-width": {
"version": "7.1.0",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz",
"integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==",
- "dev": true,
"dependencies": {
"emoji-regex": "^10.3.0",
"get-east-asian-width": "^1.0.0",
@@ -15344,10 +15543,13 @@
}
},
"node_modules/yaml": {
- "version": "2.3.4",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz",
- "integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==",
+ "version": "2.5.0",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.0.tgz",
+ "integrity": "sha512-2wWLbGbYDiSqqIKoPjar3MPgB94ErzCtrNE1FdqGuaO0pi2JGjmE8aW8TDZwzU7vuxcGRdL/4gPQwQ7hD5AMSw==",
"dev": true,
+ "bin": {
+ "yaml": "bin.mjs"
+ },
"engines": {
"node": ">= 14"
}
diff --git a/package.json b/package.json
index 5692e2c983f2..b758f0280152 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,7 @@
"all-documents": "tsx src/content-render/scripts/all-documents/cli.ts",
"analyze-text": "node src/search/scripts/analyze-text.js",
"analyze-comment": "tsx src/events/scripts/analyze-comment-cli.ts",
- "archive-version": "node --max-old-space-size=8192 src/ghes-releases/scripts/archive-version.js",
+ "archive-version": "tsx --max-old-space-size=16384 src/ghes-releases/scripts/archive-version.ts",
"audit-log-sync": "tsx src/audit-logs/scripts/sync.ts",
"build": "next build",
"check-content-type": "node src/workflows/check-content-type.js",
@@ -35,6 +35,7 @@
"find-orphaned-assets": "node src/assets/scripts/find-orphaned-assets.js",
"find-orphaned-features": "tsx src/data-directory/scripts/find-orphaned-features/index.ts",
"find-past-built-pr": "tsx src/workflows/find-past-built-pr.ts",
+ "find-unused-variables": "tsx src/content-linter/scripts/find-unsed-variables.ts",
"fixture-dev": "cross-env ROOT=src/fixtures/fixtures npm start",
"fixture-test": "cross-env ROOT=src/fixtures/fixtures npm test -- src/fixtures/tests",
"index": "tsx src/search/scripts/index/index.ts",
@@ -57,6 +58,7 @@
"prettier-check": "prettier -c \"**/*.{ts,tsx,js,mjs,scss,yml,yaml}\"",
"prevent-pushes-to-main": "node src/workflows/prevent-pushes-to-main.js",
"release-banner": "node src/ghes-releases/scripts/release-banner.js",
+ "reusables": "tsx src/content-render/scripts/reusables-cli.ts",
"remove-version-markup": "node src/ghes-releases/scripts/remove-version-markup.js",
"rendered-content-link-checker": "tsx src/links/scripts/rendered-content-link-checker.ts",
"rendered-content-link-checker-cli": "tsx src/links/scripts/rendered-content-link-checker-cli.ts",
@@ -66,13 +68,13 @@
"start-all-languages": "cross-env NODE_ENV=development tsx src/frame/server.ts",
"start-for-playwright": "cross-env ROOT=src/fixtures/fixtures TRANSLATIONS_FIXTURE_ROOT=src/fixtures/fixtures/translations ENABLED_LANGUAGES=en,ja NODE_ENV=test tsx src/frame/server.ts",
"symlink-from-local-repo": "node src/early-access/scripts/symlink-from-local-repo.js",
- "sync-rest": "node src/rest/scripts/update-files.js",
+ "sync-rest": "tsx src/rest/scripts/update-files.ts",
"sync-search": "cross-env NODE_OPTIONS='--max_old_space_size=8192' start-server-and-test sync-search-server 4002 sync-search-indices",
"sync-search-ghes-release": "cross-env GHES_RELEASE=1 start-server-and-test sync-search-server 4002 sync-search-indices",
"sync-search-indices": "node src/search/scripts/sync-search-indices.js",
"sync-search-server": "cross-env NODE_ENV=production PORT=4002 MINIMAL_RENDER=true CHANGELOG_DISABLED=true tsx src/frame/server.ts",
"sync-secret-scanning": "tsx src/secret-scanning/scripts/sync.ts",
- "sync-webhooks": "src/rest/scripts/update-files.js -o webhooks",
+ "sync-webhooks": "npx tsx src/rest/scripts/update-files.ts -o webhooks",
"test": "vitest",
"test-local-dev": "node src/workflows/test-local-dev.js",
"test-moved-content": "tsx src/content-render/scripts/test-moved-content.ts",
@@ -228,17 +230,17 @@
"@horizon-rs/language-guesser": "0.1.1",
"@octokit/plugin-retry": "6.0.1",
"@octokit/request-error": "6.1.1",
- "@primer/behaviors": "^1.6.0",
+ "@primer/behaviors": "^1.7.0",
"@primer/css": "^21.3.1",
- "@primer/octicons": "^19.10.0",
- "@primer/octicons-react": "^19.10.0",
- "@primer/react": "36.21.0",
+ "@primer/octicons": "^19.11.0",
+ "@primer/octicons-react": "^19.11.0",
+ "@primer/react": "36.27.0",
"accept-language-parser": "^1.5.0",
- "ajv": "^8.16.0",
+ "ajv": "^8.17.1",
"ajv-errors": "^3.0.0",
"ajv-formats": "^3.0.1",
"bottleneck": "2.19.5",
- "boxen": "7.1.1",
+ "boxen": "8.0.1",
"cheerio": "^1.0.0-rc.11",
"cheerio-to-text": "0.2.4",
"classnames": "^2.5.1",
@@ -250,13 +252,13 @@
"dotenv": "^16.4.5",
"escape-string-regexp": "5.0.0",
"express": "4.19.2",
- "express-rate-limit": "7.3.0",
+ "express-rate-limit": "7.4.0",
"fastest-levenshtein": "1.0.16",
- "file-type": "19.0.0",
+ "file-type": "19.4.1",
"flat": "^6.0.1",
"github-slugger": "^2.0.0",
- "glob": "10.4.1",
- "got": "^13.0.0",
+ "glob": "11.0.0",
+ "got": "^14.4.2",
"gray-matter": "^4.0.3",
"hast-util-from-parse5": "^8.0.1",
"hast-util-to-string": "^2.0.0",
@@ -272,7 +274,7 @@
"javascript-stringify": "^2.1.0",
"js-cookie": "^3.0.1",
"js-yaml": "^4.1.0",
- "liquidjs": "^10.14.0",
+ "liquidjs": "^10.16.1",
"lodash": "^4.17.21",
"lodash-es": "^4.17.21",
"lowdb": "7.0.1",
@@ -321,7 +323,7 @@
"@graphql-inspector/core": "^6.1.0",
"@graphql-tools/load": "^8.0.0",
"@octokit/rest": "^20.1.0",
- "@playwright/test": "1.44.1",
+ "@playwright/test": "1.46.1",
"@types/accept-language-parser": "1.5.6",
"@types/connect-datadog": "0.0.10",
"@types/connect-timeout": "0.0.39",
@@ -338,8 +340,9 @@
"@types/react-dom": "^18.3.0",
"@types/semver": "^7.5.8",
"@types/tcp-port-used": "1.0.4",
- "@typescript-eslint/eslint-plugin": "^7.13.0",
- "@typescript-eslint/parser": "^7.13.0",
+ "@types/website-scraper": "^1.2.10",
+ "@typescript-eslint/eslint-plugin": "^8.4.0",
+ "@typescript-eslint/parser": "^7.18.0",
"chalk": "^5.0.1",
"change-case": "^5.4.4",
"commander": "^12.1.0",
@@ -351,15 +354,15 @@
"eslint-import-resolver-typescript": "^3.6.1",
"eslint-plugin-github": "^5.0.1",
"eslint-plugin-import": "^2.29.1",
- "eslint-plugin-jsx-a11y": "^6.8.0",
- "eslint-plugin-primer-react": "^5.3.0",
+ "eslint-plugin-jsx-a11y": "^6.9.0",
+ "eslint-plugin-primer-react": "^5.4.0",
"event-to-promise": "^0.8.0",
- "graphql": "^16.8.1",
+ "graphql": "^16.9.0",
"http-status-code": "^2.1.0",
- "husky": "^9.0.8",
+ "husky": "^9.1.4",
"json-schema-merge-allof": "^0.8.1",
"kill-port": "2.0.1",
- "lint-staged": "^15.2.2",
+ "lint-staged": "^15.2.9",
"markdownlint": "^0.34.0",
"markdownlint-rule-search-replace": "^1.2.0",
"mdast-util-gfm-table": "^2.0.0",
@@ -371,14 +374,14 @@
"npm-merge-driver-install": "^3.0.0",
"nth-check": "2.1.1",
"prettier": "^3.3.2",
- "rimraf": "^5.0.0",
+ "rimraf": "^6.0.0",
"robots-parser": "^3.0.0",
"sass": "^1.77.1",
"start-server-and-test": "^2.0.3",
- "typescript": "^5.4.4",
+ "typescript": "^5.5.2",
"unist-util-remove": "^4.0.0",
"unist-util-visit-parents": "6.0.1",
- "vitest": "1.6.0",
+ "vitest": "2.0.5",
"website-scraper": "^5.3.1"
},
"overrides": {},
diff --git a/src/archives/middleware/archived-asset-redirects.js b/src/archives/middleware/archived-asset-redirects.ts
similarity index 82%
rename from src/archives/middleware/archived-asset-redirects.js
rename to src/archives/middleware/archived-asset-redirects.ts
index 4ca8e53a1ff6..0f5c14b80a2d 100644
--- a/src/archives/middleware/archived-asset-redirects.js
+++ b/src/archives/middleware/archived-asset-redirects.ts
@@ -1,3 +1,7 @@
+import type { Response, NextFunction } from 'express'
+
+import type { ExtendedRequest } from '@/types'
+
// When we archive old versions, we take a snapshot of rendered pages,
// which includes whatever bundles it used at the time.
// Sometimes those archived versions don't include all static assets
@@ -14,11 +18,15 @@
// but that one assumes the whole path refers to a prefix which is
// considered archived. E.g. /en/enterprise-server@2.9/foo/bar.css
-const REDIRECTS = {
+const REDIRECTS: Record = {
// Example: https://docs.github.com/en/enterprise-server@2.22/authentication/connecting-to-github-with-ssh
'/assets/images/octicons/search.svg': '/assets/images/octicons/search-24.svg',
}
-export default function archivedAssetRedirects(req, res, next) {
+export default function archivedAssetRedirects(
+ req: ExtendedRequest,
+ res: Response,
+ next: NextFunction,
+) {
if (req.path in REDIRECTS) {
const redirect = REDIRECTS[req.path].replace('/assets/', '/assets/cb-0000/')
return res.redirect(308, redirect)
diff --git a/src/assets/lib/image-density.md b/src/assets/lib/image-density.md
new file mode 100644
index 000000000000..9697c5159409
--- /dev/null
+++ b/src/assets/lib/image-density.md
@@ -0,0 +1,11 @@
+# Image density
+
+Apple's Retina display technology debuted in 2010. Since then, there's been increasing diversity of pixel densities for images and screenshots. Historically, Docs did not specify or handle pixel densities for images. Depending on screenshotting or output tool, you may end up with a 1x image, 1.5x image, 2x image, or even larger. That means without correction 1x images appear blurry to folks on Retina displays, while for non-Retina displays 1.5x and 2x images appear too large.
+
+We default to 2x images when rendering images on Docs. This helps get the images to the correct size while also keeping them sharp on high density displays. This change requires us to indicate to the browser what pixel density to use for each image. PPI/DPI metadata settings do not impact browser rendering.
+
+Most folks are now using Snagit for screenshots. In Snagit, enable the “retina images” setting. This creates images at a 2x size. By creating images at 2x size, this means for folks on high density displays, they see a crisper image.
+
+We have an exceptions list for images not at 2x. You can verify the size of an image by viewing it in Preview app (or Windows equivalent)... if it appears very large, it's likely a 2x image. If it appears at regular size, even after hitting Command + 0 to reset the scale, then it is likely a 1x image.
+
+If you need to add a new 1x image, please add it to the exceptions list. If you see an image that appears too small or too large, then we will need to edit the list in that case as well. And in general, please make sure you use Snagit for screenshots using the retina setting enabled.
diff --git a/src/assets/middleware/asset-preprocessing.js b/src/assets/middleware/asset-preprocessing.ts
similarity index 88%
rename from src/assets/middleware/asset-preprocessing.js
rename to src/assets/middleware/asset-preprocessing.ts
index 8bfc0fbc4b76..1a5a1cd6d8c0 100644
--- a/src/assets/middleware/asset-preprocessing.js
+++ b/src/assets/middleware/asset-preprocessing.ts
@@ -1,3 +1,7 @@
+import type { Response, NextFunction } from 'express'
+
+import type { ExtendedRequest } from '@/types'
+
// This middleware rewrites the URL of requests that contain the
// portion of `/cb-\d+/`.
// "cb" stands for "cache bust".
@@ -10,7 +14,11 @@
const regex = /\/cb-\d+\//
-export default function assetPreprocessing(req, res, next) {
+export default function assetPreprocessing(
+ req: ExtendedRequest,
+ res: Response,
+ next: NextFunction,
+) {
if (req.path.startsWith('/assets/')) {
// We didn't use to have a rule about all image assets must be
// lower case. So we've exposed things like:
diff --git a/src/assets/middleware/dynamic-assets.js b/src/assets/middleware/dynamic-assets.ts
similarity index 92%
rename from src/assets/middleware/dynamic-assets.js
rename to src/assets/middleware/dynamic-assets.ts
index 5526a2cf9cb0..298aaad39f6f 100644
--- a/src/assets/middleware/dynamic-assets.js
+++ b/src/assets/middleware/dynamic-assets.ts
@@ -1,12 +1,14 @@
import fs from 'fs/promises'
+import type { Response, NextFunction } from 'express'
import sharp from 'sharp'
-import { assetCacheControl, defaultCacheControl } from '#src/frame/middleware/cache-control.js'
+import type { ExtendedRequest } from '@/types'
+import { assetCacheControl, defaultCacheControl } from '@/frame/middleware/cache-control.js'
import {
setFastlySurrogateKey,
SURROGATE_ENUMS,
-} from '#src/frame/middleware/set-fastly-surrogate-key.js'
+} from '@/frame/middleware/set-fastly-surrogate-key.js'
/**
* This is the indicator that is a virtual part of the URL.
@@ -37,7 +39,11 @@ const maxWidthPathPartRegex = /\/mw-(\d+)\//
*/
const VALID_MAX_WIDTHS = [1440, 1000]
-export default async function dynamicAssets(req, res, next) {
+export default async function dynamicAssets(
+ req: ExtendedRequest,
+ res: Response,
+ next: NextFunction,
+) {
if (!req.url.startsWith('/assets/')) return next()
if (!(req.method === 'GET' || req.method === 'HEAD')) {
@@ -88,6 +94,7 @@ export default async function dynamicAssets(req, res, next) {
if (maxWidth) {
const { width } = await image.metadata()
+ if (width === undefined) throw new Error('image metadata does not have a width')
if (width > maxWidth) {
image.resize({ width: maxWidth })
}
@@ -140,7 +147,7 @@ export default async function dynamicAssets(req, res, next) {
assetCacheControl(res)
return res.type('image/webp').send(buffer)
} catch (error) {
- if (error.code !== 'ENOENT') {
+ if (error instanceof Error && (error as any).code !== 'ENOENT') {
throw error
}
}
@@ -166,7 +173,7 @@ export default async function dynamicAssets(req, res, next) {
res.status(404).type('text/plain').send('Asset not found')
}
-function deconstructImageURL(url) {
+function deconstructImageURL(url: string) {
let error
let maxWidth
const match = url.match(maxWidthPathPartRegex)
diff --git a/src/assets/middleware/static-asset-caching.js b/src/assets/middleware/static-asset-caching.ts
similarity index 67%
rename from src/assets/middleware/static-asset-caching.js
rename to src/assets/middleware/static-asset-caching.ts
index 876332c11481..69359451ea30 100644
--- a/src/assets/middleware/static-asset-caching.js
+++ b/src/assets/middleware/static-asset-caching.ts
@@ -1,9 +1,16 @@
+import type { Response, NextFunction } from 'express'
+
+import type { ExtendedRequest } from '@/types'
import {
setFastlySurrogateKey,
SURROGATE_ENUMS,
-} from '#src/frame/middleware/set-fastly-surrogate-key.js'
+} from '@/frame/middleware/set-fastly-surrogate-key.js'
-export default function setStaticAssetCaching(req, res, next) {
+export default function setStaticAssetCaching(
+ req: ExtendedRequest,
+ res: Response,
+ next: NextFunction,
+) {
if (isChecksummed(req.path)) {
setFastlySurrogateKey(res, SURROGATE_ENUMS.MANUAL)
}
@@ -12,7 +19,7 @@ export default function setStaticAssetCaching(req, res, next) {
// True if the URL is known to contain some pattern of a checksum that
// would make it intelligently different if its content has changed.
-function isChecksummed(path) {
+function isChecksummed(path: string) {
if (path.startsWith('/assets/cb-')) return true
if (path.startsWith('/_next/static')) {
// E.g. /_next/static/chunks/0e226fb0-f47400d931ae7427.js
diff --git a/src/assets/tests/dynamic-assets.js b/src/assets/tests/dynamic-assets.ts
similarity index 93%
rename from src/assets/tests/dynamic-assets.js
rename to src/assets/tests/dynamic-assets.ts
index 7c6b0c409408..b658147b9298 100644
--- a/src/assets/tests/dynamic-assets.js
+++ b/src/assets/tests/dynamic-assets.ts
@@ -3,8 +3,8 @@ import { describe, expect, test, vi } from 'vitest'
import sharp from 'sharp'
import { fileTypeFromBuffer } from 'file-type'
-import { SURROGATE_ENUMS } from '#src/frame/middleware/set-fastly-surrogate-key.js'
-import { get, head } from '#src/tests/helpers/e2etest.js'
+import { SURROGATE_ENUMS } from '@/frame/middleware/set-fastly-surrogate-key.js'
+import { get, head } from '@/tests/helpers/e2etest.js'
describe('dynamic assets', () => {
vi.setConfig({ testTimeout: 3 * 60 * 1000 })
@@ -15,7 +15,10 @@ describe('dynamic assets', () => {
})
expect(res.statusCode).toBe(200)
expect(res.headers['content-type']).toBe('image/webp')
- const { mime } = await fileTypeFromBuffer(res.body)
+
+ const fileTypeResult = await fileTypeFromBuffer(res.body)
+ if (!fileTypeResult) throw new Error('fileTypeFromBuffer failed')
+ const { mime } = fileTypeResult
expect(mime).toBe('image/webp')
})
diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json
index d4a4ebbc5965..892cc765abc7 100644
--- a/src/audit-logs/data/fpt/organization.json
+++ b/src/audit-logs/data/fpt/organization.json
@@ -84,11 +84,6 @@
"description": "Logs in a check suite were deleted.",
"docs_reference_links": "N/A"
},
- {
- "action": "code.search",
- "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
- "docs_reference_links": "/search-github/github-code-search"
- },
{
"action": "codespaces.allow_permissions",
"description": "A codespace using custom permissions from its devcontainer.json file was launched.",
@@ -244,6 +239,11 @@
"description": "The plan for GitHub Copilot was updated.",
"docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot"
},
+ {
+ "action": "copilot.plan_downgrade_scheduled",
+ "description": "The plan for GitHub Copilot was scheduled to be downgraded.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "custom_hosted_runner.create",
"description": "N/A",
@@ -1134,6 +1134,11 @@
"description": "An owner revoked authorized credentials.",
"docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization"
},
+ {
+ "action": "org.delete",
+ "description": "An organization was deleted by a user or staff.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "org.disable_member_team_creation_permission",
"description": "Team creation was limited to owners.",
@@ -1474,6 +1479,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the organization level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "org.secret_scanning_push_protection_custom_message_disabled",
"description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.",
@@ -1497,16 +1522,31 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
+ },
+ {
+ "action": "org.security_center_export_coverage",
+ "description": "A CSV export was requested on the Coverage page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_overview_dashboard",
+ "description": "A CSV export was requested on the Overview Dashboard page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_risk",
+ "description": "A CSV export was requested on the Risk page.",
"docs_reference_links": "N/A"
},
{
@@ -1899,6 +1939,21 @@
"description": "A project board was closed.",
"docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board"
},
+ {
+ "action": "project_collaborator.add",
+ "description": "A collaborator was added to a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.remove",
+ "description": "A collaborator was removed from a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.update",
+ "description": "A project collaborator's permission level was changed.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "project.create",
"description": "A project board was created.",
@@ -1964,6 +2019,16 @@
"description": "A view was deleted in a project board.",
"docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views"
},
+ {
+ "action": "project.visibility_private",
+ "description": "A project's visibility was changed from public to private.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project.visibility_public",
+ "description": "A project's visibility was changed from private to public.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "protected_branch.authorized_users_teams",
"description": "The users, teams, or integrations allowed to bypass a branch protection were changed.",
@@ -2759,6 +2824,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the repository level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "repository_secret_scanning_push_protection.disable",
"description": "Secret scanning push protection was disabled for a repository.",
@@ -2769,6 +2854,26 @@
"description": "Secret scanning push protection was enabled for a repository.",
"docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning"
},
+ {
+ "action": "repository_security_configuration.applied",
+ "description": "A code security configuration was applied to a repository.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "repository_security_configuration.failed",
+ "description": "A code security configuration failed to attach to the repository.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "repository_security_configuration.removed",
+ "description": "A code security configuration was removed from a repository.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "repository_security_configuration.removed_by_settings_change",
+ "description": "A code security configuration was removed due to a change in repository or enterprise settings.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "repository_visibility_change.clear",
"description": "The repository visibility change setting was cleared for an organization or enterprise.",
@@ -2931,18 +3036,48 @@
},
{
"action": "secret_scanning_push_protection_request.approve",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was approved by a user."
+ "description": "A request to bypass secret scanning push protection was approved by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.deny",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was denied by a user."
+ "description": "A request to bypass secret scanning push protection was denied by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.request",
- "description": "N/A",
- "docs_reference_links": "A user requested to bypass secret scanning push protection."
+ "description": "A user requested to bypass secret scanning push protection.",
+ "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line"
+ },
+ {
+ "action": "security_configuration.create",
+ "description": "A security configuration was created",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration_default.delete",
+ "description": "A default security configuration setting for new repositories was removed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration_default.update",
+ "description": "A default security configuration setting for new repositories was updated.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration.delete",
+ "description": "A security configuration was deleted",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration_policy.update",
+ "description": "A security configuration policy was updated",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration.update",
+ "description": "A security configuration was updated",
+ "docs_reference_links": "N/A"
},
{
"action": "sponsors.agreement_sign",
diff --git a/src/audit-logs/data/fpt/user.json b/src/audit-logs/data/fpt/user.json
index 3bf340376928..991cbb00692c 100644
--- a/src/audit-logs/data/fpt/user.json
+++ b/src/audit-logs/data/fpt/user.json
@@ -669,6 +669,21 @@
"description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "org.security_center_export_coverage",
+ "description": "A CSV export was requested on the Coverage page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_overview_dashboard",
+ "description": "A CSV export was requested on the Overview Dashboard page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_risk",
+ "description": "A CSV export was requested on the Risk page.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "org.set_actions_fork_pr_approvals_policy",
"description": "The setting for requiring approvals for workflows from public forks was changed for an organization.",
@@ -854,6 +869,21 @@
"description": "A project board was closed.",
"docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board"
},
+ {
+ "action": "project_collaborator.add",
+ "description": "A collaborator was added to a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.remove",
+ "description": "A collaborator was removed from a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.update",
+ "description": "A project collaborator's permission level was changed.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "project.create",
"description": "A project board was created.",
@@ -919,6 +949,16 @@
"description": "A view was deleted in a project board.",
"docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views"
},
+ {
+ "action": "project.visibility_private",
+ "description": "A project's visibility was changed from public to private.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project.visibility_public",
+ "description": "A project's visibility was changed from private to public.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "protected_branch.update_merge_queue_enforcement_level",
"description": "Enforcement of the merge queue was modified for a branch.",
@@ -1639,6 +1679,16 @@
"description": "N/A",
"docs_reference_links": "N/A"
},
+ {
+ "action": "user_email.confirm_claim",
+ "description": "An enterprise managed user claimed an email address.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "user_email.mark_as_unclaimed",
+ "description": "N/A",
+ "docs_reference_links": "An enterprise managed user unclaimed an email address."
+ },
{
"action": "user.enable_collaborators_only",
"description": "N/A",
diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json
index 41a62d97fb61..9684f1a11d7e 100644
--- a/src/audit-logs/data/ghec/enterprise.json
+++ b/src/audit-logs/data/ghec/enterprise.json
@@ -494,6 +494,16 @@
"description": "Secret scanning was enabled for new repositories in your enterprise.",
"docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise"
},
+ {
+ "action": "business_secret_scanning_generic_secrets.disabled",
+ "description": "Generic secrets have been disabled at the business level",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "business_secret_scanning_generic_secrets.enabled",
+ "description": "Generic secrets have been enabled at the business level",
+ "docs_reference_links": "N/A"
+ },
{
"action": "business_secret_scanning_non_provider_patterns.disabled",
"description": "Secret scanning for non-provider patterns was disabled at the enterprise level.",
@@ -814,6 +824,11 @@
"description": "The plan for GitHub Copilot was updated.",
"docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot"
},
+ {
+ "action": "copilot.plan_downgrade_scheduled",
+ "description": "The plan for GitHub Copilot was scheduled to be downgraded.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "custom_hosted_runner.create",
"description": "N/A",
@@ -1206,17 +1221,17 @@
},
{
"action": "external_identity.deprovision",
- "description": "N/A",
+ "description": "An external identity was deprovisioned, suspending the linked GitHub user.",
"docs_reference_links": "N/A"
},
{
"action": "external_identity.provision",
- "description": "N/A",
+ "description": "An external identity was created and linked to a GitHub user.",
"docs_reference_links": "N/A"
},
{
"action": "external_identity.update",
- "description": "N/A",
+ "description": "An external identity was updated.",
"docs_reference_links": "N/A"
},
{
@@ -1394,6 +1409,11 @@
"description": "An IP allow list was disabled for installed GitHub Apps.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "ip_allow_list.disable_idp_ip_allowlist_for_web",
+ "description": "Identity Provider based IP allow list for web interactions was disabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "ip_allow_list.disable_skip_idp_ip_allowlist_app_access",
"description": "N/A",
@@ -1414,6 +1434,11 @@
"description": "An IP allow list was enabled for installed GitHub Apps.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "ip_allow_list.enable_idp_ip_allowlist_for_web",
+ "description": "Identity Provider based IP allow list for web interactions was enabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "ip_allow_list.enable_skip_idp_ip_allowlist_app_access",
"description": "N/A",
@@ -2224,6 +2249,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the organization level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "org.secret_scanning_push_protection_custom_message_disabled",
"description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.",
@@ -2247,17 +2292,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
@@ -2639,6 +2684,21 @@
"description": "A project board was closed.",
"docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board"
},
+ {
+ "action": "project_collaborator.add",
+ "description": "A collaborator was added to a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.remove",
+ "description": "A collaborator was removed from a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.update",
+ "description": "A project collaborator's permission level was changed.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "project.create",
"description": "A project board was created.",
@@ -2704,6 +2764,16 @@
"description": "A view was deleted in a project board.",
"docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views"
},
+ {
+ "action": "project.visibility_private",
+ "description": "A project's visibility was changed from public to private.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project.visibility_public",
+ "description": "A project's visibility was changed from private to public.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "protected_branch.authorized_users_teams",
"description": "The users, teams, or integrations allowed to bypass a branch protection were changed.",
@@ -3494,6 +3564,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the repository level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "repository_secret_scanning_push_protection.disable",
"description": "Secret scanning push protection was disabled for a repository.",
@@ -3666,18 +3756,18 @@
},
{
"action": "secret_scanning_push_protection_request.approve",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was approved by a user."
+ "description": "A request to bypass secret scanning push protection was approved by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.deny",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was denied by a user."
+ "description": "A request to bypass secret scanning push protection was denied by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.request",
- "description": "N/A",
- "docs_reference_links": "A user requested to bypass secret scanning push protection."
+ "description": "A user requested to bypass secret scanning push protection.",
+ "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line"
},
{
"action": "sponsors.agreement_sign",
@@ -3919,6 +4009,16 @@
"description": "A team's permission to a repository was changed.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "user_email.confirm_claim",
+ "description": "An enterprise managed user claimed an email address.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "user_email.mark_as_unclaimed",
+ "description": "N/A",
+ "docs_reference_links": "An enterprise managed user unclaimed an email address."
+ },
{
"action": "user_license.create",
"description": "A seat license for a user in an enterprise was created.",
diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json
index d4a4ebbc5965..892cc765abc7 100644
--- a/src/audit-logs/data/ghec/organization.json
+++ b/src/audit-logs/data/ghec/organization.json
@@ -84,11 +84,6 @@
"description": "Logs in a check suite were deleted.",
"docs_reference_links": "N/A"
},
- {
- "action": "code.search",
- "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
- "docs_reference_links": "/search-github/github-code-search"
- },
{
"action": "codespaces.allow_permissions",
"description": "A codespace using custom permissions from its devcontainer.json file was launched.",
@@ -244,6 +239,11 @@
"description": "The plan for GitHub Copilot was updated.",
"docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot"
},
+ {
+ "action": "copilot.plan_downgrade_scheduled",
+ "description": "The plan for GitHub Copilot was scheduled to be downgraded.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "custom_hosted_runner.create",
"description": "N/A",
@@ -1134,6 +1134,11 @@
"description": "An owner revoked authorized credentials.",
"docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization"
},
+ {
+ "action": "org.delete",
+ "description": "An organization was deleted by a user or staff.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "org.disable_member_team_creation_permission",
"description": "Team creation was limited to owners.",
@@ -1474,6 +1479,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the organization level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "org.secret_scanning_push_protection_custom_message_disabled",
"description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.",
@@ -1497,16 +1522,31 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
+ },
+ {
+ "action": "org.security_center_export_coverage",
+ "description": "A CSV export was requested on the Coverage page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_overview_dashboard",
+ "description": "A CSV export was requested on the Overview Dashboard page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_risk",
+ "description": "A CSV export was requested on the Risk page.",
"docs_reference_links": "N/A"
},
{
@@ -1899,6 +1939,21 @@
"description": "A project board was closed.",
"docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board"
},
+ {
+ "action": "project_collaborator.add",
+ "description": "A collaborator was added to a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.remove",
+ "description": "A collaborator was removed from a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.update",
+ "description": "A project collaborator's permission level was changed.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "project.create",
"description": "A project board was created.",
@@ -1964,6 +2019,16 @@
"description": "A view was deleted in a project board.",
"docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views"
},
+ {
+ "action": "project.visibility_private",
+ "description": "A project's visibility was changed from public to private.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project.visibility_public",
+ "description": "A project's visibility was changed from private to public.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "protected_branch.authorized_users_teams",
"description": "The users, teams, or integrations allowed to bypass a branch protection were changed.",
@@ -2759,6 +2824,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the repository level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "repository_secret_scanning_push_protection.disable",
"description": "Secret scanning push protection was disabled for a repository.",
@@ -2769,6 +2854,26 @@
"description": "Secret scanning push protection was enabled for a repository.",
"docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning"
},
+ {
+ "action": "repository_security_configuration.applied",
+ "description": "A code security configuration was applied to a repository.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "repository_security_configuration.failed",
+ "description": "A code security configuration failed to attach to the repository.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "repository_security_configuration.removed",
+ "description": "A code security configuration was removed from a repository.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "repository_security_configuration.removed_by_settings_change",
+ "description": "A code security configuration was removed due to a change in repository or enterprise settings.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "repository_visibility_change.clear",
"description": "The repository visibility change setting was cleared for an organization or enterprise.",
@@ -2931,18 +3036,48 @@
},
{
"action": "secret_scanning_push_protection_request.approve",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was approved by a user."
+ "description": "A request to bypass secret scanning push protection was approved by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.deny",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was denied by a user."
+ "description": "A request to bypass secret scanning push protection was denied by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.request",
- "description": "N/A",
- "docs_reference_links": "A user requested to bypass secret scanning push protection."
+ "description": "A user requested to bypass secret scanning push protection.",
+ "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line"
+ },
+ {
+ "action": "security_configuration.create",
+ "description": "A security configuration was created",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration_default.delete",
+ "description": "A default security configuration setting for new repositories was removed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration_default.update",
+ "description": "A default security configuration setting for new repositories was updated.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration.delete",
+ "description": "A security configuration was deleted",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration_policy.update",
+ "description": "A security configuration policy was updated",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "security_configuration.update",
+ "description": "A security configuration was updated",
+ "docs_reference_links": "N/A"
},
{
"action": "sponsors.agreement_sign",
diff --git a/src/audit-logs/data/ghec/user.json b/src/audit-logs/data/ghec/user.json
index 3bf340376928..991cbb00692c 100644
--- a/src/audit-logs/data/ghec/user.json
+++ b/src/audit-logs/data/ghec/user.json
@@ -669,6 +669,21 @@
"description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "org.security_center_export_coverage",
+ "description": "A CSV export was requested on the Coverage page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_overview_dashboard",
+ "description": "A CSV export was requested on the Overview Dashboard page.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "org.security_center_export_risk",
+ "description": "A CSV export was requested on the Risk page.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "org.set_actions_fork_pr_approvals_policy",
"description": "The setting for requiring approvals for workflows from public forks was changed for an organization.",
@@ -854,6 +869,21 @@
"description": "A project board was closed.",
"docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board"
},
+ {
+ "action": "project_collaborator.add",
+ "description": "A collaborator was added to a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.remove",
+ "description": "A collaborator was removed from a project.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project_collaborator.update",
+ "description": "A project collaborator's permission level was changed.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "project.create",
"description": "A project board was created.",
@@ -919,6 +949,16 @@
"description": "A view was deleted in a project board.",
"docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views"
},
+ {
+ "action": "project.visibility_private",
+ "description": "A project's visibility was changed from public to private.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "project.visibility_public",
+ "description": "A project's visibility was changed from private to public.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "protected_branch.update_merge_queue_enforcement_level",
"description": "Enforcement of the merge queue was modified for a branch.",
@@ -1639,6 +1679,16 @@
"description": "N/A",
"docs_reference_links": "N/A"
},
+ {
+ "action": "user_email.confirm_claim",
+ "description": "An enterprise managed user claimed an email address.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "user_email.mark_as_unclaimed",
+ "description": "N/A",
+ "docs_reference_links": "An enterprise managed user unclaimed an email address."
+ },
{
"action": "user.enable_collaborators_only",
"description": "N/A",
diff --git a/src/audit-logs/data/ghes-3.10/enterprise.json b/src/audit-logs/data/ghes-3.10/enterprise.json
index ef104ed88d99..f71834bce75b 100644
--- a/src/audit-logs/data/ghes-3.10/enterprise.json
+++ b/src/audit-logs/data/ghes-3.10/enterprise.json
@@ -39,6 +39,26 @@
"description": "A workflow run artifact was manually deleted.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "audit_log_streaming.check",
+ "description": "A manual check of the endpoint configured for audit log streaming was performed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.create",
+ "description": "An endpoint was added for audit log streaming.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.destroy",
+ "description": "An audit log streaming endpoint was deleted.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.update",
+ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "billing.change_billing_type",
"description": "The way the account pays for GitHub was changed.",
@@ -1166,7 +1186,7 @@
},
{
"action": "org.delete",
- "description": "An organization was deleted by a user-initiated background job.",
+ "description": "An organization was deleted by a user or staff.",
"docs_reference_links": "N/A"
},
{
@@ -1382,17 +1402,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.10/organization.json b/src/audit-logs/data/ghes-3.10/organization.json
index 0a4118af2988..8b24e21e4cbf 100644
--- a/src/audit-logs/data/ghes-3.10/organization.json
+++ b/src/audit-logs/data/ghes-3.10/organization.json
@@ -1247,17 +1247,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.11/enterprise.json b/src/audit-logs/data/ghes-3.11/enterprise.json
index fed264e5cb41..d8f4924cfa6d 100644
--- a/src/audit-logs/data/ghes-3.11/enterprise.json
+++ b/src/audit-logs/data/ghes-3.11/enterprise.json
@@ -39,6 +39,26 @@
"description": "A workflow run artifact was manually deleted.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "audit_log_streaming.check",
+ "description": "A manual check of the endpoint configured for audit log streaming was performed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.create",
+ "description": "An endpoint was added for audit log streaming.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.destroy",
+ "description": "An audit log streaming endpoint was deleted.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.update",
+ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "billing.change_billing_type",
"description": "The way the account pays for GitHub was changed.",
@@ -1211,7 +1231,7 @@
},
{
"action": "org.delete",
- "description": "An organization was deleted by a user-initiated background job.",
+ "description": "An organization was deleted by a user or staff.",
"docs_reference_links": "N/A"
},
{
@@ -1437,17 +1457,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.11/organization.json b/src/audit-logs/data/ghes-3.11/organization.json
index 24923e301b53..e451d6a2eeea 100644
--- a/src/audit-logs/data/ghes-3.11/organization.json
+++ b/src/audit-logs/data/ghes-3.11/organization.json
@@ -1352,17 +1352,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.12/enterprise.json b/src/audit-logs/data/ghes-3.12/enterprise.json
index fc82a48f2427..4d8068cec9cf 100644
--- a/src/audit-logs/data/ghes-3.12/enterprise.json
+++ b/src/audit-logs/data/ghes-3.12/enterprise.json
@@ -39,6 +39,26 @@
"description": "A workflow run artifact was manually deleted.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "audit_log_streaming.check",
+ "description": "A manual check of the endpoint configured for audit log streaming was performed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.create",
+ "description": "An endpoint was added for audit log streaming.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.destroy",
+ "description": "An audit log streaming endpoint was deleted.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.update",
+ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "billing.change_billing_type",
"description": "The way the account pays for GitHub was changed.",
@@ -1241,7 +1261,7 @@
},
{
"action": "org.delete",
- "description": "An organization was deleted by a user-initiated background job.",
+ "description": "An organization was deleted by a user or staff.",
"docs_reference_links": "N/A"
},
{
@@ -1467,17 +1487,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.12/organization.json b/src/audit-logs/data/ghes-3.12/organization.json
index 8dc6c7ff6e64..18ca16e0ba20 100644
--- a/src/audit-logs/data/ghes-3.12/organization.json
+++ b/src/audit-logs/data/ghes-3.12/organization.json
@@ -1417,17 +1417,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.13/enterprise.json b/src/audit-logs/data/ghes-3.13/enterprise.json
index a15c742bab27..727396680d8d 100644
--- a/src/audit-logs/data/ghes-3.13/enterprise.json
+++ b/src/audit-logs/data/ghes-3.13/enterprise.json
@@ -39,6 +39,26 @@
"description": "A workflow run artifact was manually deleted.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "audit_log_streaming.check",
+ "description": "A manual check of the endpoint configured for audit log streaming was performed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.create",
+ "description": "An endpoint was added for audit log streaming.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.destroy",
+ "description": "An audit log streaming endpoint was deleted.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.update",
+ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "billing.change_billing_type",
"description": "The way the account pays for GitHub was changed.",
@@ -1271,7 +1291,7 @@
},
{
"action": "org.delete",
- "description": "An organization was deleted by a user-initiated background job.",
+ "description": "An organization was deleted by a user or staff.",
"docs_reference_links": "N/A"
},
{
@@ -1497,17 +1517,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.13/organization.json b/src/audit-logs/data/ghes-3.13/organization.json
index 6a6f67ab3ea8..e7959eb1ec7f 100644
--- a/src/audit-logs/data/ghes-3.13/organization.json
+++ b/src/audit-logs/data/ghes-3.13/organization.json
@@ -1452,17 +1452,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json
index 9c8c349d795d..66e3b374ee68 100644
--- a/src/audit-logs/data/ghes-3.14/enterprise.json
+++ b/src/audit-logs/data/ghes-3.14/enterprise.json
@@ -39,6 +39,26 @@
"description": "A workflow run artifact was manually deleted.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "audit_log_streaming.check",
+ "description": "A manual check of the endpoint configured for audit log streaming was performed.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.create",
+ "description": "An endpoint was added for audit log streaming.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.destroy",
+ "description": "An audit log streaming endpoint was deleted.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "audit_log_streaming.update",
+ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "billing.change_billing_type",
"description": "The way the account pays for GitHub was changed.",
@@ -719,6 +739,41 @@
"description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.",
"docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners"
},
+ {
+ "action": "enterprise_team.add_member",
+ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "enterprise_team.copilot_assignment",
+ "description": "A license for GitHub Copilot was assigned to an enterprise team.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "enterprise_team.copilot_unassignment",
+ "description": "A license for GitHub Copilot was unassigned from an enterprise team.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "enterprise_team.create",
+ "description": "A new enterprise team was created.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "enterprise_team.destroy",
+ "description": "An enterprise team was deleted.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "enterprise_team.remove_member",
+ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "enterprise_team.rename",
+ "description": "The name of an enterprise team was changed.",
+ "docs_reference_links": "N/A"
+ },
{
"action": "environment.add_protection_rule",
"description": "A GitHub Actions deployment protection rule was created via the API.",
@@ -799,6 +854,16 @@
"description": "A user was removed from an external group.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "external_group.scim_api_failure",
+ "description": "Failed external group SCIM API request.",
+ "docs_reference_links": "/rest/scim/scim"
+ },
+ {
+ "action": "external_group.scim_api_success",
+ "description": "Successful external group SCIM API request. Excludes GET API requests.",
+ "docs_reference_links": "/rest/scim/scim"
+ },
{
"action": "external_group.unlink",
"description": "An external group was unlinked to a GitHub team.",
@@ -816,17 +881,27 @@
},
{
"action": "external_identity.deprovision",
- "description": "N/A",
+ "description": "An external identity was deprovisioned, suspending the linked GitHub user.",
"docs_reference_links": "N/A"
},
{
"action": "external_identity.provision",
- "description": "N/A",
+ "description": "An external identity was created and linked to a GitHub user.",
"docs_reference_links": "N/A"
},
+ {
+ "action": "external_identity.scim_api_failure",
+ "description": "Failed external identity SCIM API request.",
+ "docs_reference_links": "/rest/scim/scim"
+ },
+ {
+ "action": "external_identity.scim_api_success",
+ "description": "Successful external identity SCIM API request. Excludes GET API requests.",
+ "docs_reference_links": "/rest/scim/scim"
+ },
{
"action": "external_identity.update",
- "description": "N/A",
+ "description": "An external identity was updated.",
"docs_reference_links": "N/A"
},
{
@@ -1371,7 +1446,7 @@
},
{
"action": "org.delete",
- "description": "An organization was deleted by a user-initiated background job.",
+ "description": "An organization was deleted by a user or staff.",
"docs_reference_links": "N/A"
},
{
@@ -1584,6 +1659,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the organization level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "org.secret_scanning_push_protection_custom_message_disabled",
"description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.",
@@ -1607,17 +1702,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
@@ -2699,6 +2794,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the repository level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "repository_secret_scanning_push_protection.disable",
"description": "Secret scanning push protection was disabled for a repository.",
@@ -2771,18 +2886,18 @@
},
{
"action": "secret_scanning_push_protection_request.approve",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was approved by a user."
+ "description": "A request to bypass secret scanning push protection was approved by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.deny",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was denied by a user."
+ "description": "A request to bypass secret scanning push protection was denied by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.request",
- "description": "N/A",
- "docs_reference_links": "A user requested to bypass secret scanning push protection."
+ "description": "A user requested to bypass secret scanning push protection.",
+ "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line"
},
{
"action": "security_key.register",
@@ -3254,6 +3369,16 @@
"description": "N/A",
"docs_reference_links": "N/A"
},
+ {
+ "action": "user_email.confirm_claim",
+ "description": "An enterprise managed user claimed an email address.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "user_email.mark_as_unclaimed",
+ "description": "N/A",
+ "docs_reference_links": "An enterprise managed user unclaimed an email address."
+ },
{
"action": "user.enable_collaborators_only",
"description": "N/A",
diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json
index d4a4ebbc5965..4efd1492ca83 100644
--- a/src/audit-logs/data/ghes-3.14/organization.json
+++ b/src/audit-logs/data/ghes-3.14/organization.json
@@ -1474,6 +1474,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the organization level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "org_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the organization level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "org.secret_scanning_push_protection_custom_message_disabled",
"description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.",
@@ -1497,17 +1517,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
@@ -2759,6 +2779,26 @@
"description": "Secret scanning for non-provider patterns was enabled at the repository level.",
"docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns"
},
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.add",
+ "description": "A role or team was added to the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.disable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.enable",
+ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
+ {
+ "action": "repository_secret_scanning_push_protection_bypass_list.remove",
+ "description": "A role or team was removed from the push protection bypass list at the repository level.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection"
+ },
{
"action": "repository_secret_scanning_push_protection.disable",
"description": "Secret scanning push protection was disabled for a repository.",
@@ -2931,18 +2971,18 @@
},
{
"action": "secret_scanning_push_protection_request.approve",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was approved by a user."
+ "description": "A request to bypass secret scanning push protection was approved by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.deny",
- "description": "N/A",
- "docs_reference_links": "A request to bypass secret scanning push protection was denied by a user."
+ "description": "A request to bypass secret scanning push protection was denied by a user.",
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection"
},
{
"action": "secret_scanning_push_protection_request.request",
- "description": "N/A",
- "docs_reference_links": "A user requested to bypass secret scanning push protection."
+ "description": "A user requested to bypass secret scanning push protection.",
+ "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line"
},
{
"action": "sponsors.agreement_sign",
diff --git a/src/audit-logs/data/ghes-3.14/user.json b/src/audit-logs/data/ghes-3.14/user.json
index 3bf340376928..0bb45c86dfdb 100644
--- a/src/audit-logs/data/ghes-3.14/user.json
+++ b/src/audit-logs/data/ghes-3.14/user.json
@@ -1639,6 +1639,16 @@
"description": "N/A",
"docs_reference_links": "N/A"
},
+ {
+ "action": "user_email.confirm_claim",
+ "description": "An enterprise managed user claimed an email address.",
+ "docs_reference_links": "N/A"
+ },
+ {
+ "action": "user_email.mark_as_unclaimed",
+ "description": "N/A",
+ "docs_reference_links": "An enterprise managed user unclaimed an email address."
+ },
{
"action": "user.enable_collaborators_only",
"description": "N/A",
diff --git a/src/audit-logs/data/ghes-3.9/enterprise.json b/src/audit-logs/data/ghes-3.9/enterprise.json
index f71d3ee62e1d..278a7b8830ea 100644
--- a/src/audit-logs/data/ghes-3.9/enterprise.json
+++ b/src/audit-logs/data/ghes-3.9/enterprise.json
@@ -1342,17 +1342,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/data/ghes-3.9/organization.json b/src/audit-logs/data/ghes-3.9/organization.json
index f59c2d139716..af5ee3521633 100644
--- a/src/audit-logs/data/ghes-3.9/organization.json
+++ b/src/audit-logs/data/ghes-3.9/organization.json
@@ -1237,17 +1237,17 @@
{
"action": "org.secret_scanning_push_protection_enable",
"description": "Push protection for secret scanning was enabled.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_disable",
"description": "Push protection for secret scanning was disabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.secret_scanning_push_protection_new_repos_enable",
"description": "Push protection for secret scanning was enabled for all new repositories in the organization.",
- "docs_reference_links": "N/A"
+ "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations"
},
{
"action": "org.self_hosted_runner_offline",
diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json
index 7f62a404215d..c7385d962e1d 100644
--- a/src/audit-logs/lib/config.json
+++ b/src/audit-logs/lib/config.json
@@ -3,5 +3,5 @@
"apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
"apiRequestEvent": "This event is only available via audit log streaming."
},
- "sha": "86b3e409fe156bcd81eacdb9cb87feba02400072"
+ "sha": "34d03f4ac75933813cdf729e0080334adb1f61ca"
}
\ No newline at end of file
diff --git a/src/automated-pipelines/README.md b/src/automated-pipelines/README.md
index 0695175015bb..4f90f6b57ef2 100644
--- a/src/automated-pipelines/README.md
+++ b/src/automated-pipelines/README.md
@@ -10,10 +10,12 @@ Automated pages allow for manually created content to be prepended to the automa
## What automation pipelines are available
+- [Audit Logs](../audit-logs/README.md)
- [CodeQL CLI](../codeql-cli/README.md)
- [GitHub Apps](../github-apps/README.md)
- [GraphQL](../graphql/README.md)
- [REST](../rest/README.md)
+- [Secret Scanning](../secret-scanning/README.md)
- [Webhooks](../webhooks/README.md)
## How does it work
@@ -48,4 +50,4 @@ When creating a new pipeline, the source data that is being consumed may not hav
Slack: `#docs-engineering`
Repo: `github/docs-engineering`
-If you have a question about automation pipelines, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with one of the automation pipelines, you can open an issue in the `github/docs-engineering` repository.
\ No newline at end of file
+If you have a question about automation pipelines, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with one of the automation pipelines, you can open an issue in the `github/docs-engineering` repository.
diff --git a/src/automated-pipelines/lib/update-markdown.js b/src/automated-pipelines/lib/update-markdown.js
index f7a9f55822e0..ba9a13e34c7c 100644
--- a/src/automated-pipelines/lib/update-markdown.js
+++ b/src/automated-pipelines/lib/update-markdown.js
@@ -310,6 +310,10 @@ async function getIndexFileVersions(directory, files) {
`File ${filepath} does not exist while assembling directory index.md files to create parent version.`,
)
}
+ // If not a markdown(x) file, skip it
+ if (!file.endsWith('.md') && !file.endsWith('.mdx')) {
+ return
+ }
const { data } = matter(await readFile(filepath, 'utf-8'))
if (!data || !data.versions) {
throw new Error(`Frontmatter in ${filepath} does not contain versions.`)
diff --git a/src/code-scanning/scripts/generate-code-scanning-query-list.ts b/src/code-scanning/scripts/generate-code-scanning-query-list.ts
index b19f85c3fe66..e27e5ce887df 100644
--- a/src/code-scanning/scripts/generate-code-scanning-query-list.ts
+++ b/src/code-scanning/scripts/generate-code-scanning-query-list.ts
@@ -58,28 +58,6 @@ import { program } from 'commander'
import { getSupportedQueries } from '@github/cocofix/dist/querySuites.js' // eslint-disable-line import/no-extraneous-dependencies
import { type Language } from '@github/cocofix/dist/codeql' // eslint-disable-line import/no-extraneous-dependencies
-/**
- * The list of languages for which autofix support has (publicly) shipped.
- *
- * We don't want to add documentation about autofix support for languages that have not shipped.
- *
- * Note that this is conceptually different from the list of languages for which we support autofix:
- * some languages are supported, but only staff-shipped internally (currently, `go` and `ruby`).
- *
- * Supporting a language is a technical decision, and reflected in the list of supported queries
- * returned by `getSupportedQueries`. Shipping a language, on the other hand, is a product decision,
- * and is implemented by a feature flag in the monolith, so we cannot easily check it here.
- *
- * Instead we hard-code the list of shipped languages here and manually keep it in sync with
- * https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#supported-languages.
- * This sounds worse than it is, since CodeQL only supports a total of eight languages
- * and we are on track to ship autofix support for all of them in the next few months.
- *
- * Note that we never publicly ship a language for which we don't have autofix support, so if a language
- * has been shipped, we know for sure that it is supported.
- */
-const AUTOFIX_SHIPPED_LANGUAGES = ['csharp', 'java', 'javascript', 'python', 'go', 'ruby', 'cpp']
-
program
.description('Generate a reusable Markdown for for a code scanning query language')
.option('--verbose', 'Verbose outputs')
@@ -213,20 +191,20 @@ async function main(options: Options, language: string) {
return a.name.localeCompare(b.name)
})
- // Omit the 'Autofix' column if the language has not been shipped
- const includeAutofix = AUTOFIX_SHIPPED_LANGUAGES.includes(language)
- console.warn(`${includeAutofix ? 'Including' : 'Excluding'} 'Autofix' column for ${language}`)
- printQueries(options, entries, includeAutofix)
+ printQueries(options, entries)
}
-function printQueries(options: Options, queries: QueryExtended[], includeAutofix: boolean) {
+function printQueries(options: Options, queries: QueryExtended[]) {
const markdown: string[] = []
markdown.push('{% rowheaders %}')
markdown.push('') // blank line
- const header = ['Query name', 'Related CWEs', 'Default', 'Extended']
- if (includeAutofix) {
- header.push('Autofix')
- }
+ const header = [
+ 'Query name',
+ 'Related CWEs',
+ 'Default',
+ 'Extended',
+ '{% data variables.product.prodname_copilot_autofix_short %}',
+ ]
markdown.push(`| ${header.join(' | ')} |`)
markdown.push(`| ${header.map(() => '---').join(' | ')} |`)
@@ -238,10 +216,7 @@ function printQueries(options: Options, queries: QueryExtended[], includeAutofix
const defaultIcon = query.inDefault ? includedOcticon : notIncludedOcticon
const extendedIcon = query.inExtended ? includedOcticon : notIncludedOcticon
const autofixIcon = query.inAutofix ? includedOcticon : notIncludedOcticon
- const row = [markdownLink, query.cwes.join(', '), defaultIcon, extendedIcon]
- if (includeAutofix) {
- row.push(autofixIcon)
- }
+ const row = [markdownLink, query.cwes.join(', '), defaultIcon, extendedIcon, autofixIcon]
markdown.push(`| ${row.join(' | ')} |`)
}
markdown.push('') // blank line
diff --git a/src/codeql-cli/README.md b/src/codeql-cli/README.md
index e7840ae96a54..4ff82fd898ed 100644
--- a/src/codeql-cli/README.md
+++ b/src/codeql-cli/README.md
@@ -24,9 +24,9 @@ To run the CodeQL CLI pipeline locally:
## About this directory
-- `src/rest/lib/config.json` - A configuration file used to specify metadata about the REST pipeline.
-- `src/rest/scripts` - The scripts and source code used run the CodeQL CLI pipeline.
- - `src/rest/scripts/sync.js` - The entrypoint script that runs the CodeQL CLI pipeline.
+- `src/codeql-cli/lib/config.json` - A configuration file used to specify metadata about the CodeQL CLI pipeline.
+- `src/codeql-cli/scripts` - The scripts and source code used run the CodeQL CLI pipeline.
+ - `src/codeql-cli/scripts/sync.js` - The entrypoint script that runs the CodeQL CLI pipeline.
## Content team
diff --git a/src/content-linter/lib/helpers/unified-formatter-options.js b/src/content-linter/lib/helpers/unified-formatter-options.js
index ecbd2d60b3c5..d5efae175118 100644
--- a/src/content-linter/lib/helpers/unified-formatter-options.js
+++ b/src/content-linter/lib/helpers/unified-formatter-options.js
@@ -1,5 +1,5 @@
export const MARKDOWN_OPTIONS = {
- bullet: '-',
+ bullet: '*',
emphasis: '_',
closeAtx: false,
fence: '`',
diff --git a/src/content-linter/lib/linting-rules/index.js b/src/content-linter/lib/linting-rules/index.js
index 3329ab7a73e0..c03fc534b1f6 100644
--- a/src/content-linter/lib/linting-rules/index.js
+++ b/src/content-linter/lib/linting-rules/index.js
@@ -29,6 +29,7 @@ import { liquidIfTags, liquidIfVersionTags, liquidIfVersionVersions } from './li
import { raiReusableUsage } from './rai-reusable-usage.js'
import { imageNoGif } from './image-no-gif.js'
import { expiredContent, expiringSoon } from './expired-content.js'
+import { tableLiquidVersioning } from './table-liquid-versioning.js'
const noDefaultAltText = markdownlintGitHub.find((elem) =>
elem.names.includes('no-default-alt-text'),
@@ -73,5 +74,6 @@ export const gitHubDocsMarkdownlint = {
imageNoGif,
expiredContent,
expiringSoon,
+ tableLiquidVersioning,
],
}
diff --git a/src/content-linter/lib/linting-rules/table-liquid-versioning.js b/src/content-linter/lib/linting-rules/table-liquid-versioning.js
new file mode 100644
index 000000000000..fe32d02abcb6
--- /dev/null
+++ b/src/content-linter/lib/linting-rules/table-liquid-versioning.js
@@ -0,0 +1,83 @@
+import { addError, filterTokens } from 'markdownlint-rule-helpers'
+
+// Detects a Markdown table delimiter row
+const delimiterRegexPure = /(\s)*(:)?(-+)(:)?(\s)*(\|)/
+// Detects a Markdown table delimiter row with a Liquid tag
+const delimiterRegex = /(\s)*(:)?(-+)(:)?(\s)*(\|).*({%.*(ifversion|else|endif).*%})/
+// Detects a Liquid versioning tag
+const liquidRegex = /^{%-?\s*(ifversion|else|endif).*-?%}/
+// Detects a Markdown table row with a Liquid versioning tag
+const liquidAfterRowRegex = /(\|{1}).*(\|{1}).*{%\s*(ifversion|else|endif).*%}$/
+
+export const tableLiquidVersioning = {
+ names: ['GHD040', 'table-liquid-versioning'],
+ description: 'Tables must use the correct liquid versioning format',
+ severity: 'error',
+ tags: ['tables'],
+ information: new URL('https://github.com/github/docs/blob/main/src/content-linter/README.md'),
+ function: function GHD040(params, onError) {
+ const lines = params.lines
+ let inTable = false
+ for (let i = 0; i < lines.length; i++) {
+ const line = lines[i]
+
+ if (inTable && (!line || isPreviousLineIndented(lines[i], lines[i - 1]))) {
+ inTable = false
+ continue
+ }
+
+ if (delimiterRegexPure.test(line)) {
+ // A table with rows is at least 3 lines
+ if (lines[i - 1] && lines[i + 1]) {
+ inTable = true
+ if (liquidAfterRowRegex.test(lines[i - 1])) {
+ addError(
+ onError,
+ i,
+ 'Liquid conditionals that version rows of data should be placed on their own line in the format `| {% ifversion enterprise %} |`.',
+ lines[i - 1],
+ null,
+ )
+ }
+ if (delimiterRegex.test(line)) {
+ addError(
+ onError,
+ i + 1,
+ 'Liquid conditionals that version rows of data should be placed on their own line in the format `| {% ifversion enterprise %} |`.',
+ line,
+ null,
+ )
+ }
+ continue
+ }
+ }
+ if (inTable) {
+ if (liquidRegex.test(line)) {
+ addError(
+ onError,
+ i + 1,
+ 'Liquid conditionals that version rows of data should be placed on their own line in the format `| {% ifversion enterprise %} |`. If the conditional is on its own line but is not related to the table, ensure there is one new line beween a Liquid version tag and the table.',
+ line,
+ null,
+ )
+ }
+ if (liquidAfterRowRegex.test(line)) {
+ addError(
+ onError,
+ i + 1,
+ 'Liquid conditionals that version rows of data should be placed on their own line in the format `| {% ifversion enterprise %} |`.',
+ line,
+ null,
+ )
+ }
+ }
+ }
+ },
+}
+
+function isPreviousLineIndented(line, previousLine) {
+ if (!line || !previousLine) return false
+ const numWhitespaceLine = line.length - line.trimLeft().length
+ const numWhitespacePrevLine = previousLine.length - previousLine.trimLeft().length
+ return numWhitespaceLine < numWhitespacePrevLine
+}
diff --git a/src/content-linter/scripts/find-unsed-variables.ts b/src/content-linter/scripts/find-unsed-variables.ts
new file mode 100644
index 000000000000..0e78e03d1ffc
--- /dev/null
+++ b/src/content-linter/scripts/find-unsed-variables.ts
@@ -0,0 +1,149 @@
+/**
+ * This script iterates over all pages and all reusables and looks for
+ * mentions of variables in Liquid syntax. For example,
+ *
+ * ---
+ * title: '{% data variables.product.prodname_mobile %} is cool'
+ * shortTitle: '{% data variables.product.prodname_mobile %}'
+ * ---
+ *
+ * This also mentions {% data variables.product.prodname_ios %}
+ *
+ * So in this case, we *know* that `prodname_mobile` and
+ * `prodname_ios` inside `data/variables/product.yml` is definitely used.
+ * So that variable won't be mentioned as unused.
+ *
+ */
+import fs from 'fs'
+import yaml from 'js-yaml'
+
+import { program } from 'commander'
+
+import { loadPages, loadUnversionedTree } from '@/frame/lib/page-data.js'
+import { TokenizationError } from 'liquidjs'
+
+import readFrontmatter from '@/frame/lib/read-frontmatter.js'
+import { getLiquidTokens } from '@/content-linter/lib/helpers/liquid-utils.js'
+import walkFiles from '@/workflows/walk-files.js'
+
+program
+ .description('Finds unused variables in frontmatter, content, and reusables')
+ .option('-o, --output-file ', 'path to output file', 'stdout')
+ .option('--json', 'serialize output in JSON')
+ .option('--markdown', 'serialize output as a Markdown comment')
+ .parse(process.argv)
+
+type Options = {
+ outputFile: string
+ json?: boolean
+ markdown?: boolean
+}
+main(program.opts())
+
+async function main(options: Options) {
+ const variables = getVariables()
+ const pages = await getPages()
+ for (const page of pages) {
+ try {
+ const filePath = page.fullPath
+ const fileContent = fs.readFileSync(filePath, 'utf-8')
+ const { content, data } = readFrontmatter(fileContent)
+ const title = (data && data.title) || ''
+ const shortTitle = (data && data.shortTitle) || ''
+ const intro = (data && data.intro) || ''
+ for (const string of [content, title, shortTitle, intro]) {
+ checkString(string, variables)
+ }
+ } catch (err) {
+ if (err instanceof Error && 'code' in err && err.code === 'ENOENT') continue
+ throw err
+ }
+ }
+ for (const filePath of getReusableFiles()) {
+ const fileContent = fs.readFileSync(filePath, 'utf-8')
+ checkString(fileContent, variables)
+ }
+
+ const { outputFile, json } = options
+ if (!outputFile || outputFile === 'stdout') {
+ if (json) {
+ console.log(JSON.stringify(Object.fromEntries(variables), null, 2))
+ } else {
+ console.log(variables)
+ }
+ } else if (options.markdown) {
+ let output = ''
+ const keys = Array.from(variables.values()).sort()
+ if (keys.length > 0) {
+ output += `There are ${variables.size} unused variables.\n\n`
+ output += '| Variable | File |\n'
+ output += '| --- | --- |\n'
+ for (const key of keys) {
+ output += `| ${key} | ${variables.get(key)} |\n`
+ }
+ output += `\nThis comment was generated by the \`find-unused-variables\` script.\n`
+ }
+ if (outputFile && output) {
+ fs.writeFileSync(outputFile, output, 'utf-8')
+ } else if (output) {
+ console.log(output)
+ }
+ } else {
+ if (json || outputFile.endsWith('.json')) {
+ fs.writeFileSync(outputFile, JSON.stringify(Object.fromEntries(variables), null, 2), 'utf-8')
+ } else {
+ let output = ''
+ for (const [key, value] of variables) {
+ output += `${key} in ${value}\n`
+ }
+ fs.writeFileSync(outputFile, output, 'utf-8')
+ }
+ }
+}
+
+function getVariables(): Map {
+ const variables = new Map()
+ for (const filePath of walkFiles('data/variables', '.yml')) {
+ const dottedPathBase =
+ 'variables.' + filePath.replace('data/variables/', '').replace('.yml', '').replace(/\//g, '.')
+ const data = yaml.load(fs.readFileSync(filePath, 'utf-8')) as Record
+ for (const key of Object.keys(data)) {
+ const dottedPath = dottedPathBase + '.' + key
+ variables.set(dottedPath, filePath)
+ }
+ }
+ return variables
+}
+
+async function getPages() {
+ const unversionedTree = await loadUnversionedTree([])
+ const pageList = await loadPages(unversionedTree)
+ return pageList
+}
+
+function getReusableFiles(root = 'data') {
+ const here: string[] = []
+ for (const file of fs.readdirSync(root)) {
+ const filePath = `${root}/${file}`
+ if (fs.statSync(filePath).isDirectory()) {
+ here.push(...getReusableFiles(filePath))
+ } else if (file.endsWith('.md') && file !== 'README.md') {
+ here.push(filePath)
+ }
+ }
+ return here
+}
+
+function checkString(string: string, variables: Map) {
+ try {
+ for (const token of getLiquidTokens(string)) {
+ if (token.name === 'data') {
+ const { args } = token
+ variables.delete(args)
+ }
+ }
+ } catch (err) {
+ if (err instanceof TokenizationError) return
+ throw err
+ }
+}
diff --git a/src/content-linter/scripts/pretty-print-results.js b/src/content-linter/scripts/pretty-print-results.js
index 2d2147c885b5..fb938cfcea6c 100644
--- a/src/content-linter/scripts/pretty-print-results.js
+++ b/src/content-linter/scripts/pretty-print-results.js
@@ -75,10 +75,10 @@ export function prettyPrintResults(results, { fixed = false } = {}) {
ruleNames,
chalk.dim(indentWrappedString(result.ruleDescription, ruleNames.length)),
)
- if (!distinctDetails) {
+ if (!distinctDetails && result.errorDetail) {
console.log(
label('Detail'),
- `${indentWrappedString(result.errorDetail?.replace(/\n/g, ' ').trim(), PREFIX_PADDING.length * 8)}`,
+ `${indentWrappedString(result.errorDetail.replace(/\n/g, ' ').trim(), PREFIX_PADDING.length * 8)}`,
)
}
@@ -93,11 +93,11 @@ export function prettyPrintResults(results, { fixed = false } = {}) {
if (isNumber(result.columnNumber) && result.columnNumber !== 1) {
position += ` (col ${chalk.yellow(result.columnNumber)})`
}
- if (distinctDetails) {
+ if (distinctDetails && result.errorDetail) {
console.log(
label('Detail'),
indentWrappedString(
- result.errorDetail?.replace(/\n/g, ' ').trim(),
+ result.errorDetail.replace(/\n/g, ' ').trim(),
PREFIX_PADDING.length * 8,
),
)
diff --git a/src/content-linter/style/github-docs.js b/src/content-linter/style/github-docs.js
index 7462dec8e39f..c1e9a8ef0579 100644
--- a/src/content-linter/style/github-docs.js
+++ b/src/content-linter/style/github-docs.js
@@ -150,6 +150,11 @@ const githubDocsConfig = {
severity: 'warning',
'partial-markdown-files': true,
},
+ 'table-liquid-versioning': {
+ // GH040
+ severity: 'error',
+ 'partial-markdown-files': true,
+ },
}
export const githubDocsFrontmatterConfig = {
diff --git a/src/content-linter/tests/category-pages.ts b/src/content-linter/tests/category-pages.ts
index 91c9f3fb023b..b6c95c9909ed 100644
--- a/src/content-linter/tests/category-pages.ts
+++ b/src/content-linter/tests/category-pages.ts
@@ -141,7 +141,7 @@ describe.skip('category pages', () => {
}
await contextualize(req as ExtendedRequest, res as Response, next)
- await shortVersions(req, res, next)
+ await shortVersions(req as ExtendedRequest, res as Response, next)
// Save the index title for later testing
indexTitle = data.title.includes('{')
diff --git a/src/content-linter/tests/fixtures/tables.md b/src/content-linter/tests/fixtures/tables.md
new file mode 100644
index 000000000000..bb0b30c2b046
--- /dev/null
+++ b/src/content-linter/tests/fixtures/tables.md
@@ -0,0 +1,59 @@
+---
+title: Examples of tables in Markdown
+descriptions: Examples of tables in Markdown
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+---
+
+## Good
+
+| Package manager | Languages | Recommended formats | All supported formats |
+| --- | --- | --- | ---|
+| {% ifversion volvo %} |
+| Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` |
+| {% endif %} |
+
+| Package manager | Languages | Recommended formats | All supported formats |
+| --- | --- | --- | ---|
+| {%- ifversion volvo %} |
+| Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` |
+| {%- endif %} |
+
+{% ifversion volvo %}
+
+1. This is a list with a table
+ | Package manager | Languages | Recommended formats | All supported formats |
+ | --- | --- | --- | ---|
+ | {%- ifversion volvo %} |
+ | Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` |
+ | {%- endif %} |
+{% endif %}
+
+## Bad
+
+| Package manager | Languages | Recommended formats | All supported formats |
+| --- | --- | --- | ---|
+{%- ifversion volvo %}
+| Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` |
+{%- endif %}
+
+| Package manager | Languages | Recommended formats | All supported formats |
+| --- | --- | --- | ---|{% ifversion volvo %}
+| Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` |{% endif %}
+
+{% ifversion volvo %}
+
+| Package manager | Languages | Recommended formats | All supported formats |
+| --- | --- | --- | ---|
+| Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` |
+{% endif %}
+
+Package manager | Languages | Recommended formats | All supported formats {% ifversion fpt %}
+:- | :- | :- | :-{% endif %}{% ifversion volvo %}
+Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock` {% endif %}
+
+| Package manager | Languages | Recommended formats | All supported formats | {% ifversion fpt %}
+| :- | :- | :- | :-|{% endif %}{% ifversion volvo %}
+|Cargo | Rust | `Cargo.lock` | `Cargo.toml`, `Cargo.lock`| {% endif %}
diff --git a/src/content-linter/tests/unit/table-liquid-versioning.js b/src/content-linter/tests/unit/table-liquid-versioning.js
new file mode 100644
index 000000000000..6a56534ef9d8
--- /dev/null
+++ b/src/content-linter/tests/unit/table-liquid-versioning.js
@@ -0,0 +1,17 @@
+import { describe, expect, test } from 'vitest'
+
+import { runRule } from '../../lib/init-test.js'
+import { tableLiquidVersioning } from '../../lib/linting-rules/table-liquid-versioning.js'
+
+const FIXTURE_FILEPATH = 'src/content-linter/tests/fixtures/tables.md'
+
+describe(tableLiquidVersioning.names.join(' - '), () => {
+ test('non-early access file with early access references fails', async () => {
+ const result = await runRule(tableLiquidVersioning, { files: [FIXTURE_FILEPATH] })
+ const errors = result[FIXTURE_FILEPATH]
+ expect(errors.length).toBe(11)
+ const lineNumbers = errors.map((error) => error.lineNumber)
+ const expectedErrorLines = [38, 40, 43, 44, 51, 53, 54, 55, 57, 58, 59]
+ expect(JSON.stringify(lineNumbers)).toEqual(JSON.stringify(expectedErrorLines))
+ })
+})
diff --git a/src/content-render/scripts/all-documents/lib.ts b/src/content-render/scripts/all-documents/lib.ts
index 6fc5514dc45d..c6553fe52c05 100644
--- a/src/content-render/scripts/all-documents/lib.ts
+++ b/src/content-render/scripts/all-documents/lib.ts
@@ -2,10 +2,10 @@ import type { Response } from 'express'
import type { ExtendedRequest, Page } from '@/types'
import contextualize from '@/frame/middleware/context/context'
-import features from '@/versions/middleware/features.js'
+import features from '@/versions/middleware/features'
import shortVersions from '@/versions/middleware/short-versions.js'
-import warmServer from '@/frame/lib/warm-server.js'
+import warmServer from '@/frame/lib/warm-server'
export const POSSIBLE_FIELDS = ['title', 'shortTitle', 'intro', 'url']
@@ -66,9 +66,9 @@ export async function allDocuments(options: Options): Promise {
}
await contextualize(req as ExtendedRequest, res as Response, next)
- await shortVersions(req, res, next)
+ await shortVersions(req as ExtendedRequest, res as Response, next)
req.context.page = page
- await features(req, res, next)
+ features(req as any, res as any, next)
const title = fields.includes('title')
? await page.renderProp('title', req.context, { textOnly: true })
diff --git a/src/content-render/scripts/reusables-cli.ts b/src/content-render/scripts/reusables-cli.ts
new file mode 100644
index 000000000000..0d5990b953cd
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli.ts
@@ -0,0 +1,71 @@
+// Usage: npm run reusables -- --help
+// Usage: npm run reusables -- find used accounts/create-account.md
+// Usage: npm run reusables -- find unused accounts/create-account.md
+// Usage: npm run reusables -- find any-unused
+// Usage: npm run reusables -- find top-used
+
+import { Command } from 'commander'
+import { findTopUsed, findUsed } from './reusables-cli/find/used'
+import { findPotentialUses } from './reusables-cli/find/potential-uses'
+import { findUnused } from './reusables-cli/find/unused'
+
+const defaultSimilarityThreshold = 10000
+const defaultTopUsedCount = 10
+const absolutePathDescription = 'Show absolute paths in output instead of relative path to repo'
+
+const program = new Command()
+
+program
+ .name('reusables-helper-cli')
+ .description('Tools to help with reusable Docs content snippets')
+
+const findCommand = program.command('find')
+
+findCommand
+ .command('used')
+ .description('Find all content files that use a specific reusable.')
+ .argument(
+ '',
+ 'Path to the reusable file relative to content/data/reusables, e.g. "accounts/create-account.md".',
+ )
+ .option('-a --absolute', absolutePathDescription, false)
+ .action(findUsed)
+
+findCommand
+ .command('top-used')
+ .description('Find the top x most used reusables.')
+ .argument(
+ '[number-of-most-used-to-find]',
+ 'Number of most used reusables to find.',
+ defaultTopUsedCount,
+ )
+ .option('-a --absolute', absolutePathDescription, false)
+ .action(findTopUsed)
+
+findCommand
+ .command('unused')
+ .description(
+ 'Find all reusables that are not used in any content files. WARNING: This command may take a long time to run.',
+ )
+ .option('-a --absolute', absolutePathDescription, false)
+ .action(findUnused)
+
+findCommand
+ .command('potential-uses')
+ .option(
+ '-s, --similar',
+ 'Find files where contents loosely matches a reusable instead of an exact match.',
+ )
+ .option(
+ '-t, --threshold ',
+ 'Similarity threshold for similar reusables. e.g. 10000. This requires the --similar flag and some experimentation to find a useful value.',
+ parseFloat,
+ defaultSimilarityThreshold,
+ )
+ .option('-a --absolute', absolutePathDescription, false)
+ .description(
+ 'Find all content files that could use any reusables, but do not. WARNING: This command may take a long time to run.',
+ )
+ .action(findPotentialUses)
+
+program.parse()
diff --git a/src/content-render/scripts/reusables-cli/README.md b/src/content-render/scripts/reusables-cli/README.md
new file mode 100644
index 000000000000..9e492e1ab8b3
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli/README.md
@@ -0,0 +1,132 @@
+# Reusables CLI
+
+Helpful CLI tool for making it easier to work with `data/reusables`.
+
+Helps find where reusables are already used, and where they could be used.
+
+## Usage
+
+`npm run reusables -- --help` to see commands
+
+## Commands:
+
+`npm run reusables --`:
+
+- [find used ](#command-npm-run-reusables-cli----find-used-reusable-path)
+- [find top-used [number-of-most-used-to-find]](#command-npm-run-reusables-cli----find-top-used-number-of-most-used-to-find)
+- [find unused](#command-npm-run-reusables-cli----find-unused)
+- [find potential-uses](#command-npm-run-reusables-cli----find-potential-uses)
+
+
+### Command: `npm run reusables -- find used `
+
+Find where a specific reusable is used
+
+#### Example
+
+`npm run reusables -- find used copilot/signup-procedure.md`
+
+```
+Searching for content files that use data/reusables/copilot/signup-procedure.md...
+
+Found 2 files that use data/reusables/copilot/signup-procedure.md.
+
+In content/billing/managing-billing-for-github-copilot/managing-your-github-copilot-individual-subscription.md on:
+ Line 35
+
+In content/copilot/quickstart.md on:
+ Line 29
+```
+
+### Command: `npm run reusables -- find top-used [number-of-most-used-to-find]`
+
+Find top X (default 10) most used reusables and the number of times they are used.
+
+#### Example
+
+`npm run reusables -- find top-used 5`
+
+```
+Searching for the top 5 most used reusables...
+0/3225 reusables checked...
+100/3225 reusables checked...
+(etc, etc)
+3225/3225 reusables checked...
+
+Top 5 most used reusables:
+#1. 318 uses of data/reusables/repositories/navigate-to-repo.md
+#2. 286 uses of data/reusables/profile/access_org.md
+#3. 212 uses of data/reusables/enterprise-accounts/access-enterprise.md
+#4. 193 uses of data/reusables/profile/org_settings.md
+#5. 171 uses of data/reusables/actions/action-checkout.md
+```
+
+### Command: `npm run reusables -- find unused`
+
+Find which reusables aren't used in any content files.
+
+This will take ~10+ minutes to run locally. You will be updated at each 5% interval.
+
+#### Example
+
+`npm run reusables -- find unused`
+
+```
+Searching 6468 files and 3225 reusables...
+Progress: 5% done
+Progress: 10% done
+Progress: 15% done
+
+...
+
+Found 111 unused reusables:
+data/reusables/actions/action-labeler.md
+data/reusables/actions/actions-audit-events-for-enterprise.md
+data/reusables/actions/actions-audit-events-workflow.md
+data/reusables/actions/cache-no-org-policy.md
+data/reusables/actions/configure-runner-group-access.md
+...
+```
+
+### Command: `npm run reusables -- find potential-uses`
+
+Find which files that reusables might be used in.
+
+The command does this by searching every `content/` & `data/` file for strings that match every reusable that isn't ignored in `src/content-render/scripts/reusables-cli/ignore-reusables.ts`.
+
+#### Example
+
+`npm run reusables -- find potential-uses`
+
+```
+Searching 6468 files for potential reusable use...
+0/3225 reusables checked...
+100/3225 reusables checked...
+(etc, etc)
+3223/3225 reusables checked...
+
+Found 13 files that could use reusables.
+
+Reusable data/reusables/actions/action-labeler.md can be used
+In content/actions/using-workflows/reusing-workflows.md on:
+ Line 146
+ Line 188
+
+(cont.)
+```
+
+#### Ignoring reusables
+
+Some reusables might not make sense to "reuse" everywhere they could be reused. For instance, at the time of writing there is a reusable that is just the number "30" which shows up in certain files, but doesn't make sense to be replaced with a reusable.
+
+In these cases you can skip these reusables from being checked by the `find potential-uses` command by adding their paths to the array in [src/content-render/scripts/reusables-cli/ignore-reusables.ts](./ignore-unused-reusables.ts)
+
+#### Similarity search
+
+This may or may not be a useful search. It does a looser search to find places where the reusable _may_ be usable. You can include this type of search with the `-s` flag. You can alter the "threshold" used by the scoring algorithm to show more (higher number) or less (lower number) potential results with the `-t` flag.
+
+The threshold is a number that finds how similar the words in the reusable are to the words in a given article.
+
+A good default threshold number is `15000`. You can experiment with a higher/lower number if you aren't getting good results.
+
+e.g. `npm run reusables -- find potential-uses -s -t 15000`
diff --git a/src/content-render/scripts/reusables-cli/find/potential-uses.ts b/src/content-render/scripts/reusables-cli/find/potential-uses.ts
new file mode 100644
index 000000000000..cb423a475038
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli/find/potential-uses.ts
@@ -0,0 +1,99 @@
+import fs from 'fs'
+import {
+ FilesWithLineNumbers,
+ FilesWithSimilarity,
+ findIndicesOfSubstringInString,
+ findSimilarSubStringInString,
+ getAllContentFilePaths,
+ getAllReusablesFilePaths,
+ getRelativeReusablesPath,
+ printFindsWithLineNumbers,
+} from '../shared'
+import { reusablesToIgnore } from '../ignore-reusables'
+
+export function findPotentialUses({
+ similar,
+ threshold,
+ absolute,
+}: {
+ similar?: boolean
+ threshold: number
+ absolute: boolean
+}) {
+ const reusableFiles = getAllReusablesFilePaths()
+ const allFilePaths = getAllContentFilePaths()
+
+ const filesThatCouldUseReusable: FilesWithLineNumbers = []
+ const filesThatCouldUseReusableSimilar: FilesWithSimilarity = []
+
+ // Read all content & data files into memory
+ const allFileContents = allFilePaths.map((filePath) => {
+ return {
+ filePath,
+ fileContents: fs.readFileSync(filePath, 'utf-8'),
+ }
+ })
+
+ console.log(`Searching ${allFileContents.length} files for potential reusable use...`)
+ if (similar) {
+ console.log('Using similarity search, this may take a while...')
+ }
+
+ let reusableCount = 0
+ let reusableContents
+ for (const reusableFilePath of reusableFiles) {
+ reusableContents = fs.readFileSync(reusableFilePath, 'utf-8')
+
+ const reusableRelativeFilePath = getRelativeReusablesPath(reusableFilePath)
+ if (!reusableContents.trim()) {
+ if (!absolute) {
+ console.log(`Skipping empty reusable file: ${reusableRelativeFilePath}`)
+ } else {
+ console.log(`Skipping empty reusable file: ${reusableFilePath}`)
+ }
+ continue
+ }
+
+ if (reusablesToIgnore.includes(reusableRelativeFilePath)) {
+ continue
+ }
+
+ if (reusableCount % 100 === 0) {
+ console.log(`${reusableCount}/${reusableFiles.length} reusables checked...`)
+ }
+ reusableCount += 1
+
+ for (const { filePath, fileContents } of allFileContents) {
+ // Skip the reusable file itself
+ if (filePath === reusableFilePath) continue
+
+ const indices = findIndicesOfSubstringInString(reusableContents.trim(), fileContents)
+ if (indices.length > 0) {
+ // Find line numbers of each index in fileContents
+ const lineNumbers = indices.map((index) => fileContents.slice(0, index).split('\n').length)
+
+ filesThatCouldUseReusable.push({
+ filePath,
+ lineNumbers,
+ reusableFile: reusableFilePath,
+ })
+ }
+
+ if (similar) {
+ const similarityScore = findSimilarSubStringInString(reusableContents.trim(), fileContents)
+ if (similarityScore > threshold) {
+ filesThatCouldUseReusableSimilar.push({
+ filePath,
+ similarityScore,
+ reusableFile: reusableFilePath,
+ })
+ }
+ }
+ }
+ }
+
+ console.log(`${reusableCount}/${reusableFiles.length} reusables checked...`)
+
+ console.log(`\nFound ${filesThatCouldUseReusable.length} files that could use reusables.`)
+ printFindsWithLineNumbers(absolute, filesThatCouldUseReusable)
+}
diff --git a/src/content-render/scripts/reusables-cli/find/unused.ts b/src/content-render/scripts/reusables-cli/find/unused.ts
new file mode 100644
index 000000000000..7d2dc342f500
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli/find/unused.ts
@@ -0,0 +1,54 @@
+import fs from 'fs'
+import path from 'path'
+import { getLiquidTokens } from '@/content-linter/lib/helpers/liquid-utils.js'
+import {
+ getAllContentFilePaths,
+ getAllReusablesFilePaths,
+ getRelativeReusablesPath,
+ resolveReusablePath,
+} from '../shared'
+
+export function findUnused({ absolute }: { absolute: boolean }) {
+ const reusableFilePaths = getAllReusablesFilePaths()
+ const allFilePaths = getAllContentFilePaths()
+
+ const usedReusables = new Set()
+ const totalFiles = allFilePaths.length
+ let lastLoggedPercent = 0
+
+ console.log(`Searching ${totalFiles} files and ${reusableFilePaths.length} reusables...`)
+
+ for (let i = 0; i < totalFiles; i++) {
+ const filePath = allFilePaths[i]
+ const fileContents = fs.readFileSync(filePath, 'utf-8')
+ const liquidTokens = getLiquidTokens(fileContents)
+ for (const token of liquidTokens) {
+ const { args, name } = token
+ if (name === 'data' && args.startsWith('reusables.')) {
+ const reusableName = path.join('data', ...args.split('.')) + '.md'
+ // Special cases where we don't want them to count as reusables. It's an example in a how-to doc
+ if (reusableName.includes('foo/bar.md') || reusableName.includes('your-reusable-name.md')) {
+ continue
+ }
+ const reusablePath = resolveReusablePath(reusableName)
+ usedReusables.add(reusablePath)
+ }
+ }
+
+ const percentDone = Math.floor(((i + 1) / totalFiles) * 100)
+ if (percentDone >= lastLoggedPercent + 5) {
+ console.log(`Progress: ${percentDone}% done`)
+ lastLoggedPercent = percentDone
+ }
+ }
+
+ const unusedReusables = reusableFilePaths.filter((filePath) => !usedReusables.has(filePath))
+
+ console.log(`\nFound ${unusedReusables.length} unused reusables:`)
+ for (const reusableFilePath of unusedReusables) {
+ const printReusablePath = absolute
+ ? reusableFilePath
+ : getRelativeReusablesPath(reusableFilePath)
+ console.log(printReusablePath)
+ }
+}
diff --git a/src/content-render/scripts/reusables-cli/find/used.ts b/src/content-render/scripts/reusables-cli/find/used.ts
new file mode 100644
index 000000000000..9669eb0bc5a3
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli/find/used.ts
@@ -0,0 +1,74 @@
+import fs from 'fs'
+import path from 'path'
+import { getLiquidTokens } from '@/content-linter/lib/helpers/liquid-utils.js'
+import {
+ FilesWithLineNumbers,
+ getAllContentFilePaths,
+ getIndicesOfLiquidVariable,
+ getRelativeReusablesPath,
+ getReusableLiquidString,
+ printFindsWithLineNumbers,
+ resolveReusablePath,
+} from '../shared'
+
+export function findUsed(reusablePath: string, { absolute }: { absolute: boolean }) {
+ const reusableFilePath = resolveReusablePath(reusablePath)
+ const reusableLiquidVar = getReusableLiquidString(reusableFilePath)
+
+ const printReusablePath = absolute ? reusableFilePath : getRelativeReusablesPath(reusableFilePath)
+
+ console.log(`Searching for content files that use ${printReusablePath}...`)
+
+ const allFilePaths = getAllContentFilePaths()
+
+ const filesWithReusables: FilesWithLineNumbers = []
+
+ for (const filePath of allFilePaths) {
+ // Skip the reusable file itself
+ if (filePath === reusableFilePath) continue
+
+ const fileContents = fs.readFileSync(filePath, 'utf-8')
+
+ const indices = getIndicesOfLiquidVariable(reusableLiquidVar, fileContents)
+ if (indices.length > 0) {
+ // Find line numbers of each index in fileContents
+ const lineNumbers = indices.map((index) => fileContents.slice(0, index).split('\n').length)
+
+ filesWithReusables.push({
+ filePath,
+ lineNumbers,
+ })
+ }
+ }
+
+ console.log(`\nFound ${filesWithReusables.length} files that use ${printReusablePath}.`)
+ printFindsWithLineNumbers(absolute, filesWithReusables)
+}
+
+export function findTopUsed(numberOfMostUsedToFind: number, { absolute }: { absolute: boolean }) {
+ const allFilePaths = getAllContentFilePaths()
+
+ const reusableCounts = new Map()
+ for (const filePath of allFilePaths) {
+ const fileContents = fs.readFileSync(filePath, 'utf-8')
+ const liquidTokens = getLiquidTokens(fileContents)
+ for (const token of liquidTokens) {
+ const { args, name } = token
+ if (name === 'data' && args.startsWith('reusables.')) {
+ reusableCounts.set(args, (reusableCounts.get(args) || 0) + 1)
+ }
+ }
+ }
+
+ const sortedCounts = Array.from(reusableCounts.entries()).sort((a, b) => b[1] - a[1])
+
+ console.log(`\nTop ${numberOfMostUsedToFind} most used reusables:`)
+ let i = 0
+ for (const [reusable, count] of sortedCounts.slice(0, numberOfMostUsedToFind)) {
+ let printReusablePath = path.join('data', ...reusable.split('.')) + '.md'
+ if (absolute) {
+ printReusablePath = path.resolve(printReusablePath)
+ }
+ console.log(`#${`${++i}.`.padEnd(3)} ${count} uses of ${printReusablePath}`)
+ }
+}
diff --git a/src/content-render/scripts/reusables-cli/ignore-reusables.ts b/src/content-render/scripts/reusables-cli/ignore-reusables.ts
new file mode 100644
index 000000000000..9c9979f80f54
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli/ignore-reusables.ts
@@ -0,0 +1,5 @@
+// List of reusables to ignore when checking for potential uses of reusables
+// Make sure paths are relative to the root of the repo
+export const reusablesToIgnore = [
+ 'data/reusables/copilot/trial-period.md', // Just a number, so it pops up in unrelated files
+]
diff --git a/src/content-render/scripts/reusables-cli/shared.ts b/src/content-render/scripts/reusables-cli/shared.ts
new file mode 100644
index 000000000000..e42dc25de6fc
--- /dev/null
+++ b/src/content-render/scripts/reusables-cli/shared.ts
@@ -0,0 +1,196 @@
+import walk from 'walk-sync'
+import path from 'path'
+import { TokenizationError } from 'liquidjs'
+import { getLiquidTokens } from '@/content-linter/lib/helpers/liquid-utils'
+
+const __dirname = path.dirname(new URL(import.meta.url).pathname)
+
+const repoRoot = path.resolve(__dirname, '../../../../')
+const contentDirectory = path.resolve(__dirname, repoRoot, 'content/')
+const dataDirectory = path.resolve(__dirname, repoRoot, 'data/')
+
+const reusablesDirectory = path.resolve(dataDirectory, 'reusables/')
+
+export type FilesWithLineNumbers = {
+ filePath: string
+ lineNumbers: number[]
+ reusableFile?: string
+}[]
+export type FilesWithSimilarity = {
+ filePath: string
+ similarityScore: number
+ reusableFile?: string
+}[]
+
+export function filterFiles(files: string[]) {
+ return files.filter(
+ (filePath) =>
+ filePath.endsWith('.md') || (filePath.endsWith('.yml') && !filePath.endsWith('README.md')),
+ )
+}
+
+export function getAllContentFilePaths() {
+ const allContentFiles = filterFiles(
+ walk(contentDirectory, {
+ includeBasePath: true,
+ directories: false,
+ }),
+ )
+
+ const allDataFiles = filterFiles(
+ walk(dataDirectory, {
+ includeBasePath: true,
+ directories: false,
+ }),
+ )
+
+ return [...allContentFiles, ...allDataFiles]
+}
+
+// Get the string that represents the reusable in the content files
+export function getReusableLiquidString(reusablePath: string): string {
+ const relativePath = path.relative(reusablesDirectory, reusablePath)
+ return `reusables.${relativePath.slice(0, -3).split('/').join('.')}`
+}
+
+export function getIndicesOfLiquidVariable(liquidVariable: string, fileContents: string): number[] {
+ const indices: number[] = []
+ try {
+ for (const token of getLiquidTokens(fileContents)) {
+ if (token.name === 'data' && token.args.trim() === liquidVariable) {
+ indices.push(token.begin)
+ }
+ }
+ } catch (err) {
+ if (err instanceof TokenizationError) return []
+ throw err
+ }
+
+ return indices
+}
+
+// Find the path to a reusable file.
+export function resolveReusablePath(reusablePath: string): string {
+ // Try .md if extension is not provided
+ if (!reusablePath.endsWith('.md') && !reusablePath.endsWith('.yml')) {
+ reusablePath += '.md'
+ }
+
+ // Allow user to just pass the name of the file. If it's not ambiguous, we'll find it.
+ const allReusableFiles = getAllReusablesFilePaths()
+ const foundPaths = []
+ for (const possiblePath of allReusableFiles) {
+ if (possiblePath.includes(reusablePath)) {
+ foundPaths.push(possiblePath)
+ }
+ }
+
+ if (foundPaths.length === 0) {
+ console.error(`Reusables file not found: ${reusablePath}`)
+ process.exit(1)
+ } else if (foundPaths.length === 1) {
+ return foundPaths[0]
+ } else {
+ console.error(`Multiple reusables found by name: ${reusablePath}`)
+ for (let i = 0; i < foundPaths.length; i++) {
+ console.error(` ${i + 1}: ${getRelativeReusablesPath(foundPaths[i])}`)
+ }
+ console.error('Please specify which reusable by passing the full path')
+ process.exit(1)
+ }
+}
+
+export function getAllReusablesFilePaths(): string[] {
+ return filterFiles(
+ walk(reusablesDirectory, {
+ includeBasePath: true,
+ directories: false,
+ }),
+ )
+}
+
+export function findIndicesOfSubstringInString(substr: string, str: string): number[] {
+ str = str.toLowerCase()
+
+ const result: number[] = []
+
+ let idx = str.indexOf(substr)
+
+ while (idx !== -1) {
+ result.push(idx)
+ idx = str.indexOf(substr, idx + 1)
+ }
+ return result
+}
+
+export function findSimilarSubStringInString(substr: string, str: string) {
+ // Take every sentence in the substr, lower case it, and compare it to every sentence in the str to get a similarity score
+ const substrSentences = substr.split('.').map((sentence) => sentence.toLowerCase())
+ const corpus = str.split('.').map((sentence) => sentence.toLowerCase())
+
+ let similarityScore = 0
+
+ // Find how similar every two strings are based on the words they share
+ for (const substrSentence of substrSentences) {
+ for (const sentence of corpus) {
+ const substrTokens = substrSentence.split(' ')
+ const tokens = sentence.split(' ')
+
+ const sharedWords = substrTokens.filter((token) => tokens.includes(token))
+
+ similarityScore += sharedWords.length / (substrTokens.length + tokens.length)
+ }
+ }
+
+ // Normalize the similarity score
+ return Math.round((similarityScore / substrSentences.length) * corpus.length)
+}
+
+export function printFindsWithLineNumbers(
+ absolute: boolean,
+ reusableFindings: { filePath: string; lineNumbers: number[]; reusableFile?: string }[],
+ similarityFindings?: { filePath: string; similarityScore: number; reusableFile?: string }[],
+) {
+ for (const { filePath, lineNumbers, reusableFile } of reusableFindings) {
+ let printReusablePath = reusableFile
+ let printFilePath = filePath
+ if (!absolute) {
+ printReusablePath = getRelativeReusablesPath(printReusablePath as string)
+ printFilePath = path.relative(repoRoot, printFilePath)
+ }
+ if (reusableFile) {
+ console.log(`\nReusable ${printReusablePath} can be used`)
+ console.log(`In ${printFilePath} on:`)
+ } else {
+ console.log(`\nIn ${printFilePath} on:`)
+ }
+ for (const lineNumber of lineNumbers) {
+ console.log(` Line ${lineNumber}`)
+ }
+ }
+
+ if (similarityFindings?.length) {
+ console.log('\nFindings using "similar" algorithm:')
+ for (const { filePath, similarityScore, reusableFile } of similarityFindings) {
+ let printReusablePath = reusableFile
+ let printFilePath = filePath
+ if (!absolute) {
+ printReusablePath = getRelativeReusablesPath(printReusablePath as string)
+ printFilePath = path.relative(repoRoot, printFilePath)
+ }
+ if (reusableFile) {
+ console.log(`\nReusables ${printReusablePath} can be used`)
+ console.log(`In ${printFilePath} with similarity score: ${similarityScore}`)
+ } else {
+ console.log(`\nIn ${printFilePath} with similarity score: ${similarityScore}`)
+ }
+ }
+ }
+}
+
+export function getRelativeReusablesPath(reusablePath: string) {
+ if (!reusablePath) {
+ return ''
+ }
+ return path.relative(repoRoot, reusablePath)
+}
diff --git a/src/content-render/stylesheets/annotate.scss b/src/content-render/stylesheets/annotate.scss
index dffe1cfb9070..624cd84ef4f6 100644
--- a/src/content-render/stylesheets/annotate.scss
+++ b/src/content-render/stylesheets/annotate.scss
@@ -69,6 +69,29 @@
border-bottom: 1px solid var(--color-border-default);
}
+.annotate-toggle {
+ background: var(--color-segmented-control-bg);
+ border-radius: 6px;
+ margin-right: 1rem;
+ font-weight: 500;
+}
+
+.annotate-option {
+ background: none;
+ border: 1px solid transparent;
+ border-radius: 6px;
+ padding: 0.25rem 0.75rem;
+
+ &:hover {
+ background: var(--color-segmented-control-button-hover-bg);
+ }
+
+ &.selected {
+ background: var(--color-segmented-control-button-bg);
+ border-color: var(--color-segmented-control-button-selected-border);
+ }
+}
+
.annotate-row {
display: flex;
flex-direction: column;
diff --git a/src/content-render/tests/__snapshots__/annotate.js.snap b/src/content-render/tests/__snapshots__/annotate.js.snap
index 6cae4edfc748..d70eab5517f0 100644
--- a/src/content-render/tests/__snapshots__/annotate.js.snap
+++ b/src/content-render/tests/__snapshots__/annotate.js.snap
@@ -1,30 +1,7 @@
// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
exports[`annotate > renders annotations 1`] = `
-"
YAML
# The name of the workflow as it will appear in the "Actions" tab of the GitHub repository.
-name: Post welcome comment
-
-# Add the \`pull_request\` event, so that the workflow runs automatically
-# every time a pull request is created.
-on:
- pull_request:
- types: [opened]
-
name:Postwelcomecomment
The name of the workflow as it will appear in the "Actions" tab of the GitHub repository.
on:
- pull_request:
- types: [opened]
Add the pull_request event, so that the workflow runs automatically
-every time a pull request is created.
# The name of the workflow as it will appear in the "Actions" tab of the GitHub repository.
-name:Postwelcomecomment
-
-# Add the \`pull_request\` event, so that the workflow runs automatically
-# every time a pull request is created.
-on:
- pull_request:
- types: [opened]
-