diff --git a/.env.example b/.env.example index e69de29bb2d1..2387db4d6922 100644 --- a/.env.example +++ b/.env.example @@ -0,0 +1,23 @@ +# This file is a template for what your untracked .env file might look like for local development. +# Please copy this to a new .env file and fill in the values as needed. + +# Requires a running local Elasticsearch service. Can be started via Docker, see https://github.com/github/docs-engineering/blob/main/docs/elasticsearch/elasticsearch-locally.md +# When this value is unset searches will be proxied to the production Elasticsearch endpoint +ELASTICSEARCH_URL=http://localhost:9200 + +# Set for sending events in local development. See https://github.com/github/docs-engineering/blob/main/docs/analytics/hydro-mock.md +HYDRO_ENDPOINT= +HYDRO_SECRET= + +# Localization variables +# See https://github.com/github/docs-internal/tree/main/src/languages#working-with-translated-content-locally +ENABLED_LANGUAGES= +TRANSLATIONS_ROOT= + +# For running the src/search/scripts/scrape script +# You may want a lower value depending on your CPU +BUILD_RECORDS_MAX_CONCURRENT=100 +BUILD_RECORDS_MIN_TIME= + +# Set to true to enable the /fastly-cache-test route for debugging Fastly headers +ENABLE_FASTLY_TESTING= \ No newline at end of file diff --git a/.github/workflows/index-autocomplete-elasticsearch.yml b/.github/workflows/index-autocomplete-search.yml similarity index 69% rename from .github/workflows/index-autocomplete-elasticsearch.yml rename to .github/workflows/index-autocomplete-search.yml index a316812c81e4..da837deec763 100644 --- a/.github/workflows/index-autocomplete-elasticsearch.yml +++ b/.github/workflows/index-autocomplete-search.yml @@ -1,7 +1,7 @@ -name: Index autocomplete Elasticsearch +name: Index autocomplete search in Elasticsearch -# **What it does**: Indexes autocomplete data into Elasticsearch. -# **Why we have it**: So we can power the API for autocomplete. +# **What it does**: Indexes autocomplete data (general and AI search) into Elasticsearch. +# **Why we have it**: So we can power the APIs for autocomplete. # **Who does it impact**: docs-engineering on: @@ -10,7 +10,7 @@ on: - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST pull_request: paths: - - .github/workflows/index-autocomplete-elasticsearch.yml + - .github/workflows/index-autocomplete-search.yml - 'src/search/scripts/index/**' - 'package*.json' @@ -40,10 +40,15 @@ jobs: if: ${{ github.event_name == 'pull_request' }} run: curl --fail --retry-connrefused --retry 5 -I http://localhost:9200 - - name: Run indexing + - name: Run general auto-complete indexing env: ELASTICSEARCH_URL: ${{ github.event_name == 'pull_request' && 'http://localhost:9200' || secrets.ELASTICSEARCH_URL }} - run: npm run index -- autocomplete docs-internal-data + run: npm run index-general-autocomplete -- docs-internal-data + + - name: Run AI search auto-complete indexing + env: + ELASTICSEARCH_URL: ${{ github.event_name == 'pull_request' && 'http://localhost:9200' || secrets.ELASTICSEARCH_URL }} + run: npm run index-ai-search-autocomplete -- docs-internal-data - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name == 'schedule' }} diff --git a/.github/workflows/sync-search-pr.yml b/.github/workflows/index-general-search-pr.yml similarity index 81% rename from .github/workflows/sync-search-pr.yml rename to .github/workflows/index-general-search-pr.yml index f7d504a77f6f..3f819ce556af 100644 --- a/.github/workflows/sync-search-pr.yml +++ b/.github/workflows/index-general-search-pr.yml @@ -1,6 +1,6 @@ -name: Sync search - PR +name: Index general search in Elasticsearch on PR -# **What it does**: This does what `sync-sarch-elasticsearch.yml` does but +# **What it does**: This does what `index-general-search-elasticsearch.yml` does but # with a localhost Elasticsearch and only for English. # **Why we have it**: To test that the script works and the popular pages json is valid. # **Who does it impact**: Docs engineering @@ -11,8 +11,8 @@ on: paths: - 'src/search/**' - 'package*.json' - # Ultimately, for debugging this workflow itself - - .github/workflows/sync-search-pr.yml + # For debugging this workflow + - .github/workflows/index-general-search-pr.yml # Make sure we run this if the composite action changes - .github/actions/setup-elasticsearch/action.yml @@ -25,9 +25,6 @@ concurrency: cancel-in-progress: true env: - # Yes, it's hardcoded but it makes all the steps look exactly the same - # as they do in `sync-search-elasticsearch.yml` where it uses - # that `${{ env.ELASTICSEARCH_URL }}` ELASTICSEARCH_URL: http://localhost:9200 # Since we'll run in NDOE_ENV=production, we need to be explicit that # we don't want Hydro configured. @@ -63,7 +60,7 @@ jobs: env: ENABLE_DEV_LOGGING: false run: | - npm run sync-search-server > /tmp/stdout.log 2> /tmp/stderr.log & + npm run general-search-scrape-server > /tmp/stdout.log 2> /tmp/stderr.log & # first sleep to give it a chance to start sleep 6 @@ -88,15 +85,13 @@ jobs: # let's just accept an empty string instead. THROW_ON_EMPTY: false - # The sync-search-index recognizes this env var if you don't - # use the `--docs-internal-data ` option. DOCS_INTERNAL_DATA: docs-internal-data run: | mkdir /tmp/records - npm run sync-search-indices -- /tmp/records \ + npm run general-search-scrape -- /tmp/records \ --language en \ - --version dotcom + --version fpt ls -lh /tmp/records @@ -106,9 +101,9 @@ jobs: - name: Index into Elasticsearch run: | - npm run index-elasticsearch -- /tmp/records \ + npm run index-general-search -- /tmp/records \ --language en \ - --version dotcom + --version fpt - name: Check created indexes and aliases run: | diff --git a/.github/workflows/sync-search-elasticsearch.yml b/.github/workflows/index-general-search.yml similarity index 94% rename from .github/workflows/sync-search-elasticsearch.yml rename to .github/workflows/index-general-search.yml index 4ca84e08993f..0f175cf2c675 100644 --- a/.github/workflows/sync-search-elasticsearch.yml +++ b/.github/workflows/index-general-search.yml @@ -1,4 +1,4 @@ -name: Sync search Elasticsearch +name: Index general search in Elasticsearch # **What it does**: It scrapes the whole site and dumps the records in a # temp directory. Then it indexes that into Elasticsearch. @@ -140,7 +140,7 @@ jobs: env: ENABLE_DEV_LOGGING: false run: | - npm run sync-search-server > /tmp/stdout.log 2> /tmp/stderr.log & + npm run general-search-scrape-server > /tmp/stdout.log 2> /tmp/stderr.log & # first sleep to give it a chance to start sleep 6 @@ -169,13 +169,11 @@ jobs: # the same as not set within the script. VERSION: ${{ inputs.version }} - # The sync-search-index recognizes this env var if you don't - # use the `--docs-internal-data ` option. DOCS_INTERNAL_DATA: docs-internal-data run: | mkdir /tmp/records - npm run sync-search-indices -- /tmp/records \ + npm run general-search-scrape -- /tmp/records \ --language ${{ matrix.language }} ls -lh /tmp/records @@ -186,12 +184,12 @@ jobs: - name: Index into Elasticsearch env: - # Must match what we used when scraping (npm run sync-search-indices) + # Must match what we used when scraping (npm run general-search-scrape) # otherwise the script will seek other versions from disk that might # not exist. VERSION: ${{ inputs.version }} run: | - npm run index-elasticsearch -- /tmp/records \ + npm run index-general-search -- /tmp/records \ --language ${{ matrix.language }} \ --stagger-seconds 5 \ --retries 5 diff --git a/.gitignore b/.gitignore index 218dc0efa2cf..0591ebbdb049 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,9 @@ assets/images/help/writing/unordered-list-rendered (1).png # Used by precompute-pageinfo .pageinfo-cache.json.br + +# Cloned and used for indexing Elasticsearch data +docs-internal-data/ + +# For intermediate data (like scraping for Elasticsearch indexing) +tmp/ \ No newline at end of file diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md index bcdf32a42b34..6c954fb82383 100644 --- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md +++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md @@ -14,11 +14,8 @@ shortTitle: Manage your subscriptions --- To help you understand your subscriptions and decide whether to unsubscribe, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions)." -{% note %} - -**Note:** Instead of unsubscribing, you have the option to ignore a repository. If you ignore a repository, you won't receive any notifications. We don't recommend ignoring repositories as you won't be notified if you're @mentioned. {% ifversion fpt or ghec %}If you're experiencing abuse and want to ignore a repository, please visit {% data variables.contact.contact_support_page %} so we can help. {% data reusables.policies.abuse %}{% endif %} - -{% endnote %} +> [!NOTE] +> Instead of unsubscribing, you have the option to ignore a repository. If you ignore a repository, you won't receive any notifications. We don't recommend ignoring repositories as you won't be notified if you're @mentioned. {% ifversion fpt or ghec %}If you're experiencing abuse and want to ignore a repository, please visit {% data variables.contact.contact_support_page %} so we can help. {% data reusables.policies.abuse %}{% endif %} ## Choosing how to unsubscribe diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md index d48c918dc744..3125190241a1 100644 --- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md +++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md @@ -33,11 +33,9 @@ We recommend auditing and unsubscribing from your subscriptions as a part of a h When your inbox has too many notifications to manage, consider whether you have oversubscribed or how you can change your notification settings to reduce the subscriptions you have and the types of notifications you're receiving. For example, you may consider disabling the settings to automatically watch all repositories {% ifversion team-discussions %}and all team discussions{% endif %} whenever you've joined a team or repository. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#automatic-watching)." To see an overview of your repository subscriptions, see "[Reviewing repositories that you're watching](#reviewing-repositories-that-youre-watching)." -{% tip %} -**Tip:** You can select the types of event to be notified of by using the **Custom** option of the **Watch/Unwatch** dropdown list in your [watching page](https://github.com/watching) or on any repository page on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)." - -{% endtip %} +> [!TIP] +> You can select the types of event to be notified of by using the **Custom** option of the **Watch/Unwatch** dropdown list in your [watching page](https://github.com/watching) or on any repository page on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)." Many people forget about repositories that they've chosen to watch in the past. From the "Watched repositories" page you can quickly unwatch repositories. For more information on ways to unsubscribe, see "[Unwatch recommendations](https://github.blog/changelog/2020-11-10-unwatch-recommendations/)" on {% data variables.product.prodname_blog %} and "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions)." You can also create a triage workflow to help with the notifications you receive. For guidance on triage workflows, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications)." @@ -51,14 +49,9 @@ Many people forget about repositories that they've chosen to watch in the past. ![Screenshot of the "Subscriptions" tab. Three dropdown menus, titled "Reason", "Repository", and "Sort", are highlighted with an orange outline.](/assets/images/help/notifications-v2/all-subscriptions.png) -{% tip %} - -**Tips:** -* To review subscriptions you may have forgotten about, sort by "least recently subscribed." - -* To review a list of repositories that you can still receive notifications for, see the repository list in the "filter by repository" drop-down menu. - -{% endtip %} +> [!TIP] +> * To review subscriptions you may have forgotten about, sort by "least recently subscribed." +> * To review a list of repositories that you can still receive notifications for, see the repository list in the "filter by repository" drop-down menu. ## Reviewing repositories that you're watching @@ -66,10 +59,7 @@ Many people forget about repositories that they've chosen to watch in the past. ![Screenshot of the "Notifications" page. A dropdown menu, titled "Manage notifications", is highlighted with an orange outline.](/assets/images/help/notifications-v2/manage-notifications-options.png) 1. Evaluate the repositories that you are watching and decide if their updates are still relevant and helpful. When you watch a repository, you will be notified of all conversations for that repository. - {% tip %} - - **Tip:** Instead of watching a repository, consider only receiving notifications when there are updates to {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository), or any combination of these options, or completely unwatching a repository. - - When you unwatch a repository, you can still be notified when you're @mentioned or participating in a thread. When you configure to receive notifications for certain event types, you're only notified when there are updates to these event types in the repository, you're participating in a thread, or you or a team you're on is @mentioned. - - {% endtip %} + > [!TIP] + > Instead of watching a repository, consider only receiving notifications when there are updates to {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository), or any combination of these options, or completely unwatching a repository. + > + > When you unwatch a repository, you can still be notified when you're @mentioned or participating in a thread. When you configure to receive notifications for certain event types, you're only notified when there are updates to these event types in the repository, you're participating in a thread, or you or a team you're on is @mentioned. diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md index 245cd622ebc0..1b4a127dba42 100644 --- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md +++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md @@ -32,11 +32,8 @@ For example, you may decide to check your notifications in this order in the mor * Events where a team you're a member of is @mentioned, also called team mentions (filter by `reason:team-mention`) * CI workflow failures for a specific repository (filter by `reason:ci-activity` and `repo:owner/repo-name` and ensure you've enabled CI activity notifications for workflow failures in your notification settings) - {% tip %} - - **Tip:** To quickly review your highest priorities, set up custom filters in order of their reviewing priority. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#customizing-your-inbox-with-custom-filters)." - - {% endtip %} + > [!TIP] + > To quickly review your highest priorities, set up custom filters in order of their reviewing priority. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#customizing-your-inbox-with-custom-filters)." ## Following up on ongoing notification updates @@ -50,11 +47,10 @@ For example, you may decide to follow up in this order: After triaging the higher priority notifications, review the remaining notifications, such as participating notifications. Consider these questions: * Can you unsubscribe to this notification? Is this notification completed and ready to be marked as **Done**? - {% tip %} - **Tip:** When you unsubscribe from a notification you won't receive new updates unless you start participating in the thread or you're @mentioned or a team you're on is @mentioned. When you mark a notification as **Done**, the notification is removed from your main inbox view and can be viewed with the query `is:read`. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#triaging-options)." + > [!TIP] + > When you unsubscribe from a notification you won't receive new updates unless you start participating in the thread or you're @mentioned or a team you're on is @mentioned. When you mark a notification as **Done**, the notification is removed from your main inbox view and can be viewed with the query `is:read`. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#triaging-options)." - {% endtip %} * Would you like to receive future updates when this issue or pull request is closed or reopened, or when a pull request is merged? For more information on these options, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/triaging-a-single-notification#customizing-when-to-receive-future-updates-for-an-issue-or-pull-request)." * Would you like to avoid receiving notifications like this in the future? If so, consider unsubscribing. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github)." diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index 9f4adc359047..7e4ac4f03df9 100644 --- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -58,11 +58,8 @@ You can add up to 15 of your own custom filters. {% data reusables.notifications.access_notifications %} 1. To open the filter settings, in the left sidebar, next to "Filters", click {% octicon "gear" aria-label="Customize filters" %}. - {% tip %} - - **Tip:** You can quickly preview a filter's inbox results by creating a query in your inbox view and clicking **Save**, which opens the custom filter settings. - - {% endtip %} + > [!TIP] + > You can quickly preview a filter's inbox results by creating a query in your inbox view and clicking **Save**, which opens the custom filter settings. 1. Add a name for your filter and a filter query. For example, to only see notifications for a specific repository, you can create a filter using the query `repo:octocat/open-source-project-name reason:participating`. You can also add emojis with a native emoji keyboard. For a list of supported search queries, see "[Supported queries for custom filters](#supported-queries-for-custom-filters)." diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md index e17f0801f24f..8a96e747d665 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md @@ -36,11 +36,8 @@ You can format text and include emoji, images, and GIFs in your profile README b * The repository contains a file named README.md in its root. * The README.md file contains any content. -{% note %} - -**Note**: If you created a public repository with the same name as your username before July 2020, {% data variables.product.prodname_dotcom %} won't automatically show the repository's README on your profile. You can manually share the repository's README to your profile by going to the repository on {% data variables.product.prodname_dotcom %} and clicking **Share to profile**. - -{% endnote %} +> [!NOTE] +> If you created a public repository with the same name as your username before July 2020, {% data variables.product.prodname_dotcom %} won't automatically show the repository's README on your profile. You can manually share the repository's README to your profile by going to the repository on {% data variables.product.prodname_dotcom %} and clicking **Share to profile**. ## Adding a profile README diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md index 801b527f8075..68ef5505c27f 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md @@ -19,12 +19,8 @@ topics: shortTitle: Personalize --- -{% note %} - -**Note:** - Any details you add to your public {% data variables.product.product_name %} profile will be visible to all {% data variables.product.product_name %} users, including in regions where local laws, regulations, or cultural norms may pose risks to expressing your identity. We respect everyone’s decision about whether or not to share information about themselves on their {% data variables.product.product_name %} profile. - -{% endnote %} +> [!NOTE] +> Any details you add to your public {% data variables.product.product_name %} profile will be visible to all {% data variables.product.product_name %} users, including in regions where local laws, regulations, or cultural norms may pose risks to expressing your identity. We respect everyone’s decision about whether or not to share information about themselves on their {% data variables.product.product_name %} profile. ## Changing your profile picture @@ -32,14 +28,9 @@ Your profile picture helps identify you across {% data variables.product.product When you sign up for an account, {% data variables.product.product_name %} provides you with a randomly generated "identicon". [Your identicon](https://github.com/blog/1586-identicons) generates from a hash of your user ID, so there's no way to control its color or pattern. You can replace your identicon with an image that represents you. -{% note %} - -**Note{% ifversion ghec %}s{% endif %}**: {% ifversion ghec %} - -* {% endif %}Your profile picture should be a PNG, JPG, or GIF file, and it must be less than 1 MB in size and smaller than 3000 by 3000 pixels. For the best quality rendering, we recommend keeping the image at about 500 by 500 pixels. -{% ifversion ghec %}* Gravatar profile pictures are not supported with {% data variables.product.prodname_emus %}.{% endif %} - -{% endnote %} +> [!NOTE] {% ifversion ghec %} +> * {% endif %}Your profile picture should be a PNG, JPG, or GIF file, and it must be less than 1 MB in size and smaller than 3000 by 3000 pixels. For the best quality rendering, we recommend keeping the image at about 500 by 500 pixels. +{% ifversion ghec %}> * Gravatar profile pictures are not supported with {% data variables.product.prodname_emus %}.{% endif %} If you use Gravatar, and your Gravatar image is associated with the email you use for {% data variables.product.product_name %}, the image will be shown as your {% data variables.product.product_name %} profile picture by default (rather than an identicon). To change your {% data variables.product.product_name %} profile picture, you can either upload a new image to Gravatar, or upload a new image to {% data variables.product.product_name %} and override the Gravatar image. @@ -62,11 +53,10 @@ If you use Gravatar, and your Gravatar image is associated with the email you us You can change the name that is displayed on your profile. This name may also be displayed next to comments you make on private repositories owned by an organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)." {% ifversion fpt or ghec %} -{% note %} -**Note:** If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, any changes to your profile name must be made through your identity provider instead of {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} +> [!NOTE] +> If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, any changes to your profile name must be made through your identity provider instead of {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} -{% endnote %} {% endif %} {% data reusables.user-settings.access_settings %} @@ -78,21 +68,14 @@ Add a bio to your profile to share information about yourself with other {% data For a longer-form and more prominent way of displaying customized information about yourself, you can also use a profile README. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme)." -{% note %} - -**Note:** - If you have the activity overview section enabled for your profile and you @mention an organization you're a member of in your profile bio, then that organization will be featured first in your activity overview. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-an-overview-of-your-activity-on-your-profile)." - -{% endnote %} +> [!NOTE] +> If you have the activity overview section enabled for your profile and you @mention an organization you're a member of in your profile bio, then that organization will be featured first in your activity overview. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-an-overview-of-your-activity-on-your-profile)." {% data reusables.user-settings.access_settings %} 1. Under "Public profile", in the "Bio" field, type the content that you want displayed on your profile. The bio field is limited to 160 characters. - {% tip %} - - **Tip:** When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you. - - {% endtip %} + > [!TIP] + > When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you. {% data reusables.profile.update-profile %} @@ -210,11 +193,8 @@ Achievements celebrate specific events and actions that happen on {% data variab To stop private contributions from counting toward your Achievements, or to turn off Achievements entirely, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile)." -{% note %} - -**Note:** This feature is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> This feature is currently in {% data variables.release-phases.public_preview %} and subject to change. {% endif %} diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md index c1cdae1de1f2..a9a5f1beff1f 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md @@ -28,11 +28,8 @@ When your profile is private, the following content is hidden from your profile * Stars, projects, packages, and sponsoring tabs * Your pronouns -{% note %} - -**Note**: When your profile is private, some optional fields are still publicly visible, such as the README, biography, and profile photo. - -{% endnote %} +> [!NOTE] +> When your profile is private, some optional fields are still publicly visible, such as the README, biography, and profile photo. ## Changes to reporting on your activities @@ -45,11 +42,8 @@ When your profile is private, your {% data variables.product.prodname_dotcom %} * Site-wide search results * The [Trending](https://github.com/trending) page -{% note %} - -**Note**: Your activity on public repositories will still be publicly visible to anyone viewing those repositories, and some activity data may still be available through the {% data variables.product.prodname_dotcom %} API. - -{% endnote %} +> [!NOTE] +> Your activity on public repositories will still be publicly visible to anyone viewing those repositories, and some activity data may still be available through the {% data variables.product.prodname_dotcom %} API. ## Changing your profile's privacy settings diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md index d211c45ecf4f..9df25ee93384 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md @@ -26,11 +26,8 @@ You can decide whether to show counts for private contributions on your profile. For more information about how contributions are calculated, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile)." -{% note %} - -**Note:** The connection between your accounts is governed by [GitHub's Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) and users enabling the connection must agree to the [GitHub Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-terms-of-service). - -{% endnote %} +> [!NOTE] +> The connection between your accounts is governed by [GitHub's Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) and users enabling the connection must agree to the [GitHub Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-terms-of-service). ## Sending your enterprise contributions to your profile diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md index a13744e10e5e..f8d522019ebf 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md @@ -24,7 +24,7 @@ allowTitleToDifferFromFilename: true If you publicize your private contributions, people without access to the private repositories you work in won't be able to see the details of your private contributions. Instead, they'll see the number of private contributions you made on any given day. Your public contributions will include detailed information. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile)." ->[!NOTE] On {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}{% data variables.product.product_name %}{% endif %}, public contributions on your profile are visible {% ifversion fpt or ghec %}to anyone in the world who can access {% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}only to other users of {% data variables.location.product_location%}{% endif %}. +>[!NOTE] On {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}{% data variables.product.product_name %}{% endif %}, public contributions on your profile are visible {% ifversion fpt or ghec %}to anyone in the world who can access {% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}only to other users of {% data variables.location.product_location %}{% endif %}. ## Changing the visibility of your private contributions diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md index 959208ad8918..7c4071fd714e 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md @@ -17,11 +17,8 @@ shortTitle: View contributions --- Your contribution graph and Achievements show activity from public repositories. You can choose to show activity from both public and private repositories, with specific details of your activity in private repositories anonymized. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile)." -{% note %} - -**Note:** Commits will only appear on your contributions graph if the email address you used to author the commits is connected to your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile#your-local-git-commit-email-isnt-connected-to-your-account)" - -{% endnote %} +> [!NOTE] +> Commits will only appear on your contributions graph if the email address you used to author the commits is connected to your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile#your-local-git-commit-email-isnt-connected-to-your-account)" ## What counts as a contribution @@ -57,11 +54,8 @@ Your contributions calendar shows your contribution activity. * Click on a day's square to show the contributions made during that 24-hour period. * Press _Shift_ and click on another day's square to show contributions made during that time span. -{% note %} - -**Note:** You can select up to a one-month range on your contributions calendar. If you select a larger time span, we will only display one month of contributions. - -{% endnote %} +> [!NOTE] +> You can select up to a one-month range on your contributions calendar. If you select a larger time span, we will only display one month of contributions. ![Screenshot of the contributions graph on a user profile.](/assets/images/help/profile/contributions-graph.png) diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md index 0011608f4bf5..d7491b92641d 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md @@ -73,11 +73,10 @@ The email address in the `From:` field is the address that was set in the [local If the email address used for the commit is not connected to your account on {% data variables.product.prodname_dotcom %}, you must [add the email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account) to your account on {% data variables.product.prodname_dotcom %}. Your contributions graph will be rebuilt automatically when you add the new address. {% ifversion fpt or ghec %} -{% note %} -**Note**: If you use a {% data variables.enterprise.prodname_managed_user %}, you cannot add additional email addresses to the account, even if multiple email addresses are registered with your identity provider (IdP). Therefore, only commits that are authored by the primary email address registered with your IdP can be associated with your {% data variables.enterprise.prodname_managed_user %}. +> [!NOTE] +> If you use a {% data variables.enterprise.prodname_managed_user %}, you cannot add additional email addresses to the account, even if multiple email addresses are registered with your identity provider (IdP). Therefore, only commits that are authored by the primary email address registered with your IdP can be associated with your {% data variables.enterprise.prodname_managed_user %}. -{% endnote %} {% endif %} Generic email addresses, such as `jane@computer.local`, cannot be added to {% data variables.product.prodname_dotcom %} accounts and linked to commits. If you've authored any commits using a generic email address, the commits will not be linked to your {% data variables.product.prodname_dotcom %} profile and will not show up in your contribution graph. @@ -90,11 +89,8 @@ If your commits are in a non-default or non-`gh-pages` branch and you'd like the * [Open a pull request](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) to have your changes merged into the default branch or the `gh-pages` branch. * [Change the default branch](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/changing-the-default-branch) of the repository. -{% warning %} - -**Warning**: Changing the default branch of the repository will change it for all repository collaborators. Only do this if you want the new branch to become the base against which all future pull requests and commits will be made. - -{% endwarning %} +> [!WARNING] +> Changing the default branch of the repository will change it for all repository collaborators. Only do this if you want the new branch to become the base against which all future pull requests and commits will be made. ### Commit was made in a fork diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md index 8d503773cdc2..37583e5b5544 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md @@ -17,13 +17,9 @@ shortTitle: Add an email address --- {% ifversion fpt or ghec %} -{% note %} - -**Notes**: -* {% data reusables.user-settings.no-verification-disposable-emails %} -* If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you cannot make changes to your email address on {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} - -{% endnote %} +> [!NOTE] +> * {% data reusables.user-settings.no-verification-disposable-emails %} +> * If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you cannot make changes to your email address on {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} {% endif %} diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md index e9a9f6eb8cfe..059b34073d36 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md @@ -53,11 +53,8 @@ YOUR-USERNAME If you have any local copies of personal repositories you have created or forked, you can check the URL of the remote repository. -{% tip %} - -**Tip**: This method only works if you have an original repository or your own fork of someone else's repository. If you clone someone else's repository, their username will show instead of yours. Similarly, organization repositories will show the name of the organization instead of a particular user in the remote URL. - -{% endtip %} +> [!TIP] +> This method only works if you have an original repository or your own fork of someone else's repository. If you clone someone else's repository, their username will show instead of yours. Similarly, organization repositories will show the name of the organization instead of a particular user in the remote URL. ```shell $ cd YOUR-REPOSITORY diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md index 8b5fa437257c..769d560805ad 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md @@ -32,11 +32,8 @@ For web-based Git operations, you can set your commit email address on {% data v {% ifversion fpt or ghec %} -{% note %} - -**Note**: {% data reusables.user-settings.no-verification-disposable-emails %} - -{% endnote %} +> [!NOTE] +> {% data reusables.user-settings.no-verification-disposable-emails %} {% endif %} @@ -50,11 +47,8 @@ To ensure that commits are attributed to you and appear in your contributions gr -{% note %} - -**Note:** If you created your account _after_ July 18, 2017, your `noreply` email address for is an ID number and your username in the form of ID+USERNAME@users.noreply.github.com. If you created your account _prior to_ July 18, 2017, and enabled **Keep my email address private** prior to that date, your `noreply` email address is USERNAME@users.noreply.github.com. You can get an ID-based `noreply` email address by selecting (or deselecting and reselecting) **Keep my email address private** in your email settings. - -{% endnote %} +> [!NOTE] +> If you created your account _after_ July 18, 2017, your `noreply` email address for is an ID number and your username in the form of ID+USERNAME@users.noreply.github.com. If you created your account _prior to_ July 18, 2017, and enabled **Keep my email address private** prior to that date, your `noreply` email address is USERNAME@users.noreply.github.com. You can get an ID-based `noreply` email address by selecting (or deselecting and reselecting) **Keep my email address private** in your email settings. If you use your `noreply` email address for {% data variables.product.github %} to make commits and then change your username, those commits will not be associated with your account. This does not apply if you're using the ID-based `noreply` address from {% data variables.product.github %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username)."{% endif %} diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md index 81b99bcc4a84..02210f1025f2 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md @@ -34,14 +34,9 @@ If you do not verify your email address, you will not be able to: * Sponsor developers with {% data variables.product.prodname_sponsors %} * Accept organization invitations -{% warning %} - -**Warnings**: - -* {% data reusables.user-settings.no-verification-disposable-emails %} -* {% data reusables.user-settings.verify-org-approved-email-domain %} - -{% endwarning %} +> [!WARNING] +> * {% data reusables.user-settings.no-verification-disposable-emails %} +> * {% data reusables.user-settings.verify-org-approved-email-domain %} {% ifversion ghec %} diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md index d843ce3deb24..612a59de71dd 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md @@ -49,11 +49,8 @@ You can also find a list of your recently visited repositories, teams, and proje {% ifversion feed %} -{% note %} - -**Note:** The new feed is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> The new feed is currently in {% data variables.release-phases.public_preview %} and subject to change. The feed is designed to help you discover relevant content from projects you follow, keep up with your friends and community members, and track recent activity in your communities. @@ -89,11 +86,8 @@ For more information about following people and starring repositories, see "[AUT ### For you feed -{% note %} - -**Note:** This new tab is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> This new tab is currently in {% data variables.release-phases.public_preview %} and subject to change. This feed shows activity and recommendations based on your network on {% data variables.product.product_name %}. It's designed to provide updates that inspire you, keep you up-to-date, and help you find new communities you want to participate in. Your network includes: diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md index fdcd2e9af8f0..9d75b2c01dde 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md @@ -22,20 +22,18 @@ shortTitle: Change your username {% ifversion ghec or ghes %} -{% note %} - {% ifversion ghec %} -**Note**: Members of an {% data variables.enterprise.prodname_emu_enterprise %} cannot change usernames. Your enterprise's IdP administrator controls your username for {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." +> [!NOTE] +> Members of an {% data variables.enterprise.prodname_emu_enterprise %} cannot change usernames. Your enterprise's IdP administrator controls your username for {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." {% elsif ghes %} -**Note**: If you sign into {% data variables.location.product_location %} with LDAP credentials or single sign-on (SSO), only your local administrator can change your username. For more information about authentication methods for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise)." +> [!NOTE] +> If you sign into {% data variables.location.product_location %} with LDAP credentials or single sign-on (SSO), only your local administrator can change your username. For more information about authentication methods for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise)." {% endif %} -{% endnote %} - {% endif %} ## About username changes @@ -46,7 +44,7 @@ If you hold a trademark for the username, you can find more information about ma If you do not hold a trademark for the name, you can choose another username or keep your current username. {% data variables.contact.github_support %} cannot release the unavailable username for you. For more information, see "[Changing your username](#changing-your-username)."{% endif %} -After changing your username, your old username becomes available for anyone else to claim. Most references to your repositories under the old username automatically change to the new username. However, some links to your profile won't automatically redirect. +After changing your username, your previous username will be unavailable for anyone to claim for 90 days. Most references to your repositories under the previous username automatically change to the new username. However, some links to your profile won't automatically redirect. {% data variables.product.product_name %} cannot set up redirects for: * [@mentions](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#mentioning-people-and-teams) using your old username @@ -88,14 +86,9 @@ If your Git commits are associated with another email address you've added to yo {% ifversion fpt or ghec %}If you've been using a {% data variables.product.prodname_dotcom %}-provided private commit email address, whether or not your commit history will be retained after an account rename depends on the format of the email address. Git commits that are associated with your {% data variables.product.product_name %}-provided `noreply` email address won't be attributed to your new username and won't appear in your contributions graph, unless your `noreply` email address is in the form of `ID+USERNAME@users.noreply.github.com`. Older versions of the `noreply` email address that do not contain a numeric ID will not be associated with your {% data variables.product.prodname_dotcom %} account after changing your username.{% endif %} -{% warning %} - -**Warnings:** - -* After a username change, verified commits signed using the previous {% data variables.product.product_name %}-provided `noreply` email address will lose their "Verified" status. -* When verifying a signature, {% data variables.product.product_name %} checks that the email address of the committer or tagger exactly matches one of the email addresses associated with the GPG key's identities. Additionally, {% data variables.product.product_name %} confirms that the email address is verified and linked to the user's account. This ensures that the key belongs to you and that you created the commit or tag. Because the username of the `noreply` email address changes, these commits can no longer be verified. - -{% endwarning %} +> [!WARNING] +> * After a username change, verified commits signed using the previous {% data variables.product.product_name %}-provided `noreply` email address will lose their "Verified" status. +> * When verifying a signature, {% data variables.product.product_name %} checks that the email address of the committer or tagger exactly matches one of the email addresses associated with the GPG key's identities. Additionally, {% data variables.product.product_name %} confirms that the email address is verified and linked to the user's account. This ensures that the key belongs to you and that you created the commit or tag. Because the username of the `noreply` email address changes, these commits can no longer be verified. ## Your gists diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md index edaf16ae7f37..423d364e689c 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md @@ -21,11 +21,8 @@ Repositories owned by personal accounts have one owner. Ownership permissions ca You can also {% ifversion fpt or ghec %}invite{% else %}add{% endif %} users on {% data variables.product.product_name %} to your repository as collaborators. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository)." -{% tip %} - -**Tip:** If you require more granular access to a repository owned by your personal account, consider transferring the repository to an organization. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account)." - -{% endtip %} +> [!TIP] +> If you require more granular access to a repository owned by your personal account, consider transferring the repository to an organization. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account)." ## Owner access for a repository owned by a personal account @@ -70,11 +67,8 @@ The repository owner has full control of the repository. In addition to the acti Collaborators on a personal repository can pull (read) the contents of the repository and push (write) changes to the repository. -{% note %} - -**Note:** In a private repository, repository owners can only grant write access to collaborators. Collaborators can't have read-only access to repositories owned by a personal account. - -{% endnote %} +> [!NOTE] +> In a private repository, repository owners can only grant write access to collaborators. Collaborators can't have read-only access to repositories owned by a personal account. Collaborators can also perform the following actions. diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md index 44cd00623d2d..1c4d03954c07 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md @@ -30,11 +30,8 @@ When you accept an invitation to join an organization, the organization owners m For more information, see the [{% data variables.product.prodname_dotcom %} Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement). - {% note %} - - **Note:** Owners are not able to view member IP addresses in the organization's audit log. In the event of a security incident, such as an account compromise or inadvertent sharing of sensitive data, organization owners may request details of access to private repositories. The information we return may include your IP address. - - {% endnote %} +> [!NOTE] +> Owners are not able to view member IP addresses in the organization's audit log. In the event of a security incident, such as an account compromise or inadvertent sharing of sensitive data, organization owners may request details of access to private repositories. The information we return may include your IP address. By default, your organization membership visibility is set to private. You can choose to publicize individual organization memberships on your profile. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/publicizing-or-hiding-organization-membership)." diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md index deed03c4481a..0091b07b3459 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md @@ -16,11 +16,9 @@ versions: topics: - Accounts --- -{% tip %} -**Tip:** Only organization owners can see and change the account settings for an organization. - -{% endtip %} +> [!TIP] +> Only organization owners can see and change the account settings for an organization. {% data reusables.profile.access_org %} {% data reusables.user-settings.access_org %} diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md index d0a30f7ce223..adef359a21c3 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md @@ -17,13 +17,10 @@ shortTitle: Leave an organization --- {% ifversion fpt or ghec %} -{% warning %} - -**Warning:** If you're currently responsible for paying for {% data variables.product.product_name %} in your organization, removing yourself from the organization **does not** update the billing information on file for the organization. If you are currently responsible for billing, **you must** have another owner or billing manager for the organization [update the organization's payment method](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). - -For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)." - -{% endwarning %} +> [!WARNING] +> If you're currently responsible for paying for {% data variables.product.product_name %} in your organization, removing yourself from the organization **does not** update the billing information on file for the organization. If you are currently responsible for billing, **you must** have another owner or billing manager for the organization [update the organization's payment method](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). +> +> For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)." {% endif %} diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md index 05f4868f618f..e5bc96043555 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md @@ -40,11 +40,8 @@ If your organization is managed by an enterprise account, then you can view the You can also view whether an enterprise owner has a specific role in the organization. Enterprise owners can also be an organization member, any other organization role, or be un-affiliated with the organization. -{% note %} - -**Note:** If you're an organization owner, you can also invite an enterprise owner to have a role in the organization. If an enterprise owner accepts the invitation, a seat or license in the organization is used from the available licenses for your enterprise. For more information about how licensing works, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)." - -{% endnote %} +> [!NOTE] +> If you're an organization owner, you can also invite an enterprise owner to have a role in the organization. If an enterprise owner accepts the invitation, a seat or license in the organization is used from the available licenses for your enterprise. For more information about how licensing works, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)." | **Enterprise role** | **Organization role** | **Organization access or impact** | |----|----|----| diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/best-practices-for-leaving-your-company.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/best-practices-for-leaving-your-company.md index c6e7125a6fab..508b7ae3a22a 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/best-practices-for-leaving-your-company.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/best-practices-for-leaving-your-company.md @@ -27,7 +27,7 @@ Before you leave your company, make sure you update the following information in If you've been working with repositories that belong to an organization, you'll want to [remove yourself as a member of the organization](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization). Note that if you are the organization owner, you should first [transfer ownership of the organization](/organizations/managing-organization-settings/transferring-organization-ownership) to another person. -Unless you're using a {% data variables.enterprise.prodname_managed_user %}, you'll still be able to access your personal account, even after leaving the organization. For more information about {% data variables.product.prodname_emus %}, see "[About {% data variables.product.prodname_emus %}]({% ifversion not ghec%}/enterprise-cloud@latest{% endif %}/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} +Unless you're using a {% data variables.enterprise.prodname_managed_user %}, you'll still be able to access your personal account, even after leaving the organization. For more information about {% data variables.product.prodname_emus %}, see "[About {% data variables.product.prodname_emus %}]({% ifversion not ghec %}/enterprise-cloud@latest{% endif %}/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} ## Removing professional associations with personal repositories diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md index 37729bcdd19c..91125262b38f 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md @@ -17,24 +17,23 @@ topics: - Accounts shortTitle: User into an organization --- -{% warning %} -**Warning**: Before converting a user into an organization, keep these points in mind. - -* You will **no longer** be able to sign into the converted personal account. -* You will **no longer** be able to create or modify gists owned by the converted personal account. -* An organization **cannot** be converted back to a user. -* The SSH keys, OAuth tokens, job profile, reactions, and associated user information, **will not** be transferred to the organization. This is only true for the personal account that's being converted, not any of the personal account's collaborators. -* Any {% data variables.product.prodname_github_apps %} installed on the converted personal account will be uninstalled. -* Any commits made with the converted personal account **will no longer be linked** to that account. The commits themselves **will** remain intact. -* Any existing comments made by the converted personal account **will no longer be linked** to that account. The comments themselves **will** remain intact, but will be associated with the `ghost` user. -* Any forks of private repositories made with the converted personal account will be deleted. -* Since organizations cannot star repositories, you will no longer have access to your original list of starred repositories. -* You will no longer have access to the list of users you were following from your user account. -* Any followers of your user account will not automatically follow the new organization. -{% ifversion projects-v2 %}- Any existing collaborators on your projects will still have access to those projects in the new organization.{% endif %} -* {% data variables.product.prodname_actions %} is not automatically enabled on the account after converting it to an organization, and will have to be re-enabled. To re-enable {% data variables.product.prodname_actions %}, create a new workflow file in the `.github/workflows` directory of your repository. -{% endwarning %} +> [!WARNING] +> Before converting a user into an organization, keep these points in mind. +> +> * You will **no longer** be able to sign into the converted personal account. +> * You will **no longer** be able to create or modify gists owned by the converted personal account. +> * An organization **cannot** be converted back to a user. +> * The SSH keys, OAuth tokens, job profile, reactions, and associated user information, **will not** be transferred to the organization. This is only true for the personal account that's being converted, not any of the personal account's collaborators. +> * Any {% data variables.product.prodname_github_apps %} installed on the converted personal account will be uninstalled. +> * Any commits made with the converted personal account **will no longer be linked** to that account. The commits themselves **will** remain intact. +> * Any existing comments made by the converted personal account **will no longer be linked** to that account. The comments themselves **will** remain intact, but will be associated with the `ghost` user. +> * Any forks of private repositories made with the converted personal account will be deleted. +> * Since organizations cannot star repositories, you will no longer have access to your original list of starred repositories. +> * You will no longer have access to the list of users you were following from your user account. +> * Any followers of your user account will not automatically follow the new organization. +{% ifversion projects-v2 %}> * Any existing collaborators on your projects will still have access to those projects in the new organization.{% endif %} +> * {% data variables.product.prodname_actions %} is not automatically enabled on the account after converting it to an organization, and will have to be re-enabled. To re-enable {% data variables.product.prodname_actions %}, create a new workflow file in the `.github/workflows` directory of your repository. ## Prerequisites diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md index c8942c35eef3..7ff1d42e7316 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md @@ -31,11 +31,8 @@ Deleting your personal account removes all repositories, forks of private reposi {% ifversion ghec %} -{% note %} - -**Note**: If your enterprise manages your account and you sign into {% data variables.product.github %} through your company's identity provider (IdP), you cannot delete your account. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." - -{% endnote %} +> [!NOTE] +> If your enterprise manages your account and you sign into {% data variables.product.github %} through your company's identity provider (IdP), you cannot delete your account. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." {% endif %} @@ -58,11 +55,8 @@ For more information, see the following articles. Before you delete your personal account, make a copy of all repositories, private forks, wikis, issues, and pull requests owned by your account. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/backing-up-a-repository)." -{% warning %} - -**Warning:** Once your personal account has been deleted, {% ifversion fpt or ghec %}{% data variables.product.company_short %}{% elsif ghes %}an enterprise owner{% endif %} cannot restore your content. - -{% endwarning %} +> [!WARNING] +> Once your personal account has been deleted, {% ifversion fpt or ghec %}{% data variables.product.company_short %}{% elsif ghes %}an enterprise owner{% endif %} cannot restore your content. ## Deleting your personal account diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md index 29a0aaa291e4..16ded05d0c51 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md @@ -24,11 +24,8 @@ If you need to use multiple accounts, you can stay signed in to your accounts an If you want to use one workstation to contribute from both accounts, you can simplify contribution with Git by using a mixture of protocols to access repository data, or by using credentials on a per-repository basis. -{% warning %} - -**Warning**: Be mindful when you use one workstation to contribute to two separate accounts. Management of two or more accounts can increase the chance of mistakenly leaking internal code to the public. - -{% endwarning %} +> [!WARNING] +> Be mindful when you use one workstation to contribute to two separate accounts. Management of two or more accounts can increase the chance of mistakenly leaking internal code to the public. If you aren't required to use a {% data variables.enterprise.prodname_managed_user %}, {% data variables.product.company_short %} recommends that you use one personal account for all your work on {% data variables.location.product_location %}. With a single personal account, you can contribute to a combination of personal, open source, or professional projects using one identity. Other people can invite the account to contribute to both individual repositories and repositories owned by an organization, and the account can be a member of multiple organizations or enterprises. diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md index 3c4f3b9cb89f..f460aa00995b 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md @@ -16,29 +16,23 @@ topics: - Accounts shortTitle: Merge multiple accounts --- -{% tip %} +> [!TIP] {% ifversion ghec %} -**Tip:** {% data variables.product.prodname_emus %} allow an enterprise to provision unique personal accounts for its members through an identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." For other use cases, we recommend using only one personal account to manage both personal and professional repositories. +> {% data variables.product.prodname_emus %} allow an enterprise to provision unique personal accounts for its members through an identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." For other use cases, we recommend using only one personal account to manage both personal and professional repositories. {% else %} -**Tip:** We recommend using only one personal account to manage both personal and professional repositories. +> We recommend using only one personal account to manage both personal and professional repositories. {% endif %} -{% endtip %} - -{% warning %} - -**Warning:** -* Organization and repository access permissions aren't transferable between accounts. If the account you want to delete has an existing access permission, an organization owner or repository administrator will need to invite the account that you want to keep. -* Any commits authored with a {% data variables.product.company_short %}-provided `noreply` email address cannot be transferred from one account to another. If the account you want to delete used the **Keep my email address private** option, it won't be possible to transfer the commits authored by the account you are deleting to the account you want to keep. -* Issues, pull requests, and discussions will not be attributed to the new account. -* Achievements are not able to be transferred between accounts. - -{% endwarning %} +> [!WARNING] +> * Organization and repository access permissions aren't transferable between accounts. If the account you want to delete has an existing access permission, an organization owner or repository administrator will need to invite the account that you want to keep. +> * Any commits authored with a {% data variables.product.company_short %}-provided `noreply` email address cannot be transferred from one account to another. If the account you want to delete used the **Keep my email address private** option, it won't be possible to transfer the commits authored by the account you are deleting to the account you want to keep. +> * Issues, pull requests, and discussions will not be attributed to the new account. +> * Achievements are not able to be transferred between accounts. 1. [Transfer any repositories](/repositories/creating-and-managing-repositories/transferring-a-repository) from the account you want to delete to the account you want to keep. Issues, pull requests, and wikis are transferred as well. Verify the repositories exist on the account you want to keep. 1. [Update the remote URLs](/get-started/getting-started-with-git/managing-remote-repositories) in any local clones of the repositories that were moved. diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md index e1ecad1ed377..c23a5ec71124 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md @@ -12,25 +12,16 @@ topics: shortTitle: Unlink your email --- -{% note %} - -**Notes:** - -* Following these steps will not disable 2FA or provide access to a locked account, but will instead unlink the associated email address so it may be used for a different account. If you cannot regain access to the 2FA locked account, these steps will permanently break the link between the account and the linked email address. Before continuing with this article, be sure you have lost all access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." - -* If you recover access to your locked account, you can re-link an unlinked email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." - -{% endnote %} +> [!NOTE] +> * Following these steps will not disable 2FA or provide access to a locked account, but will instead unlink the associated email address so it may be used for a different account. If you cannot regain access to the 2FA locked account, these steps will permanently break the link between the account and the linked email address. Before continuing with this article, be sure you have lost all access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." +> * If you recover access to your locked account, you can re-link an unlinked email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." ## About unlinking your email address Since an email address can only be associated with a single {% data variables.product.prodname_dotcom %} account, when you've lost your 2FA credentials and are unable to recover access, unlinking your email address from the locked account allows you to link that email address to a new or existing account. Additionally, linking a previously used commit email address to a new account will connect your commit history to that account. Unless you have chosen to keep your email address private, your account's commit email address is the same as your account's primary email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)." Be aware that nothing else associated with your 2FA locked account, including your repositories, permissions, and profile, will transfer to your new account. -{% note %} - -**Note:** Backup email addresses are not associated with your commits. Unlinking a backup email address and linking the email address to a different account will not connect your commit history to that account. - -{% endnote %} +> [!NOTE] +> Backup email addresses are not associated with your commits. Unlinking a backup email address and linking the email address to a different account will not connect your commit history to that account. ## Unlinking your email address @@ -47,10 +38,7 @@ Since an email address can only be associated with a single {% data variables.pr 1. To verify your identity, type the one-time password from your email in the "One-time password" text field, then click **Verify email address**. {% data reusables.accounts.unlinking-email-address %} - {% note %} - - **Note:** You can also link your unlinked email to an existing {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." - - {% endnote %} + > [!NOTE] + > You can also link your unlinked email to an existing {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." 1. Optionally, if you have any form of payment set up on the locked account, please contact us through the {% data variables.contact.contact_support_portal %} to cancel future payments. For example, you might have a paid subscription or sponsor developers through {% data variables.product.prodname_sponsors %}. If you are sponsored through {% data variables.product.prodname_sponsors %}, please mention this so that the team can help you migrate your sponsorships. diff --git a/content/actions/administering-github-actions/usage-limits-billing-and-administration.md b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md index 375261917e39..fe7c4c29cf41 100644 --- a/content/actions/administering-github-actions/usage-limits-billing-and-administration.md +++ b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md @@ -39,15 +39,13 @@ GitHub Actions usage is free for {% data variables.product.prodname_ghe_server % {% ifversion fpt or ghec %} There are some limits on {% data variables.product.prodname_actions %} usage when using {% data variables.product.prodname_dotcom %}-hosted runners. These limits are subject to change. -{% note %} - -**Note:** For self-hosted runners, different usage limits apply. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)." - -{% endnote %} +> [!NOTE] +> For self-hosted runners, different usage limits apply. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)." * **Job execution time** - Each job in a workflow can run for up to 6 hours of execution time. If a job reaches this limit, the job is terminated and fails to complete. {% data reusables.actions.usage-workflow-run-time %} {% data reusables.actions.usage-api-requests %} +* **Webhook rate limit** - Each repository is limited to 1500 triggered events every 10 seconds. * **Concurrent jobs** - The number of concurrent jobs you can run in your account depends on your {% data variables.product.prodname_dotcom %} plan, as well as the type of runner used. If exceeded, any additional jobs are queued. **Standard {% data variables.product.prodname_dotcom %}-hosted runners** @@ -66,14 +64,9 @@ There are some limits on {% data variables.product.prodname_actions %} usage whe | Team | 1000 | 5 | 100 | | Enterprise | 1000 | 50 | 100 | - {% note %} - - **Notes:** - - * If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the {% data variables.contact.contact_support_portal %}, or contact your sales representative. - * The maximum concurrent macOS jobs is shared across standard {% data variables.product.prodname_dotcom %}-hosted runner and {% data variables.product.prodname_dotcom %}-hosted {% data variables.actions.hosted_runner %}s. - - {% endnote %} + > [!NOTE] + > * If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the {% data variables.contact.contact_support_portal %}, or contact your sales representative. + > * The maximum concurrent macOS jobs is shared across standard {% data variables.product.prodname_dotcom %}-hosted runner and {% data variables.product.prodname_dotcom %}-hosted {% data variables.actions.hosted_runner %}s. * **Job matrix** - {% data reusables.actions.usage-matrix-limits %} {% data reusables.actions.usage-workflow-queue-limits %} diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md index a3a62902630d..49918323a06b 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md @@ -20,11 +20,8 @@ topics: The following diagram illustrates the architecture of ARC's autoscaling runner scaleset mode. -{% note %} - -**Note:** To view the following diagram in a larger size, see the [Autoscaling Runner Scale Sets mode](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#how-it-works) documentation in the Actions Runner Controller repository. - -{% endnote %} +> [!NOTE] +> To view the following diagram in a larger size, see the [Autoscaling Runner Scale Sets mode](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#how-it-works) documentation in the Actions Runner Controller repository. ![Diagram showing ARC's autoscaling runner ScaleSet mode.](/assets/images/help/actions/arc-diagram.png) @@ -51,11 +48,8 @@ Each resource that is deployed by ARC is given a name composed of: * an installation name, which is the installation name you specify when you install the Helm chart. * a resource identification suffix, which is a string that identifies the resource type. This value is not configurable. -{% note %} - -**Note:** Different versions of Kubernetes have different length limits for names of resources. The length limit for the resource name is calculated by adding the length of the installation name and the length of the resource identification suffix. If the resource name is longer than the reserved length, you will receive an error. - -{% endnote %} +> [!NOTE] +> Different versions of Kubernetes have different length limits for names of resources. The length limit for the resource name is calculated by adding the length of the installation name and the length of the resource identification suffix. If the resource name is longer than the reserved length, you will receive an error. ### Resources deployed by `gha-runner-scale-set-controller` diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md index 1d2c843d76be..77e60ceba2ee 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md @@ -43,14 +43,9 @@ If you're uncertain if the issue is out of scope, open a ticket and we're happy For more information about contacting {% data variables.contact.github_support %}, see [AUTOTITLE](/support/contacting-github-support). -{% note %} - -**Note:** - -* OpenShift clusters are currently unsupported. -* ARC is only supported on GitHub Enterprise Server versions 3.9 and greater. - -{% endnote %} +> [!NOTE] +> * OpenShift clusters are currently unsupported. +> * ARC is only supported on GitHub Enterprise Server versions 3.9 and greater. ## Working with {% data variables.contact.github_support %} for Actions Runner Controller diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md index c7aafde34363..511de0b2ba39 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md @@ -18,11 +18,8 @@ defaultPlatform: linux You can authenticate {% data variables.product.prodname_actions_runner_controller %} (ARC) to the {% data variables.product.prodname_dotcom %} API by using a {% data variables.product.prodname_github_app %} or by using a {% data variables.product.pat_v1 %}. -{% note %} - -**Note:** You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-runner-groups)." - -{% endnote %} +> [!NOTE] +> You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-runner-groups)." ## Authenticating ARC with a {% data variables.product.prodname_github_app %} @@ -32,11 +29,10 @@ You can authenticate {% data variables.product.prodname_actions_runner_controlle 1. Under "Permissions," click **Repository permissions**. Then use the dropdown menus to select the following access permissions. * **Administration**: Read and write - {% note %} - **Note**: `Administration: Read and write` is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope. + > [!NOTE] + > `Administration: Read and write` is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope. - {% endnote %} * **Metadata**: Read-only 1. Under "Permissions," click **Organization permissions**. Then use the dropdown menus to select the following access permissions. @@ -57,11 +53,10 @@ You can authenticate {% data variables.product.prodname_actions_runner_controlle ARC can use {% data variables.product.pat_v1_plural %} to register self-hosted runners. {% ifversion ghec or ghes %} -{% note %} -**Note:** Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level. +> [!NOTE] +> Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level. -{% endnote %} {% endif %} 1. Create a {% data variables.product.pat_v1 %} with the required scopes. The required scopes are different depending on whether you are registering runners at the repository{% ifversion ghec or ghes %}, organization, or enterprise{% else %} or organization{% endif %} level. For more information on how to create a {% data variables.product.pat_v1 %}, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic)." diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md index 19cb479e8fe3..beaa3629a3e7 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md @@ -28,16 +28,11 @@ To deploy a runner scale set, you must have ARC up and running. For more informa You can deploy runner scale sets with ARC's Helm charts or by deploying the necessary manifests. Using ARC's Helm charts is the preferred method, especially if you do not have prior experience using ARC. -{% note %} - -**Notes:** - -* {% data reusables.actions.actions-runner-controller-security-practices-namespace %} -* {% data reusables.actions.actions-runner-controller-security-practices-secret %} -* We recommend running production workloads in isolation. {% data variables.product.prodname_actions %} workflows are designed to run arbitrary code, and using a shared Kubernetes cluster for production workloads could pose a security risk. -* Ensure you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners. - -{% endnote %} +> [!NOTE] +> * {% data reusables.actions.actions-runner-controller-security-practices-namespace %} +> * {% data reusables.actions.actions-runner-controller-security-practices-secret %} +> * We recommend running production workloads in isolation. {% data variables.product.prodname_actions %} workflows are designed to run arbitrary code, and using a shared Kubernetes cluster for production workloads could pose a security risk. +> * Ensure you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners. 1. To configure your runner scale set, run the following command in your terminal, using values from your ARC configuration. @@ -118,11 +113,8 @@ ARC offers several advanced configuration options. ### Configuring the runner scale set name -{% note %} - -**Note:** Runner scale set names are unique within the runner group they belong to. If you want to deploy multiple runner scale sets with the same name, they must belong to different runner groups. - -{% endnote %} +> [!NOTE] +> Runner scale set names are unique within the runner group they belong to. If you want to deploy multiple runner scale sets with the same name, they must belong to different runner groups. To configure the runner scale set name, you can define an `INSTALLATION_NAME` or set the value of `runnerScaleSetName` in your copy of the [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/values.yaml) file. @@ -138,11 +130,10 @@ Make sure to pass the `values.yaml` file in your `helm install` command. See the Runner scale sets can be deployed at the repository, organization, or enterprise levels. {% ifversion ghec or ghes %} -{% note %} -**Note:** You can only deploy runner scale sets at the enterprise level when using {% data variables.product.pat_v1 %} authentication. +> [!NOTE] +> You can only deploy runner scale sets at the enterprise level when using {% data variables.product.pat_v1 %} authentication. -{% endnote %} {% endif %} To deploy runner scale sets to a specific level, set the value of `githubConfigUrl` in your copy of the `values.yaml` to the URL of your repository, organization, or enterprise. @@ -170,11 +161,8 @@ githubConfigUrl: "http(s):///<'enterprises/your_enterprise'/'org'/'org If you are not using enterprise-level runners, you can use {% data variables.product.prodname_github_apps %} to authenticate with the {% data variables.product.company_short %} API. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api)." -{% note %} - -**Note:** Given the security risk associated with exposing your private key in plain text in a file on disk, we recommend creating a Kubernetes secret and passing the reference instead. - -{% endnote %} +> [!NOTE] +> Given the security risk associated with exposing your private key in plain text in a file on disk, we recommend creating a Kubernetes secret and passing the reference instead. You can either create a Kubernetes secret, or specify values in your [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/values.yaml) file. @@ -266,11 +254,8 @@ ARC supports using anonymous or authenticated proxies. If you use authenticated The `maxRunners` and `minRunners` properties provide you with a range of options to customize your ARC setup. -{% note %} - -**Note:** ARC does not support scheduled maximum and minimum configurations. You can use a cronjob or any other scheduling solution to update the configuration on a schedule. - -{% endnote %} +> [!NOTE] +> ARC does not support scheduled maximum and minimum configurations. You can use a cronjob or any other scheduling solution to update the configuration on a schedule. #### Example: Unbounded number of runners @@ -302,11 +287,8 @@ minRunners: 20 In this configuration, {% data variables.product.prodname_actions_runner_controller %} will scale up to a maximum of `30` runners and will scale down to `20` runners when the jobs are complete. -{% note %} - -**Note:** The value of `minRunners` can never exceed that of `maxRunners`, unless `maxRunners` is commented out. - -{% endnote %} +> [!NOTE] +> The value of `minRunners` can never exceed that of `maxRunners`, unless `maxRunners` is commented out. ```yaml ## maxRunners is the max number of runners the auto scaling runner set will scale up to. @@ -332,11 +314,8 @@ minRunners: 0 ### Custom TLS certificates -{% note %} - -**Note:** If you are using a custom runner image that is not based on the `Debian` distribution, the following instructions will not work. - -{% endnote %} +> [!NOTE] +> If you are using a custom runner image that is not based on the `Debian` distribution, the following instructions will not work. Some environments require TLS certificates that are signed by a custom certificate authority (CA). Since the custom certificate authority certificates are not bundled with the controller or runner containers, you must inject them into their respective trust stores. @@ -473,13 +452,10 @@ If you are using container jobs and services or container actions, the `containe ### Using Docker-in-Docker mode -{% note %} - -**Note:** The Docker-in-Docker container requires privileged mode. For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) in the Kubernetes documentation. - -By default, the `dind` container uses the `docker:dind` image, which runs the Docker daemon as root. You can replace this image with `docker:dind-rootless` as long as you are aware of the [known limitations](https://docs.docker.com/engine/security/rootless/#known-limitations) and run the pods with `--privileged` mode. To learn how to customize the Docker-in-Docker configuration, see "[Customizing container modes](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#customizing-container-modes)." - -{% endnote %} +> [!NOTE] +> The Docker-in-Docker container requires privileged mode. For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) in the Kubernetes documentation. +> +> By default, the `dind` container uses the `docker:dind` image, which runs the Docker daemon as root. You can replace this image with `docker:dind-rootless` as long as you are aware of the [known limitations](https://docs.docker.com/engine/security/rootless/#known-limitations) and run the pods with `--privileged` mode. To learn how to customize the Docker-in-Docker configuration, see "[Customizing container modes](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#customizing-container-modes)." Docker-in-Docker mode is a configuration that allows you to run Docker inside a Docker container. In this configuration, for each runner pod created, ARC creates the following containers. @@ -582,29 +558,26 @@ containerMode: {% data reusables.actions.actions-runner-controller-helm-chart-options %} -{% note %} - -**Note:** When Kubernetes mode is enabled, workflows that are not configured with a container job will fail with an error similar to: - - ```bash - Jobs without a job container are forbidden on this runner, please add a 'container:' to your job or contact your self-hosted runner administrator. - ``` - -To allow jobs without a job container to run, set `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` to `false` on your runner container. This instructs the runner to disable this check. - -```yaml -template: - spec: - containers: - - name: runner - image: ghcr.io/actions/actions-runner:latest - command: ["/home/runner/run.sh"] - env: - - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER - value: "false" -``` - -{% endnote %} +> [!NOTE] +> When Kubernetes mode is enabled, workflows that are not configured with a container job will fail with an error similar to: +> +> ```bash +> Jobs without a job container are forbidden on this runner, please add a 'container:' to your job or contact your self-hosted runner administrator. +> ``` +> +> To allow jobs without a job container to run, set `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` to `false` on your runner container. This instructs the runner to disable this check. +> +> ```yaml +> template: +> spec: +> containers: +> - name: runner +> image: ghcr.io/actions/actions-runner:latest +> command: ["/home/runner/run.sh"] +> env: +> - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER +> value: "false" +> ``` ### Customizing container modes @@ -839,11 +812,8 @@ There are two options to configure hook extensions. * Store in your **custom runner image**. You can store the PodSpec in a YAML file anywhere in your custom runner image. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller#creating-your-own-runner-image)." * Store in a **ConfigMap**. You can create a config map with the PodSpec and mount that config map in the runner container. For more information, see [ConfigMaps](https://kubernetes.io/docs/concepts/configuration/configmap/) in the Kubernetes documentation. -{% note %} - -**Note:** With both options, you must set the `ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE` environment variable in the runner container spec to point to the path of the YAML file mounted in the runner container. - -{% endnote %} +> [!NOTE] +> With both options, you must set the `ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE` environment variable in the runner container spec to point to the path of the YAML file mounted in the runner container. ##### Example: Using config map to set securityContext @@ -879,11 +849,8 @@ data: ## Enabling metrics -{% note %} - -**Note:** Metrics for ARC are available as of version gha-runner-scale-set-0.5.0. - -{% endnote %} +> [!NOTE] +> Metrics for ARC are available as of version gha-runner-scale-set-0.5.0. ARC can emit metrics about your runners, your jobs, and time spent on executing your workflows. Metrics can be used to identify congestion, monitor the health of your ARC deployment, visualize usage trends, optimize resource consumption, among many other use cases. Metrics are emitted by the controller-manager and listener pods in Prometheus format. For more information, see [Exposition formats](https://prometheus.io/docs/instrumenting/exposition_formats/) in the Prometheus documentation. @@ -898,11 +865,8 @@ metrics: listenerEndpoint: "/metrics" ``` -{% note %} - -**Note:** If the `metrics:` object is not provided or is commented out, the following flags will be applied to the controller-manager and listener pods with empty values: `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. This will disable metrics for ARC. - -{% endnote %} +> [!NOTE] +> If the `metrics:` object is not provided or is commented out, the following flags will be applied to the controller-manager and listener pods with empty values: `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. This will disable metrics for ARC. Once these properties are configured, your controller-manager and listener pods emit metrics via the listenerEndpoint bound to the ports that you specify in your [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set-controller/values.yaml) file. In the above example, the endpoint is `/metrics` and the port is `:8080`. You can use this endpoint to scrape metrics from your controller-manager and listener pods. @@ -912,11 +876,8 @@ To turn off metrics, update your [`values.yaml`](https://github.com/actions/acti The following table shows the metrics emitted by the controller-manager and listener pods. -{% note %} - -**Note:** The metrics that the controller-manager emits pertain to the controller runtime and are not owned by {% data variables.product.company_short %}. - -{% endnote %} +> [!NOTE] +> The metrics that the controller-manager emits pertain to the controller runtime and are not owned by {% data variables.product.company_short %}. | Owner | Metric | Type | Description | | ------------------ | --------------------------------------------- | --------- | ----------------------------------------------------------------------------------------------------------- | @@ -977,26 +938,16 @@ For more information, see "[Deploying a runner scale set](/actions/hosting-your- If you would like to upgrade ARC but are concerned about downtime, you can deploy ARC in a high availability configuration to ensure runners are always available. For more information, see "[High availability and automatic failover](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#high-availability-and-automatic-failover)." -{% note %} - -**Note:** - -Transitioning from the [community supported version of ARC](https://github.com/actions/actions-runner-controller/discussions/2775) to the GitHub supported version is a substantial architectural change. The GitHub supported version involves a redesign of many components of ARC. It is not a minor software upgrade. For these reasons, we recommend testing the new versions in a staging environment that matches your production environment first. This will ensure stability and reliability of the setup before deploying in production. - -{% endnote %} +> [!NOTE] +> Transitioning from the [community supported version of ARC](https://github.com/actions/actions-runner-controller/discussions/2775) to the GitHub supported version is a substantial architectural change. The GitHub supported version involves a redesign of many components of ARC. It is not a minor software upgrade. For these reasons, we recommend testing the new versions in a staging environment that matches your production environment first. This will ensure stability and reliability of the setup before deploying in production. ### Deploying a canary image You can test features before they are released by using canary releases of the controller-manager container image. Canary images are published with tag format `canary-SHORT_SHA`. For more information, see [`gha-runner-scale-set-controller`](https://github.com/actions/actions-runner-controller/pkgs/container/gha-runner-scale-set-controller) on the {% data variables.product.prodname_container_registry %}. -{% note %} - -**Notes:** - -* You must use Helm charts on your local file system. -* You cannot use the released Helm charts. - -{% endnote %} +> [!NOTE] +> * You must use Helm charts on your local file system. +> * You cannot use the released Helm charts. 1. Update the `tag` in the [gha-runner-scale-set-controller `values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set-controller/values.yaml) file to: `canary-SHORT_SHA` 1. Update the field `appVersion` in the [`Chart.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/Chart.yaml) file for `gha-runner-scale-set` to: `canary-SHORT_SHA` diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md index 7eb808463032..b3a39c0101df 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md @@ -28,11 +28,8 @@ In order to use ARC, ensure you have the following. * For a managed cloud environment, you can use AKS. For more information, see [Azure Kubernetes Service](https://azure.microsoft.com/en-us/products/kubernetes-service) in the Azure documentation. * For a local setup, you can use minikube or kind. For more information, see [minikube start](https://minikube.sigs.k8s.io/docs/start/) in the minikube documentation and [kind](https://kind.sigs.k8s.io/) in the kind documentation. - {% note %} - - **Note:** OpenShift clusters are currently unsupported. - - {% endnote %} + > [!NOTE] + > OpenShift clusters are currently unsupported. * Helm 3 * For more information, see [Installing Helm](https://helm.sh/docs/intro/install/) in the Helm documentation. @@ -69,13 +66,9 @@ In order to use ARC, ensure you have the following. * Set `GITHUB_CONFIG_URL` to the URL of your repository, organization, or enterprise. This is the entity that the runners will belong to. * This example command installs the latest version of the Helm chart. To install a specific version, you can pass the `--version` argument with the version of the chart you wish to install. You can find the list of releases in the [GitHub Container Registry](https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller-charts%2Fgha-runner-scale-set). - {% note %} - - **Note:** - * {% data reusables.actions.actions-runner-controller-security-practices-namespace %} - * {% data reusables.actions.actions-runner-controller-security-practices-secret %} For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller)." - - {% endnote %} + > [!NOTE] + > * {% data reusables.actions.actions-runner-controller-security-practices-namespace %} + > * {% data reusables.actions.actions-runner-controller-security-practices-secret %} For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller)." ```bash copy INSTALLATION_NAME="arc-runner-set" diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md index d90f15fb5bd2..a57269ea0904 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md @@ -21,13 +21,10 @@ If you are an organization or enterprise administrator, you might want to add yo For information on supported operating systems for self-hosted runners, or using self-hosted runners with a proxy server, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." -{% warning %} - -**Warning:** {% data reusables.actions.self-hosted-runner-security %} - -For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - -{% endwarning %} +> [!WARNING] +> {% data reusables.actions.self-hosted-runner-security %} +> +> For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." You can set up automation to scale the number of self-hosted runners. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners)." @@ -49,11 +46,8 @@ You can add self-hosted runners to a single repository. To add a self-hosted run For information about how to add a self-hosted runner with the REST API, see "[AUTOTITLE](/rest/actions/self-hosted-runners)." -{% note %} - -**Note**: {% data reusables.actions.disable-selfhosted-runners-crossrefs %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.disable-selfhosted-runners-crossrefs %} {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md index 58ef47ad3780..2b076c487c11 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md @@ -45,11 +45,8 @@ To add an ephemeral runner to your environment, include the `--ephemeral` parame The {% data variables.product.prodname_actions %} service will then automatically de-register the runner after it has processed one job. You can then create your own automation that wipes the runner after it has been de-registered. -{% note %} - -**Note:** If a job is labeled for a certain type of runner, but none matching that type are available, the job does not immediately fail at the time of queueing. Instead, the job will remain queued until the 24 hour timeout period expires. - -{% endnote %} +> [!NOTE] +> If a job is labeled for a certain type of runner, but none matching that type are available, the job does not immediately fail at the time of queueing. Instead, the job will remain queued until the 24 hour timeout period expires. {% ifversion actions-single-use-tokens %} diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md index 2db234d35f3f..3501ace620e4 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md @@ -20,12 +20,10 @@ defaultPlatform: linux {% capture service_nonwindows_intro %} -{% note %} - -**Note:** You must add a runner to {% data variables.product.product_name %} before you can configure the self-hosted runner application as a service. +> [!NOTE] +> You must add a runner to {% data variables.product.product_name %} before you can configure the self-hosted runner application as a service. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." -{% endnote %} {% endcapture %} {% capture service_win_name %}actions.runner.*{% endcapture %} @@ -42,13 +40,10 @@ For Linux systems that use `systemd`, you can use the `svc.sh` script that is cr {% windows %} -{% note %} - -**Note:** Configuring the self-hosted runner application as a service on Windows is part of the application configuration process. If you have already configured the self-hosted runner application but did not choose to configure it as a service, you must remove the runner from {% data variables.product.prodname_dotcom %} and re-configure the application. When you re-configure the application, choose the option to configure the application as a service. - -For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." - -{% endnote %} +> [!NOTE] +> Configuring the self-hosted runner application as a service on Windows is part of the application configuration process. If you have already configured the self-hosted runner application but did not choose to configure it as a service, you must remove the runner from {% data variables.product.prodname_dotcom %} and re-configure the application. When you re-configure the application, choose the option to configure the application as a service. +> +> For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." You can manage the runner service in the Windows **Services** application, or you can use PowerShell to run the commands below. diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md index a6db11fd05b3..c526b3cefb97 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md @@ -9,11 +9,8 @@ type: reference shortTitle: Customize containers used by jobs --- -{% note %} - -**Note**: This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. - -{% endnote %} +> [!NOTE] +> This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. ## About container customization @@ -476,11 +473,8 @@ No output is expected for `run_script_step`. {% data variables.product.prodname_dotcom %} has created an example repository that demonstrates how to generate customization scripts for Docker and Kubernetes. -{% note %} - -**Note:** The resulting scripts are available for testing purposes, and you will need to determine whether they are appropriate for your requirements. - -{% endnote %} +> [!NOTE] +> The resulting scripts are available for testing purposes, and you will need to determine whether they are appropriate for your requirements. 1. Clone the [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) repository to your self-hosted runner. @@ -502,11 +496,8 @@ When the resulting `index.js` is triggered by {% data variables.product.prodname The custom script must be located on the runner, but should not be stored in the self-hosted runner application directory (that is, the directory into which you downloaded and unpacked the runner software). The scripts are executed in the security context of the service account that's running the runner service. -{% note %} - -**Note**: The triggered script is processed synchronously, so it will block job execution while running. - -{% endnote %} +> [!NOTE] +> The triggered script is processed synchronously, so it will block job execution while running. The script is automatically executed when the runner has the following environment variable containing an absolute path to the script: diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md index 5678dd02e59d..ca785aa0466b 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md @@ -17,18 +17,13 @@ shortTitle: Remove self-hosted runners ## Removing a runner from a repository -{% note %} - -**Notes:** - -* {% data reusables.actions.self-hosted-runner-removal-impact %} -* {% data reusables.actions.self-hosted-runner-auto-removal %} +> [!NOTE] +> * {% data reusables.actions.self-hosted-runner-removal-impact %} +> * {% data reusables.actions.self-hosted-runner-auto-removal %} {%- ifversion actions-single-use-tokens %} -* {% data reusables.actions.jit-runner-removal %} +> * {% data reusables.actions.jit-runner-removal %} {%- endif %} -{% endnote %} - To remove a self-hosted runner from a user repository you must be the repository owner. Organization owners{% ifversion custom-org-roles %} and users with the "Manage organization runners and runner groups" permission{% endif %} can remove a runner from a repository in the organization. {% ifversion custom-org-roles %}For more information about custom organization roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %} We recommend that you also have access to the self-hosted runner machine. @@ -44,18 +39,13 @@ For information about how to remove a self-hosted runner with the REST API, see ## Removing a runner from an organization -{% note %} - -**Notes:** - -* {% data reusables.actions.self-hosted-runner-removal-impact %} -* {% data reusables.actions.self-hosted-runner-auto-removal %} +> [!NOTE] +> * {% data reusables.actions.self-hosted-runner-removal-impact %} +> * {% data reusables.actions.self-hosted-runner-auto-removal %} {%- ifversion actions-single-use-tokens %} -* {% data reusables.actions.jit-runner-removal %} +> * {% data reusables.actions.jit-runner-removal %} {%- endif %} -{% endnote %} - To remove a self-hosted runner from an organization, you must be an organization owner{% ifversion custom-org-roles %} or have the "Manage organization runners and runner groups" permission{% endif %}. We recommend that you also have access to the self-hosted runner machine. For information about how to remove a self-hosted runner with the REST API, see "[AUTOTITLE](/rest/actions/self-hosted-runners)." {% ifversion custom-org-roles %}For more information about custom organization roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %} @@ -73,16 +63,14 @@ To remove a self-hosted runner from an organization, you must be an organization If you use {% data variables.product.prodname_ghe_cloud %}, you can also remove runners from an enterprise. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-enterprise). {% endif %} {% ifversion ghec or ghes %} -{% note %} -**Notes:** - -* {% data reusables.actions.self-hosted-runner-removal-impact %} -* {% data reusables.actions.self-hosted-runner-auto-removal %} +> [!NOTE] +> * {% data reusables.actions.self-hosted-runner-removal-impact %} +> * {% data reusables.actions.self-hosted-runner-auto-removal %} {%- ifversion actions-single-use-tokens %} -* {% data reusables.actions.jit-runner-removal %} +> * {% data reusables.actions.jit-runner-removal %} + {%- endif %} -{% endnote %} To remove a self-hosted runner from an enterprise, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine. For information about how to remove a self-hosted runner with the REST API, see the enterprise endpoints in the [{% data variables.product.prodname_actions %} REST API](/rest/actions/self-hosted-runners). diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md index bcf37637d63d..9fd6434d4b7d 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md @@ -29,11 +29,8 @@ Your custom scripts can use the following features: Your script files must use a file extension for the relevant language, such as `.sh` or `.ps1`, in order to run successfully. -{% note %} - -**Note**: Avoid using your scripts to output sensitive information to the console, as anyone with read access to the repository might be able to see the output in the UI logs. - -{% endnote %} +> [!NOTE] +> Avoid using your scripts to output sensitive information to the console, as anyone with read access to the repository might be able to see the output in the UI logs. ### Handling exit codes @@ -45,11 +42,8 @@ The [`continue-on-error`](/actions/using-workflows/workflow-syntax-for-github-ac The custom scripts must be located on the runner, but should not be stored in the `actions-runner` application directory. The scripts are executed in the security context of the service account that's running the runner service. -{% note %} - -**Note**: The triggered scripts are processed synchronously, so they will block job execution while they are running. - -{% endnote %} +> [!NOTE] +> The triggered scripts are processed synchronously, so they will block job execution while they are running. The scripts are automatically executed when the runner has the following environment variables containing an absolute path to the script: * `ACTIONS_RUNNER_HOOK_JOB_STARTED`: The script defined in this environment variable is triggered when a job has been assigned to a runner, but before the job starts running. @@ -61,11 +55,8 @@ To set these environment variables, you can either add them to the operating sys ACTIONS_RUNNER_HOOK_JOB_STARTED=/opt/runner/cleanup_script.sh ``` -{% note %} - -**Note**: The script defined in `ACTIONS_RUNNER_HOOK_JOB_COMPLETED` is executed at the end of the job, before the job completes. This makes it unsuitable for use cases that may interrupt a runner, such as deleting the runner machine as part of an autoscaling implementation. - -{% endnote %} +> [!NOTE] +> The script defined in `ACTIONS_RUNNER_HOOK_JOB_COMPLETED` is executed at the end of the job, before the job completes. This makes it unsuitable for use cases that may interrupt a runner, such as deleting the runner machine as part of an autoscaling implementation. ## Troubleshooting diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md index c7e66c3ae253..e89ef73ce467 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md @@ -17,7 +17,8 @@ For information on how to use labels to route jobs to specific types of self-hos {% data reusables.actions.self-hosted-runner-management-permissions-required %} ->[!NOTE]Actions Runner Controller does not support multiple labels, to find out more please read our [Actions Runner Controller documentation](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller#using-arc-runners-in-a-workflow) +> [!NOTE] +> Actions Runner Controller does not support multiple labels, to find out more please read our [Actions Runner Controller documentation](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller#using-arc-runners-in-a-workflow) ## Creating a custom label @@ -27,11 +28,8 @@ You can create custom labels for runners at the repository{% ifversion ghec or g * [Creating a custom label for an organization runner](#creating-a-custom-label-for-an-organization-runner){% ifversion ghec or ghes %} * [Creating a custom label for an enterprise runner](#creating-a-custom-label-for-an-enterprise-runner){% endif %} -{% note %} - -**Note:** Labels are case-insensitive. - -{% endnote %} +> [!NOTE] +> Labels are case-insensitive. ### Creating a custom label for a repository runner @@ -124,11 +122,8 @@ You can programmatically assign labels to a self-hosted runner after the runner * To programmatically assign labels to an existing self-hosted runner, you must use the REST API. For more information, see "[AUTOTITLE](/rest/actions/self-hosted-runners)." * To programmatically assign labels to a self-hosted runner during the initial runner configuration, you can pass label names to the `config` script using the `labels` parameter. - {% note %} - - **Note:** You cannot use the `config` script to assign labels to an existing self-hosted runner. - - {% endnote %} + > [!NOTE] + > You cannot use the `config` script to assign labels to an existing self-hosted runner. For example, this command assigns a label named `gpu` when configuring a new self-hosted runner: @@ -144,8 +139,5 @@ You can programmatically assign labels to a self-hosted runner after the runner ./config.sh --url --token --labels gpu,x64,linux ``` - {% note %} - - **Note:** If you replace an existing runner, then you must reassign any custom labels. - - {% endnote %} + > [!NOTE] + > If you replace an existing runner, then you must reassign any custom labels. diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md index 670e09f9faf1..c40bd9e80165 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md @@ -31,13 +31,12 @@ You can configure environments with protection rules and secrets. When a workflo {% ifversion actions-break-glass %}Optionally, you can bypass an environment's protection rules and force all pending jobs referencing the environment to proceed. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules)."{% endif %} {% ifversion fpt %} -{% note %} -**Note:** Users with {% data variables.product.prodname_free_user %} plans can only configure environments for public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets. +> [!NOTE] +> Users with {% data variables.product.prodname_free_user %} plans can only configure environments for public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets. +> +> Organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %} can configure environments for private repositories. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." -Organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %} can configure environments for private repositories. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." - -{% endnote %} {% endif %} ## Deployment protection rules @@ -58,21 +57,23 @@ Use required reviewers to require a specific person or team to approve workflow For more information on reviewing jobs that reference an environment with required reviewers, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)." -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, required reviewers are only available for public repositories. +> [!NOTE] +> If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, required reviewers are only available for public repositories. -{% endnote %}{% endif %} +{% endif %} ### Wait timer Use a wait timer to delay a job for a specific amount of time after the job is initially triggered. The time (in minutes) must be an integer between 1 and 43,200 (30 days). -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, wait timers are only available for public repositories. +> [!NOTE] +> If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, wait timers are only available for public repositories. -{% endnote %}{% endif %} +{% endif %} ### Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} @@ -85,11 +86,10 @@ Use deployment branches{% ifversion deployment-protections-tag-patterns %} and t {%- endif %} * **Protected branches{% ifversion deployment-protections-tag-patterns %} only{% endif %}**: Only branches with branch protection rules enabled can deploy to the environment. If no branch protection rules are defined for any branch in the repository, then all branches can deploy. For more information about branch protection rules, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."{% ifversion actions-protected-branches-restrictions %} - {% note %} + > [!NOTE] + > Deployment workflow runs triggered by tags with the same name as a protected branch and forks with branches that match the protected branch name cannot deploy to the environment. - **Note:** Deployment workflow runs triggered by tags with the same name as a protected branch and forks with branches that match the protected branch name cannot deploy to the environment. - - {% endnote %}{% endif %} + {% endif %} * **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}**: Only branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} that match your specified name patterns can deploy to the environment. If you specify `releases/*` as a deployment branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} rule, only a branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches{% ifversion deployment-protections-tag-patterns %} or tags{% endif %} that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch). @@ -100,11 +100,12 @@ Use deployment branches{% ifversion deployment-protections-tag-patterns %} and t {% endif %} -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are also available for private repositories. +> [!NOTE] +> Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are also available for private repositories. -{% endnote %}{% endif %} +{% endif %} {% ifversion actions-break-glass %} @@ -114,11 +115,12 @@ By default, administrators can bypass the protection rules and force deployments Alternatively, you can configure environments to disallow bypassing the protection rules for all deployments to the environment. -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Allowing administrators to bypass protection rules is only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. +> [!NOTE] +> Allowing administrators to bypass protection rules is only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. -{% endnote %}{% endif %} +{% endif %} {% endif %} {% ifversion actions-custom-deployment-protection-rules-beta %} @@ -131,11 +133,12 @@ Alternatively, you can configure environments to disallow bypassing the protecti Once custom deployment protection rules have been created and installed on a repository, you can enable the custom deployment protection rule for any environment in the repository. For more information about configuring and enabling custom deployment protection rules, see "[AUTOTITLE](/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules)." -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Custom deployment protection rules are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. +> [!NOTE] +> Custom deployment protection rules are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. -{% endnote %}{% endif %} +{% endif %} {% endif %} @@ -144,45 +147,38 @@ Once custom deployment protection rules have been created and installed on a rep Secrets stored in an environment are only available to workflow jobs that reference the environment. If the environment requires approval, a job cannot access environment secrets until one of the required reviewers approves it. For more information about secrets, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)." {% ifversion fpt %} -{% note %} - -**Notes:** +> [!NOTE] +> * Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." +> * Environment secrets are only available in public repositories if you are using {% data variables.product.prodname_free_user %}. For access to environment secrets in private or internal repositories, you must use {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_enterprise %}. For more information on switching your plan, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)." -* Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." -* Environment secrets are only available in public repositories if you are using {% data variables.product.prodname_free_user %}. For access to environment secrets in private or internal repositories, you must use {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_enterprise %}. For more information on switching your plan, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)." - -{% endnote %} {% else %} -{% note %} -**Note:** Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." +> [!NOTE] +> Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." -{% endnote %} {% endif %} ## Environment variables Variables stored in an environment are only available to workflow jobs that reference the environment. These variables are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)." -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Environment variables are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, environment variables are also available for private repositories. +> [!NOTE] +> Environment variables are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, environment variables are also available for private repositories. -{% endnote %}{% endif %} +{% endif %} ## Creating an environment {% data reusables.actions.permissions-statement-environment %} {% ifversion fpt %} -{% note %} - -**Notes:** -* Creation of an environment in a private repository is available to organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %}. -* Some features for environments have no or limited availability for private repositories. If you are unable to access a feature described in the instructions below, please see the documentation linked in the related step for availability information. +> [!NOTE] +> * Creation of an environment in a private repository is available to organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %}. +> * Some features for environments have no or limited availability for private repositories. If you are unable to access a feature described in the instructions below, please see the documentation linked in the related step for availability information. -{% endnote %} {% endif %} {% data reusables.repositories.navigate-to-repo %} diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md index 87295e370a6f..4b34487ae409 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md @@ -27,11 +27,12 @@ For more information about environments and required approvals, see "[AUTOTITLE] * To approve the job, click **Approve and deploy**. Once a job is approved (and any other deployment protection rules have passed), the job will proceed. At this point, the job can access any secrets stored in the environment. * To reject the job, click **Reject**. If a job is rejected, the workflow will fail. -{% ifversion deployments-prevent-self-approval %}{% note %} +{% ifversion deployments-prevent-self-approval %} -**Note:** If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#required-reviewers)." +> [!NOTE] +> If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#required-reviewers)." -{% endnote %}{% endif %} +{% endif %} {% ifversion actions-break-glass %} @@ -39,14 +40,9 @@ For more information about environments and required approvals, see "[AUTOTITLE] If you have configured deployment protection rules that control whether software can be deployed to an environment, you can bypass these rules and force all pending jobs referencing the environment to proceed. -{% note %} - -**Notes:** - -* You cannot bypass deployment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#creating-an-environment)." -* You can only bypass deployment protection rules during workflow execution when a job referencing the environment is in a "Pending" state. - -{% endnote %} +> [!NOTE] +> * You cannot bypass deployment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#creating-an-environment)." +> * You can only bypass deployment protection rules during workflow execution when a job referencing the environment is in a "Pending" state. 1. Navigate to the workflow run. For more information about navigating to a workflow run, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." 1. To the right of **Deployment protection rules**, click **Start all waiting jobs**. diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md index 06bc83c6cbd4..65091fbd1757 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md @@ -43,11 +43,11 @@ By default, the deployments page shows currently active deployments from select * **To view the URL for a deployment**, to the right of the commit message in the deployment history list, click {% octicon "link-external" aria-label="Navigate to deployment URL" %}. * **To navigate to the workflow run logs associated with a deployment**, to the right of the commit message in the deployment history list, click {% octicon "kebab-horizontal" aria-label="View logs" %}, then click **View logs**.{% ifversion deployment-dashboard-filter %} 1. Optionally, to filter the deployment history list, create a filter. - 1. Click on the **{% octicon "filter" aria-hidden="true" %} Filter** button. - 1. Click **{% octicon "plus" aria-hidden="true" %} Add a filter**. + 1. Click on the **{% octicon "filter" aria-hidden="true" %} Filter** button. + 1. Click **{% octicon "plus" aria-hidden="true" %} Add a filter**. 1. Choose a qualifier you would like to filter the deployment history by. 1. Depending on the qualifier you chose, fill out information in the "Operator" and "Value" columns. - 1. Optionally, click **{% octicon "plus" aria-hidden="true" %} Add a filter** to add another filter. + 1. Optionally, click **{% octicon "plus" aria-hidden="true" %} Add a filter** to add another filter. 1. Click **Apply**.{% endif %} {% else %} diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md index 6219e13dd85e..6a0e6169272b 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md @@ -22,11 +22,8 @@ Temporarily disabling a workflow can be useful in many scenarios. These are a fe * A workflow that sends requests to a service that is down. * Workflows on a forked repository that aren't needed (for example, scheduled workflows). -{% warning %} - -**Warning:** {% data reusables.actions.scheduled-workflows-disabled %} - -{% endwarning %} +> [!WARNING] +> {% data reusables.actions.scheduled-workflows-disabled %} You can also disable and enable a workflow using the REST API. For more information, see "[AUTOTITLE](/rest/actions/workflows)." diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md index 291ae42af5da..998deaa1de9d 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md @@ -35,11 +35,9 @@ To trigger the `workflow_dispatch` event, your workflow must be in the default b ![Screenshot of the "Actions" page. Features apart from one workflow in the left sidebar are grayed out.](/assets/images/help/repository/actions-select-workflow.png) {%- endif %} 1. Above the list of workflow runs, click the **Run workflow** button. - {% note %} - **Note:** To see the **Run workflow** button, your workflow file must use the `workflow_dispatch` event trigger. Only workflow files that use the `workflow_dispatch` event trigger will have the option to run the workflow manually using the **Run workflow** button. For more information about configuring the `workflow_dispatch` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)." - - {% endnote %} + > [!NOTE] + > To see the **Run workflow** button, your workflow file must use the `workflow_dispatch` event trigger. Only workflow files that use the `workflow_dispatch` event trigger will have the option to run the workflow manually using the **Run workflow** button. For more information about configuring the `workflow_dispatch` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)." ![Screenshot of a workflow page. Above the list of workflow runs, a button, labeled "Run workflow", is outlined in dark orange.](/assets/images/help/actions/actions-workflow-dispatch.png) 1. Select the **Branch** dropdown menu and click a branch to run the workflow on. @@ -88,10 +86,7 @@ gh run watch When using the REST API, you configure the `inputs` and `ref` as request body parameters. If the inputs are omitted, the default values defined in the workflow file are used. -{% note %} - -**Note:** You can define up to 10 `inputs` for a `workflow_dispatch` event. - -{% endnote %} +> [!NOTE] +> You can define up to 10 `inputs` for a `workflow_dispatch` event. For more information about using the REST API, see "[AUTOTITLE](/rest/actions/workflows#create-a-workflow-dispatch-event)." diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md index 7dd813db73d9..29c0160d9b12 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md @@ -14,11 +14,8 @@ redirect_from: ## Deleting an artifact -{% warning %} - -**Warning:** Once you delete an artifact, it cannot be restored. - -{% endwarning %} +> [!WARNING] +> Once you delete an artifact, it cannot be restored. {% data reusables.repositories.permissions-statement-write %} diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md index cb5913ec662b..3dd59237c949 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md @@ -12,11 +12,8 @@ redirect_from: {% data reusables.actions.enterprise-github-hosted-runners %} -{% note %} - -**Note:** If a workflow is skipped due to [path filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), [branch filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore) or a commit message (see below), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging. - -{% endnote %} +> [!NOTE] +> If a workflow is skipped due to [path filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), [branch filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore) or a commit message (see below), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging. Workflows that would otherwise be triggered using `on: push` or `on: pull_request` won't be triggered if you add any of the following strings to the commit message in a push, or the HEAD commit of a pull request: @@ -34,10 +31,7 @@ Alternatively, you can add a `skip-checks` trailer to your commit message. The t You won't be able to merge the pull request if your repository is configured to require specific checks to pass first. To allow the pull request to be merged you can push a new commit to the pull request without the skip instruction in the commit message. -{% note %} - -**Note:** Skip instructions only apply to the `push` and `pull_request` events. For example, adding `[skip ci]` to a commit message won't stop a workflow that's triggered `on: pull_request_target` from running. - -{% endnote %} +> [!NOTE] +> Skip instructions only apply to the `push` and `pull_request` events. For example, adding `[skip ci]` to a commit message won't stop a workflow that's triggered `on: pull_request_target` from running. Skip instructions only apply to the workflow run(s) that would be triggered by the commit that contains the skip instructions. You can also disable a workflow from running. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/disabling-and-enabling-a-workflow)." diff --git a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md index 3a7a7d15acad..07849e65717d 100644 --- a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md +++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md @@ -43,11 +43,8 @@ Alternatively, you can use the glob pattern syntax to specify multiple custom tr gh actions-importer ... --custom-transformers transformers/*.rb ``` -{% note %} - -**Note:** When you use custom transformers, the custom transformer files must reside in the same directory, or in subdirectories, from where the `gh actions-importer` command is run. - -{% endnote %} +> [!NOTE] +> When you use custom transformers, the custom transformer files must reside in the same directory, or in subdirectories, from where the `gh actions-importer` command is run. ## Creating custom transformers for items @@ -91,11 +88,8 @@ The above example results in the following {% data variables.product.prodname_ac The `transform` method uses the identifier of the build step from your source CI/CD instance in an argument. In this example, the identifier is `buildJavaScriptLibrary`. You can also use comma-separated values to pass multiple identifiers to the `transform` method. For example, `transform "buildJavaScriptApp", "buildTypeScriptApp" { |item| ... }`. -{% note %} - -**Note**: The data structure of `item` will be different depending on the CI/CD platform and the type of item being converted. - -{% endnote %} +> [!NOTE] +> The data structure of `item` will be different depending on the CI/CD platform and the type of item being converted. ## Creating custom transformers for runners @@ -171,11 +165,8 @@ There are several ways you can set up custom transformers to map your environmen env /^(.+)_SSH_KEY/, secret("%s_SSH_KEY) ``` - {% note %} - - **Note**: The order in which `env` methods are defined matters when using regular expressions. The first `env` transformer that matches an environment variable name takes precedence over subsequent `env` methods. You should define your most specific environment variable transformers first. - - {% endnote %} + > [!NOTE] + > The order in which `env` methods are defined matters when using regular expressions. The first `env` transformer that matches an environment variable name takes precedence over subsequent `env` methods. You should define your most specific environment variable transformers first. ## Legal notice diff --git a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md index 8a1455c24259..7656ccaa8001 100644 --- a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md +++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md @@ -536,11 +536,8 @@ steps: | stage | `job` | Partially supported | | stageList | `job` | Partially supported | -{% note %} - -**Note:** A template used under the `step` key with this parameter type is only serialized as a composite action if the steps are used at the beginning or end of the template steps. A template used under the `stage`, `deployment`, and `job` keys with this parameter type are not transformed into a reusable workflow, and instead are serialized as a standalone workflow. - -{% endnote %} +> [!NOTE] +> A template used under the `step` key with this parameter type is only serialized as a composite action if the steps are used at the beginning or end of the template steps. A template used under the `stage`, `deployment`, and `job` keys with this parameter type are not transformed into a reusable workflow, and instead are serialized as a standalone workflow. ## Legal notice diff --git a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md index 6719c745f615..edeb53ce93f9 100644 --- a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md +++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md @@ -371,11 +371,8 @@ For more information about supported Bamboo concept and plugin mappings, see the | `bamboo.shortPlanKey` | {% raw %}`${{ github.workflow }}`{% endraw %} | `bamboo.shortPlanName` | {% raw %}`${{ github.workflow }}`{% endraw %} -{% note %} - -**Note:** Unknown variables are transformed to {% raw %}`${{ env. }}`{% endraw %} and must be replaced or added under `env` for proper operation. For example, `${bamboo.jira.baseUrl}` will become {% raw %}`${{ env.jira_baseUrl }}`{% endraw %}. - -{% endnote %} +> [!NOTE] +> Unknown variables are transformed to {% raw %}`${{ env. }}`{% endraw %} and must be replaced or added under `env` for proper operation. For example, `${bamboo.jira.baseUrl}` will become {% raw %}`${{ env.jira_baseUrl }}`{% endraw %}. ### System Variables diff --git a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md index 5e6dc8f84a23..c6d0b1799eea 100644 --- a/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md +++ b/content/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md @@ -212,11 +212,8 @@ This section contains reference information on environment variables, optional a * `GITHUB_INSTANCE_URL`: The URL to the target {% data variables.product.prodname_dotcom %} instance (for example, `https://github.com`). * `JENKINS_ACCESS_TOKEN`: The Jenkins API token used to view Jenkins resources. - {% note %} - - **Note**: This token requires access to all jobs that you want to migrate or audit. In cases where a folder or job does not inherit access control lists from their parent, you must grant explicit permissions or full admin privileges. - - {% endnote %} + > [!NOTE] + > This token requires access to all jobs that you want to migrate or audit. In cases where a folder or job does not inherit access control lists from their parent, you must grant explicit permissions or full admin privileges. * `JENKINS_USERNAME`: The username of the user account that created the Jenkins API token. * `JENKINS_INSTANCE_URL`: The URL of the Jenkins instance. diff --git a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md index 2857b0565dbd..1404091f6837 100644 --- a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md +++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md @@ -13,11 +13,8 @@ versions: {% data reusables.actions.enterprise-github-hosted-runners %} -{% note %} - -**Note**: Workflow badges in a private repository are not accessible externally, so you won't be able to embed them or link to them from an external site. - -{% endnote %} +> [!NOTE] +> Workflow badges in a private repository are not accessible externally, so you won't be able to embed them or link to them from an external site. {% data reusables.repositories.actions-workflow-status-badge-intro %} diff --git a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md index 9deda463f111..b03b02284256 100644 --- a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md +++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md @@ -63,11 +63,8 @@ You can download the log files from your workflow run. You can also download a w {% ifversion re-run-jobs %} - {% note %} - - **Note**: When you download the log archive for a workflow that was partially re-run, the archive only includes the jobs that were re-run. To get a complete set of logs for jobs that were run from a workflow, you must download the log archives for the previous run attempts that ran the other jobs. - - {% endnote %} + > [!NOTE] + > When you download the log archive for a workflow that was partially re-run, the archive only includes the jobs that were re-run. To get a complete set of logs for jobs that were run from a workflow, you must download the log archives for the previous run attempts that ran the other jobs. {% endif %} diff --git a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md index 027c0100e1fd..879cc99893c7 100644 --- a/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md +++ b/content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md @@ -21,8 +21,5 @@ Billable job execution minutes are only shown for jobs run on private repositori 1. Under the job summary, you can view the job's execution time. 1. To view details about the billable job execution time, in the left sidebar under "Run details", click **{% octicon "stopwatch" aria-hidden="true" %} Usage**. - {% note %} - - **Note:** The billable time shown does not include any minute multipliers. To view your total {% data variables.product.prodname_actions %} usage, including minute multipliers, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/viewing-your-github-actions-usage)." - - {% endnote %} + > [!NOTE] + > The billable time shown does not include any minute multipliers. To view your total {% data variables.product.prodname_actions %} usage, including minute multipliers, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/viewing-your-github-actions-usage)." diff --git a/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md index cf758961165d..6cc24558de71 100644 --- a/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md +++ b/content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md @@ -36,19 +36,13 @@ Some information that {% data variables.contact.github_support %} will request c Self-hosted runner log file names are be formatted: `Runner_YYYY####-xxxxxx-utc.log` and `Worker_YYYY####-xxxxxx-utc.log`. -{% note %} +> [!NOTE] +> Attach files to your support ticket by changing the file's extension to `.txt` or `.zip`. If you include textual data such as log or workflow file snippets inline in your ticket, ensure they are formatted correctly as Markdown code blocks. For more information about proper Markdown formatting, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)." +> +> If the information you provide is unreadable due to the loss of formatting by improper Markdown syntax, {% data variables.contact.github_support %} may request that resubmit the information either as an attachment or with the correct Markdown formatting. -**Note:** Attach files to your support ticket by changing the file's extension to `.txt` or `.zip`. If you include textual data such as log or workflow file snippets inline in your ticket, ensure they are formatted correctly as Markdown code blocks. For more information about proper Markdown formatting, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)." - -If the information you provide is unreadable due to the loss of formatting by improper Markdown syntax, {% data variables.contact.github_support %} may request that resubmit the information either as an attachment or with the correct Markdown formatting. - -{% endnote %} - -{% warning %} - -**Warning:** Ensure all files and text provided to {% data variables.contact.github_support %} have been properly redacted to remove sensitive information such as tokens and other secrets. - -{% endwarning %} +> [!WARNING] +> Ensure all files and text provided to {% data variables.contact.github_support %} have been properly redacted to remove sensitive information such as tokens and other secrets. {% ifversion ghes %} Depending on the nature of your inquiry, {% data variables.contact.github_support %} may also request that you generate and upload a support bundle for further review and analysis. For more information about providing data to {% data variables.contact.github_support %} and support bundles, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)." diff --git a/content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md b/content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md index 90c36f8b3532..4062da830817 100644 --- a/content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md +++ b/content/actions/security-for-github-actions/security-guides/automatic-token-authentication.md @@ -28,13 +28,10 @@ The token is also available in the `github.token` context. For more information, ## Using the `GITHUB_TOKEN` in a workflow -You can use the `GITHUB_TOKEN` by using the standard syntax for referencing secrets: {%raw%}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. Examples of using the `GITHUB_TOKEN` include passing the token as an input to an action, or using it to make an authenticated {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API request. +You can use the `GITHUB_TOKEN` by using the standard syntax for referencing secrets: {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. Examples of using the `GITHUB_TOKEN` include passing the token as an input to an action, or using it to make an authenticated {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API request. -{% note %} - -**Important:** An action can access the `GITHUB_TOKEN` through the `github.token` context even if the workflow does not explicitly pass the `GITHUB_TOKEN` to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the `GITHUB_TOKEN`. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." - -{% endnote %} +> [!IMPORTANT] +> An action can access the `GITHUB_TOKEN` through the `github.token` context even if the workflow does not explicitly pass the `GITHUB_TOKEN` to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the `GITHUB_TOKEN`. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." {% data reusables.actions.actions-do-not-trigger-workflows %} @@ -104,14 +101,10 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau {% endrowheaders %} -{% note %} - -**Notes:** -* When a workflow is triggered by the [`pull_request_target`](/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event, the `GITHUB_TOKEN` is granted read/write repository permission, even when it is triggered from a public fork. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)." -* Private repositories can control whether pull requests from forks can run workflows, and can configure the permissions assigned to `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)." -* {% data reusables.actions.workflow-runs-dependabot-note %} - -{% endnote %} +> [!NOTE] +> * When a workflow is triggered by the [`pull_request_target`](/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event, the `GITHUB_TOKEN` is granted read/write repository permission, even when it is triggered from a public fork. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)." +> * Private repositories can control whether pull requests from forks can run workflows, and can configure the permissions assigned to `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)." +> * {% data reusables.actions.workflow-runs-dependabot-note %} ### Modifying the permissions for the `GITHUB_TOKEN` @@ -127,11 +120,8 @@ The two workflow examples earlier in this article show the `permissions` key bei For full details of the `permissions` key, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#permissions)." -{% note %} - -**Note:** Organization{% ifversion not fpt %} and enterprise{% endif %} owners can prevent you from granting write access to the `GITHUB_TOKEN` at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization){% ifversion not fpt %} and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise)."{% else %}."{% endif %} - -{% endnote %} +> [!NOTE] +> Organization{% ifversion not fpt %} and enterprise{% endif %} owners can prevent you from granting write access to the `GITHUB_TOKEN` at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization){% ifversion not fpt %} and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise)."{% else %}."{% endif %} #### How the permissions are calculated for a workflow job @@ -139,7 +129,7 @@ The permissions for the `GITHUB_TOKEN` are initially set to the default setting ### Granting additional permissions -If you need a token that requires permissions that aren't available in the `GITHUB_TOKEN`, you can create a {% data variables.product.prodname_github_app %} and generate an installation access token within your workflow. For more information, see "[AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow)." Alternatively, you can create a {% data variables.product.pat_generic %}, store it as a secret in your repository, and use the token in your workflow with the {%raw%}`${{ secrets.SECRET_NAME }}`{% endraw %} syntax. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)" and "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)." +If you need a token that requires permissions that aren't available in the `GITHUB_TOKEN`, you can create a {% data variables.product.prodname_github_app %} and generate an installation access token within your workflow. For more information, see "[AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow)." Alternatively, you can create a {% data variables.product.pat_generic %}, store it as a secret in your repository, and use the token in your workflow with the {% raw %}`${{ secrets.SECRET_NAME }}`{% endraw %} syntax. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)" and "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)." ### Further reading diff --git a/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md b/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md index a778e478b015..731482319d13 100644 --- a/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md +++ b/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md @@ -46,11 +46,8 @@ To help prevent accidental disclosure, {% data variables.product.product_name %} * **Consider requiring review for access to secrets** * You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)" and "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)." -{% warning %} - -**Warning**: Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required. - -{% endwarning %} +> [!WARNING] +> Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required. ## Using `CODEOWNERS` to monitor changes @@ -155,7 +152,7 @@ With this approach, the value of the {% raw %}`${{ github.event.issue.title }}`{ ### Using workflow templates for {% data variables.product.prodname_code_scanning %} {% data reusables.advanced-security.starter-workflows-beta %} -{% data variables.product.prodname_code_scanning_caps %} allows you to find security vulnerabilities before they reach production. {% data variables.product.product_name %} provides workflow templates for {% data variables.product.prodname_code_scanning %}. You can use these suggested workflows to construct your {% data variables.product.prodname_code_scanning %} workflows, instead of starting from scratch. {% data variables.product.company_short%}'s workflow, the {% data variables.code-scanning.codeql_workflow %}, is powered by {% data variables.product.prodname_codeql %}. There are also third-party workflow templates available. +{% data variables.product.prodname_code_scanning_caps %} allows you to find security vulnerabilities before they reach production. {% data variables.product.product_name %} provides workflow templates for {% data variables.product.prodname_code_scanning %}. You can use these suggested workflows to construct your {% data variables.product.prodname_code_scanning %} workflows, instead of starting from scratch. {% data variables.product.company_short %}'s workflow, the {% data variables.code-scanning.codeql_workflow %}, is powered by {% data variables.product.prodname_codeql %}. There are also third-party workflow templates available. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-code-scanning-using-third-party-actions)." @@ -237,11 +234,8 @@ These sections consider some of the steps an attacker can take if they're able t {% ifversion fpt or ghec %} -{% note %} - -**Note:** {% data variables.product.prodname_dotcom %}-hosted runners do not scan for malicious code downloaded by a user during their job, such as a compromised third party library. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %}-hosted runners do not scan for malicious code downloaded by a user during their job, such as a compromised third party library. {% endif %} @@ -353,11 +347,8 @@ Some customers might attempt to partially mitigate these risks by implementing s To improve runner registration security, you can use the REST API to create ephemeral, just-in-time (JIT) runners. These self-hosted runners perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information about configuring JIT runners, see "[AUTOTITLE](/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization)." -{% note %} - -**Note:** Re-using hardware to host JIT runners can risk exposing information from the environment. Use automation to ensure the JIT runner uses a clean environment. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling)." - -{% endnote %} +> [!NOTE] +> Re-using hardware to host JIT runners can risk exposing information from the environment. Use automation to ensure the JIT runner uses a clean environment. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling)." Once you have the config file from the REST API response, you can pass it to the runner at startup. diff --git a/content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md b/content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md index ef600c9e54db..335cfcee54b0 100644 --- a/content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md +++ b/content/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md @@ -43,11 +43,8 @@ You can set up your repositories so that you: You can use {% data variables.product.prodname_dependabot %} to monitor the actions in your workflows and enable {% data variables.product.prodname_dependabot_alerts %} to notify you when an action you use has a reported vulnerability. {% data variables.product.prodname_dependabot %} performs a scan of the default branch of the repositories where it is enabled to detect insecure dependencies. {% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when a new advisory is added to the {% data variables.product.prodname_advisory_database %} or when an action you use is updated. -{% note %} - -**Note:** {% data variables.product.prodname_dependabot %} only creates alerts for vulnerable actions that use semantic versioning and will not create alerts for actions pinned to SHA values. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot %} only creates alerts for vulnerable actions that use semantic versioning and will not create alerts for actions pinned to SHA values. {% ifversion fpt or ghec %}You can enable {% data variables.product.prodname_dependabot_alerts %} for your personal account, for a repository, or for an organization. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)."{% else %}An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can manage {% data variables.product.prodname_dependabot_alerts %} for your repository. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %} @@ -76,13 +73,8 @@ The following features can automatically update the actions in your workflows. * **{% data variables.product.prodname_dependabot_version_updates %}** open pull requests to update actions to the latest version when a new version is released. * **{% data variables.product.prodname_dependabot_security_updates %}** open pull requests to update actions with reported vulnerabilities to the minimum patched version. -{% note %} - -**Notes:** - -{% data reusables.actions.dependabot-version-updates-actions-caveats %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.dependabot-version-updates-actions-caveats %} For information on how to configure {% data variables.product.prodname_dependabot_version_updates %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." diff --git a/content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md b/content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md index b5f48a3b47c2..a121cf3b279a 100644 --- a/content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md +++ b/content/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md @@ -27,11 +27,8 @@ Secrets are variables that you create in an organization, repository, or reposit For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until approval is granted by required approvers. -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} ### Naming your secrets @@ -65,11 +62,8 @@ When generating a {% data variables.product.pat_v1 %}, select the fewest scopes Instead of using a {% data variables.product.pat_generic %}, consider using a {% data variables.product.prodname_github_app %}, which uses fine-grained permissions and short lived tokens, similar to a {% data variables.product.pat_v2 %}. Unlike a {% data variables.product.pat_generic %}, a {% data variables.product.prodname_github_app %} is not tied to a user, so the workflow will continue to work even if the user who installed the app leaves your organization. For more information, see "[AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow)." -{% note %} - -**Note:** Users with collaborator access to a repository can use the REST API to manage secrets for that repository, and users with admin access to an organization can use the REST API to manage secrets for that organization. For more information, see "[AUTOTITLE](/rest/actions/secrets)." - -{% endnote %} +> [!NOTE] +> Users with collaborator access to a repository can use the REST API to manage secrets for that repository, and users with admin access to an organization can use the REST API to manage secrets for that organization. For more information, see "[AUTOTITLE](/rest/actions/secrets)." ## Creating secrets for a repository @@ -171,15 +165,12 @@ gh secret list --env ENV_NAME {% cli %} -{% note %} - -**Note:** By default, {% data variables.product.prodname_cli %} authenticates with the `repo` and `read:org` scopes. To manage organization secrets, you must additionally authorize the `admin:org` scope. - -```shell -gh auth login --scopes "admin:org" -``` - -{% endnote %} +> [!NOTE] +> By default, {% data variables.product.prodname_cli %} authenticates with the `repo` and `read:org` scopes. To manage organization secrets, you must additionally authorize the `admin:org` scope. +> +> ```shell +> gh auth login --scopes "admin:org" +> ``` To add a secret for an organization, use the `gh secret set` subcommand with the `--org` or `-o` flag followed by the organization name. @@ -218,15 +209,9 @@ You can check which access policies are being applied to a secret in your organi ## Using secrets in a workflow -{% note %} - -**Notes:** - -* {% data reusables.actions.forked-secrets %} - -* Secrets are not automatically passed to reusable workflows. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow)." - -{% endnote %} +> [!NOTE] +> * {% data reusables.actions.forked-secrets %} +> * Secrets are not automatically passed to reusable workflows. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow)." To provide an action with a secret as an input or environment variable, you can use the `secrets` context to access secrets you've created in your repository. For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts)" and "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions)." @@ -312,11 +297,8 @@ Secrets are limited to 48 KB in size. To store larger secrets, see the "[Storing To use secrets that are larger than 48 KB, you can use a workaround to store secrets in your repository and save the decryption passphrase as a secret on {% data variables.product.prodname_dotcom %}. For example, you can use `gpg` to encrypt a file containing your secret locally before checking the encrypted file in to your repository on {% data variables.product.prodname_dotcom %}. For more information, see the "[gpg manpage](https://www.gnupg.org/gph/de/manual/r1023.html)." -{% warning %} - -**Warning**: Be careful that your secrets do not get printed when your workflow runs. When using this workaround, {% data variables.product.prodname_dotcom %} does not redact secrets that are printed in logs. - -{% endwarning %} +> [!WARNING] +> Be careful that your secrets do not get printed when your workflow runs. When using this workaround, {% data variables.product.prodname_dotcom %} does not redact secrets that are printed in logs. 1. Run the following command from your terminal to encrypt the file containing your secret using `gpg` and the AES256 cipher algorithm. In this example, `my_secret.json` is the file containing the secret. @@ -330,11 +312,8 @@ To use secrets that are larger than 48 KB, you can use a workaround to store sec 1. Copy your encrypted file to a path in your repository and commit it. In this example, the encrypted file is `my_secret.json.gpg`. - {% warning %} - - **Warning**: Make sure to copy the encrypted `my_secret.json.gpg` file ending with the `.gpg` file extension, and **not** the unencrypted `my_secret.json` file. - - {% endwarning %} + > [!WARNING] + > Make sure to copy the encrypted `my_secret.json.gpg` file ending with the `.gpg` file extension, and **not** the unencrypted `my_secret.json` file. ```shell git add my_secret.json.gpg @@ -391,11 +370,8 @@ To use secrets that are larger than 48 KB, you can use a workaround to store sec You can use Base64 encoding to store small binary blobs as secrets. You can then reference the secret in your workflow and decode it for use on the runner. For the size limits, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions#limits-for-secrets)." -{% note %} - -**Note**: Note that Base64 only converts binary to text, and is not a substitute for actual encryption. - -{% endnote %} +> [!NOTE] +> Note that Base64 only converts binary to text, and is not a substitute for actual encryption. 1. Use `base64` to encode your file into a Base64 string. For example: @@ -440,11 +416,8 @@ You can use Base64 encoding to store small binary blobs as secrets. You can then openssl x509 -in cert.der -inform DER -text -noout ``` -{% note %} - -**Note**: Using another shell might require different commands for decoding the secret to a file. On Windows runners, we recommend [using a bash shell](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell) with `shell: bash` to use the commands in the `run` step above. - -{% endnote %} +> [!NOTE] +> Using another shell might require different commands for decoding the secret to a file. On Windows runners, we recommend [using a bash shell](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell) with `shell: bash` to use the commands in the `run` step above. ## Redacting secrets from workflow run logs diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md index 5e948e5730bc..fe7842c1a013 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md @@ -166,11 +166,8 @@ If you need more granular trust conditions, you can customize the {% ifversion g There are also many additional claims supported in the OIDC token that can be used for setting these conditions. In addition, your cloud provider could allow you to assign a role to the access tokens, letting you specify even more granular permissions. -{% note %} - -**Note**: To control how your cloud provider issues access tokens, you **must** define at least one condition, so that untrusted repositories can’t request access tokens for your cloud resources. - -{% endnote %} +> [!NOTE] +> To control how your cloud provider issues access tokens, you **must** define at least one condition, so that untrusted repositories can’t request access tokens for your cloud resources. ### Example subject claims @@ -294,19 +291,13 @@ After this setting is applied, the JWT will contain the updated `iss` value. In To help improve security, compliance, and standardization, you can customize the standard claims to suit your required access conditions. If your cloud provider supports conditions on subject claims, you can create a condition that checks whether the `sub` value matches the path of the reusable workflow, such as `"job_workflow_ref:octo-org/octo-automation/.github/workflows/oidc.yml@refs/heads/main"`. The exact format will vary depending on your cloud provider's OIDC configuration. To configure the matching condition on {% data variables.product.prodname_dotcom %}, you can can use the REST API to require that the `sub` claim must always include a specific custom claim, such as `job_workflow_ref`. You can use the REST API to apply a customization template for the OIDC subject claim; for example, you can require that the `sub` claim within the OIDC token must always include a specific custom claim, such as `job_workflow_ref`. For more information, see "[AUTOTITLE](/rest/actions/oidc)." -{% note %} - -**Note**: When the organization template is applied, it will not affect any workflows already using OIDC unless their repository has opted in to custom organization templates. For all repositories, existing and new, the repository owner will need to use the repository-level REST API to opt in to receive this configuration by setting `use_default` to `false`. Alternatively, the repository owner could use the REST API to apply a different configuration specific to the repository. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)." - -{% endnote %} +> [!NOTE] +> When the organization template is applied, it will not affect any workflows already using OIDC unless their repository has opted in to custom organization templates. For all repositories, existing and new, the repository owner will need to use the repository-level REST API to opt in to receive this configuration by setting `use_default` to `false`. Alternatively, the repository owner could use the REST API to apply a different configuration specific to the repository. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)." Customizing the claims results in a new format for the entire `sub` claim, which replaces the default predefined `sub` format in the token described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims)." -{% note %} - -**Note**: The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository. - -{% endnote %} +> [!NOTE] +> The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository. The following example templates demonstrate various ways to customize the subject claim. To configure these settings on {% data variables.product.prodname_dotcom %}, admins use the REST API to specify a list of claims that must be included in the subject (`sub`) claim. diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md index 67b9380663bc..bfcf57d73a54 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md @@ -34,16 +34,13 @@ This guide explains how to configure AWS to trust {% data variables.product.prod {% ifversion ghes %} {% data reusables.actions.oidc-endpoints %} - {% note %} - **Note:** You can restrict access to the OIDC endpoints by allowing only [AWS IP address ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html). + > [!NOTE] + > You can restrict access to the OIDC endpoints by allowing only [AWS IP address ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html). - {% endnote %} - {% note %} + > [!NOTE] + > {% data variables.product.prodname_dotcom %} does not natively support AWS session tags. - **Note:** {% data variables.product.prodname_dotcom %} does not natively support AWS session tags. - - {% endnote %} {% endif %} ## Adding the identity provider to AWS @@ -57,11 +54,8 @@ To add the {% data variables.product.prodname_dotcom %} OIDC provider to IAM, se To configure the role and trust in IAM, see the AWS documentation "[Configure AWS Credentials for GitHub Actions](https://github.com/aws-actions/configure-aws-credentials#configure-aws-credentials-for-github-actions)" and "[Configuring a role for GitHub OIDC identity provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html#idp_oidc_Create_GitHub)." -{% note %} - -**Note**: AWS Identity and Access Management (IAM) recommends that users evaluate the IAM condition key, `token.actions.githubusercontent.com:sub`, in the trust policy of any role that trusts {% data variables.product.prodname_dotcom %}’s OIDC identity provider (IdP). Evaluating this condition key in the role trust policy limits which {% data variables.product.prodname_dotcom %} actions are able to assume the role. - -{% endnote %} +> [!NOTE] +> AWS Identity and Access Management (IAM) recommends that users evaluate the IAM condition key, `token.actions.githubusercontent.com:sub`, in the trust policy of any role that trusts {% data variables.product.prodname_dotcom %}’s OIDC identity provider (IdP). Evaluating this condition key in the role trust policy limits which {% data variables.product.prodname_dotcom %} actions are able to assume the role. Edit the trust policy, adding the `sub` field to the validation conditions. For example: diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md index c17355077ce7..7db66568c528 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md @@ -32,11 +32,9 @@ This guide gives an overview of how to configure Azure to trust {% data variable {% ifversion ghes %} {% data reusables.actions.oidc-endpoints %} - {% note %} - **Note:** Microsoft Entra ID (previously known as Azure AD) does not have fixed IP ranges defined for these endpoints. - - {% endnote %} + > [!NOTE] + > Microsoft Entra ID (previously known as Azure AD) does not have fixed IP ranges defined for these endpoints. * Make sure that the value of the issuer claim that's included with the JSON Web Token (JWT) is set to a publicly routable URL. For more information, see "[AUTOTITLE](/enterprise-server@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)." {% endif %} diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md index 27569033f54f..350d8d4afeed 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md @@ -49,11 +49,10 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio ``` {% ifversion ghec %} - {% note %} - **Note:** If a unique issuer URL for an enterprise was set using the REST API (as described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#switching-to-a-unique-token-url)"), the values for `bound_issuer` and `oidc_discover_url` must match that unique URL. For example, for an enterprise named `octocat` that uses the unique issuer URL, `bound_issuer` and `oidc_discovery_url` must be set to `https://token.actions.githubusercontent.com/octocat`. + > [!NOTE] + > If a unique issuer URL for an enterprise was set using the REST API (as described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#switching-to-a-unique-token-url)"), the values for `bound_issuer` and `oidc_discover_url` must match that unique URL. For example, for an enterprise named `octocat` that uses the unique issuer URL, `bound_issuer` and `oidc_discovery_url` must be set to `https://token.actions.githubusercontent.com/octocat`. - {% endnote %} {% endif %} 1. Configure a policy that only grants access to the specific paths your workflows will use to retrieve secrets. For more advanced policies, see the HashiCorp Vault [Policies documentation](https://www.vaultproject.io/docs/concepts/policies). @@ -112,13 +111,8 @@ This example demonstrates how to use OIDC with the official action to request a {% data reusables.actions.oidc-permissions-token %} -{% note %} - -**Note**: - -When the `permissions` key is used, all unspecified permissions are set to _no access_, with the exception of the metadata scope, which always gets _read_ access. As a result, you may need to add other permissions, such as `contents: read`. See [Automatic token authentication](/actions/security-guides/automatic-token-authentication) for more information. - -{% endnote %} +> [!NOTE] +> When the `permissions` key is used, all unspecified permissions are set to _no access_, with the exception of the metadata scope, which always gets _read_ access. As a result, you may need to add other permissions, such as `contents: read`. See [Automatic token authentication](/actions/security-guides/automatic-token-authentication) for more information. ### Requesting the access token @@ -153,14 +147,9 @@ jobs: # This step has access to the secret retrieved above; see hashicorp/vault-action for more details. ``` -{% note %} - -**Note**: - -* If your Vault server is not accessible from the public network, consider using a self-hosted runner with other available Vault [auth methods](https://www.vaultproject.io/docs/auth). For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." -* `VAULT-NAMESPACE` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces). - -{% endnote %} +> [!NOTE] +> * If your Vault server is not accessible from the public network, consider using a self-hosted runner with other available Vault [auth methods](https://www.vaultproject.io/docs/auth). For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." +> * `VAULT-NAMESPACE` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces). ### Revoking the access token diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md index 17cc80c42ba6..b41dd32b67b3 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md @@ -35,12 +35,8 @@ To use OIDC with PyPI, add a trust configuration that links each project on PyPI 1. Configure a trust relationship between the PyPI project and a {% data variables.product.prodname_dotcom %} repository (and workflow within the repository). For example, if your {% data variables.product.prodname_dotcom %} repository is at `myorg/myproject` and your release workflow is defined in `release.yml` with an environment of `release`, you should use the following settings for your trusted publisher on PyPI. - {% note %} - - **Note:** Enter these values carefully. Giving the incorrect user, repository, or workflow - the ability to publish to your PyPI project is equivalent to sharing an API token. - - {% endnote %} + > [!NOTE] + > Enter these values carefully. Giving the incorrect user, repository, or workflow the ability to publish to your PyPI project is equivalent to sharing an API token. * Owner: `myorg` * Repository name: `myproject` diff --git a/content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md b/content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md index 532e46c1d6d8..a63f0591c252 100644 --- a/content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md +++ b/content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md @@ -43,11 +43,8 @@ Action metadata files use YAML syntax. If you're new to YAML, you can read "[Lea This example configures two inputs: `num-octocats` and `octocat-eye-color`. The `num-octocats` input is not required and will default to a value of `1`. `octocat-eye-color` is required and has no default value. -{% note %} - -**Note:** Actions using `required: true` will not automatically return an error if the input is not specified. - -{% endnote %} +> [!NOTE] +> Actions using `required: true` will not automatically return an error if the input is not specified. Workflow files that use this action can use the `with` keyword to set an input value for `octocat-eye-color`. For more information about the `with` syntax, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswith)." diff --git a/content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md b/content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md index 201f777fabd1..1702f56d67b4 100644 --- a/content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md +++ b/content/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md @@ -43,11 +43,9 @@ To draft a new release and publish the action to {% data variables.product.prodn 1. Navigate to the action metadata file in your repository (`action.yml` or `action.yaml`), and you'll see a banner to publish the action to {% data variables.product.prodname_marketplace %}. Click **Draft a release**. 1. Under "Release Action", select **Publish this Action to the {% data variables.product.prodname_marketplace %}**. - {% note %} + > [!NOTE] + > The "Publish" checkbox is disabled if the account that owns the repository has not yet accepted the {% data variables.product.prodname_marketplace %} Developer Agreement. If you own the repository or are an organization owner, click the link to "accept the GitHub Marketplace Developer Agreement", then accept the agreement. If there is no link, send the organization owner a link to this "Release Action" page and ask them to accept the agreement. - **Note**: The "Publish" checkbox is disabled if the account that owns the repository has not yet accepted the {% data variables.product.prodname_marketplace %} Developer Agreement. If you own the repository or are an organization owner, click the link to "accept the GitHub Marketplace Developer Agreement", then accept the agreement. If there is no link, send the organization owner a link to this "Release Action" page and ask them to accept the agreement. - - {% endnote %} 1. If the labels in your metadata file contain any problems, you will see an error message. Address them by updating your metadata file. Once complete, you will see an "Everything looks good!" message. 1. Select the **Primary Category** dropdown menu and click a category that will help people find your action in {% data variables.product.prodname_marketplace %}. 1. Optionally, select the **Another Category** dropdown menu and click a secondary category. @@ -73,12 +71,9 @@ When a repository admin transfers an action repository, {% data variables.produc Actions published on {% data variables.product.prodname_marketplace %} are linked to a repository by their unique `name` identifier, meaning you can publish new releases of an action from the transferred repository under the same {% data variables.product.prodname_marketplace %} listing. If an action repository is deleted, the {% data variables.product.prodname_marketplace %} listing is also deleted, and the unique `name` identifier becomes available. -{% note %} - -**Note:** The "Verified" badge seen on an organization's {% data variables.product.prodname_dotcom %} profile is different from the verified creator badge on {% data variables.product.prodname_marketplace %}. If you transfer an action repository, the {% data variables.product.prodname_marketplace %} listing will lose the verified creator badge unless the new owner is also a verified creator. +> [!NOTE] +> The "Verified" badge seen on an organization's {% data variables.product.prodname_dotcom %} profile is different from the verified creator badge on {% data variables.product.prodname_marketplace %}. If you transfer an action repository, the {% data variables.product.prodname_marketplace %} listing will lose the verified creator badge unless the new owner is also a verified creator. -{% endnote %} - ## About badges in {% data variables.product.prodname_marketplace %} Actions with the {% octicon "verified" aria-label="The verified badge" %}, or verified creator badge, indicate that {% data variables.product.prodname_dotcom %} has verified the creator of the action as a partner organization. Partners can email partnerships@github.com to request the verified creator badge. diff --git a/content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md b/content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md index 5f82e8ff7378..33e424dea323 100644 --- a/content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md +++ b/content/actions/sharing-automations/creating-actions/releasing-and-maintaining-actions.md @@ -55,7 +55,7 @@ To support the developer process in the next section, add two {% data variables. ### Example developer process -Here is an example process that you can follow to automatically run tests, create a release{% ifversion fpt or ghec%} and publish to {% data variables.product.prodname_marketplace %}{% endif %}, and publish your action. +Here is an example process that you can follow to automatically run tests, create a release{% ifversion fpt or ghec %} and publish to {% data variables.product.prodname_marketplace %}{% endif %}, and publish your action. 1. Do feature work in branches per GitHub flow. For more information, see "[AUTOTITLE](/get-started/using-github/github-flow)." * Whenever a commit is pushed to the feature branch, your testing workflow will automatically run the tests. diff --git a/content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md b/content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md index daf71b8009d5..2cc1ded6de84 100644 --- a/content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md +++ b/content/actions/sharing-automations/creating-workflow-templates-for-your-organization.md @@ -36,11 +36,8 @@ Workflow templates can be created by users with write access to the organization Workflow templates created by users can only be used to create workflows in public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} can also use workflow templates to create workflows in private repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-workflows/creating-starter-workflows-for-your-organization). {% endif %} -{% note %} - -**Note:** To avoid duplication among workflow templates you can call reusable workflows from within a workflow. This can help make your workflows easier to maintain. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)." - -{% endnote %} +> [!NOTE] +> To avoid duplication among workflow templates you can call reusable workflows from within a workflow. This can help make your workflows easier to maintain. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)." This procedure demonstrates how to create a workflow template and metadata file. The metadata file describes how the workflow templates will be presented to users when they are creating a new workflow. @@ -51,15 +48,15 @@ This procedure demonstrates how to create a workflow template and metadata file. If you need to refer to a repository's default branch, you can use the `$default-branch` placeholder. When a workflow is created the placeholder will be automatically replaced with the name of the repository's default branch. {% ifversion ghes %} - {% note %} - - **Note:** The following values in the `runs-on` key are also treated as placeholders: - * "ubuntu-latest" is replaced with "[ self-hosted ]" - * "windows-latest" is replaced with "[ self-hosted, windows ]" - * "macos-latest" is replaced with "[ self-hosted, macOS ]" + > [!NOTE] + > The following values in the `runs-on` key are also treated as placeholders: + > + > * "ubuntu-latest" is replaced with "[ self-hosted ]" + > * "windows-latest" is replaced with "[ self-hosted, windows ]" + > * "macos-latest" is replaced with "[ self-hosted, macOS ]" - {% endnote %}{% endif %} + {% endif %} For example, this file named `octo-organization-ci.yml` demonstrates a basic workflow. diff --git a/content/actions/sharing-automations/reusing-workflows.md b/content/actions/sharing-automations/reusing-workflows.md index 030a13226ac1..4eb8e735f886 100644 --- a/content/actions/sharing-automations/reusing-workflows.md +++ b/content/actions/sharing-automations/reusing-workflows.md @@ -145,11 +145,9 @@ You can define inputs and secrets, which can be passed from the caller workflow {% ifversion actions-inherit-secrets-reusable-workflows %} 1. In the reusable workflow, reference the input or secret that you defined in the `on` key in the previous step. - {% note %} + > [!NOTE] + > If the secrets are inherited by using `secrets: inherit` in the calling workflow, you can reference them even if they are not explicitly defined in the `on` key. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecretsinherit)." - **Note**: If the secrets are inherited by using `secrets: inherit` in the calling workflow, you can reference them even if they are not explicitly defined in the `on` key. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecretsinherit)." - - {% endnote %} {%- else %} 1. In the reusable workflow, reference the input or secret that you defined in the `on` key in the previous step. {%- endif %} @@ -171,11 +169,8 @@ You can define inputs and secrets, which can be passed from the caller workflow In the example above, `personal_access_token` is a secret that's defined at the repository or organization level. - {% warning %} - - **Warning**: Environment secrets cannot be passed from the caller workflow as `on.workflow_call` does not support the `environment` keyword. If you include `environment` in the reusable workflow at the job level, the environment secret will be used, and not the secret passed from the caller workflow. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#environment-secrets)" and "[AUTOTITLE](/actions/writing-workflows/workflow-syntax-for-github-actions#onworkflow_call)". - - {% endwarning %} + > [!WARNING] + > Environment secrets cannot be passed from the caller workflow as `on.workflow_call` does not support the `environment` keyword. If you include `environment` in the reusable workflow at the job level, the environment secret will be used, and not the secret passed from the caller workflow. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#environment-secrets)" and "[AUTOTITLE](/actions/writing-workflows/workflow-syntax-for-github-actions#onworkflow_call)". 1. Pass the input or secret from the caller workflow. @@ -228,7 +223,7 @@ You can call multiple workflows, referencing each in a separate job. ### Passing inputs and secrets to a reusable workflow -{% data reusables.actions.pass-inputs-to-reusable-workflows%} +{% data reusables.actions.pass-inputs-to-reusable-workflows %} {% ifversion actions-reusable-workflow-matrix %} @@ -277,15 +272,11 @@ When you call a reusable workflow, you can only use the following keywords in th * [`jobs..concurrency`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idconcurrency) * [`jobs..permissions`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions) - {% note %} - - **Note:** - - * If `jobs..permissions` is not specified in the calling job, the called workflow will have the default permissions for the `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)." - * The `GITHUB_TOKEN` permissions passed from the caller workflow can be only downgraded (not elevated) by the called workflow. - * If you use `jobs..concurrency.cancel-in-progress: true`, don't use the same value for `jobs..concurrency.group` in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in {% raw %}${{ github.workflow }}{% endraw %}, so using this context as the value of `jobs..concurrency.group` in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs. - - {% endnote %} + > [!NOTE] + > + > * If `jobs..permissions` is not specified in the calling job, the called workflow will have the default permissions for the `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)." + > * The `GITHUB_TOKEN` permissions passed from the caller workflow can be only downgraded (not elevated) by the called workflow. + > * If you use `jobs..concurrency.cancel-in-progress: true`, don't use the same value for `jobs..concurrency.group` in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in {% raw %}${{ github.workflow }}{% endraw %}, so using this context as the value of `jobs..concurrency.group` in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs. ### Example caller workflow @@ -459,11 +450,8 @@ You can use the {% data variables.product.prodname_dotcom %} REST API to monitor For information about using the REST API to query the audit log for an organization, see "[AUTOTITLE](/rest/orgs#get-the-audit-log-for-an-organization)." -{% note %} - -**Note**: Audit data for `prepared_workflow_job` can only be viewed using the REST API. It is not visible in the {% data variables.product.prodname_dotcom %} web interface, or included in JSON/CSV exported audit data. - -{% endnote %} +> [!NOTE] +> Audit data for `prepared_workflow_job` can only be viewed using the REST API. It is not visible in the {% data variables.product.prodname_dotcom %} web interface, or included in JSON/CSV exported audit data. {% ifversion partial-reruns-with-reusable %} diff --git a/content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md b/content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md index a615d902befc..71ebdbdc6f7c 100644 --- a/content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md +++ b/content/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md @@ -18,13 +18,9 @@ You can share actions and reusable workflows from your private repository, witho Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private repositories owned by the same organization or user. Actions and reusable workflows stored in private repositories cannot be used in public repositories. -{% warning %} - -**Warning**: -* If you make a private repository accessible to {% data variables.product.prodname_actions %} workflows in other repositories, outside collaborators on the other repositories can indirectly access the private repository, even though they do not have direct access to these repositories. The outside collaborators can view logs for workflow runs when actions or workflows from the private repository are used. -* {% data reusables.actions.scoped-token-note %} - -{% endwarning %} +> [!WARNING] +> * If you make a private repository accessible to {% data variables.product.prodname_actions %} workflows in other repositories, outside collaborators on the other repositories can indirectly access the private repository, even though they do not have direct access to these repositories. The outside collaborators can view logs for workflow runs when actions or workflows from the private repository are used. +> * {% data reusables.actions.scoped-token-note %} ## Sharing actions and workflows from your private repository diff --git a/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md index e947c13c9c1e..bfd1c586083a 100644 --- a/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md +++ b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md @@ -18,13 +18,9 @@ If your organization is owned by an enterprise account, you can share actions an Any actions or reusable workflows stored in the internal {% ifversion private-actions %}or private {% endif %}repository can be used in workflows defined in other internal or private repositories owned by the same organization, or by any organization owned by the enterprise. Actions and reusable workflows stored in internal repositories cannot be used in public repositories {% ifversion private-actions %}and actions and reusable workflows stored in private repositories cannot be used in public or internal repositories{% endif %}. -{% warning %} - -**Warning**: -* {% data reusables.actions.outside-collaborators-actions %} -* {% data reusables.actions.scoped-token-note %} - -{% endwarning %} +> [!WARNING] +> * {% data reusables.actions.outside-collaborators-actions %} +> * {% data reusables.actions.scoped-token-note %} ## Sharing actions and workflows with your enterprise diff --git a/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md index cc0afa7196e4..2b367e32b741 100644 --- a/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md +++ b/content/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md @@ -18,13 +18,9 @@ You can share actions and reusable workflows within your organization, without p Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private repositories owned by the same organization. Actions and reusable workflows stored in private repositories cannot be used in public repositories. -{% warning %} - -**Warning**: -* {% data reusables.actions.outside-collaborators-actions %} -* {% data reusables.actions.scoped-token-note %} - -{% endwarning %} +> [!WARNING] +> * {% data reusables.actions.outside-collaborators-actions %} +> * {% data reusables.actions.scoped-token-note %} ## Sharing actions and workflows with your organization diff --git a/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md index 98fe86a22189..4a917a2b237a 100644 --- a/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md +++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md @@ -154,11 +154,8 @@ steps: run: dotnet add package Newtonsoft.Json --version 12.0.1 ``` -{% note %} - -**Note:** Depending on the number of dependencies, it may be faster to use the dependency cache. Projects with many large dependencies should see a performance increase as it cuts down the time required for downloading. Projects with fewer dependencies may not see a significant performance increase and may even see a slight decrease due to how NuGet installs cached dependencies. The performance varies from project to project. - -{% endnote %} +> [!NOTE] +> Depending on the number of dependencies, it may be faster to use the dependency cache. Projects with many large dependencies should see a performance increase as it cuts down the time required for downloading. Projects with fewer dependencies may not see a significant performance increase and may even see a slight decrease due to how NuGet installs cached dependencies. The performance varies from project to project. ## Building and testing your code diff --git a/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md index f3244b084dec..0971b7a533d2 100644 --- a/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md +++ b/content/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md @@ -93,21 +93,15 @@ The table below describes the locations for various PowerShell modules in each { {% endrowheaders %} -{% note %} - -**Note:** On Ubuntu runners, Azure PowerShell modules are stored in `/usr/share/` instead of the default location of PowerShell add-on modules (i.e. `/usr/local/share/powershell/Modules/`). - -{% endnote %} +> [!NOTE] +> On Ubuntu runners, Azure PowerShell modules are stored in `/usr/share/` instead of the default location of PowerShell add-on modules (i.e. `/usr/local/share/powershell/Modules/`). ## Installing dependencies {% data variables.product.prodname_dotcom %}-hosted runners have PowerShell 7 and Pester installed. You can use `Install-Module` to install additional dependencies from the PowerShell Gallery before building and testing your code. -{% note %} - -**Note:** The pre-installed packages (such as Pester) used by {% data variables.product.prodname_dotcom %}-hosted runners are regularly updated, and can introduce significant changes. As a result, it is recommended that you always specify the required package versions by using `Install-Module` with `-MaximumVersion`. - -{% endnote %} +> [!NOTE] +> The pre-installed packages (such as Pester) used by {% data variables.product.prodname_dotcom %}-hosted runners are regularly updated, and can introduce significant changes. As a result, it is recommended that you always specify the required package versions by using `Install-Module` with `-MaximumVersion`. You can also cache dependencies to speed up your workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/caching-dependencies-to-speed-up-workflows)." @@ -127,11 +121,8 @@ jobs: Install-Module SqlServer, PSScriptAnalyzer ``` -{% note %} - -**Note:** By default, no repositories are trusted by PowerShell. When installing modules from the PowerShell Gallery, you must explicitly set the installation policy for `PSGallery` to `Trusted`. - -{% endnote %} +> [!NOTE] +> By default, no repositories are trusted by PowerShell. When installing modules from the PowerShell Gallery, you must explicitly set the installation policy for `PSGallery` to `Trusted`. ### Caching dependencies diff --git a/content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md index 46f3428b2a4b..221a655fed16 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md @@ -21,11 +21,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a Docker container to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md index d6dcbe5421ea..fcc7d297c6b6 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md @@ -20,11 +20,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a Java project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md index abb6cd9b16eb..33bd394218b6 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a .NET project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md index b1a58369d85a..b91eca4683c5 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md @@ -24,11 +24,8 @@ topics: This guide explains how to use {% data variables.product.prodname_actions %} to build, test, and deploy a Node.js project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md index 69c83d7cec6d..7e6b78a87d22 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a PHP project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md b/content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md index f5093958c5de..43b09cc206d2 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md @@ -20,11 +20,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a Python project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md b/content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md index a412d1067cdf..ac5ae8b802cf 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md @@ -25,11 +25,8 @@ This guide explains how to use {% data variables.product.prodname_actions %} to On every new push to `main` in your {% data variables.product.company_short %} repository, the {% data variables.product.prodname_actions %} workflow builds and pushes a new container image to Amazon ECR, and then deploys a new task definition to Amazon ECS. -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md index fa27712abda8..9599f785648e 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a project to [Azure Kubernetes Service](https://azure.microsoft.com/services/kubernetes-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md index ffc813a02775..7a73e1cb10ea 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a web app to [Azure Static Web Apps](https://azure.microsoft.com/services/app-service/static/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md b/content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md index 3ebec348679d..82eff64a6a0a 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md @@ -25,11 +25,8 @@ This guide explains how to use {% data variables.product.prodname_actions %} to GKE is a managed Kubernetes cluster service from Google Cloud that can host your containerized workloads in the cloud or in your own datacenter. For more information, see [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} ## Prerequisites @@ -78,11 +75,8 @@ This procedure demonstrates how to create the service account for your GKE integ 1. Add roles to the service account. - {% note %} - - **Note**: Apply more restrictive roles to suit your requirements. - - {% endnote %} + > [!NOTE] + > Apply more restrictive roles to suit your requirements. ```shell copy gcloud projects add-iam-policy-binding $GKE_PROJECT \ diff --git a/content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md b/content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md index 363a1154d114..bdd7be83008b 100644 --- a/content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md +++ b/content/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md @@ -62,11 +62,8 @@ For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trig Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. You can use concurrency so that an environment has a maximum of one deployment in progress and one deployment pending at a time. For more information about concurrency, see "[AUTOTITLE](/actions/using-jobs/using-concurrency)." -{% note %} - -**Note:** `concurrency` and `environment` are not connected. The concurrency value can be any string; it does not need to be an environment name. Additionally, if another workflow uses the same environment but does not specify concurrency, that workflow will not be subject to any concurrency rules. - -{% endnote %} +> [!NOTE] +> `concurrency` and `environment` are not connected. The concurrency value can be any string; it does not need to be an environment name. Additionally, if another workflow uses the same environment but does not specify concurrency, that workflow will not be subject to any concurrency rules. For example, when the following workflow runs, it will be paused with the status `pending` if any job or workflow that uses the `production` concurrency group is in progress. It will also cancel any job or workflow that uses the `production` concurrency group and has the status `pending`. This means that there will be a maximum of one running and one pending job or workflow in that uses the `production` concurrency group. diff --git a/content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md b/content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md index 9db381508c8d..161f2577184f 100644 --- a/content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md +++ b/content/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md @@ -119,11 +119,8 @@ jobs: # ... ``` -{% note %} - -**Note:** For iOS build targets, your provisioning profile should have the extension `.mobileprovision`. For macOS build targets, the extension should be `.provisionprofile`. The example workflow above should be updated to reflect your target platform. - -{% endnote %} +> [!NOTE] +> For iOS build targets, your provisioning profile should have the extension `.mobileprovision`. For macOS build targets, the extension should be `.provisionprofile`. The example workflow above should be updated to reflect your target platform. ## Required clean-up on self-hosted runners diff --git a/content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md b/content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md index 124e10829859..00e3dc95ae90 100644 --- a/content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md +++ b/content/actions/use-cases-and-examples/project-management/closing-inactive-issues.md @@ -67,11 +67,8 @@ In the tutorial, you will first make a workflow file that uses the [`actions/sta Based on the `schedule` parameter (for example, every day at 1:30 UTC), your workflow will find issues that have been inactive for the specified period of time and will add the specified comment and label. Additionally, your workflow will close any previously labeled issues if no additional activity has occurred for the specified period of time. -{% note %} - -**Note:** {% data reusables.actions.schedule-delay %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.schedule-delay %} You can view the history of your workflow runs to see this workflow run periodically. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." diff --git a/content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md b/content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md index 2d17f8d1f894..a0121d7d6369 100644 --- a/content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md +++ b/content/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md @@ -98,11 +98,8 @@ In the tutorial, you will first make a workflow file that uses the {% data varia Based on the `schedule` parameter (for example, every Monday at 7:20 UTC), your workflow will create a new issue with the assignees, labels, title, and body that you specified. If you set `PINNED` to `true`, the workflow will pin the issue to your repository. If you set `CLOSE_PREVIOUS` to true, the workflow will close the most recent issue with matching labels. -{% note %} - -**Note:** {% data reusables.actions.schedule-delay %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.schedule-delay %} You can view the history of your workflow runs to see this workflow run periodically. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." diff --git a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md index 07e8374a7ec5..d89219d88be2 100644 --- a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md +++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md @@ -24,11 +24,8 @@ layout: inline This guide shows you how to create a workflow that performs a Docker build, and then publishes Docker images to Docker Hub or {% data variables.product.prodname_registry %}. With a single workflow, you can publish images to a single registry or to multiple registries. -{% note %} - -**Note:** If you want to push to another third-party Docker registry, the example in the "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" section can serve as a good template. - -{% endnote %} +> [!NOTE] +> If you want to push to another third-party Docker registry, the example in the "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" section can serve as a good template. ## Prerequisites diff --git a/content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md b/content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md index 472e16a5bc73..341b962bb03a 100644 --- a/content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md +++ b/content/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md @@ -125,11 +125,8 @@ While the job runs, the logs and output can be viewed in the {% data variables.p > [!NOTE] > The `-latest` runner images are the latest stable images that {% data variables.product.prodname_dotcom %} provides, and might not be the most recent version of the operating system available from the operating system vendor. -{% warning %} - -**Warning:** Beta and Deprecated Images are provided "as-is", "with all faults" and "as available" and are excluded from the service level agreement and warranty. Beta Images may not be covered by customer support. - -{% endwarning %} +> [!WARNING] +> Beta and Deprecated Images are provided "as-is", "with all faults" and "as available" and are excluded from the service level agreement and warranty. Beta Images may not be covered by customer support. {% endif %} diff --git a/content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md b/content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md index 573034c826ec..25fda15fffcc 100644 --- a/content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md +++ b/content/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md @@ -41,11 +41,8 @@ jobs: sudo apt-get install jq ``` -{% note %} - -**Note:** Always run `sudo apt-get update` before installing a package. In case the `apt` index is stale, this command fetches and re-indexes any available packages, which helps prevent package installation failures. - -{% endnote %} +> [!NOTE] +> Always run `sudo apt-get update` before installing a package. In case the `apt` index is stale, this command fetches and re-indexes any available packages, which helps prevent package installation failures. ## Installing software on macOS runners diff --git a/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md index 3b2b07f09767..5d825bca61b2 100644 --- a/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md +++ b/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md @@ -11,11 +11,8 @@ redirect_from: - /actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners --- -{% note %} - -**Note:** {% data reusables.actions.windows-linux-larger-runners-note %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.windows-linux-larger-runners-note %} ## About runner groups @@ -23,11 +20,8 @@ redirect_from: ### Managing access to your runners -{% note %} - -**Note**: Before your workflows can send jobs to {% data variables.actions.hosted_runner %}s, you must first configure permissions for the runner group. See the following sections for more information. - -{% endnote %} +> [!NOTE] +> Before your workflows can send jobs to {% data variables.actions.hosted_runner %}s, you must first configure permissions for the runner group. See the following sections for more information. Runner groups are used to control which repositories can run jobs on your {% data variables.actions.hosted_runner %}s. You must manage access to the group from each level of the management hierarchy, depending on where you've defined the {% data variables.actions.hosted_runner %}: diff --git a/content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md index b1ea7ab100a6..56726037141e 100644 --- a/content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md +++ b/content/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md @@ -39,11 +39,8 @@ Use the labels in the table below to run your workflows on the corresponding mac {% data reusables.actions.larger-runners-table %} -{% note %} - -**Note:** For macOS {% data variables.actions.hosted_runner %}s, the `-latest` runner label uses the macOS 12 runner image. For macOS Xlarge, the `-latest` runner label uses the macOS 13 runner image - -{% endnote %} +> [!NOTE] +> For macOS {% data variables.actions.hosted_runner %}s, the `-latest` runner label uses the macOS 12 runner image. For macOS Xlarge, the `-latest` runner label uses the macOS 13 runner image {% endmac %} @@ -197,10 +194,7 @@ jobs: Because macOS arm64 does not support Node 12, macOS {% data variables.actions.hosted_runner %}s automatically use Node 16 to execute any JavaScript action written for Node 12. Some community actions may not be compatible with Node 16. If you use an action that requires a different Node version, you may need to manually install a specific version at runtime. -{% note %} - -**Note:** ARM-powered runners are currently in {% data variables.release-phases.public_preview %} and are subject to change. - -{% endnote %} +> [!NOTE] +> ARM-powered runners are currently in {% data variables.release-phases.public_preview %} and are subject to change. {% endmac %} diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md index 57e2ee1d9ff5..39bfd2dd44c3 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md @@ -365,11 +365,8 @@ The contents of the `vars` context is a mapping of configuration variable names This example workflow shows how configuration variables set at the repository, environment, or organization levels are automatically available using the `vars` context. -{% note %} - -Note: Configuration variables at the environment level are automatically available after their environment is declared by the runner. - -{% endnote %} +> [!NOTE] +> Configuration variables at the environment level are automatically available after their environment is declared by the runner. {% data reusables.actions.actions-vars-context-example-usage %} diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md index 5d86df877e56..3af5e6b5c8b2 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md @@ -35,17 +35,14 @@ To cache dependencies for a job, you can use {% data variables.product.prodname_ | Go `go.sum` | [setup-go](https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs) | | .NET NuGet | [setup-dotnet](https://github.com/actions/setup-dotnet?tab=readme-ov-file#caching-nuget-packages) | -{% warning %} - -**Warning**: {% ifversion fpt or ghec %}Be mindful of the following when using caching with {% data variables.product.prodname_actions %}: - -* {% endif %}We recommend that you don't store any sensitive information in the cache. For example, sensitive information can include access tokens or login credentials stored in a file in the cache path. Also, command line interface (CLI) programs like `docker login` can save access credentials in a configuration file. Anyone with read access can create a pull request on a repository and access the contents of a cache. Forks of a repository can also create pull requests on the base branch and access caches on the base branch. +> [!WARNING] +> {% ifversion fpt or ghec %}Be mindful of the following when using caching with {% data variables.product.prodname_actions %}: +> +> * {% endif %}We recommend that you don't store any sensitive information in the cache. For example, sensitive information can include access tokens or login credentials stored in a file in the cache path. Also, command line interface (CLI) programs like `docker login` can save access credentials in a configuration file. Anyone with read access can create a pull request on a repository and access the contents of a cache. Forks of a repository can also create pull requests on the base branch and access caches on the base branch. {%- ifversion fpt or ghec %} -* When using self-hosted runners, caches from workflow runs are stored on {% data variables.product.company_short %}-owned cloud storage. A customer-owned storage solution is only available with {% data variables.product.prodname_ghe_server %}. +> * When using self-hosted runners, caches from workflow runs are stored on {% data variables.product.company_short %}-owned cloud storage. A customer-owned storage solution is only available with {% data variables.product.prodname_ghe_server %}. {%- endif %} -{% endwarning %} - {% data reusables.actions.comparing-artifacts-caching %} For more information on workflow run artifacts, see "[AUTOTITLE](/actions/using-workflows/storing-workflow-data-as-artifacts)." @@ -289,11 +286,8 @@ There are multiple ways to manage caches for your repositories: * Using the REST API. For more information, see "[AUTOTITLE](/rest/actions/cache)." * Installing the `gh cache` subcommand to manage your caches from the command line. For more information, see the [GitHub CLI documentation](https://cli.github.com/manual/gh_cache). - {% note %} - - **Note:** If you are doing this manually, ensure you have version 2.32.0 or higher of the CLI installed. - - {% endnote %} + > [!NOTE] + > If you are doing this manually, ensure you have version 2.32.0 or higher of the CLI installed. {% else %} diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md index ad66d9d33346..874cc243ce57 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md @@ -25,11 +25,8 @@ Expressions are commonly used with the conditional `if` keyword in a workflow fi `${{ }}` {% endraw %} -{% note %} - -**Note**: The exception to this rule is when you are using expressions in an `if` clause, where, optionally, you can usually omit {% raw %}`${{`{% endraw %} and {% raw %}`}}`{% endraw %}. For more information about `if` conditionals, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif)." - -{% endnote %} +> [!NOTE] +> The exception to this rule is when you are using expressions in an `if` clause, where, optionally, you can usually omit {% raw %}`${{`{% endraw %} and {% raw %}`}}`{% endraw %}. For more information about `if` conditionals, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif)." {% data reusables.actions.context-injection-warning %} @@ -92,14 +89,10 @@ env: | `&&` | And | | \|\| | Or | - {% note %} - - **Notes:** - * {% data variables.product.company_short %} ignores case when comparing strings. - * `steps..outputs.` evaluates as a string. {% data reusables.actions.expressions-syntax-evaluation %} For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#steps-context)." - * For numerical comparison, the `fromJSON()` function can be used to convert a string to a number. For more information on the `fromJSON()` function, see "[fromJSON](#fromjson)." - - {% endnote %} + > [!NOTE] + > * {% data variables.product.company_short %} ignores case when comparing strings. + > * `steps..outputs.` evaluates as a string. {% data reusables.actions.expressions-syntax-evaluation %} For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#steps-context)." + > * For numerical comparison, the `fromJSON()` function can be used to convert a string to a number. For more information on the `fromJSON()` function, see "[fromJSON](#fromjson)." {% data variables.product.prodname_dotcom %} performs loose equality comparisons. @@ -332,11 +325,8 @@ steps: Causes the step to always execute, and returns `true`, even when canceled. The `always` expression is best used at the step level or on tasks that you expect to run even when a job is canceled. For example, you can use `always` to send logs even when a job is canceled. -{% warning %} - -**Warning:** Avoid using `always` for any task that could suffer from a critical failure, for example: getting sources, otherwise the workflow may hang until it times out. If you want to run a job or step regardless of its success or failure, use the recommended alternative: `if: {% raw %}${{ !cancelled() }}{% endraw %}` - -{% endwarning %} +> [!WARNING] +> Avoid using `always` for any task that could suffer from a critical failure, for example: getting sources, otherwise the workflow may hang until it times out. If you want to run a job or step regardless of its success or failure, use the recommended alternative: `if: {% raw %}${{ !cancelled() }}{% endraw %}` #### Example of `always` diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md index e1188a088c7a..f076144d3bec 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md @@ -29,11 +29,8 @@ You can set a custom variable in two ways. * To define an environment variable for use in a single workflow, you can use the `env` key in the workflow file. For more information, see "[Defining environment variables for a single workflow](#defining-environment-variables-for-a-single-workflow)". * To define a configuration variable across multiple workflows, you can define it at the organization, repository, or environment level. For more information, see "[Defining configuration variables for multiple workflows](#defining-configuration-variables-for-multiple-workflows)". -{% warning %} - -**Warning:** By default, variables render unmasked in your build outputs. If you need greater security for sensitive information, such as passwords, use secrets instead. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)". - -{% endwarning %} +> [!WARNING] +> By default, variables render unmasked in your build outputs. If you need greater security for sensitive information, such as passwords, use secrets instead. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)". ## Defining environment variables for a single workflow @@ -78,11 +75,8 @@ Because runner environment variable interpolation is done after a workflow job i When you set an environment variable, you cannot use any of the default environment variable names. For a complete list of default environment variables, see "[Default environment variables](#default-environment-variables)" below. If you attempt to override the value of one of these default variables, the assignment is ignored. -{% note %} - -**Note**: You can list the entire set of environment variables that are available to a workflow step by using `run: env` in a step and then examining the output for the step. - -{% endnote %} +> [!NOTE] +> You can list the entire set of environment variables that are available to a workflow step by using `run: env` in a step and then examining the output for the step. ## Defining configuration variables for multiple workflows @@ -164,11 +158,8 @@ A workflow created in a repository can access the following number of variables: * Up to 1,000 organization variables, if the total combined size of repository and organization variables is less than 10 MB. If the total combined size of organization and repository variables exceeds 10 MB, only the organization variables that fall below that limit will be available (after accounting for repository variables and as sorted alphabetically by variable name). * Up to 100 environment-level variables. -{% note %} - -**Note**: Environment-level variables do not count toward the 10 MB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. - -{% endnote %} +> [!NOTE] +> Environment-level variables do not count toward the 10 MB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. {% else %} @@ -182,11 +173,8 @@ A workflow created in a repository can access the following number of variables: * Up to 1,000 organization variables, if the total combined size of repository and organization variables is less than 256 KB. If the total combined size of organization and repository variables exceeds 256 KB, only the organization variables that fall below that limit will be available (after accounting for repository variables and as sorted alphabetically by variable name). * Up to 100 environment-level variables. -{% note %} - -**Note**: Environment-level variables do not count toward the 256 KB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. - -{% endnote %} +> [!NOTE] +> Environment-level variables do not count toward the 256 KB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. {% endif %} @@ -239,11 +227,8 @@ run: echo "${{ env.Greeting }} ${{ env.First_Name }}. Today is ${{ env.DAY_OF_WE {% endraw %} -{% note %} - -**Note**: Contexts are usually denoted using the dollar sign and curly braces, as {% raw %}`${{ context.property }}`{% endraw %}. In an `if` conditional, the {% raw %}`${{` and `}}`{% endraw %} are optional, but if you use them they must enclose the entire comparison statement, as shown above. - -{% endnote %} +> [!NOTE] +> Contexts are usually denoted using the dollar sign and curly braces, as {% raw %}`${{ context.property }}`{% endraw %}. In an `if` conditional, the {% raw %}`${{` and `}}`{% endraw %} are optional, but if you use them they must enclose the entire comparison statement, as shown above. You will commonly use either the `env` or `github` context to access variable values in parts of the workflow that are processed before jobs are sent to runners. @@ -317,11 +302,8 @@ We strongly recommend that actions use variables to access the filesystem rather | `RUNNER_TEMP` | {% data reusables.actions.runner-temp-directory-description %} For example, `D:\a\_temp` | | `RUNNER_TOOL_CACHE` | {% data reusables.actions.runner-tool-cache-description %} For example, `C:\hostedtoolcache\windows` | -{% note %} - -**Note:** If you need to use a workflow run's URL from within a job, you can combine these variables: `$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID` - -{% endnote %} +> [!NOTE] +> If you need to use a workflow run's URL from within a job, you can combine these variables: `$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID` ## Detecting the operating system diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md index 72a910a365e0..86741403e76e 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md @@ -155,11 +155,8 @@ After a workflow run has been completed, you can download or delete artifacts on The [`actions/download-artifact`](https://github.com/actions/download-artifact) action can be used to download previously uploaded artifacts during a workflow run. -{% note %} - -**Note:** You can only download artifacts in a workflow that were uploaded during the same workflow run. - -{% endnote %} +> [!NOTE] +> You can only download artifacts in a workflow that were uploaded during the same workflow run. Specify an artifact's name to download an individual artifact. If you uploaded an artifact without specifying a name, the default name is `artifact`. diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md index ef9c9203dd3a..10d98b646f5c 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md @@ -129,11 +129,8 @@ The creators of a community action have the option to use tags, branches, or SHA You will designate the version of the action in your workflow file. Check the action's documentation for information on their approach to release management, and to see which tag, branch, or SHA value to use. -{% note %} - -**Note:** We recommend that you use a SHA value when using third-party actions. However, it's important to note {% data variables.product.prodname_dependabot %} will only create {% data variables.product.prodname_dependabot_alerts %} for vulnerable {% data variables.product.prodname_actions %} that use semantic versioning. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)" and "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." - -{% endnote %} +> [!NOTE] +> We recommend that you use a SHA value when using third-party actions. However, it's important to note {% data variables.product.prodname_dependabot %} will only create {% data variables.product.prodname_dependabot_alerts %} for vulnerable {% data variables.product.prodname_actions %} that use semantic versioning. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)" and "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." ### Using tags diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md index 8bdd35f4a27d..6eb898aeb189 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md @@ -44,17 +44,11 @@ Write-Output "::workflow-command parameter1={data},parameter2={data}::{command v {% endpowershell %} -{% note %} +> [!NOTE] +> Workflow command and parameter names are case insensitive. -**Note:** Workflow command and parameter names are case insensitive. - -{% endnote %} - -{% warning %} - -**Warning:** If you are using Command Prompt, omit double quote characters (`"`) when using workflow commands. - -{% endwarning %} +> [!WARNING] +> If you are using Command Prompt, omit double quote characters (`"`) when using workflow commands. ## Using workflow commands to access toolkit functions @@ -293,11 +287,8 @@ Write-Output "::add-mask::Mona The Octocat" {% endpowershell %} -{% warning %} - -**Warning:** Make sure you register the secret with 'add-mask' before outputting it in the build logs or using it in any other workflow commands. - -{% endwarning %} +> [!WARNING] +> Make sure you register the secret with 'add-mask' before outputting it in the build logs or using it in any other workflow commands. ### Example: Masking an environment variable @@ -395,11 +386,8 @@ If you want to pass a masked secret between jobs or workflows, you should store #### Workflow -{% note %} - -**Note**: This workflow uses an imaginary secret store, `secret-store`, which has imaginary commands `store-secret` and `retrieve-secret`. `some/secret-store@ 27b31702a0e7fc50959f5ad993c78deac1bdfc29` is an imaginary action that installs the `secret-store` application and configures it to connect to an `instance` with `credentials`. - -{% endnote %} +> [!NOTE] +> This workflow uses an imaginary secret store, `secret-store`, which has imaginary commands `store-secret` and `retrieve-secret`. `some/secret-store@ 27b31702a0e7fc50959f5ad993c78deac1bdfc29` is an imaginary action that installs the `secret-store` application and configures it to connect to an `instance` with `credentials`. {% bash %} @@ -492,11 +480,8 @@ Stops processing any workflow commands. This special command allows you to log a To stop the processing of workflow commands, pass a unique token to `stop-commands`. To resume processing workflow commands, pass the same token that you used to stop workflow commands. -{% warning %} - -**Warning:** Make sure the token you're using is randomly generated and unique for each run. - -{% endwarning %} +> [!WARNING] +> Make sure the token you're using is randomly generated and unique for each run. ```text copy ::{endtoken}:: @@ -605,33 +590,30 @@ steps: {% powershell %} -{% note %} - -**Note:** PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: - -```yaml copy -jobs: - legacy-powershell-example: - runs-on: windows-latest - steps: - - shell: powershell - run: | - "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append -``` - -PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: - -```yaml copy -jobs: - powershell-core-example: - runs-on: windows-latest - steps: - - shell: pwsh - run: | - "mypath" >> $env:GITHUB_PATH -``` - -{% endnote %} +> [!NOTE] +> PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: +> +> ```yaml copy +> jobs: +> legacy-powershell-example: +> runs-on: windows-latest +> steps: +> - shell: powershell +> run: | +> "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append +> ``` +> +> PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: +> +> ```yaml copy +> jobs: +> powershell-core-example: +> runs-on: windows-latest +> steps: +> - shell: pwsh +> run: | +> "mypath" >> $env:GITHUB_PATH +> ``` {% endpowershell %} @@ -667,11 +649,12 @@ You can make an environment variable available to any subsequent steps in a work {% data reusables.actions.environment-variables-are-fixed %} For more information about the default environment variables, see "[AUTOTITLE](/actions/learn-github-actions/environment-variables#default-environment-variables)." -{% ifversion github-env-node-options %}{% note %} +{% ifversion github-env-node-options %} -**Note:** Due to security restrictions, `GITHUB_ENV` cannot be used to set the `NODE_OPTIONS` environment variable. +> [!NOTE] +> Due to security restrictions, `GITHUB_ENV` cannot be used to set the `NODE_OPTIONS` environment variable. -{% endnote %}{% endif %} +{% endif %} ### Example of writing an environment variable to `GITHUB_ENV` @@ -717,11 +700,8 @@ For multiline strings, you may use a delimiter with the following syntax. {delimiter} ``` -{% warning %} - -**Warning:** Make sure the delimiter you're using won't occur on a line of its own within the value. If the value is completely arbitrary then you shouldn't use this format. Write the value to a file instead. - -{% endwarning %} +> [!WARNING] +> Make sure the delimiter you're using won't occur on a line of its own within the value. If the value is completely arbitrary then you shouldn't use this format. Write the value to a file instead. #### Example of a multiline string diff --git a/content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md b/content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md index e4de07c155fc..e5fc94f31f5c 100644 --- a/content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md +++ b/content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md @@ -21,11 +21,8 @@ Workflow triggers are events that cause a workflow to run. For more information Some events have multiple activity types. For these events, you can specify which activity types will trigger a workflow run. For more information about what each activity type means, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads)." -{% note %} - -**Note:** Not all webhook events trigger workflows. - -{% endnote %} +> [!NOTE] +> Not all webhook events trigger workflows. ## `branch_protection_rule` @@ -33,11 +30,8 @@ Some events have multiple activity types. For these events, you can specify whic | --------------------- | -------------- | ------------ | -------------| | [`branch_protection_rule`](/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule) | - `created`
- `edited`
- `deleted` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -57,11 +51,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`check_run`](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run) | - `created`
- `rerequested`
- `completed`
- `requested_action` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -81,19 +72,13 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`check_suite`](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite) | - `completed` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite)." Although only the `completed` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite)." Although only the `completed` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note:** To prevent recursive workflows, this event does not trigger workflows if the check suite was created by {% data variables.product.prodname_actions %}. - -{% endnote %} +> [!NOTE] +> To prevent recursive workflows, this event does not trigger workflows if the check suite was created by {% data variables.product.prodname_actions %}. Runs your workflow when check suite activity occurs. A check suite is a collection of the check runs created for a specific commit. Check suites summarize the status and conclusion of the check runs that are in the suite. For information, see "[AUTOTITLE](/rest/guides/using-the-rest-api-to-interact-with-checks)." For information about the check suite APIs, see "[AUTOTITLE](/graphql/reference/objects#checksuite)" in the GraphQL API documentation or "[AUTOTITLE](/rest/checks/suites)." @@ -111,11 +96,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`create`](/webhooks-and-events/webhooks/webhook-events-and-payloads#create) | Not applicable | Last commit on the created branch or tag | Branch or tag created | -{% note %} - -**Note**: An event will not be created when you create more than three tags at once. - -{% endnote %} +> [!NOTE] +> An event will not be created when you create more than three tags at once. Runs your workflow when someone creates a Git reference (Git branch or tag) in the workflow's repository. For information about the APIs to create a Git reference, see "[AUTOTITLE](/graphql/reference/mutations#createref)" in the GraphQL API documentation or "[AUTOTITLE](/rest/git/refs#create-a-reference)." @@ -134,11 +116,8 @@ on: {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: An event will not be created when you delete more than three tags at once. - -{% endnote %} +> [!NOTE] +> An event will not be created when you delete more than three tags at once. Runs your workflow when someone deletes a Git reference (Git branch or tag) in the workflow's repository. For information about the APIs to delete a Git reference, see "[AUTOTITLE](/graphql/reference/mutations#deleteref)" in the GraphQL API documentation or "[AUTOTITLE](/rest/git/refs#delete-a-reference)." @@ -170,11 +149,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`deployment_status`](/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment_status) | Not applicable | Commit to be deployed | Branch or tag to be deployed (empty if commit)| -{% note %} - -**Note:** When a deployment status's state is set to `inactive`, a workflow run will not be triggered. - -{% endnote %} +> [!NOTE] +> When a deployment status's state is set to `inactive`, a workflow run will not be triggered. Runs your workflow when a third party provides a deployment status. Deployments created with a commit SHA may not have a Git ref. For information about the APIs to create a deployment status, see "[AUTOTITLE](/graphql/reference/mutations#createdeploymentstatus)" in the GraphQL API documentation or "[AUTOTITLE](/rest/deployments#create-a-deployment-status)." @@ -191,11 +167,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`discussion`](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion) | - `created`
- `edited`
- `deleted`
- `transferred`
- `pinned`
- `unpinned`
- `labeled`
- `unlabeled`
- `locked`
- `unlocked`
- `category_changed`
- `answered`
- `unanswered` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -217,11 +190,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`discussion_comment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion_comment) | - `created`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -277,11 +247,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`issue_comment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment) | - `created`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -334,11 +301,8 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`issues`](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues) | - `opened`
- `edited`
- `deleted`
- `transferred`
- `pinned`
- `unpinned`
- `closed`
- `reopened`
- `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `locked`
- `unlocked`
- `milestoned`
- `demilestoned` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -358,11 +322,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`label`](/webhooks-and-events/webhooks/webhook-events-and-payloads#label) | - `created`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#label)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#label)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -378,7 +339,7 @@ on: types: [created, deleted] ``` -{% ifversion merge-queue %} +{% ifversion merge-queue %} ## `merge_group` @@ -386,14 +347,9 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`merge_group`](/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group) | `checks_requested` | SHA of the merge group | Ref of the merge group | -{% note %} - -**Notes**: - -* {% data reusables.developer-site.multiple_activity_types %} Although only the `checks_requested` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group)." {% data reusables.developer-site.limit_workflow_to_activity_types %} -* {% data reusables.actions.merge-group-event-with-required-checks %} - -{% endnote %} +> [!NOTE] +> * {% data reusables.developer-site.multiple_activity_types %} Although only the `checks_requested` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group)." {% data reusables.developer-site.limit_workflow_to_activity_types %} +> * {% data reusables.actions.merge-group-event-with-required-checks %} Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. For more information see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue)". @@ -415,11 +371,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`milestone`](/webhooks-and-events/webhooks/webhook-events-and-payloads#milestone) | - `created`
- `closed`
- `opened`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#milestone)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#milestone)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -460,26 +413,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`project`](/webhooks-and-events/webhooks/webhook-events-and-payloads#project) | - `created`
- `closed`
- `reopened`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} The `edited` activity type refers to when a {% data variables.projects.projects_v1_board %}, not a column or card on the {% data variables.projects.projects_v1_board %}, is edited. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} The `edited` activity type refers to when a {% data variables.projects.projects_v1_board %}, not a column or card on the {% data variables.projects.projects_v1_board %}, is edited. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. - -{% endnote %} +> [!NOTE] +> This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. {% ifversion fpt or ghec %} -{% note %} -**Note**: This event only occurs for {% data variables.product.prodname_projects_v1 %}. +> [!NOTE] +> This event only occurs for {% data variables.product.prodname_projects_v1 %}. -{% endnote %} {% endif %} Runs your workflow when a {% data variables.projects.projects_v1_board %} is created or modified. For activity related to cards or columns in a {% data variables.projects.projects_v1_board %}, use the [`project_card`](#project_card) or [`project_column`](#project_column) events instead. For more information about {% data variables.projects.projects_v1_boards %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)." For information about the {% data variables.projects.projects_v1_board %} APIs, see "[AUTOTITLE](/graphql/reference/objects#project)" in the GraphQL API documentation or "[AUTOTITLE](/rest/projects)." @@ -498,26 +444,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`project_card`](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_card) | - `created`
- `moved`
- `converted` to an issue
- `edited`
- `deleted` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_card)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_card)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. - -{% endnote %} +> [!NOTE] +> This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. {% ifversion fpt or ghec %} -{% note %} -**Note**: This event only occurs for {% data variables.product.prodname_projects_v1 %}. +> [!NOTE] +> This event only occurs for {% data variables.product.prodname_projects_v1 %}. -{% endnote %} {% endif %} Runs your workflow when a card on a {% data variables.projects.projects_v1_board %} is created or modified. For activity related to {% data variables.projects.projects_v1_boards %} or columns in a {% data variables.projects.projects_v1_board %}, use the [`project`](#project) or [`project_column`](#project_column) event instead. For more information about {% data variables.projects.projects_v1_boards %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)." For information about the project card APIs, see "[AUTOTITLE](/graphql/reference/objects#projectcard)" in the GraphQL API documentation or "[AUTOTITLE](/rest/projects/cards)." @@ -536,26 +475,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`project_column`](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_column) | - `created`
- `updated`
- `moved`
- `deleted` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_column)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_column)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. - -{% endnote %} +> [!NOTE] +> This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. {% ifversion fpt or ghec %} -{% note %} -**Note**: This event only occurs for {% data variables.product.prodname_projects_v1 %}. +> [!NOTE] +> This event only occurs for {% data variables.product.prodname_projects_v1 %}. -{% endnote %} {% endif %} Runs your workflow when a column on a {% data variables.projects.projects_v1_board %} is created or modified. For activity related to {% data variables.projects.projects_v1_boards %} or cards in a {% data variables.projects.projects_v1_board %}, use the [`project`](#project) or [`project_card`](#project_card) event instead. For more information about {% data variables.projects.projects_v1_boards %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)." For information about the project column APIs, see "[AUTOTITLE](/graphql/reference/objects#projectcolumn)" in the GraphQL API documentation or "[AUTOTITLE](/rest/projects#columns)." @@ -593,20 +525,12 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`pull_request`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) | - `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `opened`
- `edited`
- `closed`
- `reopened`
- `synchronize`
- `converted_to_draft`
- `locked`
- `unlocked`
{% ifversion fpt or ghec %}- `enqueued`
- `dequeued`
{% endif %}- `milestoned`
- `demilestoned`
- `ready_for_review`
- `review_requested`
- `review_request_removed`
- `auto_merge_enabled`
- `auto_merge_disabled` | Last merge commit on the `GITHUB_REF` branch | PR merge branch `refs/pull/PULL_REQUEST_NUMBER/merge` | -{% note %} - -**Notes**: -* {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." - -* Workflows will not run on `pull_request` activity if the pull request has a merge conflict. The merge conflict must be resolved first. - - Conversely, workflows with the `pull_request_target` event will run even if the pull request has a merge conflict. Before using the `pull_request_target` trigger, you should be aware of the security risks. For more information, see [`pull_request_target`](#pull_request_target). - -* The `pull_request` webhook event payload is empty for merged pull requests and pull requests that come from forked repositories. - -* The value of `GITHUB_REF` varies for a closed pull request depending on whether the pull request has been merged or not. If a pull request was closed but not merged, it will be `refs/pull/PULL_REQUEST_NUMBER/merge`. If a pull request was closed as a result of being merged, it will be the fully qualified `ref` of the branch it was merged into, for example `/refs/heads/main`. - -{% endnote %} +> [!NOTE] +> * {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." +> * Workflows will not run on `pull_request` activity if the pull request has a merge conflict. The merge conflict must be resolved first. +> Conversely, workflows with the `pull_request_target` event will run even if the pull request has a merge conflict. Before using the `pull_request_target` trigger, you should be aware of the security risks. For more information, see [`pull_request_target`](#pull_request_target). +> * The `pull_request` webhook event payload is empty for merged pull requests and pull requests that come from forked repositories. +> * The value of `GITHUB_REF` varies for a closed pull request depending on whether the pull request has been merged or not. If a pull request was closed but not merged, it will be `refs/pull/PULL_REQUEST_NUMBER/merge`. If a pull request was closed as a result of being merged, it will be the fully qualified `ref` of the branch it was merged into, for example `/refs/heads/main`. Runs your workflow when activity on a pull request in the workflow's repository occurs. For example, if no activity types are specified, the workflow runs when a pull request is opened or reopened or when the head branch of the pull request is updated. For activity related to pull request reviews, pull request review comments, or pull request comments, use the [`pull_request_review`](#pull_request_review), [`pull_request_review_comment`](#pull_request_review_comment), or [`issue_comment`](#issue_comment) events instead. For information about the pull request APIs, see "[AUTOTITLE](/graphql/reference/objects#pullrequest)" in the GraphQL API documentation or "[AUTOTITLE](/rest/pulls)." @@ -649,22 +573,19 @@ on: - 'releases/**' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` To run a job based on the pull request's head branch name (as opposed to the pull request's base branch name), use the `github.head_ref` context in a conditional. For example, this workflow will run whenever a pull request is opened, but the `run_if` job will only execute if the head of the pull request is a branch whose name starts with `releases/`: @@ -694,22 +615,19 @@ on: - '**.js' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ### Running your `pull_request` workflow when a pull request merges @@ -742,11 +660,8 @@ To run your workflow when a comment on a pull request (not on a pull request's d | --------------------- | -------------- | ------------ | -------------| | [`pull_request_review`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review) | - `submitted`
- `edited`
- `dismissed` | Last merge commit on the `GITHUB_REF` branch | PR merge branch `refs/pull/PULL_REQUEST_NUMBER/merge` | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review)." {% data reusables.developer-site.limit_workflow_to_activity_types %} Runs your workflow when a pull request review is submitted, edited, or dismissed. A pull request review is a group of pull request review comments in addition to a body comment and a state. For activity related to pull request review comments or pull request comments, use the [`pull_request_review_comment`](#pull_request_review_comment) or [`issue_comment`](#issue_comment) events instead. For information about the pull request review APIs, see "[AUTOTITLE](/graphql/reference/objects#pullrequest)" in the GraphQL API documentation or "[AUTOTITLE](/rest/pulls#reviews)." @@ -783,11 +698,8 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`pull_request_review_comment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review_comment) | - `created`
- `edited`
- `deleted`| Last merge commit on the `GITHUB_REF` branch | PR merge branch `refs/pull/PULL_REQUEST_NUMBER/merge` | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} Runs your workflow when a pull request review comment is modified. A pull request review comment is a comment on a pull request's diff. For activity related to pull request reviews or pull request comments, use the [`pull_request_review`](#pull_request_review) or [`issue_comment`](#issue_comment) events instead. For information about the pull request review comment APIs, see "[AUTOTITLE](/graphql/reference/objects#pullrequestreviewcomment)" in the GraphQL API documentation or "[AUTOTITLE](/rest/pulls#comments)." @@ -807,11 +719,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`pull_request`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) | - `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `opened`
- `edited`
- `closed`
- `reopened`
- `synchronize`
- `converted_to_draft`
- `ready_for_review`
- `locked`
- `unlocked`
- `review_requested`
- `review_request_removed`
- `auto_merge_enabled`
- `auto_merge_disabled` | Last commit on the PR base branch | PR base branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request_target` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request_target` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." Runs your workflow when activity on a pull request in the workflow's repository occurs. For example, if no activity types are specified, the workflow runs when a pull request is opened or reopened or when the head branch of the pull request is updated. @@ -844,22 +753,19 @@ on: - 'releases/**' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request_target: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request_target: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` To run a job based on the pull request's head branch name (as opposed to the pull request's base branch name), use the `github.head_ref` context in a conditional. For example, this workflow will run whenever a pull request is opened, but the `run_if` job will only execute if the head of the pull request is a branch whose name starts with `releases/`: @@ -889,22 +795,19 @@ on: - '**.js' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request_target: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request_target: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ### Running your `pull_request_target` workflow when a pull request merges @@ -931,17 +834,11 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`push`](/webhooks-and-events/webhooks/webhook-events-and-payloads#push) | Not applicable | Tip commit pushed to the ref. When you delete a branch, the SHA in the workflow run (and its associated refs) reverts to the default branch of the repository. | Updated ref | -{% note %} - -**Note:** The webhook payload available to GitHub Actions does not include the `added`, `removed`, and `modified` attributes in the `commit` object. You can retrieve the full commit object using the API. For information, see "[AUTOTITLE](/graphql/reference/objects#commit)" in the GraphQL API documentation or "[AUTOTITLE](/rest/commits#get-a-commit)." - -{% endnote %} +> [!NOTE] +> The webhook payload available to GitHub Actions does not include the `added`, `removed`, and `modified` attributes in the `commit` object. You can retrieve the full commit object using the API. For information, see "[AUTOTITLE](/graphql/reference/objects#commit)" in the GraphQL API documentation or "[AUTOTITLE](/rest/commits#get-a-commit)." -{% note %} - -**Note**: {% ifversion fpt or ghec or ghes > 3.13 %}Events will not be created if more than 5,000 branches are pushed at once. {% endif %}Events will not be created for tags when more than three tags are pushed at once. - -{% endnote %} +> [!NOTE] +> {% ifversion fpt or ghec or ghes > 3.13 %}Events will not be created if more than 5,000 branches are pushed at once. {% endif %}Events will not be created for tags when more than three tags are pushed at once. Runs your workflow when you push a commit or tag, or when you create a repository from a template. @@ -952,11 +849,8 @@ on: push ``` -{% note %} - -**Note**: When a `push` webhook event triggers a workflow run, the Actions UI's "pushed by" field shows the account of the pusher and not the author or committer. However, if the changes are pushed to a repository using SSH authentication with a deploy key, then the "pushed by" field will be the repository admin who verified the deploy key when it was added it to a repository. - -{% endnote %} +> [!NOTE] +> When a `push` webhook event triggers a workflow run, the Actions UI's "pushed by" field shows the account of the pusher and not the author or committer. However, if the changes are pushed to a repository using SSH authentication with a deploy key, then the "pushed by" field will be the repository admin who verified the deploy key when it was added it to a repository. ### Running your workflow only when a push to specific branches occurs @@ -972,20 +866,17 @@ on: - 'releases/**' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: - -```yaml -on: - push: - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> push: +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ### Running your workflow only when a push of specific tags occurs @@ -1013,20 +904,17 @@ on: - '**.js' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: - -```yaml -on: - push: - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> push: +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ## `registry_package` @@ -1034,29 +922,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`registry_package`](/webhooks-and-events/webhooks/webhook-events-and-payloads#package) | - `published`
- `updated` | Commit of the published package | Branch or tag of the published package | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#registry_package)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#registry_package)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: When pushing multi-architecture container images, this event occurs once per manifest, so you might observe your workflow triggering multiple times. To mitigate this, and only run your workflow job for the event that contains the actual image tag information, use a conditional: - -{% raw %} - -```yaml -jobs: - job_name: - if: ${{ github.event.registry_package.package_version.container_metadata.tag.name != '' }} -``` - -{% endraw %} - -{% endnote %} +> [!NOTE] +> When pushing multi-architecture container images, this event occurs once per manifest, so you might observe your workflow triggering multiple times. To mitigate this, and only run your workflow job for the event that contains the actual image tag information, use a conditional: +> +> ```yaml +> jobs: +> job_name: +> if: ${{ github.event.registry_package.package_version.container_metadata.tag.name != '' }} +> ``` Runs your workflow when activity related to {% data variables.product.prodname_registry %} occurs in your repository. For more information, see "[{% data variables.product.prodname_registry %} Documentation](/packages)." @@ -1074,23 +952,14 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`release`](/webhooks-and-events/webhooks/webhook-events-and-payloads#release) | - `published`
- `unpublished`
- `created`
- `edited`
- `deleted`
- `prereleased`
- `released` | Last commit in the tagged release | Tag ref of release `refs/tags/` | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#release)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} - -{% note %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#release)." {% data reusables.developer-site.limit_workflow_to_activity_types %} -**Note:** Workflows are not triggered for the `created`, `edited`, or `deleted` activity types for draft releases. When you create your release through the {% data variables.product.product_name %} browser UI, your release may automatically be saved as a draft. +> [!NOTE] +> Workflows are not triggered for the `created`, `edited`, or `deleted` activity types for draft releases. When you create your release through the {% data variables.product.product_name %} browser UI, your release may automatically be saved as a draft. -{% endnote %} - -{% note %} - -**Note:** The `prereleased` type will not trigger for pre-releases published from draft releases, but the `published` type will trigger. If you want a workflow to run when stable _and_ pre-releases publish, subscribe to `published` instead of `released` and `prereleased`. - -{% endnote %} +> [!NOTE] +> The `prereleased` type will not trigger for pre-releases published from draft releases, but the `published` type will trigger. If you want a workflow to run when stable _and_ pre-releases publish, subscribe to `published` instead of `released` and `prereleased`. Runs your workflow when release activity in your repository occurs. For information about the release APIs, see "[AUTOTITLE](/graphql/reference/objects#release)" in the GraphQL API documentation or "[AUTOTITLE](/rest/releases)" in the REST API documentation. @@ -1120,11 +989,8 @@ on: types: [test_result] ``` -{% note %} - -**Note:** The `event_type` value is limited to 100 characters. - -{% endnote %} +> [!NOTE] +> The `event_type` value is limited to 100 characters. Any data that you send through the `client_payload` parameter will be available in the `github.event` context in your workflow. For example, if you send this request body when you create a repository dispatch event: @@ -1155,14 +1021,9 @@ jobs: run: echo $MESSAGE ``` -{% note %} - -**Notes**: - -* The maximum number of top-level properties in `client_payload` is 10. -* The payload can contain a maximum of 65,535 characters. - -{% endnote %} +> [!NOTE] +> * The maximum number of top-level properties in `client_payload` is 10. +> * The payload can contain a maximum of 65,535 characters. ## `schedule` @@ -1170,25 +1031,20 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | Not applicable | Not applicable | Last commit on default branch | Default branch | When the scheduled workflow is set to run. A scheduled workflow uses [POSIX cron syntax](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). For more information, see "[AUTOTITLE](/actions/using-workflows#triggering-a-workflow-with-events)." | -{% note %} - -**Notes:** - -* {% data reusables.actions.schedule-delay %} -* This event will only trigger a workflow run if the workflow file is on the default branch. -* Scheduled workflows will only run on the default branch. -* In a public repository, scheduled workflows are automatically disabled when no repository activity has occurred in 60 days. For information on re-enabling a disabled workflow, see "[AUTOTITLE](/enterprise-server@3.12/actions/using-workflows/disabling-and-enabling-a-workflow#enabling-a-workflow)." -* When the last user to commit to the cron schedule of a workflow is removed from the organization, the scheduled workflow will be disabled. If a user with `write` permissions to the repository makes a commit that changes the cron schedule, the scheduled workflow will be reactivated. Note that, in this situation, the workflow is not reactivated by any change to the workflow file; you must alter the `cron` value and commit this change. - - **Example:** - - ```yaml - on: - schedule: - - cron: "15 4,5 * * *" # <=== Change this value - ``` - -{% endnote %} +> [!NOTE] +> * {% data reusables.actions.schedule-delay %} +> * This event will only trigger a workflow run if the workflow file is on the default branch. +> * Scheduled workflows will only run on the default branch. +> * In a public repository, scheduled workflows are automatically disabled when no repository activity has occurred in 60 days. For information on re-enabling a disabled workflow, see "[AUTOTITLE](/enterprise-server@3.12/actions/using-workflows/disabling-and-enabling-a-workflow#enabling-a-workflow)." +> * When the last user to commit to the cron schedule of a workflow is removed from the organization, the scheduled workflow will be disabled. If a user with `write` permissions to the repository makes a commit that changes the cron schedule, the scheduled workflow will be reactivated. Note that, in this situation, the workflow is not reactivated by any change to the workflow file; you must alter the `cron` value and commit this change. +> +> **Example:** +> +> ```yaml +> on: +> schedule: +> - cron: "15 4,5 * * *" # <=== Change this value +> ``` The `schedule` event allows you to trigger a workflow at a scheduled time. @@ -1217,11 +1073,8 @@ You can use these operators in any of the five fields: | - | Range of values | `30 4-6 * * *` runs at minute 30 of the 4th, 5th, and 6th hour. | | / | Step values | `20/15 * * * *` runs every 15 minutes starting from minute 20 through 59 (minutes 20, 35, and 50). | -{% note %} - -**Note:** {% data variables.product.prodname_actions %} does not support the non-standard syntax `@yearly`, `@monthly`, `@weekly`, `@daily`, `@hourly`, and `@reboot`. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_actions %} does not support the non-standard syntax `@yearly`, `@monthly`, `@weekly`, `@daily`, `@hourly`, and `@reboot`. You can use [crontab guru](https://crontab.guru/) to help generate your cron syntax and confirm what time it will run. To help you get started, there is also a list of [crontab guru examples](https://crontab.guru/examples.html). @@ -1268,11 +1121,8 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`watch`](/webhooks-and-events/webhooks/webhook-events-and-payloads#watch) | - `started` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} Although only the `started` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#watch)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} Although only the `started` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#watch)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -1376,19 +1226,13 @@ For more information, see the {% data variables.product.prodname_cli %} informat | --------------------- | -------------- | ------------ | -------------| | [`workflow_run`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run) | - `completed`
- `requested`
- `in_progress` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} The `requested` activity type does not occur when a workflow is re-run. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} The `requested` activity type does not occur when a workflow is re-run. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note:** You can't use `workflow_run` to chain together more than three levels of workflows. For example, if you attempt to trigger five workflows (named `B` to `F`) to run sequentially after an initial workflow `A` has run (that is: `A` → `B` → `C` → `D` → `E` → `F`), workflows `E` and `F` will not be run. - -{% endnote %} +> [!NOTE] +> You can't use `workflow_run` to chain together more than three levels of workflows. For example, if you attempt to trigger five workflows (named `B` to `F`) to run sequentially after an initial workflow `A` has run (that is: `A` → `B` → `C` → `D` → `E` → `F`), workflows `E` and `F` will not be run. This event occurs when a workflow run is requested or completed. It allows you to execute a workflow based on execution or completion of another workflow. The workflow started by the `workflow_run` event is able to access secrets and write tokens, even if the previous workflow was not. This is useful in cases where the previous workflow is intentionally not privileged, but you need to take a privileged action in a later workflow. diff --git a/content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md b/content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md index 601967794eaa..dfcea036231a 100644 --- a/content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md +++ b/content/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md @@ -20,8 +20,5 @@ redirect_from: On a skipped job, you should see "This check was skipped." -{% note %} - -**Note:** In some parts of the workflow you cannot use environment variables. Instead you can use contexts to access the value of an environment variable. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#using-the-env-context-to-access-environment-variable-values)." - -{% endnote %} +> [!NOTE] +> In some parts of the workflow you cannot use environment variables. Instead you can use contexts to access the value of an environment variable. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#using-the-env-context-to-access-environment-variable-values)." diff --git a/content/actions/writing-workflows/workflow-syntax-for-github-actions.md b/content/actions/writing-workflows/workflow-syntax-for-github-actions.md index a97e4415e6d5..c7857c9e8417 100644 --- a/content/actions/writing-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/writing-workflows/workflow-syntax-for-github-actions.md @@ -187,11 +187,8 @@ A map of the secrets that can be used in the called workflow. Within the called workflow, you can use the `secrets` context to refer to a secret. -{% note %} - -**Note:** If you are passing the secret to a nested reusable workflow, then you must use [`jobs..secrets`](#jobsjob_idsecrets) again to pass the secret. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-secrets-to-nested-workflows)." - -{% endnote %} +> [!NOTE] +> If you are passing the secret to a nested reusable workflow, then you must use [`jobs..secrets`](#jobsjob_idsecrets) again to pass the secret. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-secrets-to-nested-workflows)." If a caller workflow passes a secret that is not specified in the called workflow, this results in an error. @@ -881,11 +878,8 @@ The maximum number of minutes to let a job run before {% data variables.product. If the timeout exceeds the job execution time limit for the runner, the job will be canceled when the execution time limit is met instead. For more information about job execution time limits, see "[AUTOTITLE](/actions/learn-github-actions/usage-limits-billing-and-administration#usage-limits)" for {% data variables.product.prodname_dotcom %}-hosted runners and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)" for self-hosted runner usage limits. -{% note %} - -**Note:** {% data reusables.actions.github-token-expiration %} For self-hosted runners, the token may be the limiting factor if the job timeout is greater than 24 hours. For more information on the `GITHUB_TOKEN`, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#about-the-github_token-secret)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.github-token-expiration %} For self-hosted runners, the token may be the limiting factor if the job timeout is greater than 24 hours. For more information on the `GITHUB_TOKEN`, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#about-the-github_token-secret)." ## `jobs..strategy` @@ -1089,11 +1083,8 @@ volumes: Additional Docker container resource options. For a list of options, see "[`docker create` options](https://docs.docker.com/engine/reference/commandline/create/#options)." -{% warning %} - -**Warning:** The `--network` option is not supported. - -{% endwarning %} +> [!WARNING] +> The `--network` option is not supported. ## `jobs..uses` diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md index 928202f78933..935469188b0b 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md @@ -100,11 +100,8 @@ ghe-cleanup-caches This utility wipes all existing {% data variables.enterprise.management_console %} settings. -{% tip %} - -**Tip**: {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} - -{% endtip %} +> [!TIP] +> {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} ```shell ghe-cleanup-settings @@ -796,14 +793,9 @@ Flag | Description `-v/--verbose` | Prints additional information to the console. `-h/--help` | Displays help text for the command. -{% note %} - -**Notes:** - -* This command can only be used to remove a node from a cluster configuration. It cannot be used to remove a node from a high availability configuration. -* This command does not support parallel execution. To remove multiple nodes, you must wait until this command has finished before running it for another node. - -{% endnote %} +> [!NOTE] +> * This command can only be used to remove a node from a cluster configuration. It cannot be used to remove a node from a high availability configuration. +> * This command does not support parallel execution. To remove multiple nodes, you must wait until this command has finished before running it for another node. {% endif %} @@ -1001,11 +993,10 @@ This utility tests the blob storage configuration for {% data variables.product. For more information about the configuration of {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." {% ifversion ghes-actions-storage-oidc %} -{% note %} -**Note:** This utility only works with configurations that use a credentials-based connection to the storage provider. To test OpenID Connect (OIDC) configurations, use [`ghe-actions-test-storage-with-oidc`](#ghe-actions-test-storage-with-oidc). +> [!NOTE] +> This utility only works with configurations that use a credentials-based connection to the storage provider. To test OpenID Connect (OIDC) configurations, use [`ghe-actions-test-storage-with-oidc`](#ghe-actions-test-storage-with-oidc). -{% endnote %} {% endif %} ```shell @@ -1024,11 +1015,8 @@ All Storage tests passed This utility checks that the blob storage provider for {% data variables.product.prodname_actions %} on {% data variables.location.product_location %} is valid when OpenID Connect (OIDC) is used. -{% note %} - -**Note:** This utility only works with configurations that use an OpenID Connect (OIDC) configuration. To test credentials-based configurations, use [`ghe-actions-precheck`](#ghe-actions-precheck). - -{% endnote %} +> [!NOTE] +> This utility only works with configurations that use an OpenID Connect (OIDC) configuration. To test credentials-based configurations, use [`ghe-actions-precheck`](#ghe-actions-precheck). ```shell ghe-actions-test-storage-with-oidc -p [PROVIDER] -cs ["CONNECTION-STRING"] @@ -1040,27 +1028,17 @@ ghe-actions-test-storage-with-oidc -p [PROVIDER] -cs ["CONNECTION-STRING"] This utility stops {% data variables.product.prodname_actions %} from running on {% data variables.location.product_location %}. -{% note %} - -**Notes**: - -* {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} -* In high availability configurations, run this command from the primary. - -{% endnote %} +> [!NOTE] +> * {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} +> * In high availability configurations, run this command from the primary. ### ghe-actions-start This utility starts {% data variables.product.prodname_actions %} on {% data variables.location.product_location %} after it has been previously stopped. -{% note %} - -**Notes**: - -* {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} -* In high availability configurations, run this command from the primary. - -{% endnote %} +> [!NOTE] +> * {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} +> * In high availability configurations, run this command from the primary. If your system is configured correctly, you'll see the following output: @@ -1367,11 +1345,10 @@ In this example, `ghe-repl-status -vv` sends verbose status information from a r During an upgrade to a feature release, this utility displays the status of background jobs on {% data variables.location.product_location %}. If you're running back-to-back upgrades, you should use this utility to check that all background jobs are complete before proceeding with the next upgrade. {% ifversion ghes < 3.12 %} -{% note %} -**Note:** To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. +> [!NOTE] +> To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. -{% endnote %} {% endif %} ```shell diff --git a/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md b/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md index 7027d74abeef..ffe3e3f20e29 100644 --- a/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md +++ b/content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md @@ -66,11 +66,8 @@ If you have an existing backup configuration file, `backup.config`, ensure you c Backup snapshots created by {% data variables.product.prodname_enterprise_backup_utilities %} are written to the disk path set by the `GHE_DATA_DIR` data directory variable in your `backup.config` file. These snapshots need to be stored on a filesystem which supports symbolic and hard links. -{% note %} - -**Note:** We recommend ensuring your snapshots are not kept in a subdirectory of the {% data variables.product.prodname_enterprise_backup_utilities %} installation directory, to avoid inadvertently overwriting your data directory when upgrading {% data variables.product.prodname_enterprise_backup_utilities %} versions. - -{% endnote %} +> [!NOTE] +> We recommend ensuring your snapshots are not kept in a subdirectory of the {% data variables.product.prodname_enterprise_backup_utilities %} installation directory, to avoid inadvertently overwriting your data directory when upgrading {% data variables.product.prodname_enterprise_backup_utilities %} versions. 1. Download the relevant {% data variables.product.prodname_enterprise_backup_utilities %} release from the [Releases](https://github.com/github/backup-utils/releases) page of the github/backup-utils repository. @@ -97,13 +94,11 @@ Backup snapshots created by {% data variables.product.prodname_enterprise_backup 1. If you previously upgraded {% data variables.product.prodname_enterprise_backup_utilities %} using Git, ensure that you copy your existing configuration from `backup.config` into the new file. For more information, see "[Upgrading {% data variables.product.prodname_enterprise_backup_utilities %}](#upgrading-github-enterprise-server-backup-utilities)." 1. Set the `GHE_HOSTNAME` value to your primary {% data variables.product.prodname_ghe_server %} instance's hostname or IP address. - {% note %} - - **Note:** If {% data variables.location.product_location %} is deployed as a cluster or in a high availability configuration using a load balancer, the `GHE_HOSTNAME` can be the load balancer hostname, as long as the load balancer allows SSH access over port 122 to {% data variables.location.product_location %}. - - To ensure a recovered instance is immediately available, perform backups targeting the primary instance even in a geo-replication configuration. + > [!NOTE] + > If {% data variables.location.product_location %} is deployed as a cluster or in a high availability configuration using a load balancer, the `GHE_HOSTNAME` can be the load balancer hostname, as long as the load balancer allows SSH access over port 122 to {% data variables.location.product_location %}. + > + > To ensure a recovered instance is immediately available, perform backups targeting the primary instance even in a geo-replication configuration. - {% endnote %} 1. Set the `GHE_DATA_DIR` value to the filesystem location where you want to store backup snapshots. We recommend choosing a location on the same filesystem as your backup host. 1. To grant your backup host access to your instance, open your primary instance's settings page at `http(s)://HOSTNAME/setup/settings` and add the backup host's SSH key to the list of authorized SSH keys. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh#enabling-access-to-the-administrative-shell-via-ssh)." 1. On your backup host, verify SSH connectivity with {% data variables.location.product_location %} with the `ghe-host-check` command. diff --git a/content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md b/content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md index 59d8454cd64b..ef37730d9c55 100644 --- a/content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md +++ b/content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md @@ -33,9 +33,10 @@ To prevent new packages from being uploaded, you can set an ecosystem you previo {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_site_admin_settings.packages-tab %} 1. Under "Ecosystem Toggles", for each package type, select **Enabled**, **Read-Only**, or **Disabled**. - {%- ifversion ghes %}{% note -%} - **Note**: Subdomain isolation must be enabled to toggle the {% data variables.product.prodname_container_registry %} options. - {%- endnote %}{%- endif %} + {%- ifversion ghes %} + > [!NOTE] + > Subdomain isolation must be enabled to toggle the {% data variables.product.prodname_container_registry %} options. + {%- endif %} ![Screenshot of the "Ecosystem toggles" section on the Settings page of the Management Console.](/assets/images/enterprise/site-admin-settings/ecosystem-toggles.png) {% data reusables.enterprise_management_console.save-settings %} diff --git a/content/admin/configuring-packages/enabling-github-packages-with-aws.md b/content/admin/configuring-packages/enabling-github-packages-with-aws.md index 7178fba96755..cbb4e8295035 100644 --- a/content/admin/configuring-packages/enabling-github-packages-with-aws.md +++ b/content/admin/configuring-packages/enabling-github-packages-with-aws.md @@ -14,14 +14,10 @@ redirect_from: - /admin/packages/enabling-github-packages-with-aws --- -{% warning %} - -**Warnings:** -* It is critical that you configure any restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible to the public internet. For more information, see "[Setting bucket and object access permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html)" in the AWS Documentation. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. -* We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. -* Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. - -{% endwarning %} +> [!WARNING] +> * It is critical that you configure any restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible to the public internet. For more information, see "[Setting bucket and object access permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html)" in the AWS Documentation. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. +> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. +> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. ## Prerequisites diff --git a/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md b/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md index c1a2e066cf8b..134cd94d43c5 100644 --- a/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md +++ b/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md @@ -13,14 +13,10 @@ redirect_from: - /admin/packages/enabling-github-packages-with-azure-blob-storage --- -{% warning %} - -**Warnings:** -* It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. -* We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. -* Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. - -{% endwarning %} +> [!WARNING] +> * It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. +> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. +> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. ## Prerequisites @@ -36,13 +32,10 @@ Before you can enable and configure {% data variables.product.prodname_registry You must create a storage container prior to setting the container name and connection string. - {% note %} - - **Note:** You can find your Azure Connection String by navigating to the Access Key menu in your Azure storage account. - - Usage of a SAS Token or SAS URL as connection string is not currently supported. - - {% endnote %} + > [!NOTE] + > You can find your Azure Connection String by navigating to the Access Key menu in your Azure storage account. + > + > Usage of a SAS Token or SAS URL as connection string is not currently supported. {% data reusables.enterprise_management_console.save-settings %} diff --git a/content/admin/configuring-packages/enabling-github-packages-with-minio.md b/content/admin/configuring-packages/enabling-github-packages-with-minio.md index 770e6687e9b2..5325769f37b7 100644 --- a/content/admin/configuring-packages/enabling-github-packages-with-minio.md +++ b/content/admin/configuring-packages/enabling-github-packages-with-minio.md @@ -13,14 +13,11 @@ redirect_from: - /admin/packages/enabling-github-packages-with-minio --- -{% warning %} - -**Warnings:** -* It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. -* We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. -* Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. -* We recommend configuring the TLS for the bucket to avoid possible issues with Package Registry, for example, downloading from NuGet Registry. -{% endwarning %} +> [!WARNING] +> * It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. +> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. +> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. +> * We recommend configuring the TLS for the bucket to avoid possible issues with Package Registry, for example, downloading from NuGet Registry. ## Prerequisites diff --git a/content/admin/configuring-settings/configuring-github-connect/about-github-connect.md b/content/admin/configuring-settings/configuring-github-connect/about-github-connect.md index cb8635f296d2..b5dc117f6f72 100644 --- a/content/admin/configuring-settings/configuring-github-connect/about-github-connect.md +++ b/content/admin/configuring-settings/configuring-github-connect/about-github-connect.md @@ -71,11 +71,8 @@ If you're connecting to an enterprise on {% data variables.enterprise.data_resid When {% data variables.product.prodname_github_connect %} is enabled, a record on {% data variables.product.prodname_ghe_cloud %} stores information about the connection. If you enable individual features of {% data variables.product.prodname_github_connect %}, additional data is transmitted. -{% note %} - -**Note:** No repositories, issues, or pull requests are ever transmitted from {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} by {% data variables.product.prodname_github_connect %}. - -{% endnote %} +> [!NOTE] +> No repositories, issues, or pull requests are ever transmitted from {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} by {% data variables.product.prodname_github_connect %}. ### Data transmitted when {% data variables.product.prodname_github_connect %} is enabled diff --git a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index 69df4714912c..e2cdee276458 100644 --- a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -41,11 +41,8 @@ After you {% ifversion dependabot-alerts-ghes-enablement %} set up {% data varia You can also choose to manually sync vulnerability data at any time. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)." -{% note %} - -**Note:** When you enable {% data variables.product.prodname_dependabot_alerts %}, no code or information about code from {% data variables.product.prodname_ghe_server %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}. - -{% endnote %} +> [!NOTE] +> When you enable {% data variables.product.prodname_dependabot_alerts %}, no code or information about code from {% data variables.product.prodname_ghe_server %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}. When {% data variables.product.prodname_ghe_server %} receives information about a vulnerability, it identifies repositories that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}. @@ -55,11 +52,8 @@ For repositories with {% data variables.product.prodname_dependabot_alerts %} en After you enable {% data variables.product.prodname_dependabot_alerts %}, you can choose to enable {% data variables.product.prodname_dependabot_updates %}. When {% data variables.product.prodname_dependabot_updates %} are enabled for {% data variables.product.prodname_ghe_server %}, users can configure repositories so that their dependencies are updated and kept secure automatically. -{% note %} - -**Note:** {% data variables.product.prodname_dependabot_updates %} on {% data variables.product.product_name %} requires {% data variables.product.prodname_actions %} with self-hosted runners. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot_updates %} on {% data variables.product.product_name %} requires {% data variables.product.prodname_actions %} with self-hosted runners. By default, {% data variables.product.prodname_actions %} runners used by {% data variables.product.prodname_dependabot %} need access to the internet, to download updated packages from upstream package managers. For {% data variables.product.prodname_dependabot_updates %} powered by {% data variables.product.prodname_github_connect %}, internet access provides your runners with a token that allows access to dependencies and advisories hosted on {% data variables.product.prodname_dotcom_the_website %}. @@ -106,11 +100,8 @@ Before you can enable {% data variables.product.prodname_dependabot_updates %}: {% ifversion ghes %} -{% note %} - -**Note:** After you enable the dependency graph, you can use the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). The action will raise an error if any vulnerabilities or invalid licenses are being introduced. {% data reusables.actions.action-bundled-actions %} - -{% endnote %} +> [!NOTE] +> After you enable the dependency graph, you can use the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). The action will raise an error if any vulnerabilities or invalid licenses are being introduced. {% data reusables.actions.action-bundled-actions %} {% endif %} diff --git a/content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md b/content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md index 61ad17646723..81f1c1b14242 100644 --- a/content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md +++ b/content/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md @@ -38,9 +38,7 @@ In this article, the term "source instance" refers to the instance with the old 1. Optionally, while the destination instance is in maintenance mode, validate the instance's configuration and verify that user data is intact. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)." 1. To direct traffic to the destination instance, update the DNS `CNAME` record with the source instance's hostname to resolve to the IP address of the destination instance. - {% note %} + > [!NOTE] + > Restored user-generated content in the instance's web application will likely contain URLs that reference the source instance's old hostname. Optionally, to ensure that these links continue to resolve to the destination instance, you can configure a redirect using DNS. In addition to the `CNAME` record that resolves to the new instance's hostname, configure a second DNS `CNAME` record that directs traffic from the original hostname to the new hostname. For more information, see the documentation for your DNS provider. - **Note**: Restored user-generated content in the instance's web application will likely contain URLs that reference the source instance's old hostname. Optionally, to ensure that these links continue to resolve to the destination instance, you can configure a redirect using DNS. In addition to the `CNAME` record that resolves to the new instance's hostname, configure a second DNS `CNAME` record that directs traffic from the original hostname to the new hostname. For more information, see the documentation for your DNS provider. - - {% endnote %} 1. On the destination instance, disable maintenance mode. diff --git a/content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md b/content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md index 074f12af7c80..669796928037 100644 --- a/content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md +++ b/content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md @@ -23,11 +23,8 @@ shortTitle: Configure an outbound proxy When a proxy server is enabled for {% data variables.location.product_location %}, outbound messages sent by {% data variables.product.prodname_ghe_server %} are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion. Types of outbound messages include outgoing webhooks, uploading bundles, and fetching legacy avatars. The proxy server's URL is the protocol, domain or IP address, plus the port number, for example `http://127.0.0.1:8123`. -{% note %} - -**Note:** To connect {% data variables.location.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)." - -{% endnote %} +> [!NOTE] +> To connect {% data variables.location.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)." {% data reusables.actions.proxy-considerations %} For more information about using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." diff --git a/content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md b/content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md index c93e97066122..c286999766a3 100644 --- a/content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md +++ b/content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md @@ -62,11 +62,8 @@ We do not recommend customizing UFW as it can complicate some troubleshooting is ## Adding custom firewall rules -{% warning %} - -**Warning:** Before you add custom firewall rules, back up your current rules in case you need to reset to a known working state. If you're locked out of your server, visit {% data variables.contact.contact_ent_support %} and contact us to reconfigure the original firewall rules. Restoring the original firewall rules involves downtime for your server. - -{% endwarning %} +> [!WARNING] +> Before you add custom firewall rules, back up your current rules in case you need to reset to a known working state. If you're locked out of your server, visit {% data variables.contact.contact_ent_support %} and contact us to reconfigure the original firewall rules. Restoring the original firewall rules involves downtime for your server. 1. Configure a custom firewall rule. 1. Check the status of each new rule with the `status numbered` command. @@ -87,11 +84,8 @@ After you upgrade {% data variables.location.product_location %}, you must reapp If something goes wrong after you change the firewall rules, you can reset the rules from your original backup. -{% warning %} - -**Warning:** If you didn't back up the original rules before making changes to the firewall, visit {% data variables.contact.contact_ent_support %} and contact us for further assistance. - -{% endwarning %} +> [!WARNING] +> If you didn't back up the original rules before making changes to the firewall, visit {% data variables.contact.contact_ent_support %} and contact us for further assistance. {% data reusables.enterprise_installation.ssh-into-instance %} diff --git a/content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md b/content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md index b50d5c15c1ba..83c28aea29c1 100644 --- a/content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md +++ b/content/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md @@ -16,11 +16,9 @@ topics: - Networking shortTitle: Set the IP using the console --- -{% note %} -**Note:** We do not support adding additional network adapters to {% data variables.product.prodname_ghe_server %}. - -{% endnote %} +> [!NOTE] +> We do not support adding additional network adapters to {% data variables.product.prodname_ghe_server %}. {% data reusables.enterprise_installation.open-vm-console-start %} 1. Choose to configure the `IPv4` or `IPv6` protocol. diff --git a/content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md b/content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md index 14f629ac0bfa..33cc6ff35767 100644 --- a/content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md +++ b/content/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md @@ -35,13 +35,9 @@ shortTitle: Configure time settings The NTP protocol continuously corrects small time synchronization discrepancies. You can use the administrative shell to synchronize time immediately. -{% note %} - -**Notes:** -* You can't modify the Coordinated Universal Time (UTC) zone. -* You should prevent your hypervisor from trying to set the virtual machine's clock. For more information, see the documentation provided by the virtualization provider. - -{% endnote %} +> [!NOTE] +> * You can't modify the Coordinated Universal Time (UTC) zone. +> * You should prevent your hypervisor from trying to set the virtual machine's clock. For more information, see the documentation provided by the virtualization provider. * Use the `chronyc` command to synchronize the server with the configured NTP server. For example: diff --git a/content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md b/content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md index 8e2c4f5e2b70..31e34863986f 100644 --- a/content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md +++ b/content/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md @@ -52,11 +52,8 @@ We strongly recommend enabling PROXY protocol support for both your instance and {% data reusables.enterprise_clustering.x-forwarded-for %} -{% warning %} - -**Warning**: If you configure `X-Forwarded-For` support on {% data variables.location.product_location %} and load balancer, you may not be able to connect to the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#error-your-session-has-expired-for-connections-to-the-management-console)." - -{% endwarning %} +> [!WARNING] +> If you configure `X-Forwarded-For` support on {% data variables.location.product_location %} and load balancer, you may not be able to connect to the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#error-your-session-has-expired-for-connections-to-the-management-console)." {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -77,11 +74,8 @@ Health checks allow a load balancer to stop sending traffic to a node that is no If you cannot connect to services on {% data variables.location.product_location %} through a load balancer, you can review the following information to troubleshoot the problem. -{% note %} - -**Note**: Always test changes to your network infrastructure and instance configuration in a staging environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." - -{% endnote %} +> [!NOTE] +> Always test changes to your network infrastructure and instance configuration in a staging environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." ### Error: "Your session has expired" for connections to the {% data variables.enterprise.management_console %} diff --git a/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md index 76a24fbd81c6..6ec038bbaf77 100644 --- a/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md +++ b/content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md @@ -99,11 +99,8 @@ You can use the following {% data variables.product.prodname_cli %} commands to ### 2. Create a runner group for your enterprise -{% note %} - -**Note:** For the runner group to be accessible by repositories within your organizations, those repositories must have access to that runner group at the organization level. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners#changing-which-repositories-can-access-a-runner-group)." - -{% endnote %} +> [!NOTE] +> For the runner group to be accessible by repositories within your organizations, those repositories must have access to that runner group at the organization level. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners#changing-which-repositories-can-access-a-runner-group)." 1. Create a new runner group for your enterprise. For more information about how to create a runner group, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners#creating-a-runner-group-for-an-enterprise)." {% data reusables.actions.workflows.runner-groups-enterprise-organization-access %} @@ -112,11 +109,8 @@ You can use the following {% data variables.product.prodname_cli %} commands to ### 3. Add the {% data variables.product.company_short %}-hosted runner to the enterprise runner group -{% note %} - -**Note:** When adding your {% data variables.product.company_short %}-hosted runner to a runner group, select the runner group you created in the previous procedures. - -{% endnote %} +> [!NOTE] +> When adding your {% data variables.product.company_short %}-hosted runner to a runner group, select the runner group you created in the previous procedures. 1. Add the {% data variables.product.company_short %}-hosted runner to the runner group. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/actions/using-github-hosted-runners/managing-larger-runners#adding-a-larger-runner-to-an-enterprise)." diff --git a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md index 04baf66b5699..ec28420421c6 100644 --- a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md +++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md @@ -45,11 +45,8 @@ settings to allow incoming emails](#configuring-dns-and-firewall-settings-to-all 1. Under "Send test email to," type an address to send the test email to. 1. Click **Send test email**. - {% tip %} - - **Tip:** If SMTP errors occur while sending a test email—such as an immediate delivery failure or an outgoing mail configuration error—you will see them in the Test email settings dialog box. - - {% endtip %} + > [!TIP] + > If SMTP errors occur while sending a test email—such as an immediate delivery failure or an outgoing mail configuration error—you will see them in the Test email settings dialog box. 1. If the test email fails, [troubleshoot your email settings](#troubleshooting-email-delivery). 1. When the test email succeeds, under the "Settings" sidebar, click **Save settings**. diff --git a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md index ae60184401a5..2e7dddcf5bb6 100644 --- a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md +++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md @@ -24,11 +24,8 @@ shortTitle: Configure GitHub Pages If private mode is enabled on your enterprise, the public cannot access {% data variables.product.prodname_pages %} sites hosted by your enterprise unless you enable public sites. -{% warning %} - -**Warning:** If you enable public sites for {% data variables.product.prodname_pages %}, every site in every repository on your enterprise will be accessible to the public. - -{% endwarning %} +> [!WARNING] +> If you enable public sites for {% data variables.product.prodname_pages %}, every site in every repository on your enterprise will be accessible to the public. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -50,11 +47,8 @@ If subdomain isolation is disabled for your enterprise, you should also disable You can add or override response headers for {% data variables.product.prodname_pages %} sites hosted by {% data variables.location.product_location %}. -{% warning %} - -**Warning:** Ensure that your response headers are properly configured before saving. Improper configurations may negatively impact the security of {% data variables.location.product_location %}. - -{% endwarning %} +> [!WARNING] +> Ensure that your response headers are properly configured before saving. Improper configurations may negatively impact the security of {% data variables.location.product_location %}. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} diff --git a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md index e4e43707b6fc..ff0749cd8426 100644 --- a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md +++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md @@ -21,11 +21,8 @@ To enable interactive maps, you must provide authentication credentials for Azur {% ifversion azure-maps-auth-2023 %} {% ifversion ghes < 3.13 %} -{% warning %} - -**Warning**: Authentication with Azure Maps using an API token is {% data variables.release-phases.retired %} in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %} - -{% endwarning %} +> [!WARNING] +> Authentication with Azure Maps using an API token is {% data variables.release-phases.retired %} in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %} {% endif %} {% endif %} diff --git a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md index 9adbd0f80cb9..5ec5be83923a 100644 --- a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md +++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md @@ -33,11 +33,8 @@ Excessive numbers of requests to the {% data variables.product.prodname_enterpri You can exempt a list of users from API rate limits using the `ghe-config` utility in the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config)." {% endif %} -{% note %} - -**Note:** The {% data variables.enterprise.management_console %} lists the time period (per minute or per hour) for each rate limit. - -{% endnote %} +> [!NOTE] +> The {% data variables.enterprise.management_console %} lists the time period (per minute or per hour) for each rate limit. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -63,11 +60,8 @@ Setting secondary rate limits protects the overall level of service on {% data v If a member of {% data variables.product.company_short %}'s staff has recommended it, you can apply Git rate limits per repository network or per user ID. Git rate limits are expressed in concurrent operations per minute, and are adaptive based on the current CPU load. -{% warning %} - -**Warning:** We encourage you to leave this setting disabled unless directly recommended by a member of {% data variables.product.company_short %}'s staff. Git operations are rarely the leading driver of CPU and RAM usage. Enabling this feature can make Git operations more likely to fail under high load conditions but does not address the underlying cause of those conditions. - -{% endwarning %} +> [!WARNING] +> We encourage you to leave this setting disabled unless directly recommended by a member of {% data variables.product.company_short %}'s staff. Git operations are rarely the leading driver of CPU and RAM usage. Enabling this feature can make Git operations more likely to fail under high load conditions but does not address the underlying cause of those conditions. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} diff --git a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md index 3637844bc4b1..134ff8b81552 100644 --- a/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md +++ b/content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md @@ -44,11 +44,9 @@ You can enable web commit signing, rotate the private key used for web commit si {% data reusables.enterprise_site_admin_settings.email-settings %} 1. Under "No-reply email address", type the same email address you used when creating the PGP key. - {% note %} + > [!NOTE] + > The "No-reply email address" field will only be displayed if you've enabled email for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#configuring-smtp-for-your-enterprise)." - **Note:** The "No-reply email address" field will only be displayed if you've enabled email for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#configuring-smtp-for-your-enterprise)." - - {% endnote %} {% data reusables.enterprise_management_console.save-settings %} ## Rotating the private key used for web commit signing diff --git a/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md index fc5826260095..f8b5892a6c8b 100644 --- a/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md +++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md @@ -26,11 +26,8 @@ Servers that accept SSH connections advertise one or more cryptographic host key By default, {% data variables.location.product_location %} generates and advertises host keys with OpenSSH-style host key rotation. To increase the security of SSH in your environment, you can enable additional algorithms for the generation of host keys. -{% note %} - -**Note**: If you enable additional host key algorithms, clients that do not use OpenSSH for SSH connections may experience warnings during connection, or fail to connect entirely. Some SSH implementations can ignore unsupported algorithms and fall back to a different algorithm. If the client does not support fallback, the connection will fail. For example, the SSH library for Go does not support fallback to a different algorithm. - -{% endnote %} +> [!NOTE] +> If you enable additional host key algorithms, clients that do not use OpenSSH for SSH connections may experience warnings during connection, or fail to connect entirely. Some SSH implementations can ignore unsupported algorithms and fall back to a different algorithm. If the client does not support fallback, the connection will fail. For example, the SSH library for Go does not support fallback to a different algorithm. ## Managing an Ed25519 host key diff --git a/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md index 713e4819ecdf..640cc13a2118 100644 --- a/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md +++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md @@ -27,11 +27,8 @@ You can control the information that {% data variables.product.product_name %} s You can enable the `same-origin` referrer policy to instruct modern browsers to exclude the hostname for {% data variables.location.product_location %} from requests to external websites. The setting applies to all links from the web interface on your instance. By default, {% data variables.product.product_name %} uses the `origin-when-cross-origin` and `strict-origin-when-cross-origin` referrer policies, which means your instance's hostname will appear in HTTP and HTTPS requests to external websites. -{% note %} - -**Note**: Changing the referrer policy to `same-origin` can affect external sites that expect a hostname in the HTTP headers for a request. - -{% endnote %} +> [!NOTE] +> Changing the referrer policy to `same-origin` can affect external sites that expect a hostname in the HTTP headers for a request. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md index a08607b8dc75..09ed0f62eacb 100644 --- a/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md +++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md @@ -49,7 +49,9 @@ Using your IdP's allow list deactivates the {% data variables.product.company_sh By default, your IdP runs the CAP on the initial interactive SAML or OIDC sign-in to {% data variables.product.company_short %} for any IP allow list configuration you choose. -The OIDC CAP only applies for requests to the API using a user token, such as an OAuth token for an {% data variables.product.prodname_oauth_app %} or a user access token for a {% data variables.product.prodname_github_app %} acting on behalf of a user. The OIDC CAP does not apply when a {% data variables.product.prodname_github_app %} uses an installation access token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy#github-apps-and-oauth-apps)." +The OIDC CAP applies to web requests and requests to the API using a user token, such as an OAuth token for an {% data variables.product.prodname_oauth_app %} or a user access token for a {% data variables.product.prodname_github_app %} acting on behalf of a user. The OIDC CAP does not apply when a {% data variables.product.prodname_github_app %} uses an installation access token. See "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy#github-apps-and-oauth-apps)." + +{% data reusables.enterprise-accounts.emu-cap-public-preview %} To ensure seamless use of the OIDC CAP while still applying the policy to OAuth tokens and user access tokens, you must copy all of the IP ranges from each {% data variables.product.prodname_github_app %} that your enterprise uses to your IdP policy. @@ -57,7 +59,7 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth ### Enabling {% data variables.product.company_short %}'s IP allow list -{% data reusables.profile.access_org %} +{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security %} 1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list", select the **IP allow list configuration** dropdown menu and click **GitHub**. @@ -117,13 +119,10 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth ## Using your identity provider's allow list -{% note %} - -**Note:** Using your IdP's allow list is only supported for {% data variables.product.prodname_emus %} with Entra ID and OIDC. +> [!NOTE] +> Using your IdP's allow list is only supported for {% data variables.product.prodname_emus %} with Entra ID and OIDC. -{% endnote %} - -{% data reusables.profile.access_org %} +{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security %} 1. Under "IP allow list", select the **IP allow list configuration** dropdown menu and click **Identity Provider**. diff --git a/content/admin/configuring-settings/index.md b/content/admin/configuring-settings/index.md index e7c74900b669..28aeda3524e3 100644 --- a/content/admin/configuring-settings/index.md +++ b/content/admin/configuring-settings/index.md @@ -20,9 +20,8 @@ children: - /configuring-github-connect --- {% ifversion ghes %} -{% note %} -**Note:** To configure {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for your enterprise, see "[AUTOTITLE](/admin/github-actions)" or "[AUTOTITLE](/admin/packages)." +> [!NOTE] +> To configure {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for your enterprise, see "[AUTOTITLE](/admin/github-actions)" or "[AUTOTITLE](/admin/packages)." -{% endnote %} {% endif %} diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md index a751ae345315..880656685f9f 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md @@ -136,6 +136,8 @@ Anyone can fork a public repository, then submit a pull request to propose chang You can configure which pull requests require approval before they are run. +>[!WARNING] When requiring approvals only for first-time contributors (the first two settings), a user that has had any commit or pull request merged into the repository will not require approval. A malicious user could meet this requirement by getting a simple typo or other innocuous change accepted by a maintainer, either as part of a pull request they have authored or as part of another user's pull request. + * **Require approval for first-time contributors who are new to {% data variables.product.prodname_dotcom %}**. Requires approval for users who have never committed to the repository and have new {% data variables.product.prodname_dotcom %} accounts. * **Require approval for first-time contributors**. Requires approval for users who have never committed to the repository. * **Require approval for all outside collaborators**. Requires approval for all users who are not organization members. diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md index f4257ee96689..1d48e36403ff 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md @@ -29,11 +29,8 @@ If you're an organization owner, you can enable {% data variables.product.prodna ## Enabling or disabling {% data variables.product.prodname_github_codespaces %} in your enterprise -{% note %} - -**Note:** If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings)." - -{% endnote %} +> [!NOTE] +> If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md index 9b67d92f8a22..4786f64a4616 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md @@ -34,7 +34,7 @@ You can enforce policies to control the security settings for organizations owne {% data reusables.two_fa.mandatory-2fa-contributors-2023 %} {% endif %} -{% ifversion ghes%}If {% data variables.location.product_location %} uses LDAP or built-in authentication, enterprise{% else %}Enterprise{% endif %} owners can require that organization members, billing managers, and outside collaborators in all organizations owned by an enterprise use two-factor authentication to secure their user accounts.{% ifversion ghec %} This policy is not available for enterprises with managed users.{% endif %} +{% ifversion ghes %}If {% data variables.location.product_location %} uses LDAP or built-in authentication, enterprise{% else %}Enterprise{% endif %} owners can require that organization members, billing managers, and outside collaborators in all organizations owned by an enterprise use two-factor authentication to secure their user accounts.{% ifversion ghec %} This policy is not available for enterprises with managed users.{% endif %} Before you can require 2FA for all organizations owned by your enterprise, you must enable two-factor authentication for your own account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)." @@ -42,23 +42,15 @@ Before you require use of two-factor authentication, we recommend notifying orga {% data reusables.two_fa.ghes_ntp %} -{% warning %} - -**Warnings:** - -* When you require two-factor authentication for your enterprise, members, outside collaborators, and billing managers (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)." -* Any organization owner, member, billing manager, or outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. -* If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required two-factor authentication for the enterprise. - -{% endwarning %} +> [!WARNING] +> * When you require two-factor authentication for your enterprise, members, outside collaborators, and billing managers (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)." +> * Any organization owner, member, billing manager, or outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. +> * If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required two-factor authentication for the enterprise. {% ifversion mandatory-2fa-dotcom-contributors %} -{% note %} - -**Note**: Some of the users in your organizations may have been selected for mandatory two-factor authentication enrollment by {% data variables.product.prodname_dotcom_the_website %}, but it has no impact on how you enable the 2FA requirement for the organizations in your enterprise. If you enable the 2FA requirement for organizations in your enterprise, all users without 2FA currently enabled will be removed from the organizations, including those that are required to enable it by {% data variables.product.prodname_dotcom_the_website %}. - -{% endnote %} +> [!NOTE] +> Some of the users in your organizations may have been selected for mandatory two-factor authentication enrollment by {% data variables.product.prodname_dotcom_the_website %}, but it has no impact on how you enable the 2FA requirement for the organizations in your enterprise. If you enable the 2FA requirement for organizations in your enterprise, all users without 2FA currently enabled will be removed from the organizations, including those that are required to enable it by {% data variables.product.prodname_dotcom_the_website %}. {% endif %} @@ -138,11 +130,8 @@ By default, to hide the existence of private resources, when an unauthenticated To prevent confusion from your developers, you can change this behavior so that users are automatically redirected to single sign-on (SSO) through your identity provider (IdP). When you enable automatic redirects, anyone who visits the URL for any of your enterprise's resources will be able to see that the resource exists. However, they'll only be able to see the resource if they have appropriate access after authenticating with your IdP. -{% note %} - -**Note:** If a user is signed in to their personal account when they attempt to access any of your enterprise's resources, they'll be automatically signed out and redirected to SSO to sign in to their {% data variables.enterprise.prodname_managed_user %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts)." - -{% endnote %} +> [!NOTE] +> If a user is signed in to their personal account when they attempt to access any of your enterprise's resources, they'll be automatically signed out and redirected to SSO to sign in to their {% data variables.enterprise.prodname_managed_user %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md index 869afbb872ac..9fbdd3d84966 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md @@ -112,11 +112,10 @@ People with admin permissions can set a more granular forking policy. For more i {% endif %} {% ifversion enterprise-namespace-repo-setting %} -{% note %} -**Note:** If {% ifversion ghec %}your enterprise uses {% data variables.product.prodname_emus %} and {% endif %}your "Repository creation" policy prevents enterprise members from creating repositories owned by their user accounts, members will not be allowed to fork a repository in their user accounts, regardless of your "Repository forking" policy. +> [!NOTE] +> If {% ifversion ghec %}your enterprise uses {% data variables.product.prodname_emus %} and {% endif %}your "Repository creation" policy prevents enterprise members from creating repositories owned by their user accounts, members will not be allowed to fork a repository in their user accounts, regardless of your "Repository forking" policy. -{% endnote %} {% endif %} {% data reusables.enterprise-accounts.access-enterprise %} @@ -225,11 +224,8 @@ Across all organizations owned by your enterprise, you can allow members to see ![Screenshot of an issue comment. The header says "ashtom (Thomas Dohmke) commented 1 minute ago," with "(Thomas Dohmke)" outlined in dark orange.](/assets/images/help/issues/commenter-full-name.png) -{% note %} - -**Note:** When this policy is enforced for all repositories in the enterprise, it overrides the organization setting for private repositories. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)". - -{% endnote %} +> [!NOTE] +> When this policy is enforced for all repositories in the enterprise, it overrides the organization setting for private repositories. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)". {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} diff --git a/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md index da5ed7d2b17d..269a06830904 100644 --- a/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md +++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md @@ -41,8 +41,5 @@ Due to risk of failure and performance impact for all users of your instance, we * Avoid API requests within a pre-receive hook. In particular, we strongly discourage that you make requests to external services, which may take longer and can compound performance impact. * Avoid long-running Git operations within a pre-receive hook. If your pre-receive hook performs Git operations within large or busy repositories, your instance's Git and overall performance may be negatively impacted. -{% note %} - -**Note:** To avoid rejection of a push due to a timeout, all combined pre-receive hooks should run in under five seconds. - -{% endnote %} +> [!NOTE] +> To avoid rejection of a push due to a timeout, all combined pre-receive hooks should run in under five seconds. diff --git a/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md index c01153e6bd86..a0fc50b61c98 100644 --- a/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md +++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md @@ -73,14 +73,10 @@ You can use a Linux container management tool to build a pre-receive hook enviro tar -czf /path/to/pre-receive-environment.tar.gz . ``` - {% note %} - - **Notes:** - * Do not include leading directory paths of files within the tar archive, such as `/path/to/chroot`. - * `/bin/sh` must exist and be executable, as the entry point into the chroot environment. - * Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks. - - {% endnote %} + > [!NOTE] + > * Do not include leading directory paths of files within the tar archive, such as `/path/to/chroot`. + > * `/bin/sh` must exist and be executable, as the entry point into the chroot environment. + > * Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks. For more information about creating a chroot environment see "[Chroot](https://wiki.debian.org/chroot)" from the _Debian Wiki_, "[BasicChroot](https://help.ubuntu.com/community/BasicChroot)" from the _Ubuntu Community Help Wiki_, or "[Installing Alpine Linux in a chroot](https://wiki.alpinelinux.org/wiki/Installing_Alpine_Linux_in_a_chroot)" from the _Alpine Linux Wiki_. diff --git a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md index 14dfaf67f348..309cd7dddfb9 100644 --- a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md +++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md @@ -99,18 +99,11 @@ If you're setting up your AMI for the first time, you will need to create a secu To create the instance, you'll need to launch an EC2 instance with your {% data variables.product.prodname_ghe_server %} AMI and attach an additional storage volume for your instance data. For more information, see "[Hardware considerations](#hardware-considerations)." -{% note %} +> [!NOTE] +> You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so **before** starting your instance for the first time. For more information, see the [Amazon guide on EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). -**Note:** You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so **before** starting your instance for the first time. - For more information, see the [Amazon guide on EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). - -{% endnote %} - -{% warning %} - -**Warning:** If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users. - -{% endwarning %} +> [!WARNING] +> If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users. ### Launching an EC2 instance diff --git a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md index 15a4241a6a44..ba70a5aa59d9 100644 --- a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md +++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md @@ -72,11 +72,8 @@ Before launching {% data variables.location.product_location %} on Azure, you'll az vm disk attach --vm-name VM_NAME -g RESOURCE_GROUP --sku Premium_LRS --new -z SIZE_IN_GB --name ghe-data.vhd --caching ReadWrite ``` - {% note %} - - **Note:** For non-production instances to have sufficient I/O throughput, the recommended minimum disk size is 150 GiB with read/write cache enabled (`--caching ReadWrite`). - - {% endnote %} + > [!NOTE] + > For non-production instances to have sufficient I/O throughput, the recommended minimum disk size is 150 GiB with read/write cache enabled (`--caching ReadWrite`). ## Configuring the {% data variables.product.prodname_ghe_server %} virtual machine @@ -94,11 +91,8 @@ To configure the instance, you must confirm the instance's status, upload a lice ``` - {% note %} - - **Note:** Azure does not automatically create a FQDNS entry for the VM. For more information, see the Azure guide [Create a fully qualified domain name in the Azure portal for a Linux VM](https://docs.microsoft.com/azure/virtual-machines/linux/portal-create-fqdn). - - {% endnote %} + > [!NOTE] + > Azure does not automatically create a FQDNS entry for the VM. For more information, see the Azure guide [Create a fully qualified domain name in the Azure portal for a Linux VM](https://docs.microsoft.com/azure/virtual-machines/linux/portal-create-fqdn). {% data reusables.enterprise_installation.copy-the-vm-public-dns-name %} {% data reusables.enterprise_installation.upload-a-license-file %} diff --git a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md index 2e0106691fa2..ce559281e08a 100644 --- a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md +++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md @@ -21,11 +21,8 @@ shortTitle: Set up a staging instance For example, to protect against loss of data, you can regularly validate the backup of your production instance. You can regularly restore the backup of your production data to a separate {% data variables.product.product_name %} instance in a staging environment. On this staging instance, you could also test the upgrade to the latest feature release of {% data variables.product.product_name %}. -{% tip %} - -**Tip:** You may reuse your existing {% data variables.product.prodname_enterprise %} license file as long as the staging instance is not used in a production capacity. - -{% endtip %} +> [!TIP] +> You may reuse your existing {% data variables.product.prodname_enterprise %} license file as long as the staging instance is not used in a production capacity. ## Considerations for a staging environment @@ -55,11 +52,8 @@ Alternatively, you can create a staging instance that reflects your production c If you want to test changes on an instance that contains the same data and configuration as your production instance, back up the data and configuration from the production instance using {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)." -{% warning %} - -**Warning**: If you use {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} in production, your backup will include your production configuration for external storage. To avoid potential loss of data by writing to your production storage from your staging instance, you must configure each feature in steps 3 and 4 before you restore your backup. - -{% endwarning %} +> [!WARNING] +> If you use {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} in production, your backup will include your production configuration for external storage. To avoid potential loss of data by writing to your production storage from your staging instance, you must configure each feature in steps 3 and 4 before you restore your backup. ### 2. Set up a staging instance @@ -71,11 +65,8 @@ If you plan to restore a backup of your production instance, continue to the nex Optionally, if you use {% data variables.product.prodname_actions %} on your production instance, configure the feature on the staging instance before restoring your production backup. If you don't use {% data variables.product.prodname_actions %}, skip to "[1. Configure {% data variables.product.prodname_registry %}](#4-configure-github-packages)." -{% warning %} - -**Warning**: If you don't configure {% data variables.product.prodname_actions %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment)." - -{% endwarning %} +> [!WARNING] +> If you don't configure {% data variables.product.prodname_actions %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment)." {% data reusables.enterprise_installation.ssh-into-staging-instance %} 1. To configure the staging instance to use an external storage provider for {% data variables.product.prodname_actions %}, enter one of the following commands. @@ -91,11 +82,8 @@ Optionally, if you use {% data variables.product.prodname_actions %} on your pro Optionally, if you use {% data variables.product.prodname_registry %} on your production instance, configure the feature on the staging instance before restoring your production backup. If you don't use {% data variables.product.prodname_registry %}, skip to "[1. Restore your production backup](#5-restore-your-production-backup)." -{% warning %} - -**Warning**: If you don't configure {% data variables.product.prodname_registry %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. - -{% endwarning %} +> [!WARNING] +> If you don't configure {% data variables.product.prodname_registry %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. 1. Review the backup you will restore to the staging instance. * If you took the backup with {% data variables.product.prodname_enterprise_backup_utilities %} 3.5 or later, the backup includes the configuration for {% data variables.product.prodname_registry %}. Continue to the next step. @@ -136,19 +124,13 @@ If the staging instance is already configured and you want to overwrite settings To access the staging instance using the same hostname, update your local hosts file to resolve the staging instance's hostname by IP address by editing the `/etc/hosts` file in macOS or Linux, or the `C:\Windows\system32\drivers\etc` file in Windows. -{% note %} - -**Note**: Your staging instance must be accessible from the same hostname as your production instance. Changing the hostname for {% data variables.location.product_location %} is not supported. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-a-hostname)." - -{% endnote %} +> [!NOTE] +> Your staging instance must be accessible from the same hostname as your production instance. Changing the hostname for {% data variables.location.product_location %} is not supported. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-a-hostname)." Then, review the staging instance's configuration in the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console)." -{% warning %} - -**Warning**: If you configured {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for the staging instance, to avoid overwriting production data, ensure that the external storage configuration in the {% data variables.enterprise.management_console %} does not match your production instance. - -{% endwarning %} +> [!WARNING] +> If you configured {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for the staging instance, to avoid overwriting production data, ensure that the external storage configuration in the {% data variables.enterprise.management_console %} does not match your production instance. ### 7. Apply the instance's configuration diff --git a/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md index e17f963ab6ef..c4bced72e7cd 100644 --- a/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md @@ -32,11 +32,9 @@ There are several types of user messages. {% endif %} {% ifversion ghes %} -{% note %} -**Note:** If you are using SAML for authentication, the sign in page is presented by your identity provider and is not customizable via {% data variables.product.prodname_ghe_server %}. - -{% endnote %} +> [!NOTE] +> If you are using SAML for authentication, the sign in page is presented by your identity provider and is not customizable via {% data variables.product.prodname_ghe_server %}. {% data reusables.enterprise.user-messages-markdown %} @@ -87,11 +85,10 @@ If you include Markdown checkboxes in the message, all checkboxes must be select Each time a user sees a mandatory message, an audit log event is created. The event includes the version of the message that the user saw. For more information see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)." {% ifversion display-mandatory-message-again %} {% else %} -{% note %} -**Note:** If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message. +> [!NOTE] +> If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message. -{% endnote %} {% endif %} {% data reusables.enterprise-accounts.access-enterprise %} @@ -124,11 +121,11 @@ You can also set an announcement banner{% ifversion ghes %} in the administrativ 1. Under "Announcement", in the text field, type the announcement you want displayed in a banner. 1. Optionally, under "Expires on", select the calendar drop-down menu and click an expiration date. {% ifversion ghe-announce-dismiss %} - {% note %} - **Note:** Announcements must either have an expiration date, be user dismissible, or both. + > [!NOTE] + > Announcements must either have an expiration date, be user dismissible, or both. - {% endnote %}{% endif %} + {% endif %} {%- ifversion ghe-announce-dismiss %} 1. Optionally, to allow each user to dismiss the announcement, select **User dismissible**. {%- endif %}{% ifversion custom-banner-messages %} diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md index 37dd9b8b69b3..e2807b2243eb 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md @@ -25,11 +25,9 @@ shortTitle: Project management with Jira {% data reusables.user-settings.oauth_apps %} 1. Click **New {% data variables.product.prodname_oauth_app %}**. - {% note %} + > [!NOTE] + > If you haven't created an app before, this button will say, **Register an application**. - **Note:** If you haven't created an app before, this button will say, **Register an application**. - - {% endnote %} 1. Fill in the application settings: * In the **Application name** field, type "Jira" or any name you would like to use to identify the Jira instance. * In the **Homepage URL** field, type the full URL of your Jira instance. diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md index a740f61515bd..5930ce491362 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md @@ -19,11 +19,10 @@ shortTitle: Manage your organization roles You can choose to join an organization owned by your enterprise as a member or as an organization owner, change your role within the organization, or leave the organization. {% ifversion ghec %} -{% warning %} -**Warning**: If an organization uses SCIM to provision users, joining the organization this way could have unintended consequences. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)." +> [!WARNING] +> If an organization uses SCIM to provision users, joining the organization this way could have unintended consequences. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)." -{% endwarning %} {% endif %} For information about managing other people's roles in an organization, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization)" and "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles)." diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md index 13672d088d32..1bb97146d560 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md @@ -16,15 +16,12 @@ redirect_from: You can remove an organization that is owned by your enterprise account, so the organization stands alone. -{% warning %} - -**Warning**: When you remove an organization from your enterprise: -* Billing, identity management, 2FA requirements, and other policies for the organization will no longer be governed by your enterprise. -* The organization will be downgraded to the free plan. -* The organization will be governed by our standard Terms of Service. -* Any internal repositories within the organization will be converted to private repositories. - -{% endwarning %} +> [!WARNING] +> When you remove an organization from your enterprise: +> * Billing, identity management, 2FA requirements, and other policies for the organization will no longer be governed by your enterprise. +> * The organization will be downgraded to the free plan. +> * The organization will be governed by our standard Terms of Service. +> * Any internal repositories within the organization will be converted to private repositories. ## Removing an organization from your enterprise diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md index c2731968b20b..d8f817a8b1e2 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md @@ -30,15 +30,10 @@ Before you require use of two-factor authentication, we recommend notifying orga {% data reusables.two_fa.ghes_ntp %} -{% warning %} - -**Warnings:** - -* When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). -* When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization. -* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization. - -{% endwarning %} +> [!WARNING] +> * When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). +> * When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization. +> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization. ## Requiring two-factor authentication for an organization diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md index 5d73fa08392d..2907f5ffb118 100644 --- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md @@ -13,11 +13,8 @@ redirect_from: - /admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise --- -{% note %} - -**Note:** Temporarily accessing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. - -{% endnote %} +> [!NOTE] +> Temporarily accessing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. ## About temporary access to user-owned repositories diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/restoring-a-deleted-repository.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/restoring-a-deleted-repository.md index b9890bb4ec2b..f2e5cac2a975 100644 --- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/restoring-a-deleted-repository.md +++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/restoring-a-deleted-repository.md @@ -30,7 +30,7 @@ Restoring a repository will not restore release attachments or team permissions. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.search-user-or-org %} {% data reusables.enterprise_site_admin_settings.click-user-or-org %} -1. In the {% octicon "repo" aria-hidden="true" %} **Repositories** section, click the {% octicon "trash" aria-hidden="true" %} **Deleted repositories** link. +1. In the {% octicon "repo" aria-hidden="true" %} **Repositories** section, click the {% octicon "trash" aria-hidden="true" %} **Deleted repositories** link. 1. Find the repository you want to restore in the deleted repositories list, then to the right of the repository name click **Restore**. 1. To confirm you would like to restore the named repository, click **Restore**. diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md index 89ceaabfa8ec..0b13ea7f2c2c 100644 --- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md @@ -13,11 +13,8 @@ redirect_from: - /admin/user-management/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise --- -{% note %} - -**Note:** Viewing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. - -{% endnote %} +> [!NOTE] +> Viewing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. If your enterprise uses {% data variables.product.prodname_emus %}, and you've allowed users to create repositories owned by their user accounts, you can view all user-owned repositories within your enterprise. diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md index 6a13f0b0525e..0fb9eeec93f7 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md @@ -39,14 +39,9 @@ The audit log lists the following information about actions made within your ent * [Which country](#search-based-on-the-location) the action took place in * [The date and time](#search-based-on-the-time-of-action) the action occurred -{% warning %} - -**Notes:** - -* While you can't use text to search for audit entries, you can construct search queries using a variety of filters. {% data variables.product.product_name %} supports many operators for searching across {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)." -* Audit records are available for the last 180 days. - -{% endwarning %} +> [!NOTE] +> * While you can't use text to search for audit entries, you can construct search queries using a variety of filters. {% data variables.product.product_name %} supports many operators for searching across {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)." +> * Audit records are available for the last 180 days. ### Search based on the repository diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md index 054039dfada5..bfc07a1f339c 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md @@ -59,11 +59,9 @@ If you use **Microsoft Entra ID** (previously known as Azure AD) or **Okta** for }, ``` - {% note %} + > [!NOTE] + > The `id` value is critical. If another `id` value is present, the update will fail. - **Note:** The `id` value is critical. If another `id` value is present, the update will fail. - - {% endnote %} 1. Click **Save**. ### Enabling guest collaborators with Okta diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md index 8dc87836cb23..01cab3d2f292 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md @@ -17,11 +17,8 @@ You can export aggregated information about your enterprise's members as a membe The membership information report includes the following information. -{% note %} - -**Note:** You can only export the datetime of the user's last activity at the organization level. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization#about-export-of-membership-information)." - -{% endnote %} +> [!NOTE] +> You can only export the datetime of the user's last activity at the organization level. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization#about-export-of-membership-information)." * Username and display name details * Whether the user has two-factor authentication enabled {% ifversion mandatory-2fa-required-overview %}or is required to enable it{% endif %} diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md index 8d3a3466777f..331d2b0f6e04 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md @@ -22,23 +22,16 @@ Members can also be added or removed from an organization at the organization le 1. Select the checkbox next to each user you want to add or remove. 1. At the top of the member list, select the **X user(s) selected** dropdown menu, then click **Add to organizations** or **Remove from organizations**. - {% note %} - - **Note:** - * Users will be added as organization members. If the user is already an organization member or organization owner, the privileges will not be modified. - * Organization owners cannot be removed from the organization via the bulk method. - - {% endnote %} + > [!NOTE] + > * Users will be added as organization members. If the user is already an organization member or organization owner, the privileges will not be modified. + > * Organization owners cannot be removed from the organization via the bulk method. ![Screenshot of the list of enterprise members. A dropdown menu, labeled "1 user selected...", is expanded and highlighted with an orange outline.](/assets/images/help/business-accounts/enterprise-add-or-remove-from-org.png) 1. In the popup, select the organizations you want to add or remove the user from. - {% note %} - - **Note:** You can only select organizations where you're an organization owner. - - {% endnote %} + > [!NOTE] + > You can only select organizations where you're an organization owner. 1. To confirm, click **Add user** or **Remove user**. 1. Optionally, to add or remove multiple users at the same time, select multiple checkboxes. Use the dropdown to select **Add to organizations** or **Remove from organizations**. diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md index 187c6d8b0a7b..d97e8dd005d7 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md @@ -24,11 +24,8 @@ Enterprise owners and billing managers automatically have a support entitlement. To add a support entitlement to a user, the user must already be a member of an organization that is owned by your enterprise. -{% note %} - -**Note**: After you add a support entitlement, the enterprise member may need to sign out from {% data variables.contact.contact_landing_page_portal %}, then sign in again, before they can manage tickets. - -{% endnote %} +> [!NOTE] +> After you add a support entitlement, the enterprise member may need to sign out from {% data variables.contact.contact_landing_page_portal %}, then sign in again, before they can manage tickets. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md index 78e470772b8d..0720e4dce789 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md @@ -24,11 +24,8 @@ If your enterprise does use {% data variables.product.prodname_emus %}, you must ## Removing a member from your enterprise -{% note %} - -**Note:** If an enterprise member uses only {% data variables.product.prodname_ghe_server %}, and not {% data variables.product.prodname_ghe_cloud %}, you cannot remove the enterprise member this way. - -{% endnote %} +> [!NOTE] +> If an enterprise member uses only {% data variables.product.prodname_ghe_server %}, and not {% data variables.product.prodname_ghe_cloud %}, you cannot remove the enterprise member this way. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.people-tab %} diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md index 58b2f02255dc..a9965e779b15 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md @@ -153,11 +153,8 @@ You can see all the pending invitations to become members, administrators, or ou In the list of pending members, for any individual account, you can cancel all invitations to join organizations owned by your enterprise. This does not cancel any invitations for that same person to become an enterprise administrator or outside collaborator. -{% note %} - -**Note:** If an invitation was provisioned via SCIM, you must cancel the invitation via your identity provider (IdP) instead of on {% data variables.product.prodname_dotcom %}. - -{% endnote %} +> [!NOTE] +> If an invitation was provisioned via SCIM, you must cancel the invitation via your identity provider (IdP) instead of on {% data variables.product.prodname_dotcom %}. If you use {% data variables.visual_studio.prodname_vss_ghe %}, the list of pending invitations includes all {% data variables.product.prodname_vs %} subscribers that haven't joined any of your organizations on {% data variables.product.prodname_dotcom %}, even if the subscriber does not have a pending invitation to join an organization. For more information about how to get {% data variables.product.prodname_vs %} subscribers access to {% data variables.product.prodname_enterprise %}, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise)." diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md index 659c29ee8f99..ba6461a8b149 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md +++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md @@ -56,13 +56,9 @@ You can configure {% data variables.product.prodname_code_scanning %} to run {% ## Provisioning a self-hosted runner -{% note %} - -**Notes:** - * If your enterprise uses {% data variables.product.prodname_dotcom %}-hosted runners with {% data variables.product.prodname_actions %}, proceed directly to configuring {% data variables.product.prodname_code_scanning %} through {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)." - * With the exception of Swift analysis, default setup can now run on {% data variables.actions.hosted_runners %}. See "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners)" and "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup)." - -{% endnote %} +> [!NOTE] +> * If your enterprise uses {% data variables.product.prodname_dotcom %}-hosted runners with {% data variables.product.prodname_actions %}, proceed directly to configuring {% data variables.product.prodname_code_scanning %} through {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)." +> * With the exception of Swift analysis, default setup can now run on {% data variables.actions.hosted_runners %}. See "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners)" and "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup)." {% endif %} @@ -78,11 +74,10 @@ If you are using default setup for {% data variables.product.prodname_code_scann You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions. {% ifversion default-setup-self-hosted-runners-GHEC or ghes %} -{% note %} -**Note:** If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed. +> [!NOTE] +> If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed. -{% endnote %} {% endif %} {% ifversion ghes %} diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md index a03401f84fb1..b61c8587468d 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md +++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md @@ -47,10 +47,7 @@ When you enable one or more security and analysis features for existing reposito {% ifversion secret-scanning-custom-link-on-block %} 1. Optionally, to include a resource link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**. - {% note %} - - **Note**: When a custom link is configured for an organization, the organization-level value overrides the custom link set for the enterprise. See "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." - - {% endnote %} + > [!NOTE] + > When a custom link is configured for an organization, the organization-level value overrides the custom link set for the enterprise. See "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." ![Screenshot of the "Push protection" section of the settings for security and analysis features. The checkbox and the text field used for enabling a custom link are outlined in dark orange.](/assets/images/help/organizations/secret-scanning-custom-link.png){% endif %} diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md index 9d31af05350d..6fce3c645fcf 100644 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md +++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md @@ -45,11 +45,8 @@ Before configuring {% data variables.product.prodname_dependabot %}, install Doc {%- endif %} - {% note %} - - **Note:** You will need to repeat this step when you upgrade to a new minor version of {% data variables.product.product_name %}, or if you manually update the {% data variables.product.prodname_dependabot %} action from {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom)." - - {% endnote %} + > [!NOTE] + > You will need to repeat this step when you upgrade to a new minor version of {% data variables.product.product_name %}, or if you manually update the {% data variables.product.prodname_dependabot %} action from {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom)." 1. When you have finished adding these images to the runner, you are ready to restrict internet access to the {% data variables.product.prodname_dependabot %} runner, ensuring that it can still access your private registries for the required ecosystems and for {% data variables.product.prodname_ghe_server %}. diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md index 2f02b222e5f2..8d7ea2a26817 100644 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md +++ b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md @@ -45,11 +45,9 @@ If your instance uses clustering, you cannot enable the dependency graph with th ghe-config app.dependency-graph.enabled true ``` - {% note %} + > [!NOTE] + > For more information about enabling access to the administrative shell via SSH, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." - **Note**: For more information about enabling access to the administrative shell via SSH, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." - - {% endnote %} 1. Apply the configuration. ```shell diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md index ccce4dd5fbfa..09ab8f6cc3f4 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md +++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md @@ -110,11 +110,9 @@ If any of these services are at or near 100% CPU utilization, or the memory is n For CPU and memory, this shows how much is allocated to the **total** of **all** services (the left value) and how much is available (the right value). In the example above, there is 23 GiB of memory allocated out of 32 GiB total. This means there is 9 GiB of memory available for allocation. - {% warning %} + > [!WARNING] + > Be careful not to allocate more than the total available resources, or services will fail to start. - **Warning:** Be careful not to allocate more than the total available resources, or services will fail to start. - - {% endwarning %} 1. Change directory to `/etc/consul-templates/etc/nomad-jobs/actions`: ```shell diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md index 0d84cb19db01..3c76ba002ddb 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md +++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md @@ -29,11 +29,8 @@ After you restore a {% data variables.product.prodname_ghe_server %} backup to t When you set up a staging environment that includes a {% data variables.product.product_name %} instance with {% data variables.product.prodname_actions %} enabled, you must use a different external storage configuration for {% data variables.product.prodname_actions %} storage than your production environment. -{% warning %} - -**Warning**: If you don't change the storage configuration, your staging instance may be able to write to the same external storage that you use for production, which could result in loss of data. - -{% endwarning %} +> [!WARNING] +> If you don't change the storage configuration, your staging instance may be able to write to the same external storage that you use for production, which could result in loss of data. For more information about storage configuration for {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server#enabling-github-actions-with-your-storage-provider)." diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md index e17ca79a8fd0..12599182d505 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md +++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md @@ -24,13 +24,10 @@ shortTitle: Amazon S3 storage ## Prerequisites -{% note %} - -**Note:** The only {% data variables.product.prodname_dotcom %}-supported S3 storage providers are Amazon S3 and MinIO Gateway for NAS. - -{% data reusables.actions.enterprise-s3-tech-partners %} - -{% endnote %} +> [!NOTE] +> The only {% data variables.product.prodname_dotcom %}-supported S3 storage providers are Amazon S3 and MinIO Gateway for NAS. +> +> {% data reusables.actions.enterprise-s3-tech-partners %} Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps: @@ -93,11 +90,8 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with a For more information on installing the AWS CLI, see the [Amazon documentation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). - {% warning %} - - **Warning:** If the certificate for {% data variables.location.product_location_enterprise %} changes in the future, you must update the thumbprint value in the Amazon OIDC provider for the OIDC trust to continue to work. - - {% endwarning %} + > [!WARNING] + > If the certificate for {% data variables.location.product_location_enterprise %} changes in the future, you must update the thumbprint value in the Amazon OIDC provider for the OIDC trust to continue to work. ### 2. Create an IAM role diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md index 9447c556601c..a21d5b251c5c 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md +++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md @@ -29,11 +29,9 @@ Before enabling {% data variables.product.prodname_actions %}, make sure you hav * Create your Azure storage account for storing workflow data. {% data variables.product.prodname_actions %} stores its data as block blobs, and two storage account types are supported: * A **general-purpose** storage account (also known as `general-purpose v1` or `general-purpose v2`) using the **standard** performance tier. - {% warning %} + > [!WARNING] + > Using the **premium** performance tier with a general-purpose storage account is not supported. The **standard** performance tier must be selected when creating the storage account, and it cannot be changed later. - **Warning:** Using the **premium** performance tier with a general-purpose storage account is not supported. The **standard** performance tier must be selected when creating the storage account, and it cannot be changed later. - - {% endwarning %} * A **BlockBlobStorage** storage account, which uses the **premium** performance tier. For more information on Azure storage account types and performance tiers, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json#types-of-storage-accounts). @@ -61,11 +59,9 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with a 1. For "Issuer", enter `https://HOSTNAME/_services/token`, where `HOSTNAME` is the public hostname for {% data variables.location.product_location_enterprise %}. For example, `https://my-ghes-host.example.com/_services/token`. 1. For "Subject identifier", enter the public hostname for {% data variables.location.product_location_enterprise %}. For example, `my-ghes-host.example.com`. - {% note %} - - **Note:** The subject identifier must only have the hostname of {% data variables.location.product_location_enterprise %}, and _must not_ include the protocol. + > [!NOTE] + > The subject identifier must only have the hostname of {% data variables.location.product_location_enterprise %}, and _must not_ include the protocol. - {% endnote %} 1. For "Name", enter a name for the credential. 1. Click **Add**. diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md index f4b48b62922b..48d36d6c71c7 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md +++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md @@ -15,11 +15,8 @@ redirect_from: - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage --- -{% note %} - -**Note:** {% data variables.product.prodname_actions %} support for Google Cloud Storage is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_actions %} support for Google Cloud Storage is currently in {% data variables.release-phases.public_preview %} and subject to change. {% data reusables.actions.enterprise-storage-about %} @@ -91,11 +88,9 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with G google.subject == "my-ghes-host.example.com" ``` - {% note %} - - **Note:** The hostname of {% data variables.location.product_location_enterprise %} used here _must not_ include the protocol. + > [!NOTE] + > The hostname of {% data variables.location.product_location_enterprise %} used here _must not_ include the protocol. - {% endnote %} * Click **Save**. 1. After creating the identity pool, at the top of the identity pool's page, click **Grant access**. * Under "Select service account", select the service account that you created in the previous procedure. diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md index 8052d6e66482..45704ffc7e0d 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md +++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md @@ -41,11 +41,8 @@ Before enabling {% data variables.product.prodname_actions %}, make sure you hav {% data reusables.actions.enterprise-s3-storage-setup %} 1. Under "Authentication", select **Credentials-based**, and enter your storage bucket's details: - {% note %} - - **Note:** For MinIO, you cannot use OpenID Connect (OIDC) authentication. You must use credentials-based authentication. - - {% endnote %} + > [!NOTE] + > For MinIO, you cannot use OpenID Connect (OIDC) authentication. You must use credentials-based authentication. {% data reusables.actions.enterprise-minio-storage-credential-fields %} {%- else %} diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md index 3aeff00439db..559fa5e608ea 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md @@ -44,14 +44,9 @@ The peak quantity of connected runners without performance loss depends on such {% data variables.product.company_short %} measured maximum connected runners using multiple repositories, job duration of approximately 10 minutes, and 10 MB artifact uploads. You may experience different performance depending on the overall levels of activity on your instance. -{% note %} - -**Notes:** - -* Beginning with {% data variables.product.prodname_ghe_server %} 3.6, {% data variables.product.company_short %} documents connected runners as opposed to concurrent jobs. Connected runners represents the most runners you can connect and expect to utilize. It should also be noted that connecting more runners than you can expect to utilize can negatively impact performance. - -* Beginning with {% data variables.product.prodname_ghe_server %} 3.5, {% data variables.product.company_short %}'s internal testing uses 3rd generation CPUs to better reflect a typical customer configuration. This change in CPU represents a small portion of the changes to performance targets in this version of {% data variables.product.prodname_ghe_server %}. -{% endnote %} +> [!NOTE] +> * Beginning with {% data variables.product.prodname_ghe_server %} 3.6, {% data variables.product.company_short %} documents connected runners as opposed to concurrent jobs. Connected runners represents the most runners you can connect and expect to utilize. It should also be noted that connecting more runners than you can expect to utilize can negatively impact performance. +> * Beginning with {% data variables.product.prodname_ghe_server %} 3.5, {% data variables.product.company_short %}'s internal testing uses 3rd generation CPUs to better reflect a typical customer configuration. This change in CPU represents a small portion of the changes to performance targets in this version of {% data variables.product.prodname_ghe_server %}. If you plan to enable {% data variables.product.prodname_actions %} for the users of an existing instance, review the levels of activity for users and automations on the instance and ensure that you have provisioned adequate CPU and memory for your users. For more information about monitoring the capacity and performance of {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance)." @@ -89,13 +84,10 @@ All other {% data variables.product.prodname_actions %} data, such as the workfl {%- endif %} * S3-compatible MinIO cluster -{% note %} - -**Note:** These are the only storage providers that {% data variables.product.company_short %} supports and can provide assistance with. - -{% data reusables.actions.enterprise-s3-tech-partners %} - -{% endnote %} +> [!NOTE] +> These are the only storage providers that {% data variables.product.company_short %} supports and can provide assistance with. +> +> {% data reusables.actions.enterprise-s3-tech-partners %} ## Networking considerations diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md index a71a94fae9a8..579a100bb523 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md @@ -60,7 +60,7 @@ You can configure additional policies to restrict the actions available to {% if ## 2. Deploy the self-hosted runner for your enterprise -Next, add a self-hosted runner to your enterprise. {% data variables.product.product_name %} will guide you through installation of the necessary software on the runner machine. After you deploy the runner, you can verify connectivity between the runner machine and {%ifversion ghec %}your enterprise{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. +Next, add a self-hosted runner to your enterprise. {% data variables.product.product_name %} will guide you through installation of the necessary software on the runner machine. After you deploy the runner, you can verify connectivity between the runner machine and {% ifversion ghec %}your enterprise{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. ### Adding the self-hosted runner @@ -81,15 +81,11 @@ You can create a runner group to manage access to the runner that you added to y {%- ifversion ghec or ghes %} 1. Optionally, to allow public repositories in the selected organizations to use runners in the group, select **Allow public repositories**. - {% warning %} + > [!WARNING] + > {% data reusables.actions.self-hosted-runner-security %} + > + > For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - **Warning**: - - {% data reusables.actions.self-hosted-runner-security %} - - For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - - {% endwarning %} {%- endif %} {% data reusables.actions.create-runner-group %} 1. Click the "Runners" tab. diff --git a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 02abec8f664c..ac454a5e114b 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -43,13 +43,9 @@ There is no connection required between {% data variables.location.product_locat Each action is a repository in the `actions` organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions)." -{% note %} - -**Notes:** -* When using setup actions (such as `actions/setup-LANGUAGE`) on {% data variables.product.product_name %} with self-hosted runners, you might need to set up the tools cache on runners that do not have internet access. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)." -* When {% data variables.product.product_name %} is updated, bundled actions are automatically replaced with default versions in the upgrade package. - -{% endnote %} +> [!NOTE] +> * When using setup actions (such as `actions/setup-LANGUAGE`) on {% data variables.product.product_name %} with self-hosted runners, you might need to set up the tools cache on runners that do not have internet access. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)." +> * When {% data variables.product.product_name %} is updated, bundled actions are automatically replaced with default versions in the upgrade package. ## Configuring access to actions on {% data variables.product.prodname_dotcom_the_website %} @@ -58,11 +54,10 @@ Each action is a repository in the `actions` organization, and each action repos The recommended approach is to enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)". {% ifversion ghes %} -{% note %} -**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." +> [!NOTE] +> Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." -{% endnote %} {% endif %} {% data reusables.actions.self-hosted-runner-networking-to-dotcom %} diff --git a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index fc51130edbb3..c4cd9c90feab 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -30,7 +30,7 @@ Alternatively, if you want stricter control over which actions are allowed in yo {% data reusables.actions.github-connect-resolution %} -If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." +If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." ## Enabling automatic access to public {% data variables.product.prodname_dotcom_the_website %} actions @@ -45,7 +45,7 @@ Before enabling access to public actions from {% data variables.product.prodname ## Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %} -When you enable {% data variables.product.prodname_github_connect %}, users see no change in behavior for existing workflows because {% data variables.product.prodname_actions %} searches {% data variables.location.product_location %} for each action before falling back to {% data variables.product.prodname_dotcom_the_website%}. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on {% data variables.product.prodname_dotcom_the_website%}. +When you enable {% data variables.product.prodname_github_connect %}, users see no change in behavior for existing workflows because {% data variables.product.prodname_actions %} searches {% data variables.location.product_location %} for each action before falling back to {% data variables.product.prodname_dotcom_the_website %}. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.actions.namespace-retirement-ghecom %} @@ -56,8 +56,5 @@ After using an action from {% data variables.product.prodname_dotcom_the_website 1. To the right of the namespace that you want use in {% data variables.location.product_location %}, click **Unretire**. 1. Go to the relevant organization and create a new repository. - {% tip %} - - **Tip:** When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository. - - {% endtip %} + > [!TIP] + > When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository. diff --git a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md index 33ce08ba65e2..e59f9505e922 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md +++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md @@ -34,11 +34,8 @@ If your machine has access to both systems at the same time, you can do the sync The `actions-sync` tool can only download actions from {% data variables.product.prodname_dotcom_the_website %} that are stored in public repositories. -{% note %} - -**Note:** The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." - -{% endnote %} +> [!NOTE] +> The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." ## Prerequisites @@ -46,11 +43,8 @@ The `actions-sync` tool can only download actions from {% data variables.product * You must create a {% data variables.product.pat_generic %} on your enterprise that can create and write to repositories in the destination organizations. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% ifversion ghes %} * If you want to sync the bundled actions in the `actions` organization on {% data variables.location.product_location %}, you must be an owner of the `actions` organization. - {% note %} - - **Note:** By default, even site administrators are not owners of the bundled `actions` organization. - - {% endnote %} + > [!NOTE] + > By default, even site administrators are not owners of the bundled `actions` organization. Site administrators can use the `ghe-org-admin-promote` command in the administrative shell to promote a user to be an owner of the bundled `actions` organization. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-admin-promote)." @@ -62,11 +56,8 @@ The `actions-sync` tool can only download actions from {% data variables.product This example demonstrates using the `actions-sync` tool to sync an individual action from {% data variables.product.prodname_dotcom_the_website %} to an enterprise instance. -{% note %} - -**Note:** This example uses the `actions-sync sync` command, which requires concurrent access to both the {% data variables.product.prodname_dotcom_the_website %} API and your enterprise instance's API from your machine. If you can only access one system at a time, you can use the `actions-sync pull` and `push` commands. See the [`actions-sync` README](https://github.com/actions/actions-sync#not-connected-instances). - -{% endnote %} +> [!NOTE] +> This example uses the `actions-sync sync` command, which requires concurrent access to both the {% data variables.product.prodname_dotcom_the_website %} API and your enterprise instance's API from your machine. If you can only access one system at a time, you can use the `actions-sync pull` and `push` commands. See the [`actions-sync` README](https://github.com/actions/actions-sync#not-connected-instances). 1. Download and extract the latest [`actions-sync` release](https://github.com/actions/actions-sync/releases) for your machine's operating system. 1. Create a directory to store cache files for the tool. diff --git a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md index 9561e3019f18..5be74cbef0be 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md +++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md @@ -27,11 +27,8 @@ The `actions/setup-LANGUAGE` actions normally need internet access to download t You can populate the runner tool cache by running a {% data variables.product.prodname_actions %} workflow on {% data variables.product.prodname_dotcom_the_website %} that uploads a {% data variables.product.prodname_dotcom %}-hosted runner's tool cache as an artifact, which you can then transfer and extract on your internet-disconnected self-hosted runner. -{% note %} - -**Note:** You can only use a {% data variables.product.prodname_dotcom %}-hosted runner's tool cache for a self-hosted runner that has an identical operating system and architecture. For example, if you are using a `ubuntu-22.04` {% data variables.product.prodname_dotcom %}-hosted runner to generate a tool cache, your self-hosted runner must be a 64-bit Ubuntu 22.04 machine. For more information on {% data variables.product.prodname_dotcom %}-hosted runners, see "[AUTOTITLE](/free-pro-team@latest/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)." - -{% endnote %} +> [!NOTE] +> You can only use a {% data variables.product.prodname_dotcom %}-hosted runner's tool cache for a self-hosted runner that has an identical operating system and architecture. For example, if you are using a `ubuntu-22.04` {% data variables.product.prodname_dotcom %}-hosted runner to generate a tool cache, your self-hosted runner must be a 64-bit Ubuntu 22.04 machine. For more information on {% data variables.product.prodname_dotcom %}-hosted runners, see "[AUTOTITLE](/free-pro-team@latest/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)." ## Prerequisites diff --git a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md index 7076fbab666f..9240db4d5cb8 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md +++ b/content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md @@ -46,8 +46,5 @@ Once {% data variables.product.prodname_github_connect %} is configured, you can 1. Configure your workflow's YAML to use `{% data reusables.actions.action-checkout %}`. 1. Each time your workflow runs, the runner will use the specified version of `actions/checkout` from {% data variables.product.prodname_dotcom_the_website %}. - {% note %} - - **Note:** The first time the `checkout` action is used from {% data variables.product.prodname_dotcom_the_website %}, the `actions/checkout` namespace is automatically retired on {% data variables.location.product_location %}. If you ever want to revert to using a local copy of the action, you first need to remove the namespace from retirement. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." - - {% endnote %} + > [!NOTE] + > The first time the `checkout` action is used from {% data variables.product.prodname_dotcom_the_website %}, the `actions/checkout` namespace is automatically retired on {% data variables.location.product_location %}. If you ever want to revert to using a local copy of the action, you first need to remove the namespace from retirement. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md index e249331162b1..db96a04b5059 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md @@ -21,6 +21,8 @@ redirect_from: {% data reusables.enterprise-accounts.emu-cap-validates %} +{% data reusables.enterprise-accounts.emu-cap-public-preview %} + {% data variables.product.product_name %} supports CAP for any {% data variables.enterprise.prodname_emu_enterprise %} where OIDC SSO is enabled. Enterprise owners can choose to use this IP allow list configuration instead of {% data variables.product.product_name %}'s IP allow list, and can do so once OIDC SSO is configured. For more information about IP allow lists, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list#about-your-idps-allow-list)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)." * {% data variables.product.product_name %} enforces your IdP's IP conditions but cannot enforce your device compliance conditions. diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md index 8d779e52f3b9..75a41b9897f6 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md @@ -23,6 +23,8 @@ With {% data variables.product.prodname_emus %}, your enterprise uses your ident {% data reusables.enterprise-accounts.emu-cap-validates %} See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)." +{% data reusables.enterprise-accounts.emu-cap-public-preview %} + You can adjust the lifetime of a session, and how often a {% data variables.enterprise.prodname_managed_user %} needs to reauthenticate with your IdP, by changing the lifetime policy property of the ID tokens issued for {% data variables.product.prodname_dotcom %} from your IdP. The default lifetime is one hour. See "[Configure token lifetime policies](https://learn.microsoft.com/en-us/entra/identity-platform/configure-token-lifetimes#create-a-policy-and-assign-it-to-a-service-principal)" in the Microsoft documentation. To change the lifetime policy property, you will need the object ID associated with your {% data variables.product.prodname_emus %} OIDC. See "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application)." diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md index af1bf222866a..79a08bc9a3aa 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md @@ -100,11 +100,9 @@ After the initial configuration of SAML SSO, the only setting you can update on {% data reusables.emus.sign-in-as-setup-user %} - {% note %} - - **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %} + > [!NOTE] + > {% data reusables.enterprise-accounts.emu-password-reset-session %} - {% endnote %} {% data reusables.enterprise-accounts.access-enterprise-emu %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} @@ -117,11 +115,8 @@ After the initial configuration of SAML SSO, the only setting you can update on 1. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click **Test SAML configuration**. {% data reusables.saml.test-must-succeed %} 1. Click **Save**. - {% note %} - - **Note:** After you require SAML SSO for your enterprise and save SAML settings, the setup user will continue to have access to the enterprise and will remain signed in to GitHub along with the {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP who will also have access to the enterprise. - - {% endnote %} + > [!NOTE] + > After you require SAML SSO for your enterprise and save SAML settings, the setup user will continue to have access to the enterprise and will remain signed in to GitHub along with the {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP who will also have access to the enterprise. {% data reusables.enterprise-accounts.download-recovery-codes %} diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md index f7c530a8f891..3a15ba026c5f 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md @@ -28,21 +28,15 @@ After you disable SAML or OIDC SSO for your enterprise, the following effects ap If you later reconfigure authentication for the enterprise, external groups must be reprovisioned via SCIM, and {% data variables.enterprise.prodname_managed_users %} must be reprovisioned before users can sign in. -{% note %} - -**Note:** When a {% data variables.enterprise.prodname_managed_user %} is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar. - -{% endnote %} +> [!NOTE] +> When a {% data variables.enterprise.prodname_managed_user %} is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar. If you want to migrate to a new identity provider (IdP) or tenant rather than disabling authentication entirely, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-your-enterprise-to-a-new-identity-provider-or-tenant)." ## Disabling authentication -{% warning %} - -**Warning**: Disabling authentication and provisioning will prevent your enterprise's {% data variables.enterprise.prodname_managed_users %} from signing in to access your enterprise on {% data variables.product.product_name %}. - -{% endwarning %} +> [!WARNING] +> Disabling authentication and provisioning will prevent your enterprise's {% data variables.enterprise.prodname_managed_users %} from signing in to access your enterprise on {% data variables.product.product_name %}. {% data reusables.emus.sign-in-as-setup-user %} 1. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)." diff --git a/content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md b/content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md index b4d2d76db57e..1fa8a0bb690f 100644 --- a/content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md +++ b/content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md @@ -19,11 +19,10 @@ redirect_from: --- {% ifversion ghec %} -{% note %} -**Note:** This article only applies to {% data variables.product.prodname_emus %}. If you use {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, usernames are created by users, not {% data variables.product.prodname_dotcom %}. +> [!NOTE] +> This article only applies to {% data variables.product.prodname_emus %}. If you use {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, usernames are created by users, not {% data variables.product.prodname_dotcom %}. -{% endnote %} {% endif %} ## About usernames with external authentication @@ -142,11 +141,10 @@ When you configure CAS, LDAP, or SAML authentication, {% data variables.product. {% data variables.product.product_name %} creates a mapping between the `NameID` from the IdP and the username on {% data variables.location.product_location %}, so the `NameID` should be persistent, unique, and not subject to change for the lifecycle of the user. {% ifversion ghes %} -{% note %} -**Note**: If the `NameID` for a user does change on the IdP, the person will see an error message when signing in to {% data variables.location.product_location %}. To restore the person's access, you'll need to update the user account's `NameID` mapping. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)." +> [!NOTE] +> If the `NameID` for a user does change on the IdP, the person will see an error message when signing in to {% data variables.location.product_location %}. To restore the person's access, you'll need to update the user account's `NameID` mapping. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)." -{% endnote %} {% endif %} {% endif %} @@ -164,11 +162,8 @@ To resolve this problem, you must make one of the following changes in your IdP When you change the attribute mapping, usernames of existing {% data variables.enterprise.prodname_managed_users %} will be updated, but nothing else about the accounts will change, including activity history. -{% note %} - -**Note:** {% data variables.contact.github_support %} cannot provide assistance with customizing attribute mappings or configuring custom expressions. You can contact your IdP with any questions. - -{% endnote %} +> [!NOTE] +> {% data variables.contact.github_support %} cannot provide assistance with customizing attribute mappings or configuring custom expressions. You can contact your IdP with any questions. ### Resolving username problems with Entra ID diff --git a/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md index 70f9e08db210..0ae98d67294e 100644 --- a/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md +++ b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md @@ -25,11 +25,8 @@ In order to access your enterprise account this way, you must have previously do ## Using a recovery code -{% note %} - -**Note:** If your enterprises uses {% data variables.product.prodname_emus %}, you must sign in as the setup user to use a recovery code. - -{% endnote %} +> [!NOTE] +> If your enterprises uses {% data variables.product.prodname_emus %}, you must sign in as the setup user to use a recovery code. 1. Attempt to access the enterprise account. {% data reusables.saml.recovery-code-access %} diff --git a/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md index e68cd34da09f..6e9013a313f2 100644 --- a/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md +++ b/content/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md @@ -25,11 +25,11 @@ If you did not save your recovery codes when you configured SSO, you can still a {% data reusables.enterprise-accounts.security-tab %} 1. Under{% ifversion oidc-for-emu %} either{% endif %} "Require SAML authentication"{% ifversion oidc-for-emu %} or "Require OIDC authentication"{% endif %}, click **Save your recovery codes**.{% ifversion oidc-for-emu %} - {% note %} - **Note:** OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." + > [!NOTE] + > OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." - {% endnote %}{% endif %} + {% endif %} ![Screenshot of the "Authentication security" screen. The "Save your recovery codes" hyperlink is highlighted with an orange outline.](/assets/images/help/enterprises/saml-recovery-codes-link.png) 1. To save your recovery codes, click **Download**, **Print**, or **Copy**. diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md index 6d13799eca08..f05dc7f0b328 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md @@ -177,11 +177,9 @@ If you don't use a partner IdP, or if you only use a partner IdP for authenticat {% data reusables.emus.sign-in-as-setup-user %} - {% note %} + > [!NOTE] + > {% data reusables.enterprise-accounts.emu-password-reset-session %} - **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %} - - {% endnote %} {% data reusables.enterprise-accounts.access-enterprise-emu %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md index a7f91ad37db3..b19409414190 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md @@ -46,11 +46,10 @@ Alternatively, if you only intend to use Okta for SAML authentication and you wa | Reactivate Users | Users in Okta whose Okta accounts are reactivated and who are assigned back to {% ifversion ghec %}the {% data variables.product.prodname_emu_idp_application %}{% else %}{% data variables.product.company_short %}'s{% endif %} application on Okta will be enabled. | {% ifversion ghec %} -{% note %} -**Note:** {% data variables.product.prodname_emus %} does not support modifications to usernames. +> [!NOTE] +> {% data variables.product.prodname_emus %} does not support modifications to usernames. -{% endnote %} {% endif %} ## Prerequisites @@ -148,11 +147,8 @@ You can also automatically manage organization membership by adding groups to th {% data reusables.enterprise-managed.assigning-roles %} -{% note %} - -**Note:** You can only set the "Roles" attribute for an individual user, not a group. If you want to set roles for everyone in a group that is assigned to the application in Okta, you must use the "Roles" attribute for each group member, individually. - -{% endnote %} +> [!NOTE] +> You can only set the "Roles" attribute for an individual user, not a group. If you want to set roles for everyone in a group that is assigned to the application in Okta, you must use the "Roles" attribute for each group member, individually. ## How do I deprovision users and groups? diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md index d929d4f7f7ab..8c9e1b3c1f32 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md @@ -30,11 +30,8 @@ topics: When a change to an IdP group or a new team connection results in a user joining a team in an organization they were not already a member of, the user will automatically be added to the organization. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means. -{% note %} - -**Note:** Organization owners can also add users to organizations manually, as long as the accounts have already been provisioned via SCIM. - -{% endnote %} +> [!NOTE] +> Organization owners can also add users to organizations manually, as long as the accounts have already been provisioned via SCIM. When group membership changes on your IdP, your IdP sends a SCIM request with the changes to {% data variables.product.prodname_dotcom %} according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning. @@ -71,11 +68,8 @@ Any member of an organization can create a new team and connect the team to an I Organization owners {% ifversion ghes %}and team maintainers {% endif %}can manage the existing connection between an IdP group and a team.{% ifversion ghec %} If your enterprise does not use {% data variables.enterprise.prodname_managed_users %}, team maintainers can also manage the connection.{% endif %} -{% note %} - -**Note**: Before you connect an existing team on {% data variables.product.prodname_dotcom %} to an IdP group for the first time, all members of the team on {% data variables.product.prodname_dotcom %} must first be removed. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)." - -{% endnote %} +> [!NOTE] +> Before you connect an existing team on {% data variables.product.prodname_dotcom %} to an IdP group for the first time, all members of the team on {% data variables.product.prodname_dotcom %} must first be removed. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)." {% data reusables.profile.access_profile %} diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md index da0291ad9f0e..56ee38861e31 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md @@ -105,11 +105,8 @@ To ensure that your environment has a single source of truth, you should only pr However, you can safely retrieve information from {% data variables.product.company_short %}'s APIs with `GET` requests in scripts or ad hoc requests by an enterprise owner. -{% warning %} - -**Warning:** If you use a partner IdP for SCIM provisioning, the application on the IdP must be the only system that makes write requests to the API. If you make ad hoc requests using the `POST`, `PUT`, `PATCH`, or `DELETE` methods, subsequent synchronization attempts will fail, and provisioning won't function properly for your enterprise. - -{% endwarning %} +> [!WARNING] +> If you use a partner IdP for SCIM provisioning, the application on the IdP must be the only system that makes write requests to the API. If you make ad hoc requests using the `POST`, `PUT`, `PATCH`, or `DELETE` methods, subsequent synchronization attempts will fail, and provisioning won't function properly for your enterprise. ### Send valid requests to REST API endpoints diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md index 607656e02089..e104a2421052 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md @@ -139,16 +139,12 @@ After you enable SCIM on a {% data variables.product.product_name %} instance, a 1. Sign into your instance as the new enterprise owner. 1. Create a {% data variables.product.pat_v1 %} with **admin:enterprise** scope. Do not specify an expiration date for the {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." - {% warning %} + > [!WARNING] + > Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes. - **Warning**: Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes. + > [!NOTE] + > You'll need this {% data variables.product.pat_generic %} to test the SCIM configuration, and to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions. - {% endwarning %} - {% note %} - - **Note**: You'll need this {% data variables.product.pat_generic %} to test the SCIM configuration, and to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions. - - {% endnote %} {% data reusables.enterprise_installation.ssh-into-instance %} 1. To enable SCIM, run the commands provided to you by your account manager on {% data variables.contact.contact_enterprise_sales %}. {% data reusables.enterprise_site_admin_settings.wait-for-configuration-run %} diff --git a/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md index 33fb699a65b1..729b18136ee1 100644 --- a/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md +++ b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md @@ -25,11 +25,8 @@ Then, you will configure SAML and SCIM. At this time, users, groups, and identit If you're new to {% data variables.product.prodname_emus %} and haven't yet configured authentication for your enterprise, you do not need to migrate and can set up SAML single sign-on (SSO) immediately. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)." -{% warning %} - -**Warning:** {% data reusables.enterprise_user_management.migration-teams-warning %} - -{% endwarning %} +> [!WARNING] +> {% data reusables.enterprise_user_management.migration-teams-warning %} ## Prerequisites diff --git a/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md index 2e44893f5724..dff53f06fe60 100644 --- a/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md +++ b/content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md @@ -21,15 +21,14 @@ redirect_from: If your {% data variables.enterprise.prodname_emu_enterprise %} uses SAML SSO to authenticate with Entra ID, you can migrate to OIDC. {% data reusables.enterprise-accounts.emu-cap-validates %} +{% data reusables.enterprise-accounts.emu-cap-public-preview %} + When you migrate from SAML to OIDC, {% data variables.enterprise.prodname_managed_users %} and groups that were previously provisioned for SAML but are not provisioned by the {% data variables.product.prodname_emu_idp_oidc_application %} application will have "(SAML)" appended to their display names. If you're new to {% data variables.product.prodname_emus %} and haven't yet configured authentication for your enterprise, you do not need to migrate and can set up OIDC single sign-on immediately. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)." -{% warning %} - -**Warning:** {% data reusables.enterprise_user_management.migration-teams-warning %} - -{% endwarning %} +> [!WARNING] +> {% data reusables.enterprise_user_management.migration-teams-warning %} ## Prerequisites @@ -41,11 +40,8 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf To migrate your enterprise from SAML to OIDC, you will disable your existing {% data variables.product.prodname_emu_idp_application %} application on Entra ID, prepare and begin the migration as the setup user for your enterprise on {% data variables.product.github %}, then install and configure the new application for OIDC on Entra ID. After the migration is complete and Entra ID provisions your users, the users can authenticate to access your enterprise's resources on {% data variables.product.github %} using OIDC. -{% warning %} - -**Warning**: Migration of your enterprise from SAML to OIDC can take up to an hour. During the migration, users cannot access your enterprise on {% data variables.product.github %}. - -{% endwarning %} +> [!WARNING] +> Migration of your enterprise from SAML to OIDC can take up to an hour. During the migration, users cannot access your enterprise on {% data variables.product.github %}. 1. Before you begin the migration, sign in to Azure and disable provisioning in the existing {% data variables.product.prodname_emu_idp_application %} application. 1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Entra ID, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account, disable the IP allow lists. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)." @@ -60,11 +56,9 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {% 1. After you grant consent, a new browser window will open to {% data variables.product.github %} and display a new set of recovery codes for your {% data variables.enterprise.prodname_emu_enterprise %}. Download the codes, then click **Enable OIDC authentication**. 1. Wait for the migration to complete, which can take up to an hour. To check the status of the migration, navigate to your enterprise's authentication security settings page. If "Require SAML authentication" is selected, the migration is still in progress. - {% warning %} - - **Warning:** Do not provision new users from the application on Entra ID during the migration. + > [!WARNING] + > Do not provision new users from the application on Entra ID during the migration. - {% endwarning %} 1. In a new tab or window, while signed in as the setup user, create a {% data variables.product.pat_v1 %} with the **scim:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)." 1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", type the tenant URL for your enterprise: diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md b/content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md index ecbe9a9e227d..d7a98ee7668c 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md +++ b/content/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md @@ -28,11 +28,8 @@ If you're unable to add specific accounts to your external authentication provid If you configure built-in authentication and a person successfully authenticates with SAML or CAS, the person will no longer have the option to authenticate with a username and password. If a user successfully authenticates with LDAP, the credentials are no longer considered internal. -{% warning %} - -**Warning:** If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users)." - -{% endwarning %} +> [!WARNING] +> If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users)." ## Configuring built-in authentication for users outside your provider diff --git a/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md b/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md index 682db400deb0..27b1238e34dc 100644 --- a/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md +++ b/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md @@ -54,11 +54,8 @@ After you configure LDAP, users will be able to sign into your instance with the When you configure LDAP access for users via the {% data variables.enterprise.management_console %}, your user licenses aren't used until the first time a user signs in to your instance. However, if you create an account manually using site admin settings, the user license is immediately accounted for. -{% warning %} - -**Warning:** Before configuring LDAP on {% data variables.location.product_location %}, make sure that your LDAP service supports paged results. - -{% endwarning %} +> [!WARNING] +> Before configuring LDAP on {% data variables.location.product_location %}, make sure that your LDAP service supports paged results. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -117,15 +114,12 @@ You can establish role-based access control for users from your LDAP server by s LDAP sync does not create user accounts on {% data variables.location.product_location %}. For more information, see "[Viewing and creating LDAP users](#viewing-and-creating-ldap-users)." -{% note %} - -**Note:** Using LDAP Synchronization with groups that exceed 1499 members may lead to team membership synchronization failures. - -If you use Active Directory specifically, user lookups and team synchronization may fail when the LDAP groups configured for teams or in the {% data variables.enterprise.management_console %} exceed 1500 members, due to the `MaxValRange` limit in Active Directory. As a workaround, you can use Active Directory groups that contain less than 1500 members, or you can work with your Active Directory administrator to increase the `MaxValRange` value for your domain controllers. For more information, see [View and set LDAP policy in Active Directory by using Ntdsutil.exe](https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil) in Microsoft Learn. - -If you need help determining if modifying the `MaxValRange` is the right approach for your Active Directory environment, contact Microsoft Support. - -{% endnote %} +> [!NOTE] +> Using LDAP Synchronization with groups that exceed 1499 members may lead to team membership synchronization failures. +> +> If you use Active Directory specifically, user lookups and team synchronization may fail when the LDAP groups configured for teams or in the {% data variables.enterprise.management_console %} exceed 1500 members, due to the `MaxValRange` limit in Active Directory. As a workaround, you can use Active Directory groups that contain less than 1500 members, or you can work with your Active Directory administrator to increase the `MaxValRange` value for your domain controllers. For more information, see [View and set LDAP policy in Active Directory by using Ntdsutil.exe](https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil) in Microsoft Learn. +> +> If you need help determining if modifying the `MaxValRange` is the right approach for your Active Directory environment, contact Microsoft Support. To enable LDAP Sync, in your LDAP settings, select **Synchronization**. @@ -149,22 +143,17 @@ After you enable LDAP sync, a synchronization job will run at the specified time * If an LDAP User field is defined for SSH public keys, synchronize the user's public SSH keys with the LDAP entry. * If an LDAP User field is defined for GPG keys, synchronize the user's GPG keys with the LDAP entry. -{% note %} - -**Note**: LDAP entries can only be marked as disabled if you use Active Directory and the `userAccountControl` attribute is present and flagged with `ACCOUNTDISABLE`. Some variations of Active Directory, such as AD LDS and ADAM, don't support the `userAccountControl` attribute. - -{% endnote %} +> [!NOTE] +> LDAP entries can only be marked as disabled if you use Active Directory and the `userAccountControl` attribute is present and flagged with `ACCOUNTDISABLE`. Some variations of Active Directory, such as AD LDS and ADAM, don't support the `userAccountControl` attribute. A synchronization job will also run at the specified time interval to perform the following operations on each team that has been mapped to an LDAP group: * If a team's corresponding LDAP group has been removed, remove all members from the team. * If LDAP member entries have been removed from the LDAP group, remove the corresponding users from the team. If the user is no longer a member of any team in the organization and is not an owner of the organization, remove the user from the organization. If the user loses access to any repositories as a result, delete any private forks the user has of those repositories. - {% note %} - - **Note:** LDAP Sync will not remove a user from an organization if the user is an owner of that organization. Another organization owner will need to manually remove the user instead. + > [!NOTE] + > LDAP Sync will not remove a user from an organization if the user is an owner of that organization. Another organization owner will need to manually remove the user instead. - {% endnote %} * If LDAP member entries have been added to the LDAP group, add the corresponding users to the team. If the user regains access to any repositories as a result, restore any private forks of the repositories that were deleted because the user lost access in the past 90 days. {% data reusables.enterprise_user_management.ldap-sync-nested-teams %} diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md index d16acfa7072f..91eafe780cc9 100644 --- a/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md +++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md @@ -111,11 +111,8 @@ For more detailed information about how to enable SAML using Okta, see "[AUTOTIT You can enable or disable SAML authentication for {% data variables.location.product_location %}, or you can edit an existing configuration. You can view and edit authentication settings for {% data variables.product.product_name %} in the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console)." -{% note %} - -**Note**: {% data reusables.enterprise.test-in-staging %} - -{% endnote %} +> [!NOTE] +> {% data reusables.enterprise.test-in-staging %} {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -124,11 +121,8 @@ You can enable or disable SAML authentication for {% data variables.location.pro 1. {% data reusables.enterprise_user_management.built-in-authentication-option %} 1. Optionally, to enable unsolicited response SSO, select **IdP initiated SSO**. By default, {% data variables.product.prodname_ghe_server %} will reply to an unsolicited Identity Provider (IdP) initiated request with an `AuthnRequest` back to the IdP. - {% tip %} - - **Note**: We recommend keeping this value **unselected**. You should enable this feature **only** in the rare instance that your SAML implementation does not support service provider initiated SSO, and when advised by {% data variables.contact.enterprise_support %}. - - {% endtip %} + > [!TIP] + > We recommend keeping this value **unselected**. You should enable this feature **only** in the rare instance that your SAML implementation does not support service provider initiated SSO, and when advised by {% data variables.contact.enterprise_support %}. 1. Optionally, if you do not want your SAML provider to determine administrator rights for users on {% data variables.location.product_location %}, select **Disable administrator demotion/promotion** {%- ifversion ghes %} diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md index aa4287543f5a..896b7ee89047 100644 --- a/content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md +++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md @@ -23,11 +23,8 @@ After you disable SAML SSO for your enterprise, the following effects apply: {% data reusables.enterprise-accounts.access-enterprise %} - {% note %} - - **Note:** If you're unable to access the enterprise because your IdP is unavailable, you can use a recovery code to bypass SSO. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)." - - {% endnote %} + > [!NOTE] + > If you're unable to access the enterprise because your IdP is unavailable, you can use a recovery code to bypass SSO. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)." {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md index abddbb4fe25c..6c70faf5f692 100644 --- a/content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md +++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md @@ -29,11 +29,8 @@ To enable encrypted assertions for authentication to {% data variables.product.p To enable encrypted assertions, you must provide {% data variables.location.product_location %}'s public certificate to your IdP, and configure encryption settings that match your IdP. -{% note %} - -**Note**: {% data reusables.enterprise.test-in-staging %} - -{% endnote %} +> [!NOTE] +> {% data reusables.enterprise.test-in-staging %} 1. Optionally, enable SAML debugging. SAML debugging records verbose entries in {% data variables.product.product_name %}'s authentication log, and may help you troubleshoot failed authentication attempts. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication#configuring-saml-debugging)." {% data reusables.enterprise_site_admin_settings.access-settings %} diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md index d4b39fb35442..744d83d1a918 100644 --- a/content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md +++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md @@ -30,14 +30,9 @@ For more information about SAML response requirements, see "[AUTOTITLE](/admin/i You can configure {% data variables.product.product_name %} to write verbose debug logs for every SAML authentication attempt. You may be able to troubleshoot failed authentication attempts with this extra output. -{% warning %} - -**Warnings**: - -* Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% endif %} increases much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}. -* Test new authentication settings for {% data variables.location.product_location %} in a staging environment before you apply the settings in your production environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." - -{% endwarning %} +> [!WARNING] +> * Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% endif %} increases much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}. +> * Test new authentication settings for {% data variables.location.product_location %} in a staging environment before you apply the settings in your production environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} diff --git a/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md b/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md index 1ca94de3f765..a704f81a7e4c 100644 --- a/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md +++ b/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md @@ -17,11 +17,8 @@ When you create an enterprise, you choose a "slug" for the enterprise, which is If your company pays for {% data variables.product.prodname_ghe_cloud %} by credit card or PayPal, you can change the slug in the settings for your enterprise. When you change the slug, {% data variables.product.company_short %} does not set up any redirects from the old URL. Your old enterprise slug will immediately become available for another customer to use. -{% note %} - -**Note:** If you pay for {% data variables.product.prodname_ghe_cloud %} via invoice, or if your enterprise uses {% data variables.product.prodname_emus %}, you must contact {% data variables.contact.contact_enterprise_sales %} to change your enterprise slug. - -{% endnote %} +> [!NOTE] +> If you pay for {% data variables.product.prodname_ghe_cloud %} via invoice, or if your enterprise uses {% data variables.product.prodname_emus %}, you must contact {% data variables.contact.contact_enterprise_sales %} to change your enterprise slug. ## Considerations when changing your enterprise slug @@ -49,11 +46,8 @@ If your enterprise is linked to one or more {% data variables.product.prodname_g ## Changing the enterprise slug -{% note %} - -**Note:** Before changing the slug for an enterprise, make sure you have understood the potential consequences. For more information, see "[Considerations when changing your enterprise slug](#considerations-when-changing-your-enterprise-slug)." - -{% endnote %} +> [!NOTE] +> Before changing the slug for an enterprise, make sure you have understood the potential consequences. For more information, see "[Considerations when changing your enterprise slug](#considerations-when-changing-your-enterprise-slug)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md index d0fcc3a80de6..e3fc9165dfae 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md +++ b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md @@ -45,11 +45,8 @@ curl --remote-name \ To access the other reports programmatically, replace `all_users` with `active_users`, `dormant_users`, `suspended_users`, `all_organizations`, or `all_repositories`. -{% note %} - -**Note:** The initial curl request will return an HTTP `202` response if there are no cached reports available. Your instance will generate a report in the background. You can send a second request to download the report. You can use a password or an OAuth token with the `site_admin` scope in place of a password. - -{% endnote %} +> [!NOTE] +> The initial curl request will return an HTTP `202` response if there are no cached reports available. Your instance will generate a report in the background. You can send a second request to download the report. You can use a password or an OAuth token with the `site_admin` scope in place of a password. ## User reports diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md index 0fdba7b642fd..d34fc1e21c75 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md @@ -24,11 +24,8 @@ topics: ## About audit logs -{% note %} - -**Note:** {% data reusables.webhooks.webhooks-as-audit-log-alternative %} - -{% endnote %} +> [!NOTE] +> {% data reusables.webhooks.webhooks-as-audit-log-alternative %} {% data reusables.audit_log.retention-periods %} diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md index 6728c7038214..7b27b34729ab 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md @@ -51,11 +51,8 @@ Before you can enable Git events in the audit log, you must configure a retentio {% data reusables.audit_log.audit-data-retention-tab %} 1. Under "Git event opt-in", select or deselect **Enable git events in the audit-log**. - {% note %} - - **Note:** The retention policy must be set to something other than infinite for this option to display. - - {% endnote %} + > [!NOTE] + > The retention policy must be set to something other than infinite for this option to display. ![Screenshot of the audit log. The checkbox to enable Git events in the audit log is highlighted with an orange outline.](/assets/images/help/enterprises/enable-git-events-checkbox.png) 1. Click **Save**. diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md index 81f1b9075991..b80e2dfa4147 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md @@ -31,11 +31,8 @@ You can also use the API to retrieve audit log events. For more information, see You cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as `-`, `>`, or `<`, match the same format as searching across {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)." -{% note %} - -**Note**: {% data reusables.audit_log.retention-periods %} - -{% endnote %} +> [!NOTE] +> {% data reusables.audit_log.retention-periods %} ## Search query filters diff --git a/content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md b/content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md index 156cb7a92c7c..785c220277be 100644 --- a/content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md +++ b/content/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md @@ -82,11 +82,8 @@ You can control data locality by configuring data location policies for your rep Data location policies affect only Git content. Content in the database, such as issues and pull request comments, will be replicated to all nodes regardless of policy. -{% note %} - -**Note:** Data location policies are not the same as access control. You must use repository roles to control which users may access a repository. For more information about repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." - -{% endnote %} +> [!NOTE] +> Data location policies are not the same as access control. You must use repository roles to control which users may access a repository. For more information about repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." You can configure a policy to replicate all networks with the `--default` flag. For example, this command will create a policy to replicate a single copy of every repository network to the set of repository caches whose `cache_location` is "kansas". diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md index 778587c400d9..f5b022842c9c 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md @@ -39,11 +39,8 @@ Each node must have a root volume, as well as a separate data volume. These are For adequate redundancy, use these minimum nodes operating each service. -{% tip %} - -**Note:** Your environment's scaling requirements depend on many factors, including the size and number of repositories, number of users, and overall utilization. - -{% endtip %} +> [!NOTE] +> Your environment's scaling requirements depend on many factors, including the size and number of repositories, number of users, and overall utilization. ## Example cluster configuration diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md index 8a2e5d0b766b..9bd2a60328a1 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md @@ -32,11 +32,8 @@ For each existing node in your active cluster, you'll need to provision a second On each new virtual machine, install the same version of {% data variables.product.prodname_ghe_server %} that runs on the nodes in your active cluster. You don't need to upload a license or perform any additional configuration. For more information, see "[AUTOTITLE](/enterprise/admin/installation/setting-up-a-github-enterprise-server-instance)." -{% note %} - -**Note**: The nodes that you intend to use for high availability replication should be standalone {% data variables.product.prodname_ghe_server %} instances. Don't initialize the replica nodes as a second cluster. - -{% endnote %} +> [!NOTE] +> The nodes that you intend to use for high availability replication should be standalone {% data variables.product.prodname_ghe_server %} instances. Don't initialize the replica nodes as a second cluster. ### Network @@ -53,15 +50,10 @@ To create a high availability replica for your cluster, use the `ghe-cluster-rep {% data reusables.enterprise_clustering.ssh-to-a-node %} 1. To begin configuration of high availability, run the following command. The `-p` and `-s` flags are optional. If you're using the flags, replace PRIMARY-DATACENTER and SECONDARY-DATACENTER with the names of your primary and secondary datacenters. - {% note %} - - **Notes:** - - * By default, the utility will use the name of the primary datacenter in `cluster.conf`. - * If no name for the primary datacenter is defined, the utility will use `mona`. - * If no name for the secondary datacenter is defined, the utility will use `hubot`. - - {% endnote %} + > [!NOTE] + > * By default, the utility will use the name of the primary datacenter in `cluster.conf`. + > * If no name for the primary datacenter is defined, the utility will use `mona`. + > * If no name for the secondary datacenter is defined, the utility will use `hubot`. ```shell copy ghe-cluster-repl-bootstrap -p PRIMARY-DATACENTER -s SECONDARY-DATACENTER @@ -111,15 +103,12 @@ Before you define a secondary datacenter for your replica nodes, ensure that you ... ``` - {% note %} - - **Note**: If you changed the name of the primary datacenter in step 3, find the `consul-datacenter` key-value pair in the section for each node and change the value to the renamed primary datacenter. For example, if you named the primary datacenter `primary`, use the following key-value pair for each node. - - ```text - consul-datacenter = primary - ``` - - {% endnote %} + > [!NOTE] + > If you changed the name of the primary datacenter in step 3, find the `consul-datacenter` key-value pair in the section for each node and change the value to the renamed primary datacenter. For example, if you named the primary datacenter `primary`, use the following key-value pair for each node. + > + > ```text + > consul-datacenter = primary + > ``` {% data reusables.enterprise_clustering.apply-configuration %} {% data reusables.enterprise_clustering.configuration-finished %} @@ -139,11 +128,8 @@ For an example configuration, see "[Review an example configuration](#3-review-a 1. For each node in your cluster, provision a matching virtual machine with identical specifications, running the same version of {% data variables.product.prodname_ghe_server %}. Note the IPv4 address and hostname for each new cluster node. For more information, see "[Prerequisites](#prerequisites)." - {% note %} - - **Note**: If you're reconfiguring high availability after a failover, you can use the old nodes from the primary datacenter instead. - - {% endnote %} + > [!NOTE] + > If you're reconfiguring high availability after a failover, you can use the old nodes from the primary datacenter instead. {% data reusables.enterprise_clustering.ssh-to-a-node %} 1. Back up your existing cluster configuration. @@ -172,11 +158,8 @@ For an example configuration, see "[Review an example configuration](#3-review-a 1. Decide on a pattern for the replica nodes' hostnames. - {% warning %} - - **Warning**: Hostnames for replica nodes must be unique and differ from the hostname for the corresponding active node. - - {% endwarning %} + > [!WARNING] + > Hostnames for replica nodes must be unique and differ from the hostname for the corresponding active node. 1. Open the temporary cluster configuration file from step 3 in a text editor. For example, you can use Vim. @@ -213,25 +196,22 @@ For an example configuration, see "[Review an example configuration](#3-review-a git config -f /data/user/common/cluster.conf cluster.redis-master-replica REPLICA-REDIS-PRIMARY-HOSTNAME ``` - {% warning %} - - **Warning**: Review your cluster configuration file before proceeding. - - * In the top-level `[cluster]` section, ensure that the values for `mysql-master-replica` and `redis-master-replica` are the correct hostnames for the replica nodes in the secondary datacenter that will serve as the MySQL and Redis primaries after a failover. - * In each section for an active node named [cluster "ACTIVE NODE HOSTNAME"], double-check the following key-value pairs. - * `datacenter` should match the value of `primary-datacenter` in the top-level `[cluster]` section. - * `consul-datacenter` should match the value of `datacenter`, which should be the same as the value for `primary-datacenter` in the top-level `[cluster]` section. - * Ensure that for each active node, the configuration has **one** corresponding section for **one** replica node with the same roles. In each section for a replica node, double-check each key-value pair. - * `datacenter` should match all other replica nodes. - * `consul-datacenter` should match all other replica nodes. - * `hostname` should match the hostname in the section heading. - * `ipv4` should match the node's unique, static IPv4 address. - * `replica` should be configured as `enabled`. - * Take the opportunity to remove sections for offline nodes that are no longer in use. - - To review an example configuration, see "[Review an example configuration](#3-review-an-example-configuration)." - - {% endwarning %} + > [!WARNING] + > Review your cluster configuration file before proceeding. + > + > * In the top-level `[cluster]` section, ensure that the values for `mysql-master-replica` and `redis-master-replica` are the correct hostnames for the replica nodes in the secondary datacenter that will serve as the MySQL and Redis primaries after a failover. + > * In each section for an active node named [cluster "ACTIVE NODE HOSTNAME"], double-check the following key-value pairs. + > * `datacenter` should match the value of `primary-datacenter` in the top-level `[cluster]` section. + > * `consul-datacenter` should match the value of `datacenter`, which should be the same as the value for `primary-datacenter` in the top-level `[cluster]` section. + > * Ensure that for each active node, the configuration has **one** corresponding section for **one** replica node with the same roles. In each section for a replica node, double-check each key-value pair. + > * `datacenter` should match all other replica nodes. + > * `consul-datacenter` should match all other replica nodes. + > * `hostname` should match the hostname in the section heading. + > * `ipv4` should match the node's unique, static IPv4 address. + > * `replica` should be configured as `enabled`. + > * Take the opportunity to remove sections for offline nodes that are no longer in use. + > + > To review an example configuration, see "[Review an example configuration](#3-review-an-example-configuration)." 1. Initialize the new cluster configuration. {% data reusables.enterprise.use-a-multiplexer %} diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md index b164054bf3da..92e4e55c94ec 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md @@ -24,15 +24,9 @@ In a cluster configuration for {% data variables.product.product_name %}, you ma For more information about nodes and service tiers for {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-cluster-nodes)." -{% warning %} - -**Warnings**: - -* To avoid data loss during replacement of a node, {% data variables.product.company_short %} strongly recommends evacuation of the applicable data services on the node before you take the node offline. - -* To ensure redundancy for any data service on your cluster, copies of data should exist on at least three nodes. For example, when four or more nodes store Git data, during evacuation, evacuated repository data will move from the node you're evacuating to the other three nodes. If you only have three nodes that store data for a service, evacuation of one node could fail and result in under-replicated data. - -{% endwarning %} +> [!WARNING] +> * To avoid data loss during replacement of a node, {% data variables.product.company_short %} strongly recommends evacuation of the applicable data services on the node before you take the node offline. +> * To ensure redundancy for any data service on your cluster, copies of data should exist on at least three nodes. For example, when four or more nodes store Git data, during evacuation, evacuated repository data will move from the node you're evacuating to the other three nodes. If you only have three nodes that store data for a service, evacuation of one node could fail and result in under-replicated data. ## Evacuating a cluster node running data services @@ -134,11 +128,8 @@ If you plan to take a node offline and the node runs any of the following roles, 1. To monitor evacuation of a service while {% data variables.product.product_name %} copies the data, run the following commands. For each command, replace UUID with the UUID from the earlier step. - {% warning %} - - **Warning**: Do not shut down the node until evacuation is complete. Evacuation is complete when the data counts reach zero, which means that all data is safely stored on other nodes. - - {% endwarning %} + > [!WARNING] + > Do not shut down the node until evacuation is complete. Evacuation is complete when the data counts reach zero, which means that all data is safely stored on other nodes. * `git-server`: diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md index 7cca2dc02956..72e629d24785 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md @@ -42,11 +42,8 @@ admin@ghe-data-node-0:~$ ghe-cluster-status | grep error > mysql cluster: error ``` -{% note %} - -**Note:** If there are no failing tests, this command produces no output. This indicates the cluster is healthy. - -{% endnote %} +> [!NOTE] +> If there are no failing tests, this command produces no output. This indicates the cluster is healthy. {% ifversion ghes-manage-api-cli-extension %} @@ -84,15 +81,14 @@ You can configure [Nagios](https://www.nagios.org/) to monitor {% data variables **Security Warning:** An SSH key without a passphrase can pose a security risk if authorized for full access to a host. Limit this key's authorization to a single read-only command. {% enddanger %} - {% note %} - - **Note:** If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command: - ```shell - nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096 - ``` + > [!NOTE] + > If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command: + > + > ```shell + > nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096 + > ``` - {% endnote %} 1. Copy the private key (`id_ed25519`) to the `nagios` home folder and set the appropriate ownership. ```shell diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md index 890dbe0dd1ac..f3ec38874342 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md @@ -64,11 +64,8 @@ After you determine which jobs are unbalanced across your cluster's nodes, you c You can schedule rebalancing of jobs on your cluster by setting and applying configuration values for {% data variables.location.product_location %}. -{% note %} - -**Note:** Currently, you can only schedule reallocation of jobs for the HTTP server, `github-unicorn`. - -{% endnote %} +> [!NOTE] +> Currently, you can only schedule reallocation of jobs for the HTTP server, `github-unicorn`. 1. To configure automatic, hourly balancing of jobs, run the following command. diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md index 8d2629274b12..af3019ccc21b 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md @@ -25,11 +25,8 @@ You can replace a functional node in a {% data variables.product.product_name %} After you replace a node, {% data variables.location.product_location %} does not automatically distribute jobs to the new node. You can force your instance to balance jobs across nodes. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)." {% endif %} -{% warning %} - -**Warning:** To avoid conflicts, do not reuse a hostname that was previously assigned to a node in the cluster. - -{% endwarning %} +> [!WARNING] +> To avoid conflicts, do not reuse a hostname that was previously assigned to a node in the cluster. ## Replacing a functional node @@ -37,11 +34,8 @@ You can replace an existing, functional node in your cluster. For example, you m To replace a functional node, install the {% data variables.product.product_name %} appliance on a new VM, configure an IP address, add the new node to the cluster configuration file, initialize the cluster and apply the configuration, then take the node you replaced offline. -{% note %} - -**Note:** If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." - -{% endnote %} +> [!NOTE] +> If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." {% data reusables.enterprise_clustering.replacing-a-cluster-node-provision %} {% data reusables.enterprise_clustering.replacing-a-cluster-node-admin-configure-ip %} @@ -66,11 +60,8 @@ To replace a functional node, install the {% data variables.product.product_name You can replace a failed node in your cluster. For example, a software or hardware issue may affect a node's availability. -{% note %} - -**Note:** If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." - -{% endnote %} +> [!NOTE] +> If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." {% ifversion cluster-node-removal %} @@ -116,11 +107,8 @@ To replace a node in an emergency, you'll take the failed node offline, add your These commands indicate to each service that the node is permanently removed. The services will recreate any replicas contained within the node on the available nodes within the cluster. - {% note %} - - **Note:** These commands may cause increased load on the server while data is rebalanced across replicas. - - {% endnote %} + > [!NOTE] + > These commands may cause increased load on the server while data is rebalanced across replicas. For the `git-server` service (used for repository data): @@ -202,11 +190,9 @@ If you want to provide the VM for your primary MySQL node with more resources, o 1. During your scheduled maintenance window, enable maintenance mode. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#enabling-or-disabling-maintenance-mode-for-all-nodes-in-a-cluster-via-the-cli)." 1. Ensure that MySQL replication is finished from any node in the cluster by running `ghe-cluster-status -v`. - {% warning %} - - **Warning**: If you do not wait for MySQL replication to finish, you risk data loss on your instance. + > [!WARNING] + > If you do not wait for MySQL replication to finish, you risk data loss on your instance. - {% endwarning %} 1. To set the current MySQL primary node to read-only mode, run the following command from of the instance's nodes. ```shell copy diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md index 8ff5839c1581..ab6c35f56def 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md @@ -81,11 +81,9 @@ This example configuration uses a primary and two replicas, which are located in (replica2)$ ghe-repl-node --datacenter [SECOND REPLICA DC NAME] ``` - {% tip %} + > [!TIP] + > You can set the `--datacenter` and `--active` options at the same time. - **Tip:** You can set the `--datacenter` and `--active` options at the same time. - - {% endtip %} 1. An active replica node will store copies of the appliance data and service end user requests. An inactive node will store copies of the appliance data but will be unable to service end user requests. Enable active mode using the `--active` flag or inactive mode using the `--inactive` flag. On the first replica: diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md index fba58ea767df..982d75f0f689 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md @@ -34,11 +34,8 @@ The time required to failover depends on how long it takes to manually promote t * When the number of active Git operations, MySQL queries, and Resque jobs reaches zero, wait 30 seconds. - {% note %} - - **Note:** Nomad will always have jobs running, even in maintenance mode, so you can safely ignore these jobs. - - {% endnote %} + > [!NOTE] + > Nomad will always have jobs running, even in maintenance mode, so you can safely ignore these jobs. * To verify all replication channels report `OK`, use the `ghe-repl-status -vv` command. @@ -54,11 +51,8 @@ The time required to failover depends on how long it takes to manually promote t ghe-repl-promote ``` - {% note %} - - **Note:** If the primary node is unavailable, warnings and timeouts may occur but can be ignored. - - {% endnote %} + > [!NOTE] + > If the primary node is unavailable, warnings and timeouts may occur but can be ignored. 1. Update the DNS record to point to the IP address of the replica. Traffic is directed to the replica after the TTL period elapses. If you are using a load balancer, ensure it is configured to send traffic to the replica. 1. Notify users that they can resume normal operations. diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md index bdbe2af525a9..5a3b09d6a031 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/monitoring-a-high-availability-configuration.md @@ -20,7 +20,7 @@ redirect_from: {% data reusables.enterprise.about-ha %} For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)." -After you configure high availability, you can proactively ensure redundancy by monitoring the overall health of replication and the status of each of your instance's replica nodes. You can use command-line utilities on the instance, an overview dashboard, {% ifversion replication-management-api %}the instance's REST API, {%endif %}or a remote monitoring system such as Nagios. +After you configure high availability, you can proactively ensure redundancy by monitoring the overall health of replication and the status of each of your instance's replica nodes. You can use command-line utilities on the instance, an overview dashboard, {% ifversion replication-management-api %}the instance's REST API, {% endif %}or a remote monitoring system such as Nagios. With high availability, your instance uses several approaches to replicate data between primary and replica nodes. Database services that support a native replication mechanism, such as MySQL, replicate using the service's native mechanism. Other services, such as Git repositories, replicate using a custom mechanism developed for {% data variables.product.product_name %}, or using platform tools like rsync. diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md index 9b75ac3fde00..a4a447922253 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md @@ -21,11 +21,8 @@ shortTitle: Recover a HA configuration You can use the former primary appliance as the new replica appliance if the failover was planned or was not related to the health of the appliance. If the failover was related to an issue with the primary appliance, you may prefer to create a new replica appliance. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)." -{% warning %} - -**Warning:** You must enable maintenance mode before configuring a former primary appliance as a new replica. If you do not enable maintenance mode, you will cause a production outage. - -{% endwarning %} +> [!WARNING] +> You must enable maintenance mode before configuring a former primary appliance as a new replica. If you do not enable maintenance mode, you will cause a production outage. ## Configuring a former primary appliance as a new replica diff --git a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md index ebf8865d267a..8a0bb14c6a57 100644 --- a/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md +++ b/content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md @@ -48,9 +48,8 @@ shortTitle: Remove a HA replica ``` {% ifversion ghes %} - {% note %} - **Note:** If you have {% data variables.product.prodname_actions %} enabled, you should decommission the former replica server or update its {% data variables.product.prodname_actions %} configuration to use different external storage. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions#high-availability-replicas)." + > [!NOTE] + > If you have {% data variables.product.prodname_actions %} enabled, you should decommission the former replica server or update its {% data variables.product.prodname_actions %} configuration to use different external storage. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions#high-availability-replicas)." - {% endnote %} {% endif %} diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md index 577298599ebc..ac843bb1987f 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md @@ -30,11 +30,8 @@ You can forward system logs and audit logs to an external system for analysis or In addition to reviewing your system logs, you can monitor activity on your instance in other ways. For example, you can review audit logs and push logs, or configure global webhooks. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise)." -{% note %} - -**Note**: The following lists of logs are not intended to be comprehensive. - -{% endnote %} +> [!NOTE] +> The following lists of logs are not intended to be comprehensive. ## System log files diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md index e70fb7841602..c86924ded6b0 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md @@ -17,11 +17,8 @@ redirect_from: - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise --- -{% note %} - -**Note:** Generating a Health Check is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_ghe_server %} and subject to change. - -{% endnote %} +> [!NOTE] +> Generating a Health Check is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_ghe_server %} and subject to change. ## About generated Health Checks diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md index 5545195c792a..d4f550bd3ae0 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md @@ -113,10 +113,7 @@ With SNMP v2c, to query for `hrMemorySize`, run the following command on a separ snmpget -v 2c -c COMMUNITY-STRING HOSTNAME HOST-RESOURCES-MIB::hrMemorySize.0 ``` -{% tip %} - -**Note:** To prevent leaking information about services running on your appliance, we exclude the `hrSWRun` table (1.3.6.1.2.1.25.4) from the resulting SNMP reports unless you're using the `authPriv` security level with SNMP v3. If you're using the `authPriv` security level, we include the `hrSWRun` table. - -{% endtip %} +> [!NOTE] +> To prevent leaking information about services running on your appliance, we exclude the `hrSWRun` table (1.3.6.1.2.1.25.4) from the resulting SNMP reports unless you're using the `authPriv` security level with SNMP v3. If you're using the `authPriv` security level, we include the `hrSWRun` table. For more information on OID mappings for common system attributes in SNMP, see "[Linux SNMP OID’s for CPU, Memory and Disk Statistics](http://www.linux-admins.net/2012/02/linux-snmp-oids-for-cpumemory-and-disk.html)". diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md index a1dd3611a2e5..d6a5a48e8fe5 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md @@ -18,15 +18,12 @@ shortTitle: Troubleshooting resource allocation problems ## Troubleshooting common resource allocation problems on your appliance -{% note %} - -**Note**: Regularly making repeated requests (polling) to {% data variables.location.product_location %} from continuous integration (CI) systems, build servers, or any other clients (such as Git or API clients) can overwhelm the system. This can lead to a denial of service (DoS) attack, causing significant performance issues and resource saturation. - -To avoid these problems, we strongly recommend using webhooks to receive updates. Webhooks allow the system to push updates to you automatically, eliminating the need for constant polling. Additionally, consider using conditional requests and caching strategies to minimize unnecessary requests. Avoid running jobs in large, simultaneous batches (thundering herds) and instead wait for webhook events to trigger actions. - -For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-webhooks)." - -{% endnote %} +> [!NOTE] +> Regularly making repeated requests (polling) to {% data variables.location.product_location %} from continuous integration (CI) systems, build servers, or any other clients (such as Git or API clients) can overwhelm the system. This can lead to a denial of service (DoS) attack, causing significant performance issues and resource saturation. +> +> To avoid these problems, we strongly recommend using webhooks to receive updates. Webhooks allow the system to push updates to you automatically, eliminating the need for constant polling. Additionally, consider using conditional requests and caching strategies to minimize unnecessary requests. Avoid running jobs in large, simultaneous batches (thundering herds) and instead wait for webhook events to trigger actions. +> +> For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-webhooks)." We recommend using the monitor dashboard to stay informed on your appliance's resource health and make decisions on how to fix high usage issues, such as the ones outlined on this page. diff --git a/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md index 593f665dd1f0..887911d05730 100644 --- a/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md +++ b/content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md @@ -23,11 +23,8 @@ As more users join {% data variables.location.product_location %}, you may need ## Requirements and recommendations -{% note %} - -**Note:** Before resizing any storage volume, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." - -{% endnote %} +> [!NOTE] +> Before resizing any storage volume, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." ### Minimum recommended requirements @@ -68,11 +65,8 @@ Root storage refers to the total size of your instance's root disk. The availabl ## Increasing the root partition size using an existing appliance -{% warning %} - -**Warning:** Before increasing the root partition size, you must put your instance in maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." - -{% endwarning %} +> [!WARNING] +> Before increasing the root partition size, you must put your instance in maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." 1. Attach a new disk to your {% data variables.product.prodname_ghe_server %} appliance. 1. Run the `lsblk` command to identify the new disk's device name. diff --git a/content/admin/overview/about-github-for-enterprises.md b/content/admin/overview/about-github-for-enterprises.md index 0afe4b9e096a..40f3500f55c2 100644 --- a/content/admin/overview/about-github-for-enterprises.md +++ b/content/admin/overview/about-github-for-enterprises.md @@ -85,7 +85,7 @@ When businesses adopt {% data variables.product.prodname_enterprise %}, their re 1. Learn more about {% data variables.product.prodname_enterprise %}. - * "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud)"{% ifversion not ghec %} in the {% data variables.product.prodname_ghe_cloud%} documentation{% endif %} + * "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud)"{% ifversion not ghec %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %} * "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/overview/about-github-enterprise-server){% ifversion not ghes %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% else %}."{% endif %} 1. Set up a trial. diff --git a/content/admin/overview/about-the-github-enterprise-api.md b/content/admin/overview/about-the-github-enterprise-api.md index 6ab3500fe00c..35dcef881140 100644 --- a/content/admin/overview/about-the-github-enterprise-api.md +++ b/content/admin/overview/about-the-github-enterprise-api.md @@ -23,4 +23,4 @@ With the APIs, you can automate many administrative tasks. Some examples include * Collect statistics about your enterprise. For more information, see "[AUTOTITLE](/rest/enterprise-admin/admin-stats)." * Manage your enterprise account. For more information, see "[AUTOTITLE](/graphql/guides/managing-enterprise-accounts)." -For the complete documentation for the {% data variables.product.prodname_enterprise_api %}, see [{% data variables.product.prodname_dotcom %} REST API](/rest) and [{% data variables.product.prodname_dotcom%} GraphQL API](/graphql). +For the complete documentation for the {% data variables.product.prodname_enterprise_api %}, see [{% data variables.product.prodname_dotcom %} REST API](/rest) and [{% data variables.product.prodname_dotcom %} GraphQL API](/graphql). diff --git a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md index 2e76a1d8a187..d18204625898 100644 --- a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md +++ b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md @@ -32,7 +32,7 @@ You do not need to provide a payment method during the trial. The trial lasts for **{% data reusables.enterprise.ghec-trial-length %} days** and includes the following features. -* Access to **most** {% data variables.product.prodname_ghe_cloud %} features.{% ifversion metered-ghe-ghas%} +* Access to **most** {% data variables.product.prodname_ghe_cloud %} features.{% ifversion metered-ghe-ghas %} * Access to the **new billing platform**. See "[AUTOTITLE](/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises)."{% endif %} * An **enterprise account**, which allows you to manage multiple organizations. See "[AUTOTITLE](/enterprise-cloud@latest/get-started/learning-about-github/types-of-github-accounts)." * Up to **50 seats** to grant access to users. @@ -68,7 +68,7 @@ You can end your trial at any time by purchasing {% data variables.product.prodn If you **purchase {% data variables.product.prodname_enterprise %}**: -{% ifversion metered-ghe-ghas%} +{% ifversion metered-ghe-ghas %} * You can use usage-based billing for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GH_advanced_security %}, which means you pay monthly for the number of licenses you use. You will not need to buy a predefined number of licenses in advance. See, "[AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses)." If you did not set up a free trial and you want to use usage-based billing to pay for {% data variables.product.prodname_GH_advanced_security %} after the {% data variables.product.prodname_ghe_cloud %} trial ends, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).{% endif %} diff --git a/content/admin/overview/setting-up-a-trial-of-github-enterprise-server.md b/content/admin/overview/setting-up-a-trial-of-github-enterprise-server.md index 829100343466..4da5f204d758 100644 --- a/content/admin/overview/setting-up-a-trial-of-github-enterprise-server.md +++ b/content/admin/overview/setting-up-a-trial-of-github-enterprise-server.md @@ -49,11 +49,8 @@ To get the most out of your trial, follow these steps: * Add users to your {% data variables.product.prodname_ghe_server %} instance using built-in authentication or your configured identity provider. For more information, see "[AUTOTITLE](/enterprise-server@latest/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication)." * To invite people to become account administrators, visit the [{% data variables.product.prodname_enterprise %} Web portal](https://enterprise.github.com/login). - {% note %} - - **Note:** People you invite to become account administrators will receive an email with a link to accept your invitation. - - {% endnote %} + > [!NOTE] + > People you invite to become account administrators will receive an email with a link to accept your invitation. {% data reusables.enterprise.best-practices %} diff --git a/content/admin/overview/system-overview.md b/content/admin/overview/system-overview.md index b22bc21ff407..2b210afb4435 100644 --- a/content/admin/overview/system-overview.md +++ b/content/admin/overview/system-overview.md @@ -55,11 +55,8 @@ By default, {% data variables.product.product_name %} runs as a standalone insta ## Data retention and datacenter redundancy -{% warning %} - -**Warning**: Before using {% data variables.product.product_name %} in a production environment, we strongly recommend you set up backups and a disaster recovery plan. - -{% endwarning %} +> [!WARNING] +> Before using {% data variables.product.product_name %} in a production environment, we strongly recommend you set up backups and a disaster recovery plan. {% data variables.product.product_name %} includes support for online and incremental backups with {% data variables.product.prodname_enterprise_backup_utilities %}. You can take incremental snapshots over a secure network link (the SSH administrative port) over long distances for off-site or geographically dispersed storage. You can restore snapshots over the network into a newly provisioned instance at time of recovery in case of disaster at the primary datacenter. diff --git a/content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md b/content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md index 0c91198fe3b5..f5b9b0dd7c1c 100644 --- a/content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md +++ b/content/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md @@ -23,11 +23,9 @@ topics: - Upgrades shortTitle: Migrate from 11.10.x to 2.1.23 --- -{% note %} -**Note**: {% data variables.product.prodname_ghe_server %} 11.10 is an unsupported release from 2014. For a list of supported releases, see "[AUTOTITLE](/admin/all-releases)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_ghe_server %} 11.10 is an unsupported release from 2014. For a list of supported releases, see "[AUTOTITLE](/admin/all-releases)." Migrations from {% data variables.product.prodname_enterprise %} 11.10.348 and later are supported. Migrating from {% data variables.product.prodname_enterprise %} 11.10.348 and earlier is not supported. You must first upgrade to 11.10.348 in several upgrades. For more information, see the 11.10.348 upgrading procedure, "[Upgrading to the latest release](/enterprise/11.10.340/admin/articles/upgrading-to-the-latest-release/)." @@ -42,11 +40,8 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris * If you are not currently running scheduled backups, set up {% data variables.product.prodname_enterprise_backup_utilities %}. 1. Take an initial full backup snapshot of the current instance using the `ghe-backup` command. If you have already configured scheduled backups for your current instance, you don't need to take a snapshot of your instance. - {% tip %} - - **Tip:** You can leave the instance online and in active use during the snapshot. You'll take another snapshot during the maintenance portion of the migration. Since backups are incremental, this initial snapshot reduces the amount of data transferred in the final snapshot, which may shorten the maintenance window. - - {% endtip %} + > [!TIP] + > You can leave the instance online and in active use during the snapshot. You'll take another snapshot during the maintenance portion of the migration. Since backups are incremental, this initial snapshot reduces the amount of data transferred in the final snapshot, which may shorten the maintenance window. 1. Determine the method for switching user network traffic to the new instance. After you've migrated, all HTTP and Git network traffic directs to the new instance. * **DNS** - We recommend this method for all environments, as it's simple and works well even when migrating from one datacenter to another. Before starting migration, reduce the existing DNS record's TTL to five minutes or less and allow the change to propagate. Once the migration is complete, update the DNS record(s) to point to the IP address of the new instance. @@ -64,11 +59,8 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris 1. Copy the `ghe-restore` command that you'll run on the backup host to migrate data to the new instance. 1. Enable maintenance mode on the old instance and wait for all active processes to complete. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." - {% note %} - - **Note:** The instance will be unavailable for normal use from this point forward. - - {% endnote %} + > [!NOTE] + > The instance will be unavailable for normal use from this point forward. 1. On the backup host, run the `ghe-backup` command to take a final backup snapshot. This ensures that all data from the old instance is captured. 1. On the backup host, run the `ghe-restore` command you copied on the new instance's restore status screen to restore the latest snapshot. @@ -97,11 +89,8 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris 1. Click **Continue to settings** to review and adjust the configuration information and settings that were imported from the previous instance. 1. Click **Save settings**. - {% note %} - - **Note:** You can use the new instance after you've applied configuration settings and restarted the server. - - {% endnote %} + > [!NOTE] + > You can use the new instance after you've applied configuration settings and restarted the server. 1. Switch user network traffic from the old instance to the new instance using either DNS or IP address assignment. 1. Upgrade to the latest patch release of {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." diff --git a/content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md index 6ae4bf91d3b3..9e8cc9d3bbc4 100644 --- a/content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md +++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md @@ -25,11 +25,8 @@ If a hotpatch is available for an upgrade, the `.hpkg` will download automatical ## Enabling automatic update checks -{% tip %} - -**Tip:** To enable automatic update checks, {% data variables.location.product_location %} must be able to connect to `https://github-enterprise.s3.amazonaws.com`. - -{% endtip %} +> [!TIP] +> To enable automatic update checks, {% data variables.location.product_location %} must be able to connect to `https://github-enterprise.s3.amazonaws.com`. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} diff --git a/content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md b/content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md index 52125afeddff..82d6864c244e 100644 --- a/content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md +++ b/content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md @@ -17,14 +17,11 @@ topics: - Enterprise - Upgrades --- -{% note %} -**Notes:** -* Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, visit {% data variables.contact.contact_ent_support %} and contact us for assistance. -* If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/upgrading-a-cluster)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering. -* The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases). - -{% endnote %} +> [!NOTE] +> * Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, visit {% data variables.contact.contact_ent_support %} and contact us for assistance. +> * If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/upgrading-a-cluster)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering. +> * The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases). ## Recommendations diff --git a/content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md b/content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md index 3e7892fef4dc..9da154474ed8 100644 --- a/content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md +++ b/content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md @@ -33,11 +33,8 @@ To future-proof {% data variables.product.prodname_ghe_server %} and provide the After the upgrade to {% data variables.product.prodname_ghe_server %} 3.9, if you experience unacceptable degradation in the performance of your instance, you can collect data from your instance's monitor dashboard to confirm the impact. You can attempt to mitigate the issue, and you can provide the data to {% data variables.contact.github_support %} to help profile and communicate the real-world impact of this change. -{% warning %} - -**Warning**: Due to the nature of this upgrade, back up your instance's configuration and data before proceeding. Validate the backup in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." - -{% endwarning %} +> [!WARNING] +> Due to the nature of this upgrade, back up your instance's configuration and data before proceeding. Validate the backup in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." ### Collecting baseline I/O utilization data before the MySQL upgrade @@ -77,14 +74,11 @@ To attempt to mitigate the performance impact, you can adjust InnoDB's flushing The following instructions are only intended for {% data variables.product.product_name %} 3.9 and later. -{% warning %} - -**Warning**: Adjustment of the flushing method requires that your instance's storage device has a battery-backed cache. If the device's cache is not battery-backed, you risk data loss. - -* If you host your instance using a virtualization hypervisor within an on-premises datacenter, review your storage specifications to confirm. -* If you host your instance in a public cloud service, consult your provider's documentation or support team to confirm. - -{% endwarning %} +> [!WARNING] +> Adjustment of the flushing method requires that your instance's storage device has a battery-backed cache. If the device's cache is not battery-backed, you risk data loss. +> +> * If you host your instance using a virtualization hypervisor within an on-premises datacenter, review your storage specifications to confirm. +> * If you host your instance in a public cloud service, consult your provider's documentation or support team to confirm. {% data reusables.enterprise_installation.ssh-into-instance %} 1. To validate the current flushing method for InnoDB, run the following command. @@ -212,3 +206,30 @@ If your appliance averages more than 70% CPU utilization, {% data variables.prod As part of upgrading GitHub Enterprise Server to version 3.13 or later, the Elasticsearch service will be upgraded. {% data variables.product.company_short %} strongly recommends following the guidance in "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade)." {% endif %} + +{% ifversion ghes > 3.12 and ghes < 3.15 %} + +## Undecryptable records + +If you are upgrading from {% data variables.product.prodname_ghe_server %} 3.11 or 3.12 to 3.13, or from 3.12 to 3.14, you may run into an issue with undecryptable records due to missing required keys for decryption. The only solution is to delete the undecryptable records. The type of records impacted by this issue are 2FA records, that means you might need to ask users to re-enable two-factor authentication (2FA). + +### Before upgrading + +If you are upgrading from {% data variables.product.prodname_ghe_server %} 3.11 or 3.12 to 3.13, or from 3.12 to 3.14, you can run the encryption diagnostics script to identify the undecryptable records ahead of time. This will give you the opportunity to understand the impact and plan for it. + +1. Download the [encryption diagnostics script](https://gh.io/ghes-encryption-diagnostics). You can use a command like `curl -L -O https://gh.io/ghes-encryption-diagnostics` to download the script. +1. Save the script to the `/data/user/common` directory on the appliance. +1. Follow the instructions at the top of the script and execute it on the appliance. If there are any undecryptable records, they are logged in `/tmp/column_encryption_records_to_be_deleted.log`. Any records logged here means that the system was not able to find the keys for them and hence was not able to decrypt the data in those records. + +At this stage, please note that these records will be deleted as part of the process. The script will warn you about the users who will need to re-enroll into 2FA after the upgrade. The impacted users' handles are logged in `/tmp/column_encryption_users_to_have_2fa_disabled.log`. These users will need to be re-enrolled into 2FA. + +If the script runs into unexpected issues, you will be prompted to [contact {% data variables.contact.github_support %}](/support/contacting-github-support). Errors related to these issues will be logged in `/tmp/column_encryption_unexpected_errors.log`. If you are in a dire situation and are unable to have users re-enroll into 2FA, [contact {% data variables.contact.github_support %}](/support/contacting-github-support) for help. + +### During the upgrade + +In case you did not have the opportunity to run the encryption diagnostics script ahead of time, there are mechanisms in the product to help you. The pre-flight checks during the upgrade process will detect undecryptable records and log them in `/tmp/column_encryption_records_to_be_deleted.log`. The sequence will warn you of the users who will need to re-enable 2FA after the upgrade. The impacted users records are logged in `/tmp/column_encryption_users_to_have_2fa_disabled.log`. + +If undecryptable records are detected, you will be prompted whether you want to proceed with the upgrade or not. If you proceed, the upgrade process deletes the undecryptable records. Otherwise, the upgrade process will exit. + +If you have any questions during the upgrade, you can reach out to {% data variables.contact.github_support %}. Once you have had the time and opportunity to understand the impact, you can retrigger the upgrade. +{% endif %} diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md index c690b83dc197..164ee9c83686 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md @@ -33,11 +33,8 @@ If a REST API endpoint requires you to authenticate as an app, the documentation You can use {% data variables.product.company_short %}'s Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}. One advantage of using the SDK to authenticate is that you do not need to generate a JSON web token (JWT) yourself. Additionally, the SDK will take care of regenerating the JWT when it expires. -{% note %} - -**Note**: You must install and import `octokit` in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see [Usage](https://github.com/octokit/octokit.js/#usage) in the octokit/octokit repository. - -{% endnote %} +> [!NOTE] +> You must install and import `octokit` in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see [Usage](https://github.com/octokit/octokit.js/#usage) in the octokit/octokit repository. 1. Get the ID of your app. You can find your app's ID on the settings page for your {% data variables.product.prodname_github_app %}. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings)." 1. Generate a private key. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)." diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md index 3b1f6859dff2..a9585fbd3733 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md @@ -35,8 +35,5 @@ Requests made with a user access token are sometimes called "user-to-server" req If you want to attribute app activity to the app instead of to a user, you should authenticate as an app installation instead. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." -{% note %} - -**Note**: {% data reusables.apps.github_app_auth_saml %} - -{% endnote %} +> [!NOTE] +> {% data reusables.apps.github_app_auth_saml %} diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md index 09318dcb36fd..2d9a1888bceb 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md @@ -39,19 +39,13 @@ curl --request GET \ Most programming languages have a package that can generate a JWT. In all cases, you must have a private key and the ID of your {% data variables.product.prodname_github_app %}. For more information about generating a private key, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)". You can find your app's ID with the `GET /app` REST API endpoint. For more information, see "[Apps](/rest/apps/apps)" in the REST API documentation. -{% note %} - -Note: Instead of creating a JWT, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating a JWT for you and will regenerate the JWT once the token expires. For more information, see "[Scripting with the REST API and JavaScript](/rest/guides/scripting-with-the-rest-api-and-javascript#authenticating-with-a-github-app)." - -{% endnote %} +> [!NOTE] +> Instead of creating a JWT, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating a JWT for you and will regenerate the JWT once the token expires. For more information, see "[Scripting with the REST API and JavaScript](/rest/guides/scripting-with-the-rest-api-and-javascript#authenticating-with-a-github-app)." ### Example: Using Ruby to generate a JWT -{% note %} - -**Note:** You must run `gem install jwt` to install the `jwt` package in order to use this script. - -{% endnote %} +> [!NOTE] +> You must run `gem install jwt` to install the `jwt` package in order to use this script. In the following example, replace `YOUR_PATH_TO_PEM` with the file path where your private key is stored. Replace `YOUR_APP_ID` with the ID of your app. Make sure to enclose the values for `YOUR_PATH_TO_PEM` and `YOUR_APP_ID` in double quotes. @@ -82,11 +76,8 @@ puts jwt ### Example: Using Python to generate a JWT -{% note %} - -**Note:** You must run `pip install PyJWT` to install the `PyJWT` package in order to use this script. - -{% endnote %} +> [!NOTE] +> You must run `pip install PyJWT` to install the `PyJWT` package in order to use this script. ```python copy #!/usr/bin/env python3 @@ -142,11 +133,8 @@ This script will prompt you for the file path where your private key is stored a ### Example: Using Bash to generate a JWT -{% note %} - -**Note:** You must pass your {% ifversion client-id-for-app %}Client ID{% else %}App ID{% endif %} and the file path where your private key is stored as arguments when running this script. - -{% endnote %} +> [!NOTE] +> You must pass your {% ifversion client-id-for-app %}Client ID{% else %}App ID{% endif %} and the file path where your private key is stored as arguments when running this script. ```bash copy #!/usr/bin/env bash diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md index df2800978425..7002d6ae6683 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md @@ -58,11 +58,8 @@ If your app runs in the browser, you should use the web application flow to gene ## Using the device flow to generate a user access token -{% note %} - -**Note:** The device flow is in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> The device flow is in {% data variables.release-phases.public_preview %} and subject to change. If your app is headless or does not have access to a browser, you should use the device flow to generate a user access token. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. For a tutorial that uses device flow, see "[AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app)." diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md index bf1e8df51d21..2339fab3086b 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md @@ -14,11 +14,8 @@ topics: In order to authenticate as an app installation, you must generate an installation access token. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." -{% note %} - -**Note**: Instead of generating an installation access token, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating an installation access token for you and will regenerate the token once it expires. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." - -{% endnote %} +> [!NOTE] +> Instead of generating an installation access token, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating an installation access token for you and will regenerate the token once it expires. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." You should keep your installation access token secure. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app)." diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md index 7bdcf49b81d8..648d16528b34 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md @@ -14,12 +14,14 @@ topics: After you create a {% data variables.product.prodname_github_app %}, you'll need to generate a private key in order to make requests to the {% data variables.product.product_name %} API as the application itself. For example, you need a private key to sign a JSON Web Token (JWT) in order to request an installation access token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app)" -You can create multiple private keys and rotate them to prevent downtime if a key is compromised or lost. To verify that a private key matches a public key, see "[Verifying private keys](#verifying-private-keys)". +You can create {% ifversion app-key-limit %}up to 25 {% else %}multiple {% endif %}private keys for an app. You should use multiple keys in order to rotate keys without downtime in the event of a key compromise. {% ifversion app-key-limit %}If your application has 25 or more keys, you must delete some before you can create more. {% endif %} -Private keys do not expire and instead need to be manually revoked. For more information about how to revoke a private key, see "[Deleting private keys](#deleting-private-keys)." +Private keys do not expire and instead need to be manually revoked. For more information about how to revoke or delete a private key, see "[Deleting private keys](#deleting-private-keys)." You must keep private keys for {% data variables.product.prodname_github_apps %} secure. For more information, see "[Storing private keys](#storing-private-keys)". +To verify that a private key matches a public key, see "[Verifying private keys](#verifying-private-keys)". + ## Generating private keys To generate a private key: @@ -30,11 +32,8 @@ To generate a private key: 1. Under "Private keys", click **Generate a private key**. 1. You will see a private key in PEM format downloaded to your computer. Make sure to store this file because GitHub only stores the public portion of the key. For more information about securely storing your key, see "[Storing private keys](#storing-private-keys)." -{% note %} - -**Note:** If you're using a library that requires a specific file format, the PEM file you download will be in `PKCS#1 RSAPrivateKey` format. - -{% endnote %} +> [!NOTE] +> If you're using a library that requires a specific file format, the PEM file you download will be in `PKCS#1 RSAPrivateKey` format. ## Verifying private keys diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md index f03912991260..73f78828b283 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md @@ -16,11 +16,8 @@ shortTitle: Refresh user access tokens --- ## About user access tokens that expire -{% note %} - -**Note:** User access tokens that expire are currently an optional feature and are subject to change. For more information, see "[Expiring user-to-server access tokens for GitHub Apps](https://developer.github.com/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps)." - -{% endnote %} +> [!NOTE] +> User access tokens that expire are currently an optional feature and are subject to change. For more information, see "[Expiring user-to-server access tokens for GitHub Apps](https://developer.github.com/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps)." To enforce regular token rotation and reduce the impact of a compromised token, you can configure your {% data variables.product.prodname_github_app %} to use user access tokens that expire. If your app uses user access tokens that expire, then you will receive a refresh token when you generate a user access token. The user access token expires after eight hours, and the refresh token expires after six months. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." diff --git a/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md b/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md index 9b4805f27f78..d2c6c2f27fe0 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md +++ b/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md @@ -16,11 +16,8 @@ When you register a {% data variables.product.prodname_github_app %}, you can sp If you specify a setup URL, you can also select **Redirect on update** to specify that users should be redirected to the setup URL after they update an installation. An update includes adding or removing access to a repository for an installation. -{% warning %} - -**Warning**: When {% data variables.product.company_short %} redirects users to the setup URL, it includes an `installation_id` query parameter. Bad actors can hit this URL with a spoofed `installation_id`. Therefore, you should not rely on the validity of the `installation_id` parameter. Instead, you should generate a user access token for the user who installed the {% data variables.product.prodname_github_app %} and then check that the installation is associated with that user. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." - -{% endwarning %} +> [!WARNING] +> When {% data variables.product.company_short %} redirects users to the setup URL, it includes an `installation_id` query parameter. Bad actors can hit this URL with a spoofed `installation_id`. Therefore, you should not rely on the validity of the `installation_id` parameter. Instead, you should generate a user access token for the user who installed the {% data variables.product.prodname_github_app %} and then check that the installation is associated with that user. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." {% ifversion fpt or ghec %} Although the setup URL is optional during {% data variables.product.prodname_github_app %} registration, it is required if you want to allow users to purchase your app in {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials)." diff --git a/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md b/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md index 341b1dd1fb41..8821e3661bd3 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md +++ b/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md @@ -43,11 +43,10 @@ For more information about badges for {% data variables.product.prodname_github_ 1. Under "Badge background color", type the hexadecimal color code of the background color for your badge. {% ifversion fpt or ghec %} - {% note %} - **Note:** The "Badge background color" input field will only appear after you upload a logo. + > [!NOTE] + > The "Badge background color" input field will only appear after you upload a logo. - {% endnote %} {% endif %} {% ifversion fpt or ghec %} diff --git a/content/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md b/content/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md index 7bd218855676..9c427f5d8807 100644 --- a/content/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md +++ b/content/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md @@ -86,11 +86,8 @@ To publish a paid app (or an app that offers a paid plan), you must also meet th When you are ready to publish the app on {% data variables.product.prodname_marketplace %} you must request verification for the app listing. -{% note %} - -**Note:** {% data reusables.marketplace.app-transfer-to-org-for-verification %} For information on how to transfer an app to an organization, see: "[AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/submitting-your-listing-for-publication#transferring-an-app-to-an-organization-before-you-submit)." - -{% endnote %} +> [!NOTE] +> {% data reusables.marketplace.app-transfer-to-org-for-verification %} For information on how to transfer an app to an organization, see: "[AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/submitting-your-listing-for-publication#transferring-an-app-to-an-organization-before-you-submit)." ## Billing requirements for paid apps diff --git a/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md b/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md index 12bcc7ccdc60..0b6286019275 100644 --- a/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md +++ b/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md @@ -21,11 +21,8 @@ shortTitle: View listing metrics You can view metrics for the past day (24 hours), week, month, or for the entire duration of time that your {% data variables.product.prodname_github_app %} has been listed. -{% note %} - -**Note:** Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. - -{% endnote %} +> [!NOTE] +> Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. ## Performance metrics @@ -35,11 +32,8 @@ The Insights page displays these performance metrics, for the selected time peri * **Visitors:** Number of people that have viewed a page in your GitHub Apps listing. This number includes both logged in and logged out visitors. * **Pageviews:** Number of views the pages in your GitHub App's listing received. A single visitor can generate more than one page view. -{% note %} - -**Note:** Your estimated subscription value could be much higher than the transactions processed for this period. - -{% endnote %} +> [!NOTE] +> Your estimated subscription value could be much higher than the transactions processed for this period. ### Conversion performance diff --git a/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md b/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md index 9277c100d2b7..6fac54b4d15b 100644 --- a/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md +++ b/content/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md @@ -16,11 +16,8 @@ shortTitle: View listing transactions {% data reusables.marketplace.marketplace-apps-not-actions %} -{% note %} - -**Note:** Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. - -{% endnote %} +> [!NOTE] +> Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. You can view or download the transaction data to keep track of your subscription activity. Click the **Export CSV** button to download a `.csv` file. You can also select a period of time to view and search within the transaction page. diff --git a/content/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md b/content/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md index 820b98cc03fa..f09bc4504389 100644 --- a/content/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md +++ b/content/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md @@ -39,11 +39,8 @@ To create a {% data variables.product.prodname_marketplace %} listing: {% data reusables.user-settings.developer_settings %} 1. In the left sidebar, click either **OAuth Apps** or **GitHub Apps** depending on the app you're adding to {% data variables.product.prodname_marketplace %}. - {% note %} - - **Note**: You can also add a listing by navigating to https://github.com/marketplace/new, viewing your available apps, and clicking **Create draft listing**. - - {% endnote %} + > [!NOTE] + > You can also add a listing by navigating to https://github.com/marketplace/new, viewing your available apps, and clicking **Create draft listing**. ![Screenshot of the sidebar on the "Developer Settings" page of {% data variables.product.prodname_dotcom %}. Options labeled "{% data variables.product.prodname_github_apps %}" and "{% data variables.product.prodname_oauth_apps %}" are outlined in dark orange.](/assets/images/settings/apps-choose-app.png) @@ -53,11 +50,8 @@ To create a {% data variables.product.prodname_marketplace %} listing: ![Screenshot of a draft {% data variables.product.prodname_marketplace %} listing. In a section labeled "Publish your app to Marketplace," unfinished action items such as "Add your contact info" are marked with orange circles.](/assets/images/marketplace/marketplace-listing-overview.png) -{% note %} - -**Note:** In the "Contact info" section of your listing, we recommend using individual email addresses, rather than group emails addresses like support@domain.com. GitHub will use these email addresses to contact you about updates to {% data variables.product.prodname_marketplace %} that might affect your listing, new feature releases, marketing opportunities, payouts, and information on conferences and sponsorships. - -{% endnote %} +> [!NOTE] +> In the "Contact info" section of your listing, we recommend using individual email addresses, rather than group emails addresses like support@domain.com. GitHub will use these email addresses to contact you about updates to {% data variables.product.prodname_marketplace %} that might affect your listing, new feature releases, marketing opportunities, payouts, and information on conferences and sponsorships. ## Editing your listing diff --git a/content/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md b/content/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md index 61b042d149c6..882a2c9ef1c7 100644 --- a/content/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md +++ b/content/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md @@ -75,11 +75,8 @@ Once you publish a pricing plan for an app that is already listed in {% data var Once you remove a pricing plan, users won't be able to purchase your app using that plan. Existing users on the removed pricing plan will continue to stay on the plan until they cancel their plan subscription. -{% note %} - -**Note:** {% data variables.product.product_name %} can't remove users from a removed pricing plan. You can run a campaign to encourage users to upgrade or downgrade from the removed pricing plan onto a new pricing plan. - -{% endnote %} +> [!NOTE] +> {% data variables.product.product_name %} can't remove users from a removed pricing plan. You can run a campaign to encourage users to upgrade or downgrade from the removed pricing plan onto a new pricing plan. You can disable GitHub Marketplace free trials without retiring the pricing plan, but this prevents you from initiating future free trials for that plan. If you choose to disable free trials for a pricing plan, users already signed up can complete their free trial. diff --git a/content/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md b/content/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md index 3708fa823534..c17b52b0d0bd 100644 --- a/content/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md +++ b/content/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md @@ -57,8 +57,5 @@ Free trials have a fixed length of 14 days. Customers are notified 4 days before For more information, see: "[AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials)." -{% note %} - -**Note:** GitHub expects you to delete any private customer data within 30 days of a canceled trial, beginning at the receipt of the cancellation event. - -{% endnote %} +> [!NOTE] +> GitHub expects you to delete any private customer data within 30 days of a canceled trial, beginning at the receipt of the cancellation event. diff --git a/content/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md b/content/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md index 96c03547fab1..a3a3fa54ffbb 100644 --- a/content/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md +++ b/content/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md @@ -26,8 +26,5 @@ Once your revenue reaches a minimum of 500 US dollars for the month, you'll rece For transactions made before January 1, 2021, {% data variables.product.company_short %} retains 25% of transaction income. For transactions made after that date, only 5% is retained by {% data variables.product.company_short %}. This change will be reflected in payments received from the end of January 2021 onward. -{% note %} - -**Note:** For details of the current pricing and payment terms, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-marketplace-developer-agreement)." - -{% endnote %} +> [!NOTE] +> For details of the current pricing and payment terms, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-marketplace-developer-agreement)." diff --git a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md index 49bc2e183cd6..7f774e33bc2c 100644 --- a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md +++ b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md @@ -45,11 +45,8 @@ If your app is a {% data variables.product.prodname_github_app %}, {% data varia At this point, if you specified a **Setup URL** in your {% data variables.product.prodname_github_app %} settings, {% data variables.product.product_name %} will redirect the customer to that URL. If you do not specify a setup URL, you will not be able to handle purchases of your {% data variables.product.prodname_github_app %}. -{% note %} - -**Note:** The **Setup URL** is described as optional in {% data variables.product.prodname_github_app %} settings, but it is a required field if you want to offer your app in {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url)." - -{% endnote %} +> [!NOTE] +> The **Setup URL** is described as optional in {% data variables.product.prodname_github_app %} settings, but it is a required field if you want to offer your app in {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url)." If your app is an {% data variables.product.prodname_oauth_app %}, {% data variables.product.product_name %} does not install it anywhere. Instead, {% data variables.product.product_name %} redirects the customer to the **Installation URL** you specified in your [{% data variables.product.prodname_marketplace %} listing](/apps/github-marketplace/listing-an-app-on-github-marketplace/writing-a-listing-description-for-your-app#listing-urls). @@ -67,11 +64,8 @@ For either type of app, the first step is to redirect the customer to [https://g After the customer completes the authorization, your app receives an OAuth access token for the customer. You'll need this token for the next step. -{% note %} - -**Note:** When authorizing a customer on a free trial, grant them the same access they would have on the paid plan. You'll move them to the paid plan after the trial period ends. - -{% endnote %} +> [!NOTE] +> When authorizing a customer on a free trial, grant them the same access they would have on the paid plan. You'll move them to the paid plan after the trial period ends. ## Step 4. Provisioning customer accounts diff --git a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md index 5d6f2921c64d..ca4356152ff1 100644 --- a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md +++ b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md @@ -33,8 +33,5 @@ When a customer cancels a free or paid plan, your app must perform these steps t 1. If your app is an {% data variables.product.prodname_oauth_app %}, remove all webhooks your app created for repositories. 1. Remove all customer data within 30 days of receiving the `cancelled` event. -{% note %} - -**Note:** We recommend using the [`marketplace_purchase`](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api) webhook's `effective_date` to determine when a plan change will occur and periodically synchronizing the [List accounts for a plan](/rest/apps/marketplace#list-accounts-for-a-plan). For more information on webhooks, see "[AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api)." - -{% endnote %} +> [!NOTE] +> We recommend using the [`marketplace_purchase`](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api) webhook's `effective_date` to determine when a plan change will occur and periodically synchronizing the [List accounts for a plan](/rest/apps/marketplace#list-accounts-for-a-plan). For more information on webhooks, see "[AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api)." diff --git a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md index fe4755bb0a27..ba48be038923 100644 --- a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md +++ b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md @@ -40,11 +40,8 @@ When a customer downgrades a plan, it's recommended to review whether a customer To encourage people to upgrade you can display an upgrade URL in your app's UI. See "[About upgrade URLs](#about-upgrade-urls)" for more details. -{% note %} - -**Note:** We recommend performing a periodic synchronization using `GET /marketplace_listing/plans/:id/accounts` to ensure your app has the correct plan, billing cycle information, and unit count (for per-unit pricing) for each account. - -{% endnote %} +> [!NOTE] +> We recommend performing a periodic synchronization using `GET /marketplace_listing/plans/:id/accounts` to ensure your app has the correct plan, billing cycle information, and unit count (for per-unit pricing) for each account. ## Failed upgrade payments @@ -62,8 +59,5 @@ For example, if you notice that a customer is on a 5 person plan and needs to mo Use the `LISTING_PLAN_NUMBER` for the plan the customer would like to purchase. When you create new pricing plans they receive a `LISTING_PLAN_NUMBER`, which is unique to each plan across your listing, and a `LISTING_PLAN_ID`, which is unique to each plan in the {% data variables.product.prodname_marketplace %}. You can find these numbers when you [List plans](/rest/apps#list-plans), which identifies your listing's pricing plans. Use the `LISTING_PLAN_ID` and the "[`GET /marketplace_listing/plans/{plan_id}/accounts`](/rest/apps/marketplace#list-accounts-for-a-plan)" endpoint to get the `CUSTOMER_ACCOUNT_ID`. -{% note %} - -**Note:** If your customer upgrades to additional units (such as seats), you can still send them to the appropriate plan for their purchase, but we are unable to support `unit_count` parameters at this time. - -{% endnote %} +> [!NOTE] +> If your customer upgrades to additional units (such as seats), you can still send them to the appropriate plan for their purchase, but we are unable to support `unit_count` parameters at this time. diff --git a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md index cb4bca5adca9..41c94e246838 100644 --- a/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md +++ b/content/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md @@ -30,8 +30,5 @@ See these pages for details on how to authenticate when using the {% data variab * [Authorization options for {% data variables.product.prodname_oauth_apps %}](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps) * [Authentication options for {% data variables.product.prodname_github_apps %}](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) -{% note %} - -**Note:** [Rate limits for the REST API](/rest/using-the-rest-api/rate-limits-for-the-rest-api) apply to all {% data variables.product.prodname_marketplace %} API endpoints. - -{% endnote %} +> [!NOTE] +> [Rate limits for the REST API](/rest/using-the-rest-api/rate-limits-for-the-rest-api) apply to all {% data variables.product.prodname_marketplace %} API endpoints. diff --git a/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md b/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md index 9eab002e22f0..1b2208abf532 100644 --- a/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md +++ b/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md @@ -14,11 +14,9 @@ topics: - GitHub Apps shortTitle: Activate optional features --- -{% warning %} -**Warning:** Optional features are subject to change. - -{% endwarning %} +> [!WARNING] +> Optional features are subject to change. ## Activating optional features for {% data variables.product.prodname_github_apps %} diff --git a/content/apps/maintaining-github-apps/deleting-a-github-app.md b/content/apps/maintaining-github-apps/deleting-a-github-app.md index a0bcd0a92abd..1b50989a562c 100644 --- a/content/apps/maintaining-github-apps/deleting-a-github-app.md +++ b/content/apps/maintaining-github-apps/deleting-a-github-app.md @@ -15,11 +15,8 @@ topics: - GitHub Apps --- -{% note %} - -**Note**: If you want to remove a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. - -{% endnote %} +> [!NOTE] +> If you want to remove a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. ## About deleting {% data variables.product.prodname_github_apps %} @@ -29,11 +26,8 @@ When you delete a {% data variables.product.prodname_github_app %} registration, {% ifversion ghec or fpt %} -{% note %} - -**Note**: If your {% data variables.product.prodname_github_app %} is published on {% data variables.product.prodname_marketplace %}, you must remove your app from {% data variables.product.prodname_marketplace %} before you can delete your app. For more information, see "[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/deleting-your-github-app-listing-from-github-marketplace)." - -{% endnote %} +> [!NOTE] +> If your {% data variables.product.prodname_github_app %} is published on {% data variables.product.prodname_marketplace %}, you must remove your app from {% data variables.product.prodname_marketplace %} before you can delete your app. For more information, see "[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/deleting-your-github-app-listing-from-github-marketplace)." {% endif %} diff --git a/content/apps/maintaining-github-apps/suspending-a-github-app-installation.md b/content/apps/maintaining-github-apps/suspending-a-github-app-installation.md index dfcb00a9cc66..2714d61c719e 100644 --- a/content/apps/maintaining-github-apps/suspending-a-github-app-installation.md +++ b/content/apps/maintaining-github-apps/suspending-a-github-app-installation.md @@ -14,11 +14,8 @@ topics: shortTitle: Suspend an installation --- -{% note %} - -**Note**: If you want to suspend a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. - -{% endnote %} +> [!NOTE] +> If you want to suspend a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. When a {% data variables.product.prodname_github_app %} is suspended for an installation, the {% data variables.product.prodname_github_app %} cannot access resources owned by that installation account. For example, you might want to suspend your {% data variables.product.prodname_github_app %} if you are worried that your app's credentials were leaked. diff --git a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md index 6b039372c749..c27305aa2a88 100644 --- a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md @@ -18,15 +18,12 @@ topics: - OAuth apps --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. - -Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. - -{% data variables.product.prodname_github_apps %} can act on behalf of a user, similar to an {% data variables.product.prodname_oauth_app %}, or as themselves, which is beneficial for automations that do not require user input. Additionally, {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. +> +> Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. +> +> {% data variables.product.prodname_github_apps %} can act on behalf of a user, similar to an {% data variables.product.prodname_oauth_app %}, or as themselves, which is beneficial for automations that do not require user input. Additionally, {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." {% data variables.product.product_name %}'s OAuth implementation supports the standard [authorization code grant type](https://tools.ietf.org/html/rfc6749#section-4.1) and the OAuth 2.0 [Device Authorization Grant](https://tools.ietf.org/html/rfc8628) for apps that don't have access to a web browser. @@ -45,11 +42,8 @@ To authorize your {% data variables.product.prodname_oauth_app %}, consider whic ## Web application flow -{% note %} - -**Note:** If you are building a GitHub App, you can still use the OAuth web application flow, but the setup has some important differences. See "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)" for more information. - -{% endnote %} +> [!NOTE] +> If you are building a GitHub App, you can still use the OAuth web application flow, but the setup has some important differences. See "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)" for more information. The web application flow to authorize users for your app is: @@ -323,11 +317,8 @@ To build this link, you'll need your {% data variables.product.prodname_oauth_ap {% data variables.product.oauth_host_code %}/settings/connections/applications/:client_id ``` -{% tip %} - -**Tip:** To learn more about the resources that your {% data variables.product.prodname_oauth_app %} can access for a user, see "[AUTOTITLE](/rest/guides/discovering-resources-for-a-user)." - -{% endtip %} +> [!TIP] +> To learn more about the resources that your {% data variables.product.prodname_oauth_app %} can access for a user, see "[AUTOTITLE](/rest/guides/discovering-resources-for-a-user)." ## Troubleshooting diff --git a/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md index 439ed9d5f083..2c29ffe5eb28 100644 --- a/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md +++ b/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md @@ -14,26 +14,22 @@ topics: - OAuth apps --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. - -Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. - -{% data variables.product.prodname_oauth_apps %} can only act on behalf of a user while {% data variables.product.prodname_github_apps %} can either act on behalf of a user or independently of a user. - -{% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. - -For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. +> +> Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. +> +> {% data variables.product.prodname_oauth_apps %} can only act on behalf of a user while {% data variables.product.prodname_github_apps %} can either act on behalf of a user or independently of a user. +> +> {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. +> +> For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." {% ifversion fpt or ghec %} -{% note %} - **Note:** {% data reusables.apps.maximum-oauth-apps-allowed %} +> [!NOTE] +> {% data reusables.apps.maximum-oauth-apps-allowed %} -{% endnote %} {% endif %} {% data reusables.user-settings.access_settings %} @@ -41,27 +37,21 @@ For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/diff {% data reusables.user-settings.oauth_apps %} 1. Click **New OAuth App**. - {% note %} - - **Note:** If you haven't created an app before, this button will say, **Register a new application**. + > [!NOTE] + > If you haven't created an app before, this button will say, **Register a new application**. - {% endnote %} 1. In "Application name", type the name of your app. - {% warning %} - - **Warning:** Only use information in your {% data variables.product.prodname_oauth_app %} that you consider public. Avoid using sensitive data, such as internal URLs, when creating an {% data variables.product.prodname_oauth_app %}. - - {% endwarning %} + > [!WARNING] + > Only use information in your {% data variables.product.prodname_oauth_app %} that you consider public. Avoid using sensitive data, such as internal URLs, when creating an {% data variables.product.prodname_oauth_app %}. 1. In "Homepage URL", type the full URL to your app's website. 1. Optionally, in "Application description", type a description of your app that users will see. 1. In "Authorization callback URL", type the callback URL of your app. - {% note %} - **Note:** {% data variables.product.prodname_oauth_apps %} cannot have multiple callback URLs, unlike {% data variables.product.prodname_github_apps %}. + > [!NOTE] + > {% data variables.product.prodname_oauth_apps %} cannot have multiple callback URLs, unlike {% data variables.product.prodname_github_apps %}. - {% endnote %} 1. If your {% data variables.product.prodname_oauth_app %} will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." 1. Click **Register application**. diff --git a/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md index bc4bc9fb072a..d7d09058eac8 100644 --- a/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md @@ -71,11 +71,8 @@ An _authorized_ {% data variables.product.prodname_oauth_app %} has access to al ## Token-based identification -{% note %} - -**Note:** GitHub Apps can also use a user-based token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." - -{% endnote %} +> [!NOTE] +> GitHub Apps can also use a user-based token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." | GitHub Apps | {% data variables.product.prodname_oauth_apps %} | | ----- | ----------- | diff --git a/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md index 08f95595c6b7..d417fd9f11e3 100644 --- a/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md @@ -10,11 +10,8 @@ topics: shortTitle: Rate limits --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." ## About rate limits for {% data variables.product.prodname_oauth_apps %} diff --git a/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md index 343af94d9b93..f59c64709781 100644 --- a/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md @@ -15,19 +15,13 @@ topics: - OAuth apps --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. {% data variables.product.prodname_github_apps %} use fine-grained permissions instead of scopes, which give you more control over what your app can do. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. {% data variables.product.prodname_github_apps %} use fine-grained permissions instead of scopes, which give you more control over what your app can do. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." When setting up an {% data variables.product.prodname_oauth_app %} on GitHub, requested scopes are displayed to the user on the authorization form. -{% note %} - -**Note:** If you're building a GitHub App, you don’t need to provide scopes in your authorization request. For more on this, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." - -{% endnote %} +> [!NOTE] +> If you're building a GitHub App, you don’t need to provide scopes in your authorization request. For more on this, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." If your {% data variables.product.prodname_oauth_app %} doesn't have access to a browser, such as a CLI tool, then you don't need to specify a scope for users to authenticate to your app. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." @@ -49,7 +43,7 @@ Name | Description -----|-----------| **`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% ifversion ghes %} **`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/enterprise-admin).{% endif %} -**`repo`** | Grants full access to public{% ifversion ghec or ghes %}, internal,{% endif %} and private repositories including read and write access to code, commit statuses, repository invitations, collaborators, deployment statuses, and repository webhooks. **Note**: In addition to repository related resources, the `repo` scope also grants access to manage organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users. +**`repo`** | Grants full access to public{% ifversion ghec or ghes %}, internal,{% endif %} and private repositories including read and write access to code, commit statuses, repository invitations, collaborators, deployment statuses, and repository webhooks. **Note:** In addition to repository related resources, the `repo` scope also grants access to manage organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users.  `repo:status`| Grants read/write access to commit statuses in {% ifversion fpt %}public and private{% elsif ghec or ghes %}public, private, and internal{% endif %} repositories. This scope is only necessary to grant other users or services access to private repository commit statuses _without_ granting access to the code.  `repo_deployment`| Grants access to [deployment statuses](/rest/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, _without_ granting access to the code.  `public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories. @@ -89,16 +83,15 @@ Name | Description  `manage_billing:enterprise` | Read and write enterprise billing data. For more information, see "[AUTOTITLE](/rest/billing)." {% endif %}  `read:enterprise` | Read all data on an enterprise profile. Does not include profile data of enterprise members or organizations.{% endif %}{% ifversion read-audit-scope %} **`read:audit_log`** | Read audit log data.{% endif %} -{% note %} - -**Note:** Your {% data variables.product.prodname_oauth_app %} can request the scopes in the initial redirection. You -can specify multiple scopes by separating them with a space using `%20`: - - https://github.com/login/oauth/authorize? - client_id=...& - scope=user%20repo_deployment -{% endnote %} +> [!NOTE] +> Your {% data variables.product.prodname_oauth_app %} can request the scopes in the initial redirection. You can specify multiple scopes by separating them with a space using `%20`: +> +> ```text +> https://github.com/login/oauth/authorize? +> client_id=...& +> scope=user%20repo_deployment +> ``` ## Requested scopes and granted scopes diff --git a/content/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md b/content/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md index 647fe4b09942..3b460ab856a0 100644 --- a/content/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md +++ b/content/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md @@ -9,11 +9,9 @@ topics: - OAuth apps shortTitle: Activate optional features --- -{% warning %} -**Warning:** Optional features are subject to change. - -{% endwarning %} +> [!WARNING] +> Optional features are subject to change. ## Activating optional features for {% data variables.product.prodname_oauth_apps %} diff --git a/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md b/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md index bdc109d8e27a..f085f84f1c26 100644 --- a/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md +++ b/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md @@ -14,11 +14,9 @@ topics: - OAuth apps shortTitle: Troubleshoot token request --- -{% note %} -**Note:** These examples only show JSON responses. - -{% endnote %} +> [!NOTE] +> These examples only show JSON responses. ## Incorrect client credentials diff --git a/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md index 8b68cf377eb6..e45e08ae7e52 100644 --- a/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md +++ b/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md @@ -18,11 +18,8 @@ When an {% data variables.product.prodname_oauth_app %} wants to identify you by {% ifversion fpt or ghec %} -{% tip %} - -**Tip:** You must [verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) before you can authorize an {% data variables.product.prodname_oauth_app %}. - -{% endtip %} +> [!TIP] +> You must [verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) before you can authorize an {% data variables.product.prodname_oauth_app %}. {% endif %} @@ -33,11 +30,8 @@ When an {% data variables.product.prodname_oauth_app %} wants to identify you by * **Read access** only allows an app to _look at_ your data. * **Write access** allows an app to _change_ your data. -{% tip %} - -**Tip:** {% data reusables.user-settings.review_oauth_tokens_tip %} - -{% endtip %} +> [!TIP] +> {% data reusables.user-settings.review_oauth_tokens_tip %} ### About OAuth scopes @@ -45,11 +39,8 @@ _Scopes_ are named groups of permissions that an {% data variables.product.prodn When you want to use an {% data variables.product.prodname_oauth_app %} that integrates with {% data variables.product.product_name %}, that app lets you know what type of access to your data will be required. If you grant access to the app, then the app will be able to perform actions on your behalf, such as reading or modifying data. For example, if you want to use an app that requests `user:email` scope, the app will have read-only access to your private email addresses. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)." -{% tip %} - -**Note:** Currently, you can't scope source code access to read-only. - -{% endtip %} +> [!NOTE] +> Currently, you can't scope source code access to read-only. {% data reusables.user-settings.token_access_capabilities %} For example, an application can create an access token that is configured with an `admin:org` scope, but if the user of the application is not an organization owner, the application will not be granted administrative access to the organization. @@ -90,11 +81,8 @@ When you authorize an {% data variables.product.prodname_oauth_app %} for your p If you belong to any organizations with SAML single sign-on (SSO) enabled, and you have created a linked identity for that organization by authenticating via SAML in the past, you must have an active SAML session for each organization each time you authorize an {% data variables.product.prodname_oauth_app %}. -{% note %} - -**Note:** If you're encountering issues with an authorized {% data variables.product.prodname_oauth_app %} or {% data variables.product.prodname_github_app %} accessing an organization that is protected by SAML, you may need to revoke the app from your [Authorized {% data variables.product.prodname_github_apps %}](https://github.com/settings/applications) or [Authorized {% data variables.product.prodname_oauth_apps %}](https://github.com/settings/apps/authorizations) page, visit the organization to authenticate and establish an active SAML session, and then attempt to reauthorize the app by accessing it. - -{% endnote %} +> [!NOTE] +> If you're encountering issues with an authorized {% data variables.product.prodname_oauth_app %} or {% data variables.product.prodname_github_app %} accessing an organization that is protected by SAML, you may need to revoke the app from your [Authorized {% data variables.product.prodname_github_apps %}](https://github.com/settings/applications) or [Authorized {% data variables.product.prodname_oauth_apps %}](https://github.com/settings/apps/authorizations) page, visit the organization to authenticate and establish an active SAML session, and then attempt to reauthorize the app by accessing it. ## Further reading diff --git a/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md b/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md index 51a8bf48e117..1c4be9d6bdcc 100644 --- a/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md +++ b/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md @@ -37,17 +37,11 @@ _Scopes_ are named groups of permissions that an application can request to acce When you want to use a third-party application that integrates with {% data variables.product.product_name %}, that application lets you know what type of access to your data will be required. If you grant access to the application, then the application will be able to perform actions on your behalf, such as reading or modifying data. For example, if you want to use an app that requests `user:email` scope, the app will have read-only access to your private email addresses. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)." -{% tip %} +> [!NOTE] +> Currently, you can't scope source code access to read-only. -**Note:** Currently, you can't scope source code access to read-only. - -{% endtip %} - -{% tip %} - -**Tip:** {% data reusables.user-settings.review_oauth_tokens_tip %} - -{% endtip %} +> [!TIP] +> {% data reusables.user-settings.review_oauth_tokens_tip %} ### Types of requested data diff --git a/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md b/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md index 9265fc8b395b..58c756198855 100644 --- a/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md +++ b/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md @@ -172,11 +172,8 @@ To complete the handshake, send the temporary `code` in a `POST` request to the You must complete this step of the {% data variables.product.prodname_github_app %} Manifest flow within one hour. -{% note %} - -**Note:** This endpoint is rate limited. See [Rate limits](/rest/rate-limit/rate-limit) to learn how to get your current rate limit status. - -{% endnote %} +> [!NOTE] +> This endpoint is rate limited. See [Rate limits](/rest/rate-limit/rate-limit) to learn how to get your current rate limit status. POST /app-manifests/{code}/conversions diff --git a/content/apps/using-github-apps/authorizing-github-apps.md b/content/apps/using-github-apps/authorizing-github-apps.md index 6e17b938d78a..ea3c7304724b 100644 --- a/content/apps/using-github-apps/authorizing-github-apps.md +++ b/content/apps/using-github-apps/authorizing-github-apps.md @@ -28,11 +28,10 @@ When authorizing the {% data variables.product.prodname_github_app %}, you shoul You can review and revoke your authorization at any time. For more information, see "[AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations)." {% ifversion ghec %} -{% note %} -**Note**: If your organization uses SAML SSO and you cannot see your organization's resources after you authorize a {% data variables.product.prodname_github_app %}, you may need to reauthorize the app after starting an active SAML session for your organization. For more information, see "[AUTOTITLE](/apps/using-github-apps/saml-and-github-apps)." +> [!NOTE] +> If your organization uses SAML SSO and you cannot see your organization's resources after you authorize a {% data variables.product.prodname_github_app %}, you may need to reauthorize the app after starting an active SAML session for your organization. For more information, see "[AUTOTITLE](/apps/using-github-apps/saml-and-github-apps)." -{% endnote %} {% endif %} ## About {% data variables.product.prodname_github_apps %} acting on your behalf diff --git a/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md b/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md index 219f0660d954..8ed8085e2e16 100644 --- a/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md +++ b/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md @@ -55,11 +55,10 @@ During the installation process, the app owner will direct you to a {% data vari 1. Select the location where you want to install the {% data variables.product.prodname_github_app %}. You can select your personal account or an organization that you are a member of. {% ifversion ghec %} - {% note %} - **Note**: {% data reusables.apps.github_app_install_saml %} + > [!NOTE] + > {% data reusables.apps.github_app_install_saml %} - {% endnote %} {% endif %} 1. If the app requires repository permissions, select **All repositories** or **Only select repositories**. The app will always have at least read-only access to all public repositories on {% data variables.product.company_short %}. diff --git a/content/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md b/content/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md index b3130bab6c90..4f80dac477f3 100644 --- a/content/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md +++ b/content/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md @@ -7,12 +7,9 @@ versions: shortTitle: Request for org --- -{% note %} - -**Note**: Currently, you can only request a {% data variables.product.prodname_github_app %} from your organization owner when installing the {% data variables.product.prodname_github_app %} directly from the {% data variables.product.prodname_github_app %} owner, not when installing a {% data variables.product.prodname_github_app %} from {% data variables.product.prodname_marketplace %}. - -If you find a {% data variables.product.prodname_github_app %} on {% data variables.product.prodname_marketplace %} that you want your organization owner to install, you must make the request from the {% data variables.product.prodname_github_app %}'s public installation page. The URL for a {% data variables.product.prodname_github_app %} public installation page is `https://github.com/apps/APP-NAME/installations/new`, where `APP-NAME` is the name of the {% data variables.product.prodname_github_app %}. - -{% endnote %} +> [!NOTE] +> Currently, you can only request a {% data variables.product.prodname_github_app %} from your organization owner when installing the {% data variables.product.prodname_github_app %} directly from the {% data variables.product.prodname_github_app %} owner, not when installing a {% data variables.product.prodname_github_app %} from {% data variables.product.prodname_marketplace %}. +> +> If you find a {% data variables.product.prodname_github_app %} on {% data variables.product.prodname_marketplace %} that you want your organization owner to install, you must make the request from the {% data variables.product.prodname_github_app %}'s public installation page. The URL for a {% data variables.product.prodname_github_app %} public installation page is `https://github.com/apps/APP-NAME/installations/new`, where `APP-NAME` is the name of the {% data variables.product.prodname_github_app %}. Organization members can send a request for their organization owner to install a {% data variables.product.prodname_github_app %} on the organization. To do so, follow the steps outlined in "[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-a-third-party#installing-a-github-app)." If you don't have permission to install the {% data variables.product.prodname_github_app %} on the organization, {% data variables.product.company_short %} will send an email to the organization owner to notify them of the request. The organization owner can modify the repositories that you selected and choose whether to install the {% data variables.product.prodname_github_app %}. diff --git a/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md b/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md index 152eba9b4ba0..b3707cfda5f9 100644 --- a/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md +++ b/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md @@ -34,11 +34,8 @@ In addition to reviewing {% data variables.product.prodname_github_apps %} that * For a repository where a {% data variables.product.prodname_github_app %} was granted access: - {% note %} - - **Note**: In the following steps, you will be taken to the account settings for the organization or personal account where the {% data variables.product.prodname_github_app %} is installed. The settings will affect all repositories where the app is installed under that account, not just the repository where you navigated from. - - {% endnote %} + > [!NOTE] + > In the following steps, you will be taken to the account settings for the organization or personal account where the {% data variables.product.prodname_github_app %} is installed. The settings will affect all repositories where the app is installed under that account, not just the repository where you navigated from. 1. Navigate to the main page of the organization or repository. 1. Click {% octicon "gear" aria-label="The Settings gear" %} **Settings**. diff --git a/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md b/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md index 39b597a6ed1d..fb28e0430f25 100644 --- a/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md +++ b/content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md @@ -24,14 +24,9 @@ For information on how to remove a passkey from your account, see "[Removing a p ## Upgrading an existing security key to a passkey -{% note %} - -**Notes:** - -* Platform support for upgrading security keys is inconsistent, so if you're seeing failures from your operating system or browser when trying to register an existing credential, we suggest that you remove and re-register the security key. -* If you have used a security key recently and it's eligible for an upgrade, an upgrade button will be shown next to the security key in the settings menu. You can use the button to trigger the upgrade flow. You can also attempt to upgrade other keys by registering them as a passkey, even if the upgrade button isn't shown. - -{% endnote %} +> [!NOTE] +> * Platform support for upgrading security keys is inconsistent, so if you're seeing failures from your operating system or browser when trying to register an existing credential, we suggest that you remove and re-register the security key. +> * If you have used a security key recently and it's eligible for an upgrade, an upgrade button will be shown next to the security key in the settings menu. You can use the button to trigger the upgrade flow. You can also attempt to upgrade other keys by registering them as a passkey, even if the upgrade button isn't shown. Before starting the upgrade procedure, make sure that you are using the device that's linked to the existing security key. Then, when you click **Add a passkey** in your account settings, {% data variables.product.company_short %} will automatically bump you into the "Upgrade to a passkey" flow. diff --git a/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md b/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md index 9a1d373ae758..de8da0296541 100644 --- a/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md +++ b/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md @@ -20,13 +20,13 @@ Some authenticators allow passkeys to be used with nearby devices. For example, ## Signing in with a passkey linked to your primary device -1. Navigate to the login page for {% data variables.product.prodname_dotcom %} at {% ifversion fpt or ghec%}[https://github.com/login?passkey=true](https://github.com/login?passkey=true){% else %}`https://HOSTNAME/login?passkey=true`{% endif %}. +1. Navigate to the login page for {% data variables.product.prodname_dotcom %} at {% ifversion fpt or ghec %}[https://github.com/login?passkey=true](https://github.com/login?passkey=true){% else %}`https://HOSTNAME/login?passkey=true`{% endif %}. 1. Click **{% octicon "passkey-fill" aria-hidden="true" %} Sign in with a passkey**. 1. Follow the prompts on your browser or platform to select a passkey that is accessible from the device you are using, and complete the authentication process. For example, when prompted, you might touch a fingerprint sensor or enter your PIN. ## Signing in with a passkey using a nearby device -1. Navigate to the login page for {% data variables.product.prodname_dotcom %} at {% ifversion fpt or ghec%}[https://github.com/login?passkey=true](https://github.com/login?passkey=true){% else %}`https://HOSTNAME/login?passkey=true`{% endif %}. +1. Navigate to the login page for {% data variables.product.prodname_dotcom %} at {% ifversion fpt or ghec %}[https://github.com/login?passkey=true](https://github.com/login?passkey=true){% else %}`https://HOSTNAME/login?passkey=true`{% endif %}. 1. Click **{% octicon "passkey-fill" aria-hidden="true" %} Sign in with a passkey**. 1. Follow the prompts on your browser or platform to select a passkey that is accessible as a nearby device (such as a phone or a tablet). 1. Continue to follow the prompts to start the authentication process. For example, you might choose to scan a QR code, or trigger a push notification to the nearby device. diff --git a/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md b/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md index 962b32513efe..804d284ba126 100644 --- a/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md +++ b/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md @@ -21,11 +21,8 @@ You can authorize an existing SSH key, or create a new SSH key and then authoriz {% data reusables.saml.authorized-creds-info %} -{% note %} - -**Note:** If your SSH key authorization is revoked by an organization, you will not be able to reauthorize the same key. You will need to create a new SSH key and authorize it. For more information about creating a new SSH key, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)." - -{% endnote %} +> [!NOTE] +> If your SSH key authorization is revoked by an organization, you will not be able to reauthorize the same key. You will need to create a new SSH key and authorize it. For more information about creating a new SSH key, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)." You do not need to authorize SSH certificates signed by your organization's SSH certificate authority (CA). diff --git a/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md b/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md index 4f9d359ceaec..c7e4b31fafef 100644 --- a/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md +++ b/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md @@ -21,11 +21,8 @@ You can view a list of devices that have logged into your account, and revoke an 1. To see the session details, next to the session, click **See more**. 1. To revoke a session, in the session details, click **Revoke SAML**. - {% note %} - - **Note:** When you revoke a session, you remove your SAML authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)." - - {% endnote %} + > [!NOTE] + > When you revoke a session, you remove your SAML authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)." ## Further reading diff --git a/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md b/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md index 1dbd51dff41c..4e53697022e5 100644 --- a/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md +++ b/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md @@ -39,11 +39,8 @@ Before you generate a new SSH key, you should check your local machine for exist * _id_ecdsa.pub_ * _id_ed25519.pub_ - {% tip %} - - **Tip**: If you receive an error that _~/.ssh_ doesn't exist, you do not have an existing SSH key pair in the default location. You can create a new SSH key pair in the next step. - - {% endtip %} + > [!TIP] + > If you receive an error that _~/.ssh_ doesn't exist, you do not have an existing SSH key pair in the default location. You can create a new SSH key pair in the next step. 1. Either generate a new SSH key or upload an existing key. * If you don't have a supported public and private key pair, or don't wish to use any that are available, generate a new SSH key. diff --git a/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md b/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md index 4acead2314aa..f35c4710b060 100644 --- a/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md +++ b/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md @@ -45,15 +45,12 @@ If you are a site administrator for {% data variables.location.product_location_ ssh-keygen -t ed25519 -C "your_email@example.com" ``` - {% note %} - - **Note:** If you are using a legacy system that doesn't support the Ed25519 algorithm, use: - - ```shell - ssh-keygen -t rsa -b 4096 -C "your_email@example.com" - ``` - - {% endnote %} + > [!NOTE] + > If you are using a legacy system that doesn't support the Ed25519 algorithm, use: + > + > ```shell + > ssh-keygen -t rsa -b 4096 -C "your_email@example.com" + > ``` This creates a new SSH key, using the provided email as a label. @@ -126,20 +123,14 @@ Before adding a new SSH key to the ssh-agent to manage your keys, you should hav IdentityFile ~/.ssh/id_ed25519 ``` - {% note %} - - **Notes:** - - * If you chose not to add a passphrase to your key, you should omit the `UseKeychain` line. - - * If you see a `Bad configuration option: usekeychain` error, add an additional line to the configuration's' `Host *.{% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %}` section. - - ```text copy - Host {% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %} - IgnoreUnknown UseKeychain - ``` - - {% endnote %} + > [!NOTE] + > * If you chose not to add a passphrase to your key, you should omit the `UseKeychain` line. + > * If you see a `Bad configuration option: usekeychain` error, add an additional line to the configuration's' `Host *.{% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %}` section. + > + > ```text copy + > Host {% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %} + > IgnoreUnknown UseKeychain + > ``` 1. Add your SSH private key to the ssh-agent and store your passphrase in the keychain. {% data reusables.ssh.add-ssh-key-to-ssh-agent %} @@ -223,15 +214,12 @@ If you are using macOS or Linux, you may need to update your SSH client or insta {% endlinux %} - {% note %} - - **Note:** If the command fails and you receive the error `invalid format` or `feature not supported,` you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead. - - ```shell - ssh-keygen -t ecdsa-sk -C "your_email@example.com" - ``` - - {% endnote %} + > [!NOTE] + > If the command fails and you receive the error `invalid format` or `feature not supported,` you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead. + > + > ```shell + > ssh-keygen -t ecdsa-sk -C "your_email@example.com" + > ``` 1. When you are prompted, touch the button on your hardware security key. 1. When you are prompted to "Enter a file in which to save the key," press Enter to accept the default file location. diff --git a/content/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md b/content/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md index d1f0d655d40d..59e336391be4 100644 --- a/content/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md +++ b/content/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md @@ -167,15 +167,12 @@ If your server needs to access multiple repositories, you can create a new accou {% ifversion fpt or ghec %} -{% tip %} - -**Tip:** Our [terms of service][tos] state: - -> _Accounts registered by "bots" or other automated methods are not permitted._ - -This means that you cannot automate the creation of accounts. But if you want to create a single machine user for automating tasks such as deploy scripts in your project or organization, that is totally cool. - -{% endtip %} +> [!TIP] +> Our [terms of service][tos] state: +> +> > _Accounts registered by "bots" or other automated methods are not permitted._ +> +> This means that you cannot automate the creation of accounts. But if you want to create a single machine user for automating tasks such as deploy scripts in your project or organization, that is totally cool. {% endif %} diff --git a/content/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md b/content/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md index 4a5108d8de02..b4bb6b5e89c8 100644 --- a/content/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md +++ b/content/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md @@ -65,10 +65,7 @@ You'll need to authenticate this action using your password, which is the SSH ke {% endlinux %} - {% note %} - - **Note:** The remote command should exit with code 1. - - {% endnote %} + > [!NOTE] + > The remote command should exit with code 1. 1. Verify that the resulting message contains your username. If you receive a "permission denied" message, see "[AUTOTITLE](/authentication/troubleshooting-ssh/error-permission-denied-publickey)." diff --git a/content/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md b/content/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md index 7430f64bc87e..e0988ff8b25d 100644 --- a/content/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md +++ b/content/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md @@ -45,11 +45,8 @@ We're off to a great start. Let's set up SSH to allow agent forwarding to your s Host example.com ForwardAgent yes -{% warning %} - -**Warning:** You may be tempted to use a wildcard like `Host *` to just apply this setting to all SSH connections. That's not really a good idea, as you'd be sharing your local SSH keys with _every_ server you SSH into. They won't have direct access to the keys, but they will be able to use them _as you_ while the connection is established. **You should only add servers you trust and that you intend to use with agent forwarding.** - -{% endwarning %} +> [!WARNING] +> You may be tempted to use a wildcard like `Host *` to just apply this setting to all SSH connections. That's not really a good idea, as you'd be sharing your local SSH keys with _every_ server you SSH into. They won't have direct access to the keys, but they will be able to use them _as you_ while the connection is established. **You should only add servers you trust and that you intend to use with agent forwarding.** ## Testing SSH agent forwarding diff --git a/content/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md b/content/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md index aa481da8395b..636de271b983 100644 --- a/content/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md +++ b/content/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md @@ -67,11 +67,8 @@ unset env If your private key is not stored in one of the default locations (like `~/.ssh/id_rsa`), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type `ssh-add ~/path/to/my_key`. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)" -{% tip %} - -**Tip:** If you want `ssh-agent` to forget your key after some time, you can configure it to do so by running `ssh-add -t `. - -{% endtip %} +> [!TIP] +> If you want `ssh-agent` to forget your key after some time, you can configure it to do so by running `ssh-add -t `. Now, when you first run Git Bash, you are prompted for your passphrase: diff --git a/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md b/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md index 16d775747322..fcfa4480af2a 100644 --- a/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md +++ b/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md @@ -58,11 +58,10 @@ If you need to use multiple accounts on {% data variables.location.product_locat * In addition to authentication with a TOTP application{% ifversion fpt or ghec %} or a text message{% endif %}, you can optionally add an alternative method of authentication with {% ifversion fpt or ghec %}{% data variables.product.prodname_mobile %} or{% endif %} a security key using WebAuthn. For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-github-mobile)" and {% endif %}"[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)." {% ifversion fpt or ghec %} - {% note %} - **Note:** {% data reusables.two_fa.unlink-email-address %} + > [!NOTE] + > {% data reusables.two_fa.unlink-email-address %} - {% endnote %} {% endif %}{% ifversion passkeys %} * **Passkey** * You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."{% endif %} diff --git a/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md b/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md index 6c98ad6fefef..376741ee4bce 100644 --- a/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md +++ b/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md @@ -27,11 +27,8 @@ If you access {% data variables.product.github %} on a subdomain of {% data vari {% endif %} -{% note %} - -**Note:** The list of {% data variables.product.prodname_dotcom %} IP addresses returned by the Meta API is not intended to be an exhaustive list. For example, IP addresses for some {% data variables.product.prodname_dotcom %} services might not be listed, such as LFS or {% data variables.product.prodname_registry %}. - -{% endnote %} +> [!NOTE] +> The list of {% data variables.product.prodname_dotcom %} IP addresses returned by the Meta API is not intended to be an exhaustive list. For example, IP addresses for some {% data variables.product.prodname_dotcom %} services might not be listed, such as LFS or {% data variables.product.prodname_registry %}. These IP addresses are used by {% data variables.product.prodname_dotcom %} to serve our content, deliver webhooks, and perform hosted {% data variables.product.prodname_actions %} builds. diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md index ae005010cb40..b05d59632b51 100644 --- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md +++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md @@ -20,11 +20,8 @@ topics: - Access management --- -{% warning %} - -**Warning**: Treat your access tokens like passwords. For more information, see "[Keeping your {% data variables.product.pat_generic %}s secure](#keeping-your-personal-access-tokens-secure)." - -{% endwarning %} +> [!WARNING] +> Treat your access tokens like passwords. For more information, see "[Keeping your {% data variables.product.pat_generic %}s secure](#keeping-your-personal-access-tokens-secure)." ## About {% data variables.product.pat_generic %}s @@ -76,11 +73,8 @@ For more information about best practices, see "[AUTOTITLE](/rest/overview/keepi ## Creating a {% data variables.product.pat_v2 %} -{% note %} - -**Note**: {% data reusables.user-settings.pat-v2-beta %} - -{% endnote %} +> [!NOTE] +> {% data reusables.user-settings.pat-v2-beta %} {% ifversion fpt or ghec %}1. [Verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address), if it hasn't been verified yet.{% endif %} {% data reusables.user-settings.access_settings %} @@ -104,17 +98,11 @@ If you selected an organization as the resource owner and the organization requi ## Creating a {% data variables.product.pat_v1 %} -{% note %} - -**Note**: Organization owners can restrict the access of {% data variables.product.pat_v1 %} to their organization. If you try to use a {% data variables.product.pat_v1 %} to access resources in an organization that has disabled {% data variables.product.pat_v1 %} access, your request will fail with a 403 response. Instead, you must use a {% data variables.product.prodname_github_app %}, {% data variables.product.prodname_oauth_app %}, or {% data variables.product.pat_v2 %}. - -{% endnote %} - -{% warning %} - -**Note**: Your {% data variables.product.pat_v1 %} can access every repository that you can access. {% data variables.product.company_short %} recommends that you use {% data variables.product.pat_v2 %}s instead, which you can restrict to specific repositories. {% data variables.product.pat_v2_caps %}s also enable you to specify fine-grained permissions instead of broad scopes. +> [!NOTE] +> Organization owners can restrict the access of {% data variables.product.pat_v1 %} to their organization. If you try to use a {% data variables.product.pat_v1 %} to access resources in an organization that has disabled {% data variables.product.pat_v1 %} access, your request will fail with a 403 response. Instead, you must use a {% data variables.product.prodname_github_app %}, {% data variables.product.prodname_oauth_app %}, or {% data variables.product.pat_v2 %}. -{% endwarning %} +> [!WARNING] +> Your {% data variables.product.pat_v1 %} can access every repository that you can access. {% data variables.product.company_short %} recommends that you use {% data variables.product.pat_v2 %}s instead, which you can restrict to specific repositories. {% data variables.product.pat_v2_caps %}s also enable you to specify fine-grained permissions instead of broad scopes. {% ifversion fpt or ghec %}1. [Verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address), if it hasn't been verified yet.{% endif %} {% data reusables.user-settings.access_settings %} diff --git a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md index 952a864efa6e..962434f5bf63 100644 --- a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md +++ b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md @@ -23,11 +23,8 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% data reusables.user-settings.ssh %} 1. Under "SSH keys", take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**. - {% note %} - - **Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. - - {% endnote %} + > [!NOTE] + > If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. 1. Open Terminal. @@ -50,11 +47,8 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% data reusables.user-settings.ssh %} 1. Under "SSH keys", take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**. - {% note %} - - **Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. - - {% endnote %} + > [!NOTE] + > If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. 1. Open Git Bash. @@ -81,11 +75,8 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% data reusables.user-settings.ssh %} 1. Under "SSH keys", take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**. - {% note %} - - **Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. - - {% endnote %} + > [!NOTE] + > If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. 1. Open Terminal. @@ -102,8 +93,5 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% endlinux %} -{% warning %} - -**Warning**: If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. - -{% endwarning %} +> [!WARNING] +> If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. diff --git a/content/authentication/keeping-your-account-and-data-secure/security-log-events.md b/content/authentication/keeping-your-account-and-data-secure/security-log-events.md index c32cda4c9b21..3fa0218da763 100644 --- a/content/authentication/keeping-your-account-and-data-secure/security-log-events.md +++ b/content/authentication/keeping-your-account-and-data-secure/security-log-events.md @@ -11,13 +11,10 @@ topics: autogenerated: audit-logs --- -{% note %} - -{% ifversion ghes %}**Notes**: -* This article contains the events available in the latest version of {% data variables.product.prodname_ghe_server %}. Some of the events may not be available in previous versions. --{% else %}**Note:**{% endif %} This article contains the events that may appear in your user account's security log. For the events that can appear in an organization's audit log{% ifversion ghec or ghes %} or the audit log for an enterprise{% endif %}, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization){% ifversion ghec or ghes %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."{% else %}."{% endif %} - -{% endnote %} +> [!NOTE] +{% ifversion ghes %} +> * This article contains the events available in the latest version of {% data variables.product.prodname_ghe_server %}. Some of the events may not be available in previous versions. +> *{% else %}>{% endif %} This article contains the events that may appear in your user account's security log. For the events that can appear in an organization's audit log{% ifversion ghec or ghes %} or the audit log for an enterprise{% endif %}, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization){% ifversion ghec or ghes %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."{% else %}."{% endif %} ## About security log events diff --git a/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md b/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md index 3a91d89edece..529634af2058 100644 --- a/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md +++ b/content/authentication/keeping-your-account-and-data-secure/sudo-mode.md @@ -27,20 +27,14 @@ After you authenticate to perform a sensitive action, your session is temporaril {% ifversion ghes %} -{% note %} - -**Note**: If {% data variables.location.product_location_enterprise %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator. - -{% endnote %} +> [!NOTE] +> If {% data variables.location.product_location_enterprise %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator. {% endif %} {% ifversion ghec %} -{% note %} - -**Note**: If your enterprise uses {% data variables.product.prodname_emus %}, only the setup user will receive prompts to enter sudo mode, as {% data variables.enterprise.prodname_managed_users %} don't have credentials stored on {% data variables.product.product_name %}. - -{% endnote %} +> [!NOTE] +> If your enterprise uses {% data variables.product.prodname_emus %}, only the setup user will receive prompts to enter sudo mode, as {% data variables.enterprise.prodname_managed_users %} don't have credentials stored on {% data variables.product.product_name %}. {% endif %} diff --git a/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md b/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md index aa392720ac0d..76a3dc6acb35 100644 --- a/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md +++ b/content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md @@ -31,11 +31,8 @@ When you add a new account to the account switcher, both the account you are cur When you have added accounts to the account switcher, you can quickly change between them without always needing to reauthenticate. -{% note %} - -**Note:** The "{% octicon "arrow-switch" aria-hidden="true" %} Switch account" option will not be available if all sessions have expired. You can instead click on {% octicon "arrow-switch" aria-hidden="true" %} **See all accounts** in the menu to reauthenticate. - -{% endnote %} +> [!NOTE] +> The "{% octicon "arrow-switch" aria-hidden="true" %} Switch account" option will not be available if all sessions have expired. You can instead click on {% octicon "arrow-switch" aria-hidden="true" %} **See all accounts** in the menu to reauthenticate. 1. In the upper-right corner of any page, click your profile photo to open the menu. 1. In the menu, click {% octicon "arrow-switch" aria-hidden="true" %} **Switch account**. diff --git a/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md b/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md index 2b63dee86781..fa862465d515 100644 --- a/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md +++ b/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md @@ -17,11 +17,8 @@ When a token has expired or has been revoked, it can no longer be used to authen This article explains the possible reasons your {% data variables.product.product_name %} token might be revoked or expire. -{% note %} - -**Note:** When a {% data variables.product.pat_generic %} or OAuth token expires or is revoked, you may see an `oauth_authorization.destroy` action in your security log. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)." - -{% endnote %} +> [!NOTE] +> When a {% data variables.product.pat_generic %} or OAuth token expires or is revoked, you may see an `oauth_authorization.destroy` action in your security log. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)." ## Token revoked after reaching its expiration date diff --git a/content/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md b/content/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md index 67750dea72b4..fabdefc97282 100644 --- a/content/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md +++ b/content/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md @@ -22,11 +22,8 @@ You can view a list of devices that have logged into your account, and revoke an {% ifversion fpt or ghec %} 1. Optionally, to revoke a {% data variables.product.prodname_mobile %} session, go back to the Sessions overview page and click **Revoke** next to the device you want to revoke. - {% note %} - - **Note:** Revoking a mobile session signs you out of the {% data variables.product.prodname_mobile %} application on that device and removes it as a second-factor option. - - {% endnote %} + > [!NOTE] + > Revoking a mobile session signs you out of the {% data variables.product.prodname_mobile %} application on that device and removes it as a second-factor option. {% endif %} diff --git a/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md b/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md index b24c0a4457e7..ec0e4600e092 100644 --- a/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md +++ b/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md @@ -16,11 +16,8 @@ shortTitle: Existing GPG keys --- {% data reusables.gpg.supported-gpg-key-algorithms %} -{% note %} - -**Note:** GPG does not come installed by default on macOS or Windows. To install GPG command line tools, see [GnuPG's Download page](https://www.gnupg.org/download/). - -{% endnote %} +> [!NOTE] +> GPG does not come installed by default on macOS or Windows. To install GPG command line tools, see [GnuPG's Download page](https://www.gnupg.org/download/). {% data reusables.command_line.open_the_multi_os_terminal %} {% data reusables.gpg.list-keys-with-note %} diff --git a/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md b/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md index 5a9fc3a12b4b..a3c944e51e6f 100644 --- a/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md +++ b/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md @@ -17,11 +17,8 @@ topics: ## Generating a GPG key -{% note %} - -**Note:** Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG.{% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."{% endif %} - -{% endnote %} +> [!NOTE] +> Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG.{% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."{% endif %} 1. Download and install [the GPG command line tools](https://www.gnupg.org/download/) for your operating system. We generally recommend installing the latest version for your operating system. {% data reusables.command_line.open_the_multi_os_terminal %} @@ -44,11 +41,8 @@ topics: 1. Verify that your selections are correct. 1. Enter your user ID information. - {% note %} - - **Note:** When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. {% data reusables.gpg.private-email %} {% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)" and "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)."{% endif %} - - {% endnote %} + > [!NOTE] + > When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. {% data reusables.gpg.private-email %} {% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)" and "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)."{% endif %} 1. Type a secure passphrase. {% data reusables.gpg.list-keys-with-note %} diff --git a/content/authentication/managing-commit-signature-verification/signing-commits.md b/content/authentication/managing-commit-signature-verification/signing-commits.md index 20ee61f97d80..38749a0b0771 100644 --- a/content/authentication/managing-commit-signature-verification/signing-commits.md +++ b/content/authentication/managing-commit-signature-verification/signing-commits.md @@ -17,19 +17,14 @@ topics: --- {% data reusables.gpg.desktop-support-for-commit-signing %} -{% tip %} - -**Tips:** - -To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run `git config commit.gpgsign true`. To sign all commits by default in any local repository on your computer, run `git config --global commit.gpgsign true`. - -To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools: -* For Mac users, the [GPG Suite](https://gpgtools.org/) allows you to store your GPG key passphrase in the macOS Keychain. -* For Windows users, the [Gpg4win](https://www.gpg4win.org/) integrates with other Windows tools. - -You can also manually configure [gpg-agent](http://linux.die.net/man/1/gpg-agent) to save your GPG key passphrase, but this doesn't integrate with macOS Keychain like ssh-agent and requires more setup. - -{% endtip %} +> [!TIP] +> To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run `git config commit.gpgsign true`. To sign all commits by default in any local repository on your computer, run `git config --global commit.gpgsign true`. +> +> To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools: +> * For Mac users, the [GPG Suite](https://gpgtools.org/) allows you to store your GPG key passphrase in the macOS Keychain. +> * For Windows users, the [Gpg4win](https://www.gpg4win.org/) integrates with other Windows tools. +> +> You can also manually configure [gpg-agent](http://linux.die.net/man/1/gpg-agent) to save your GPG key passphrase, but this doesn't integrate with macOS Keychain like ssh-agent and requires more setup. If you have multiple keys or are attempting to sign commits or tags with a key that doesn't match your committer identity, you should [tell Git about your signing key](/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key). diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md index 8cfc0bc03f45..3959040db48d 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md @@ -24,11 +24,8 @@ Your account is selected for mandatory 2FA if you have taken some action on {% d {% data variables.product.prodname_dotcom %} is continually assessing improvements to our account security features and 2FA requirements, so these criteria may change over time. -{% note %} - -**Note:** If your account has an education coupon active, it is exempt from mandatory 2FA. - -{% endnote %} +> [!NOTE] +> If your account has an education coupon active, it is exempt from mandatory 2FA. ### About mandatory 2FA for organizations and enterprises @@ -36,11 +33,8 @@ Mandatory 2FA is required by {% data variables.product.prodname_dotcom %} itself Your account's eligibility for mandatory 2FA **does not** impact the eligibility of other individuals. For example, if you are an organization owner, and your account is eligible for mandatory 2FA, that does not impact the eligibility of other accounts within your organization. -{% note %} - -**Note:** {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_emus %} and on-premise {% data variables.product.prodname_ghe_server %} users are **not** required to enable 2FA. Mandatory 2FA enablement only applies to users with a password on {% data variables.product.prodname_dotcom_the_website %}. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_emus %} and on-premise {% data variables.product.prodname_ghe_server %} users are **not** required to enable 2FA. Mandatory 2FA enablement only applies to users with a password on {% data variables.product.prodname_dotcom_the_website %}. ## About failure to enable mandatory 2FA @@ -58,11 +52,8 @@ Currently, we don't support passkeys or security keys as primary 2FA methods sin * [About SAML SSO and mandatory 2FA](#about-saml-sso-and-mandatory-2fa) * [About email verification and mandatory 2FA](#about-email-verification-and-mandatory-2fa) -{% note %} - -**Note:** We recommend retaining cookies on {% data variables.product.prodname_dotcom_the_website %}. If you set your browser to wipe your cookies every day, you'll never have a verified device for account recovery purposes, as the [`_device_id` cookie](https://github.com/privacy/cookies) is used to securely prove you've used that device previously. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token)." - -{% endnote %} +> [!NOTE] +> We recommend retaining cookies on {% data variables.product.prodname_dotcom_the_website %}. If you set your browser to wipe your cookies every day, you'll never have a verified device for account recovery purposes, as the [`_device_id` cookie](https://github.com/privacy/cookies) is used to securely prove you've used that device previously. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token)." ### About TOTP apps and mandatory 2FA @@ -72,11 +63,8 @@ If you do not want to download an app on your mobile device, there are multiple You can also manually set up any app that generates a code compatible with RFC 6238. For more information on manually setting up a TOTP app, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-app)." For more information on RFC 6238, see [TOTP: Time-Based One-Time Password Algorithm](https://datatracker.ietf.org/doc/html/rfc6238) in the IETF documentation. -{% note %} - -**Note:** If you are using FreeOTP for 2FA, you may see a warning about weak cryptographic parameters. {% data variables.product.prodname_dotcom %} uses an 80 bit secret to ensure compatibility with older versions of Google Authenticator. 80 bits is lower than the 128 bits recommended by the HOTP RFC, but at this time we have no plans to change this and recommend ignoring this message. For more information, see [HOTP: An HMAC-Based One-Time Password Algorithm](https://www.ietf.org/rfc/rfc4226.txt) in the IETF documentation. - -{% endnote %} +> [!NOTE] +> If you are using FreeOTP for 2FA, you may see a warning about weak cryptographic parameters. {% data variables.product.prodname_dotcom %} uses an 80 bit secret to ensure compatibility with older versions of Google Authenticator. 80 bits is lower than the 128 bits recommended by the HOTP RFC, but at this time we have no plans to change this and recommend ignoring this message. For more information, see [HOTP: An HMAC-Based One-Time Password Algorithm](https://www.ietf.org/rfc/rfc4226.txt) in the IETF documentation. ### About SAML SSO and mandatory 2FA @@ -96,8 +84,5 @@ Unattended or shared access accounts in your organization, such as bots and serv If you have been selected for mandatory 2FA, that **does not** mean you have to provide {% data variables.product.prodname_dotcom %} with your phone number. You only have to provide your phone number if you use SMS for 2FA. Instead, we recommend configuring a TOTP app as your primary 2FA method. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-app)." -{% note %} - -**Note:** Your region may not be listed in the available SMS options. We monitor SMS delivery success rates on a per region basis, and disallow setup for regions that have poor delivery rates. If you don't see your region on the list, you must set up a TOTP app instead. For more information on supported regions for SMS, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)." - -{% endnote %} +> [!NOTE] +> Your region may not be listed in the available SMS options. We monitor SMS delivery success rates on a per region basis, and disallow setup for regions that have poor delivery rates. If you don't see your region on the list, you must set up a TOTP app instead. For more information on supported regions for SMS, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)." diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md index b3b52fb9ec61..13b12e83d6e6 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md @@ -33,11 +33,10 @@ You can also use {% data variables.product.prodname_mobile %} for 2FA after conf You can also configure additional recovery methods in case you lose access to your two-factor authentication credentials. For more information on setting up 2FA, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)" and "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods)." {% ifversion fpt or ghec %} -{% note %} -**Note:** {% data reusables.two_fa.unlink-email-address %} +> [!NOTE] +> {% data reusables.two_fa.unlink-email-address %} -{% endnote %} {% endif %} We **strongly** urge you to enable 2FA for the safety of your account, not only on {% data variables.product.product_name %}, but on other websites and apps that support 2FA. You can enable 2FA to access {% data variables.product.product_name %} and {% data variables.product.prodname_desktop %}. @@ -54,11 +53,8 @@ For more information, see "[AUTOTITLE](/authentication/securing-your-account-wit {% ifversion fpt or ghec %} -{% warning %} - -**Warning**: {% data reusables.two_fa.support-may-not-help %} For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." - -{% endwarning %} +> [!WARNING] +> {% data reusables.two_fa.support-may-not-help %} For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." {% endif %} diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md index cc6270fd1509..e8f391caedc0 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md @@ -70,11 +70,9 @@ If you have installed and signed in to {% data variables.product.prodname_mobile 1. Sign in to {% data variables.product.product_name %} with your browser, using your username and password. 1. {% data variables.product.product_name %} will send you a push notification to verify your sign in attempt. Opening the push notification or opening the {% data variables.product.prodname_mobile %} app will display a prompt, asking you to approve or reject this sign in attempt. - {% note %} - **Note**: This prompt may require you to enter a two-digit number displayed within the browser you are signing in to. - - {% endnote %} + > [!NOTE] + > This prompt may require you to enter a two-digit number displayed within the browser you are signing in to. * Upon approving the login attempt using {% data variables.product.prodname_mobile %}, your browser will complete the sign in attempt automatically. * Rejecting the sign in attempt will prevent the authentication from finishing. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)." @@ -119,11 +117,10 @@ When you access a repository via Subversion, you must provide a {% data variable If you lose access to your two-factor authentication credentials, you can use your recovery codes or another recovery method (if you've set one up) to regain access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." {% ifversion fpt or ghec %} -{% note %} -**Note:** {% data reusables.two_fa.unlink-email-address %} +> [!NOTE] +> {% data reusables.two_fa.unlink-email-address %} -{% endnote %} {% endif %} If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone. diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md index cd22fca1b292..3f2dec5e1d2d 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md @@ -32,13 +32,10 @@ You can change the time-based one-time password (TOTP) application you use to ge {% data reusables.user-settings.security %} {% data reusables.two_fa.edit-existing-method %} {% data reusables.two_fa.enable-totp-app-method %} -{% data reusables.two_fa.save-2fa-method-when-editing%} +{% data reusables.two_fa.save-2fa-method-when-editing %} -{% warning %} - -**Warning:** Changes to an existing 2FA method will only take effect after you have provided a valid code from the new method and clicked **Save**. Only replace the existing 2FA method on your device (e.g. the {% data variables.product.prodname_dotcom %} entry in your TOTP app) after your new method is saved to your {% data variables.product.prodname_dotcom %} account completely. - -{% endwarning %} +> [!WARNING] +> Changes to an existing 2FA method will only take effect after you have provided a valid code from the new method and clicked **Save**. Only replace the existing 2FA method on your device (e.g. the {% data variables.product.prodname_dotcom %} entry in your TOTP app) after your new method is saved to your {% data variables.product.prodname_dotcom %} account completely. {% data reusables.two_fa.manual-totp-app-setup %} @@ -52,7 +49,7 @@ You can change the phone number you use to receive authentication codes via SMS. {% data reusables.user-settings.security %} {% data reusables.two_fa.edit-existing-method %} {% data reusables.two_fa.enable-sms-number-method %} -{% data reusables.two_fa.save-2fa-method-when-editing%} +{% data reusables.two_fa.save-2fa-method-when-editing %} {% endif %} @@ -73,7 +70,7 @@ You can add a time-based one-time password (TOTP) application to generate authen {% data reusables.user-settings.security %} {% data reusables.two_fa.add-additional-method %} {% data reusables.two_fa.enable-totp-app-method %} -{% data reusables.two_fa.save-2fa-method-when-editing%} +{% data reusables.two_fa.save-2fa-method-when-editing %} {% data reusables.two_fa.manual-totp-app-setup %} {% ifversion fpt or ghec %} @@ -86,7 +83,7 @@ You can add a time-based one-time password (TOTP) application to generate authen {% data reusables.user-settings.security %} {% data reusables.two_fa.add-additional-method %} {% data reusables.two_fa.enable-sms-number-method %} -{% data reusables.two_fa.save-2fa-method-when-editing%} +{% data reusables.two_fa.save-2fa-method-when-editing %} {% endif %} diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md index 9331c16cf5c7..162159172a04 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md @@ -36,31 +36,23 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %} {% endif %} {% endif %} -{% warning %} - -**Warning:** -* If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA. -* If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner. - -{% endwarning %} +> [!WARNING] +> * If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA. +> * If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner. {% ifversion 2fa-reconfiguration-inline-update %} -{% note %} -**Note:** You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA. +> [!NOTE] +> You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA. -{% endnote %} {% endif %} ## Configuring two-factor authentication using a TOTP app A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. These apps can be downloaded to your phone or desktop. We recommend using cloud-based TOTP apps. {% data variables.product.prodname_dotcom %} is app-agnostic when it comes to TOTP apps, so you have the freedom to choose any TOTP app you prefer. Just search for `TOTP app` in your browser to find various options. You can also refine your search by adding keywords like `free` or `open source` to match your preferences. -{% tip %} - -**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings. - -{% endtip %} +> [!TIP] +> To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings. 1. Download a TOTP app of your choice to your phone or desktop. {% data reusables.user-settings.access_settings %} @@ -97,11 +89,8 @@ If you're unable to configure a TOTP app, you can also register your phone numbe {% data reusables.passkeys.about-passkeys %} See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)." -{% note %} - -**Note:** Platform authenticators like Windows Hello, Face ID, or Touch ID can be registered as a passkey instead. - -{% endnote %} +> [!NOTE] +> Platform authenticators like Windows Hello, Face ID, or Touch ID can be registered as a passkey instead. 1. You must have already configured 2FA via a TOTP mobile app{% ifversion fpt or ghec %} or via SMS{% endif %}. {% data reusables.passkeys.adding-a-passkey %} diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md index ee2e23fbb6fa..a6e8de3ac6e6 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md @@ -27,12 +27,12 @@ If your country is not on this list, then we aren't currently able to reliably d
  • Austria
  • Bahamas
  • Bahrain
    • -
  • Bangladesh
  • Belarus
  • Belgium
  • Benin
  • Bolivia
  • Bosnia and Herzegovina
    • +
  • Brazil
  • Brunei
  • Bulgaria
  • Burundi
    • @@ -65,7 +65,6 @@ If your country is not on this list, then we aren't currently able to reliably d
  • Hungary
  • Iceland
  • India
    • -
  • Indonesia
  • Ireland
  • Israel
  • Italy
    • @@ -73,7 +72,6 @@ If your country is not on this list, then we aren't currently able to reliably d
  • Jamaica
  • Japan
  • Jordan
    • -
  • Kazakhstan
  • Kuwait
  • Latvia
  • Libya
    • @@ -98,7 +96,6 @@ If your country is not on this list, then we aren't currently able to reliably d
  • New Zealand
  • Nigeria
  • Norway
    • -
  • Philippines
  • Poland
  • Portugal
  • Qatar
    • @@ -127,7 +124,7 @@ If your country is not on this list, then we aren't currently able to reliably d
  • United Arab Emirates
  • United Kingdom
  • United States
    • -
  • Uzbekistan
    • +
  • Uruguay
  • Venezuela
    • diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md index 00bf0a6e41c6..1afa0c626a9f 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md @@ -18,11 +18,8 @@ shortTitle: Disable 2FA {% data reusables.two_fa.mandatory-2fa-contributors-2023 %} {% endif %} -{% warning %} - -**Warning:** If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner. - -{% endwarning %} +> [!WARNING] +> If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner. We strongly recommend using two-factor authentication (2FA) to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible. diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md index b68c0cf1d0a4..33ebb5b56a96 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md @@ -17,19 +17,11 @@ shortTitle: Recover an account with 2FA --- {% ifversion fpt or ghec %} -{% warning %} +> [!WARNING] +> * {% data reusables.two_fa.support-may-not-help %} -**Warnings**: - -* {% data reusables.two_fa.support-may-not-help %} - -{% endwarning %} - -{% note %} - -**Note:** {% data reusables.two_fa.unlink-email-address %} - -{% endnote %} +> [!NOTE] +> {% data reusables.two_fa.unlink-email-address %} {% endif %} @@ -39,11 +31,8 @@ Use one of your recovery codes to automatically regain entry into your account. 1. Type your username and password to prompt authentication. - {% warning %} - - **Warning**: {% data reusables.accounts.you-must-know-your-password %} - - {% endwarning %} + > [!WARNING] + > {% data reusables.accounts.you-must-know-your-password %} 1. Under "Having problems?", click **Use a recovery code{% ifversion fpt or ghec %} or begin 2FA account recovery{% endif %}**. 1. Type one of your recovery codes, then click **Verify**. @@ -64,11 +53,8 @@ If you configured two-factor authentication using a security key, you can use yo ## Authenticating with a fallback number -{% note %} - -**Note:** Configuring a fallback SMS number in addition to your primary SMS number is no longer supported. Instead, we strongly recommend registering multiple authentication methods. - -{% endnote %} +> [!NOTE] +> Configuring a fallback SMS number in addition to your primary SMS number is no longer supported. Instead, we strongly recommend registering multiple authentication methods. If you lose access to your preferred TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account. @@ -76,21 +62,16 @@ If you lose access to your preferred TOTP app or phone number, you can provide a If you know your password for {% data variables.product.prodname_dotcom %} but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account. -{% note %} - -**Note**: For security reasons, regaining access to your account by authenticating with a one-time password can take up to three business days. {% data variables.product.company_short %} will not review additional requests submitted during this time. - -{% endnote %} +> [!NOTE] +> For security reasons, regaining access to your account by authenticating with a one-time password can take up to three business days. {% data variables.product.company_short %} will not review additional requests submitted during this time. You can use your two-factor authentication credentials or two-factor authentication recovery codes to regain access to your account anytime during the 3-5 day waiting period. 1. Type your username and password to prompt authentication. - {% warning %} - - **Warning**: {% data reusables.accounts.you-must-know-your-password %} + > [!WARNING] + > {% data reusables.accounts.you-must-know-your-password %} - {% endwarning %} 1. Under "Having problems?", click **Use a recovery code or begin 2FA account recovery**. 1. Under "Locked out?", click **Try 2FA account recovery, or unlink your account email address(es)**. 1. Click **I understand, get started** to request a reset of your authentication settings. diff --git a/content/authentication/troubleshooting-ssh/error-permission-denied-publickey.md b/content/authentication/troubleshooting-ssh/error-permission-denied-publickey.md index d49f490632da..29db4a93664a 100644 --- a/content/authentication/troubleshooting-ssh/error-permission-denied-publickey.md +++ b/content/authentication/troubleshooting-ssh/error-permission-denied-publickey.md @@ -119,11 +119,8 @@ You should see this output: The `ssh-add` command _should_ print out a long string of numbers and letters. If it does not print anything, you will need to [generate a new SSH key](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) and associate it with {% data variables.product.product_name %}. -{% tip %} - -**Tip**: On most systems the default private keys (`~/.ssh/id_rsa` and `~/.ssh/identity`) are automatically added to the SSH authentication agent. You shouldn't need to run `ssh-add path/to/key` unless you override the file name when you generate a key. - -{% endtip %} +> [!TIP] +> On most systems the default private keys (`~/.ssh/id_rsa` and `~/.ssh/identity`) are automatically added to the SSH authentication agent. You shouldn't need to run `ssh-add path/to/key` unless you override the file name when you generate a key. ### Getting more details @@ -247,8 +244,5 @@ You must provide your public key to {% data variables.product.product_name %} to If you don't see your public key in {% data variables.product.product_name %}, you'll need to [add your SSH key to {% data variables.product.product_name %}](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) to associate it with your computer. -{% warning %} - -**Warning**: If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys)." - -{% endwarning %} +> [!WARNING] +> If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys)." diff --git a/content/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md b/content/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md index f5fc673447c0..df8ac233b42f 100644 --- a/content/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md +++ b/content/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md @@ -25,14 +25,9 @@ To add your SSH private key to the ssh-agent, you can specify the path to the Ap /usr/bin/ssh-add --apple-use-keychain ~/.ssh/id_ed25519 ``` -{% note %} - -**Notes:** - -* The `--apple-use-keychain` option is in Apple's standard version of `ssh-add`. In macOS versions prior to Monterey (12.0), use `-K` instead of `--apple-use-keychain`. -* {% data reusables.ssh.add-ssh-key-to-ssh-agent %} - -{% endnote %} +> [!NOTE] +> * The `--apple-use-keychain` option is in Apple's standard version of `ssh-add`. In macOS versions prior to Monterey (12.0), use `-K` instead of `--apple-use-keychain`. +> * {% data reusables.ssh.add-ssh-key-to-ssh-agent %} ## Further reading diff --git a/content/authentication/troubleshooting-ssh/error-unknown-key-type.md b/content/authentication/troubleshooting-ssh/error-unknown-key-type.md index d736a9b0b31f..6f1502c9d0b1 100644 --- a/content/authentication/troubleshooting-ssh/error-unknown-key-type.md +++ b/content/authentication/troubleshooting-ssh/error-unknown-key-type.md @@ -21,13 +21,10 @@ You must have Homebrew installed. For more information, see the [installation gu ## Solving the issue -{% warning %} - -**Warning:** If you install OpenSSH, your computer will not be able to retrieve passphrases that are stored in the Apple keychain. You will need to enter your passphrase or interact with your hardware security key every time you authenticate with SSH to {% data variables.product.prodname_dotcom %} or another web service. - -If you remove OpenSSH, the passphrases that are stored in your keychain will once again be retrievable. You can remove OpenSSH by entering the command `brew uninstall openssh` in Terminal. - -{% endwarning %} +> [!WARNING] +> If you install OpenSSH, your computer will not be able to retrieve passphrases that are stored in the Apple keychain. You will need to enter your passphrase or interact with your hardware security key every time you authenticate with SSH to {% data variables.product.prodname_dotcom %} or another web service. +> +> If you remove OpenSSH, the passphrases that are stored in your keychain will once again be retrievable. You can remove OpenSSH by entering the command `brew uninstall openssh` in Terminal. 1. Open Terminal. 1. Enter the command `brew install openssh`. diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/upgrading-git-large-file-storage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/upgrading-git-large-file-storage.md index 92efbf4ea49b..af3ae01ec4f4 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/upgrading-git-large-file-storage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/upgrading-git-large-file-storage.md @@ -49,11 +49,8 @@ shortTitle: Upgrade Git LFS storage {% data reusables.enterprise-accounts.billing-perms %} -{% note %} - -**Note:** If your enterprise account is invoiced, you may not be able to purchase Git LFS data packs on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}. - -{% endnote %} +> [!NOTE] +> If your enterprise account is invoiced, you may not be able to purchase Git LFS data packs on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/viewing-your-git-large-file-storage-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/viewing-your-git-large-file-storage-usage.md index 92ce0a5eef75..3094dd30b50e 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/viewing-your-git-large-file-storage-usage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-git-large-file-storage/viewing-your-git-large-file-storage-usage.md @@ -36,11 +36,10 @@ shortTitle: View Git LFS usage ## Viewing storage and bandwidth usage for an organization {% ifversion billing-beta-enterprise %} -{% note %} -**Note:** If your organization belongs to an enterprise enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.large_files.product_name_short %}, you will not see {% data variables.large_files.product_name_short %} usage on the existing billing pages. +> [!NOTE] +> If your organization belongs to an enterprise enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.large_files.product_name_short %}, you will not see {% data variables.large_files.product_name_short %} usage on the existing billing pages. -{% endnote %} {% endif %} {% data reusables.dotcom_billing.org-billing-perms %} @@ -53,11 +52,10 @@ shortTitle: View Git LFS usage ## Viewing storage and bandwidth for an enterprise account {% ifversion billing-beta-enterprise %} -{% note %} -**Note:** If your enterprise is enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.large_files.product_name_short %}, you will not see {% data variables.large_files.product_name_short %} usage on the existing billing pages. +> [!NOTE] +> If your enterprise is enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.large_files.product_name_short %}, you will not see {% data variables.large_files.product_name_short %} usage on the existing billing pages. -{% endnote %} {% endif %} {% data reusables.enterprise-accounts.access-enterprise %} diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md index 1e652ec358cc..50fc70938c69 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md @@ -33,7 +33,7 @@ shortTitle: Billing for GitHub Actions {% data reusables.actions.actions-spending-limit-brief %} For more information, see "[About spending limits](#about-spending-limits)." -If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_actions %} usage beyond the amounts included with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." +If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif %}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account to enable and pay for {% data variables.product.prodname_actions %} usage beyond the amounts included with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." Minutes reset every month, while storage usage does not. diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions.md index 75d512575701..a450a8cfd43f 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions.md @@ -32,7 +32,7 @@ shortTitle: Spending limits for Actions {% data reusables.actions.actions-packages-set-spending-limit %} For more information about pricing for {% data variables.product.prodname_actions %} usage, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)." -If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_actions %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." +If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif %}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account to enable and pay for {% data variables.product.prodname_actions %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." As soon as you set a spending limit other than $0, you will be responsible for any existing overages in the current billing period. For example, if your organization uses {% data variables.product.prodname_team %}, does not allow overages, and creates workflow artifacts that increase your storage usage for the month from 1.9GB to 2.1GB, you will use slightly more storage than the 2GB your product includes. @@ -56,11 +56,9 @@ Organizations owners and billing managers can manage the spending limit for {% d {% data reusables.dotcom_billing.manage-spending-limit %} 1. Under "Monthly spending limit", choose to limit spending or allow unlimited spending. - {% note %} + > [!NOTE] + > If {% data variables.product.prodname_github_codespaces %} is enabled for your organization, scroll to "Actions & Packages", then choose to limit spending or allow unlimited spending. - **Note:** If {% data variables.product.prodname_github_codespaces %} is enabled for your organization, scroll to "Actions & Packages", then choose to limit spending or allow unlimited spending. - - {% endnote %} {% data reusables.dotcom_billing.update-spending-limit %} {% ifversion ghec %} diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/viewing-your-github-actions-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/viewing-your-github-actions-usage.md index a77e84856656..c87b3fb399b6 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/viewing-your-github-actions-usage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/viewing-your-github-actions-usage.md @@ -38,11 +38,10 @@ Anyone can view {% data variables.product.prodname_actions %} usage for their ow ## Viewing {% data variables.product.prodname_actions %} usage for your organization {% ifversion billing-beta-enterprise %} -{% note %} -**Note:** If your organization belongs to an enterprise enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.product.prodname_actions %}, you will not see {% data variables.product.prodname_actions %} usage on the existing billing pages. +> [!NOTE] +> If your organization belongs to an enterprise enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.product.prodname_actions %}, you will not see {% data variables.product.prodname_actions %} usage on the existing billing pages. -{% endnote %} {% endif %} Organization owners and billing managers can view {% data variables.product.prodname_actions %} usage for an organization. For organizations managed by an enterprise account, only the organization owners can view {% data variables.product.prodname_actions %} usage in the organization billing page. @@ -57,20 +56,16 @@ Organization owners and billing managers can view {% data variables.product.prod ## Viewing {% data variables.product.prodname_actions %} usage for your enterprise account {% ifversion billing-beta-enterprise %} -{% note %} -**Note:** If your enterprise is enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.product.prodname_actions %}, you will not see {% data variables.product.prodname_actions %} usage on the existing billing pages. +> [!NOTE] +> If your enterprise is enrolled in the Billing {% data variables.release-phases.private_preview %} for {% data variables.product.prodname_actions %}, you will not see {% data variables.product.prodname_actions %} usage on the existing billing pages. -{% endnote %} {% endif %} Enterprise owners and billing managers can view {% data variables.product.prodname_actions %} usage for an enterprise account. -{% note %} - -**Note:** Billing details for enterprise accounts don't summarize the usage minutes for each operating system. {% data reusables.actions.enterprise-billing-details %} - -{% endnote %} +> [!NOTE] +> Billing details for enterprise accounts don't summarize the usage minutes for each operating system. {% data reusables.actions.enterprise-billing-details %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md index 239e0ba15903..e3fa5a8ad78d 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md @@ -63,11 +63,8 @@ If you have further questions about using {% data variables.product.prodname_GH_ {% data reusables.advanced-security.ghas-license-info-for-fpt %} -{% note %} - -**Note:** If you change the visibility of a public repository to private then {% data variables.product.prodname_GH_advanced_security %} will be disabled for that repository. - -{% endnote %} +> [!NOTE] +> If you change the visibility of a public repository to private then {% data variables.product.prodname_GH_advanced_security %} will be disabled for that repository. For pricing details for {% data variables.product.prodname_GH_advanced_security %}, see our [pricing information](https://github.com/enterprise/advanced-security#pricing). diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md index 99bfa3e2a9ba..4ac62a3d606a 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md @@ -47,7 +47,7 @@ To set up a trial of {% data variables.product.prodname_GH_advanced_security %}, You can finish your trial at any time by purchasing {% data variables.product.prodname_GH_advanced_security %}. If you haven't purchased {% data variables.product.prodname_GH_advanced_security %} by the end of the 30 days, your trial will expire. -{% ifversion metered-ghe-ghas%} +{% ifversion metered-ghe-ghas %} If you pay for {% data variables.product.prodname_ghe_cloud %} with usage-based billing, but did not set up a free trial of {% data variables.product.prodname_GH_advanced_security %}, you can still use usage-based billing to pay for {% data variables.product.prodname_GH_advanced_security %} after the {% data variables.product.prodname_ghe_cloud %} trial ends. For more information, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact). diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md index 50843e5ae42b..6b5eb9c546ad 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md @@ -118,7 +118,7 @@ If you enable prebuilding of codespaces this will incur additional charges. See Billing for {% data variables.product.prodname_github_codespaces %} shares your account's existing payment method, and receipt. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/viewing-your-subscriptions-and-billing-date)." -If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_github_codespaces %} usage. See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." +If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif %}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account to enable and pay for {% data variables.product.prodname_github_codespaces %} usage. See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." ## About billing for compute usage diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces.md index d591105a0953..b76632c17f0d 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces.md @@ -35,7 +35,7 @@ Once you've reached your spending limit, you will no longer be able to create ne ## Using your Azure Subscription -If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_github_codespaces %} usage. See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." +If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif %}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account to enable and pay for {% data variables.product.prodname_github_codespaces %} usage. See "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." ## Managing the {% data variables.product.prodname_github_codespaces %} spending limit for your personal account @@ -51,11 +51,8 @@ You can set a spending limit for {% data variables.product.prodname_github_codes Organizations owners and billing managers can manage the spending limit for {% data variables.product.prodname_github_codespaces %} for an organization. -{% note %} - -**Note**: Organizations that are owned by an enterprise account cannot specify their own spending limit as this is specified in the enterprise settings. - -{% endnote %} +> [!NOTE] +> Organizations that are owned by an enterprise account cannot specify their own spending limit as this is specified in the enterprise settings. {% data reusables.organizations.billing-settings %} {% data reusables.dotcom_billing.manage-spending-limit %} diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage.md index 2b12016b84a1..cb9cee911006 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage.md @@ -51,13 +51,9 @@ Organization owners and billing managers can view {% data variables.product.prod {% data reusables.organizations.billing-settings %} 1. Under "Usage this month", under "{% data variables.product.prodname_codespaces %}", view the details of the compute hours and storage used so far this month. - {% note %} - - **Notes**: - * The costs shown here are the cumulative costs within the current billing month. The usage-based costs for {% data variables.product.prodname_github_codespaces %} shown on this page are reset to zero at the start of each billing month. Outstanding costs from previous months are not shown. - * The figures on this page are updated every hour. - - {% endnote %} + > [!NOTE] + > * The costs shown here are the cumulative costs within the current billing month. The usage-based costs for {% data variables.product.prodname_github_codespaces %} shown on this page are reset to zero at the start of each billing month. Outstanding costs from previous months are not shown. + > * The figures on this page are updated every hour. You can also see and update your current spending limit. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces)." diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace.md index 94fbc9f31fba..c28e51775836 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace.md @@ -43,11 +43,8 @@ When you choose a paid plan with a free trial: {% data reusables.user-settings.context_switcher %} -{% note %} - -**Note:** When you transfer an organization with paid {% data variables.product.prodname_marketplace %} apps into an enterprise account, you may receive a second receipt but you will not be charged twice. - -{% endnote %} +> [!NOTE] +> When you transfer an organization with paid {% data variables.product.prodname_marketplace %} apps into an enterprise account, you may receive a second receipt but you will not be charged twice. ## Unit plan limits diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md index a8aab444fe36..9e46beb5a5d5 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md @@ -40,7 +40,7 @@ shortTitle: About billing {% endnote %} -If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_registry %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." +If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif %}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account to enable and pay for {% data variables.product.prodname_registry %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." Data transfer resets every month, while storage usage does not. diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages.md index c400fe3c5830..d610d05a6a7b 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages.md @@ -33,7 +33,7 @@ shortTitle: Your spending limit {% data reusables.actions.actions-packages-set-spending-limit %} For more information about pricing for {% data variables.product.prodname_registry %} usage, see "[AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages)." -If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_registry %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." +If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif %}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account to enable and pay for {% data variables.product.prodname_registry %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)." As soon as you set a spending limit other than $0, you will be responsible for any existing overages in the current billing period. For example, if your organization uses {% data variables.product.prodname_team %}, does not allow overages, and publishes a new version of a private package that increases your storage usage for the month from 1.9GB to 2.1GB, publishing the version will use slightly more than the 2GB your product includes. @@ -57,11 +57,8 @@ Organizations owners and billing managers can manage the spending limit for {% d {% data reusables.dotcom_billing.manage-spending-limit %} 1. Under "Monthly spending limit", choose to limit spending or allow unlimited spending. - {% note %} - - **Note:** If {% data variables.product.prodname_github_codespaces %} is enabled for your organization, scroll to "Actions & Packages", then choose to limit spending or allow unlimited spending. - - {% endnote %} + > [!NOTE] + > If {% data variables.product.prodname_github_codespaces %} is enabled for your organization, scroll to "Actions & Packages", then choose to limit spending or allow unlimited spending. {% data reusables.dotcom_billing.update-spending-limit %} diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/viewing-your-github-packages-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/viewing-your-github-packages-usage.md index 7e48cabd9246..714f063f6b5c 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/viewing-your-github-packages-usage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/viewing-your-github-packages-usage.md @@ -49,11 +49,8 @@ Organization owners and billing managers can view {% data variables.product.prod Enterprise owners and billing managers can view {% data variables.product.prodname_registry %} usage for an enterprise account. -{% note %} - -**Note:** Billing details for enterprise accounts only summarize the storage data usage per organization. {% data reusables.actions.enterprise-billing-details %} - -{% endnote %} +> [!NOTE] +> Billing details for enterprise accounts only summarize the storage data usage per organization. {% data reusables.actions.enterprise-billing-details %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise.md b/content/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise.md index 2654a2b9d344..6b05bf5f4b35 100644 --- a/content/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise.md +++ b/content/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise.md @@ -52,15 +52,10 @@ One person may be able to complete the tasks because the person has all of the r 1. An organization owner must invite the subscriber to the organization on {% data variables.location.product_location %} from step 1. The subscriber can accept the invitation with an existing personal account or create a new account. After the subscriber joins the organization, the subscriber becomes an enterprise member. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)." - {% tip %} - - **Tips**: - - * While not required, we recommend that the organization owner sends an invitation to the same email address used for the subscriber's User Primary Name (UPN). When the email address on {% data variables.location.product_location %} matches the subscriber's UPN, you can ensure that another enterprise does not claim the subscriber's license. - * If the subscriber accepts the invitation to the organization with an existing personal account on {% data variables.location.product_location %}, we recommend that the subscriber add the email address they use for {% data variables.product.prodname_vs %} to their personal account on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." - * If the organization owner must invite a large number of subscribers, a script may make the process faster. For more information, see [the sample PowerShell script](https://github.com/github/platform-samples/blob/master/api/powershell/invite_members_to_org.ps1) in the `github/platform-samples` repository. - - {% endtip %} + > [!TIP] + > * While not required, we recommend that the organization owner sends an invitation to the same email address used for the subscriber's User Primary Name (UPN). When the email address on {% data variables.location.product_location %} matches the subscriber's UPN, you can ensure that another enterprise does not claim the subscriber's license. + > * If the subscriber accepts the invitation to the organization with an existing personal account on {% data variables.location.product_location %}, we recommend that the subscriber add the email address they use for {% data variables.product.prodname_vs %} to their personal account on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." + > * If the organization owner must invite a large number of subscribers, a script may make the process faster. For more information, see [the sample PowerShell script](https://github.com/github/platform-samples/blob/master/api/powershell/invite_members_to_org.ps1) in the `github/platform-samples` repository. After {% data variables.visual_studio.prodname_vss_ghe %} is set up for subscribers on your team, enterprise owners can review licensing information on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account)." diff --git a/content/billing/managing-the-plan-for-your-github-account/about-billing-for-plans.md b/content/billing/managing-the-plan-for-your-github-account/about-billing-for-plans.md index de890ef64226..363009befe6e 100644 --- a/content/billing/managing-the-plan-for-your-github-account/about-billing-for-plans.md +++ b/content/billing/managing-the-plan-for-your-github-account/about-billing-for-plans.md @@ -39,8 +39,5 @@ You can purchase other subscriptions and usage-based billing with your existing {% data reusables.user-settings.context_switcher %} -{% tip %} - -**Tip:** {% data variables.product.prodname_dotcom %} has programs for verified students and academic faculty, which include academic discounts. For more information, visit [{% data variables.product.prodname_education %}](https://education.github.com/). - -{% endtip %} +> [!TIP] +> {% data variables.product.prodname_dotcom %} has programs for verified students and academic faculty, which include academic discounts. For more information, visit [{% data variables.product.prodname_education %}](https://education.github.com/). diff --git a/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md b/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md index 89e23af7603c..65e3fdd58899 100644 --- a/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md +++ b/content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md @@ -62,14 +62,10 @@ If you currently pay for your {% data variables.product.prodname_enterprise %} l * Anyone with a pending invitation to become an outside collaborator on private or internal repositories owned by your organization, excluding forks * Dormant users -{% note %} - -**Notes:** -* {% data variables.product.company_short %} counts each outside collaborator once for billing purposes, even if the user account has access to multiple repositories owned by your organization. -* {% data reusables.organizations.org-invite-scim %} -* Inviting an outside collaborator to a repository using their email address temporarily uses an available seat, even if they already have access to other repositories. After they accept the invite, the seat will be freed up again. However, inviting them using their username does not temporarily use a seat. - -{% endnote %} +> [!NOTE] +> * {% data variables.product.company_short %} counts each outside collaborator once for billing purposes, even if the user account has access to multiple repositories owned by your organization. +> * {% data reusables.organizations.org-invite-scim %} +> * Inviting an outside collaborator to a repository using their email address temporarily uses an available seat, even if they already have access to other repositories. After they accept the invite, the seat will be freed up again. However, inviting them using their username does not temporarily use a seat. {% data variables.product.company_short %} does not bill for the following people: @@ -95,14 +91,10 @@ If your enterprise does not use {% data variables.product.prodname_emus %}, you * Anyone with a pending invitation to become an organization owner or member * Anyone with a pending invitation to become an outside collaborator on private or internal repositories owned by your organization, excluding forks -{% note %} - -**Notes:** -* {% data variables.product.company_short %} counts each member or outside collaborator once for billing purposes, even if the user account has membership in multiple organizations in an enterprise or access to multiple repositories owned by your organization. -* {% data reusables.organizations.org-invite-scim %} -* Inviting an outside collaborator to a repository using their email address temporarily uses an available seat, even if they already have access to other repositories. After they accept the invite, the seat will be freed up again. However, inviting them using their username does not temporarily use a seat. - -{% endnote %} +> [!NOTE] +> * {% data variables.product.company_short %} counts each member or outside collaborator once for billing purposes, even if the user account has membership in multiple organizations in an enterprise or access to multiple repositories owned by your organization. +> * {% data reusables.organizations.org-invite-scim %} +> * Inviting an outside collaborator to a repository using their email address temporarily uses an available seat, even if they already have access to other repositories. After they accept the invite, the seat will be freed up again. However, inviting them using their username does not temporarily use a seat. {% data variables.product.company_short %} does not bill for any of the following accounts: diff --git a/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md b/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md index cfcd34f02581..534f93a4df9c 100644 --- a/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md +++ b/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md @@ -22,7 +22,7 @@ shortTitle: Connect an Azure subscription ## About connection of an Azure subscription -You can pay for usage of {% data variables.product.product_name %} features through Azure by connecting an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account on {% data variables.location.product_location %}. {% ifversion fpt %}For more information about organization accounts, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."{% elsif ghec %} +You can pay for usage of {% data variables.product.product_name %} features through Azure by connecting an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif %} account on {% data variables.location.product_location %}. {% ifversion fpt %}For more information about organization accounts, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."{% elsif ghec %} In this article, the instructions that you must follow to connect an Azure subscription depend on whether your company uses a single organization or an enterprise account on {% data variables.location.product_location %}. For more information about the differences between these two types of accounts, see "[AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts)."{% endif %} @@ -56,7 +56,7 @@ If you use {% data variables.product.product_name %} through a Microsoft Enterpr If you link your {% data variables.product.company_short %} account to Azure, any usage-based costs starting from that point will be billed through Azure and charged on the 1st of each month. However, remaining {% data variables.product.company_short %} charges, for example charges for your {% data variables.product.prodname_dotcom %} plan, will still be billed on your usual billing date. -For example, you link your Azure subscription to your organization {% ifversion ghec %}or enterprise{% endif%} account on June 16th and you also have a {% data variables.product.prodname_copilot_for_business %} subscription. From that date onwards, any usage costs for {% data variables.product.prodname_copilot_business_short %} will be included in your Azure bill and charged on July 1st. However, any charges incurred before June 16th for {% data variables.product.prodname_copilot_business_short %} will be billed separately through {% data variables.product.company_short %} on your account's usual billing date. +For example, you link your Azure subscription to your organization {% ifversion ghec %}or enterprise{% endif %} account on June 16th and you also have a {% data variables.product.prodname_copilot_for_business %} subscription. From that date onwards, any usage costs for {% data variables.product.prodname_copilot_business_short %} will be included in your Azure bill and charged on July 1st. However, any charges incurred before June 16th for {% data variables.product.prodname_copilot_business_short %} will be billed separately through {% data variables.product.company_short %} on your account's usual billing date. ## Prerequisites @@ -80,17 +80,20 @@ For example, you link your Azure subscription to your organization {% ifversion * You must know your Azure subscription ID. See [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) in the Microsoft Docs or [contact Azure support](https://azure.microsoft.com/support/). +## Video demonstration of connecting a subscription + +To connect an Azure subscription, you'll need appropriate access permissions on both {% data variables.product.product_name %} and the Azure billing portal. This may require coordination between two different people. + +To see a demo of the process from beginning to end, see [Billing GitHub consumption through an Azure subscription](https://www.youtube.com/watch?v=Y-f7JKJ4_8Y) on {% data variables.product.company_short %}'s YouTube channel. This video demonstrates the process for an enterprise account. If you're connecting a subscription to an organization account, see "[Connecting your Azure subscription to your organization account](/free-pro-team@latest/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-organization-account)." + {% ifversion fpt %} ## Connecting your Azure subscription to your organization account To connect your Azure subscription, you must have owner permissions to the Azure subscription and be an organization owner on {% data variables.product.prodname_dotcom %}. -{% note %} - -**Note**: If your organization account on {% data variables.location.product_location %} belongs an enterprise account, you must connect your Azure subscription to the enterprise account instead of the organization account. See "[Connecting your Azure subscription to your enterprise account](/enterprise-cloud@latest/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-enterprise-account)" in the {% data variables.product.prodname_ghe_cloud %} version of this article. - -{% endnote %} +> [!NOTE] +> If your organization account on {% data variables.location.product_location %} belongs an enterprise account, you must connect your Azure subscription to the enterprise account instead of the organization account. See "[Connecting your Azure subscription to your enterprise account](/enterprise-cloud@latest/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-enterprise-account)" in the {% data variables.product.prodname_ghe_cloud %} version of this article. {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} diff --git a/content/billing/managing-the-plan-for-your-github-account/discounted-plans-for-github-accounts.md b/content/billing/managing-the-plan-for-your-github-account/discounted-plans-for-github-accounts.md index f502e8906ba1..3de7fc16cb1e 100644 --- a/content/billing/managing-the-plan-for-your-github-account/discounted-plans-for-github-accounts.md +++ b/content/billing/managing-the-plan-for-your-github-account/discounted-plans-for-github-accounts.md @@ -21,11 +21,9 @@ topics: - User account shortTitle: Discounted plans --- -{% tip %} -**Tip**: Discounts for an account's plan do not apply to other subscriptions or usage-based billing. - -{% endtip %} +> [!TIP] +> Discounts for an account's plan do not apply to other subscriptions or usage-based billing. ## Discounts for personal accounts diff --git a/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md b/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md index 1e834eb4c29e..40582308f69d 100644 --- a/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md +++ b/content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md @@ -54,11 +54,8 @@ After an organization's plan is downgraded, the organization will lose access to Downgrading from {% data variables.product.prodname_ghe_cloud %} disables any SAML settings. If you later purchase {% data variables.product.prodname_enterprise %}, you will need to reconfigure SAML. -{% note %} - -**Note:** If your organization is owned by an enterprise account, billing cannot be managed at the organization level. To downgrade, you must remove the organization from the enterprise account first. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise)." - -{% endnote %} +> [!NOTE] +> If your organization is owned by an enterprise account, billing cannot be managed at the organization level. To downgrade, you must remove the organization from the enterprise account first. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise)." {% data reusables.organizations.billing-settings %} 1. Under "Current plan", use the **Edit** drop-down and click the downgrade option you want. @@ -102,11 +99,8 @@ To downgrade the plan of an individual organization within the enterprise accoun {% data reusables.enterprise-accounts.billing-perms %} -{% note %} - -**Note:** If your enterprise account is invoiced, you cannot remove seats on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}. - -{% endnote %} +> [!NOTE] +> If your enterprise account is invoiced, you cannot remove seats on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/managing-the-plan-for-your-github-account/one-time-payments-for-customers-in-india.md b/content/billing/managing-the-plan-for-your-github-account/one-time-payments-for-customers-in-india.md index e18f741b4d0c..4cc16873594f 100644 --- a/content/billing/managing-the-plan-for-your-github-account/one-time-payments-for-customers-in-india.md +++ b/content/billing/managing-the-plan-for-your-github-account/one-time-payments-for-customers-in-india.md @@ -52,11 +52,8 @@ Existing sponsorships will remain in place during this period and maintainers wi ## Making a one-time payment for a GitHub subscription -{% note %} - -**Note**: Affected customers will receive an email notification with a link to their billing settings when payment is due. Two further reminder emails will be sent 7 and 14 days later if payment has not been made. After 14 days, paid features and services will be locked until payment is made. - -{% endnote %} +> [!NOTE] +> Affected customers will receive an email notification with a link to their billing settings when payment is due. Two further reminder emails will be sent 7 and 14 days later if payment has not been made. After 14 days, paid features and services will be locked until payment is made. {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.billing_plans_payment %} diff --git a/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md index 0c938f750aea..89ca5344f809 100644 --- a/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md +++ b/content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md @@ -22,11 +22,8 @@ For privacy reasons, enterprise owners cannot directly access the details of use ## About the calculation of consumed licenses -{% note %} - -**Note:** For {% data variables.visual_studio.prodname_vs_subscriber %}s, see "[AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise)." - -{% endnote %} +> [!NOTE] +> For {% data variables.visual_studio.prodname_vs_subscriber %}s, see "[AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise)." A person consumes a license for {% data variables.product.prodname_enterprise %} depending on specific criteria. If a user has not yet accepted an invitation to join your enterprise, the user still consumes a license. For more information about the people in your enterprise who consume a license, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)." @@ -98,11 +95,8 @@ To ensure that the each user is only consuming a single seat for different deplo 1. To help identify users that are consuming multiple seats, if your enterprise uses verified domains for {% data variables.product.prodname_ghe_cloud %}, review the list of enterprise members who do not have an email address from a verified domain associated with their account on {% data variables.product.prodname_ghe_cloud %}. Often, these are the users who erroneously consume more than one licensed seat. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-members-without-an-email-address-from-a-verified-domain)." - {% note %} - - **Note:** To make troubleshooting easier, we recommend using verified domains with your enterprise account on {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)." - - {% endnote %} + > [!NOTE] + > To make troubleshooting easier, we recommend using verified domains with your enterprise account on {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)." 1. After you identify users who are consuming multiple seats, make sure that the same email address is associated with all of the user's accounts. For more information about which email addresses must match, see "[About the calculation of consumed licenses](#about-the-calculation-of-consumed-licenses)." 1. If an email address was recently updated or verified to correct a mismatch, view the timestamp of the last license sync job. If a job hasn't run since the correction was made, manually trigger a new job. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)." diff --git a/content/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md b/content/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md index eff5807336aa..3241377bbe32 100644 --- a/content/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md +++ b/content/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md @@ -19,11 +19,10 @@ After you purchase or upgrade a license for {% data variables.product.prodname_e ## Uploading your license from the {% data variables.enterprise.management_console %} {% ifversion ghes < 3.13 %} -{% warning %} -**Warning:** Updating your license causes a small amount of downtime for {% data variables.location.product_location %}. +> [!WARNING] +> Updating your license causes a small amount of downtime for {% data variables.location.product_location %}. -{% endwarning %} {% endif %} 1. Sign into {% data variables.location.product_location_enterprise %} as a site administrator. diff --git a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/renewing-your-clients-paid-organization.md b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/renewing-your-clients-paid-organization.md index d950bf54293a..decfe0319e08 100644 --- a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/renewing-your-clients-paid-organization.md +++ b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/renewing-your-clients-paid-organization.md @@ -17,11 +17,8 @@ shortTitle: Renewing paid organization --- {% data reusables.organizations.reseller-ask-to-become-billing-manager %} -{% tip %} - -**Tip**: Billing managers can also [change the organization's number of paid seats](/billing/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization) anytime. - -{% endtip %} +> [!TIP] +> Billing managers can also [change the organization's number of paid seats](/billing/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization) anytime. ## Updating your organization's credit card diff --git a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization.md b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization.md index 0141042f5613..bf3f4a0414ee 100644 --- a/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization.md +++ b/content/billing/setting-up-paid-accounts-for-procurement-companies/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization.md @@ -18,13 +18,9 @@ shortTitle: Upgrade or downgrade --- {% data reusables.organizations.reseller-ask-to-become-billing-manager %} -{% tip %} - -**Tips**: -* Before you upgrade your client's organization, you can [view or update the payment method on file for the organization](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). -* These instructions are for upgrading and downgrading organizations on the _per-seat subscription_. If your client pays for {% data variables.product.product_name %} using a _legacy per-repository_ plan, you can upgrade or [downgrade](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan) their legacy plan, or [switch their organization to per-seat pricing](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan). - -{% endtip %} +> [!TIP] +> * Before you upgrade your client's organization, you can [view or update the payment method on file for the organization](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). +> * These instructions are for upgrading and downgrading organizations on the _per-seat subscription_. If your client pays for {% data variables.product.product_name %} using a _legacy per-repository_ plan, you can upgrade or [downgrade](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan) their legacy plan, or [switch their organization to per-seat pricing](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan). ## Upgrading an organization's number of paid seats diff --git a/content/billing/using-the-billing-platform/about-billing-on-github.md b/content/billing/using-the-billing-platform/about-billing-on-github.md index ee2c31ecbe05..eec16a16892e 100644 --- a/content/billing/using-the-billing-platform/about-billing-on-github.md +++ b/content/billing/using-the-billing-platform/about-billing-on-github.md @@ -14,10 +14,6 @@ topics: - Fundamentals --- -{% data reusables.billing.us-sales-tax-note %} For more information about updating your billing information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method)." -> ->If you're exempt from sales tax, you will need to upload a sales tax exemption certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)." - ## About billing on {% data variables.product.prodname_dotcom %} {% data variables.product.company_short %} bills separately for each account. This means that you will receive a separate bill for your personal account and for each organization or enterprise account you own. For more information about account types, see "[AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts)." @@ -30,6 +26,12 @@ Usage-based billing applies when the cost of a paid product depends on how much Your plan may come with included amounts of usage-based products. For example, with {% data variables.product.prodname_pro %}, your personal account gets 3,000 minutes of {% data variables.product.prodname_actions %} usage for free each month. You can control usage beyond the included amounts by setting spending limits. +{% ifversion us-sales-tax %} + +{% data reusables.billing.us-sales-tax %} + +{% endif %} + ## Included amounts by plan diff --git a/content/billing/using-the-billing-platform/adding-a-sales-tax-certificate.md b/content/billing/using-the-billing-platform/adding-a-sales-tax-certificate.md index 6625b6910cec..b5d5e8b30002 100644 --- a/content/billing/using-the-billing-platform/adding-a-sales-tax-certificate.md +++ b/content/billing/using-the-billing-platform/adding-a-sales-tax-certificate.md @@ -12,8 +12,6 @@ topics: shortTitle: Add a sales tax certificate --- -{% data reusables.billing.us-sales-tax-note %} {% ifversion fpt or ghec %}For more information about updating your billing information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method)."{% endif %} - If you're a {% data variables.product.company_short %} customer in the United States, you need to ensure that your account is set up to calculate sales tax correctly. If you're exempt from sales tax, you can upload a certificate to your account. The format of the certificate you upload must be one of the following: * JPEG (`.jpg`, `.jpeg`) diff --git a/content/billing/using-the-billing-platform/adding-information-to-your-receipts.md b/content/billing/using-the-billing-platform/adding-information-to-your-receipts.md index e9275edbcf57..5235bb8c63dc 100644 --- a/content/billing/using-the-billing-platform/adding-information-to-your-receipts.md +++ b/content/billing/using-the-billing-platform/adding-information-to-your-receipts.md @@ -27,11 +27,8 @@ shortTitle: Add to your receipts Your receipts include your {% data variables.product.prodname_dotcom %} subscription as well as any subscriptions for other paid features and products. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-on-github)." -{% warning %} - -**Warning**: For security reasons, we strongly recommend against including any confidential or financial information (such as credit card numbers) on your receipts. - -{% endwarning %} +> [!WARNING] +> For security reasons, we strongly recommend against including any confidential or financial information (such as credit card numbers) on your receipts. ## Adding information to your personal account's receipts @@ -46,11 +43,8 @@ You can add information to your personal account's receipts, such as a VAT or GS You can add information to your organization's receipts, such as a VAT or GST identification number, or your full business name or address of record. -{% note %} - -**Note**: {% data reusables.dotcom_billing.org-billing-perms %} - -{% endnote %} +> [!NOTE] +> {% data reusables.dotcom_billing.org-billing-perms %} {% data reusables.organizations.billing-settings %} 1. At the top of the page, click **Payment information**. diff --git a/content/billing/using-the-billing-platform/adding-or-editing-a-payment-method.md b/content/billing/using-the-billing-platform/adding-or-editing-a-payment-method.md index 4626e42c95f9..aa8dc8474d4f 100644 --- a/content/billing/using-the-billing-platform/adding-or-editing-a-payment-method.md +++ b/content/billing/using-the-billing-platform/adding-or-editing-a-payment-method.md @@ -28,15 +28,16 @@ topics: shortTitle: Manage a payment method --- - -{% data reusables.billing.us-sales-tax-note %} -> ->If you're exempt from sales tax, you can upload a certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)." - {% data reusables.dotcom_billing.payment-methods %} {% data reusables.dotcom_billing.same-payment-method %} We don't support purchase orders for personal accounts. We email receipts monthly or yearly on your account's billing date. If your company, country, or accountant requires your receipts to provide more detail, you can add extra information to your receipts. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-information-to-your-receipts)." +{% ifversion us-sales-tax %} + +{% data reusables.billing.us-sales-tax %} + +{% endif %} + ## Updating your personal account's payment method You can update your personal account's payment method at any time. @@ -71,11 +72,8 @@ You can update your enterprise account's credit card or PayPal details, or you c ### Updating your enterprise account's credit card or PayPal details -{% note %} - -**Note:** If your enterprise account is invoiced, you cannot change your payment method on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}. - -{% endnote %} +> [!NOTE] +> If your enterprise account is invoiced, you cannot change your payment method on {% data variables.product.prodname_dotcom %}. Instead, contact {% data variables.contact.contact_enterprise_sales %}. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/using-the-billing-platform/changing-the-duration-of-your-billing-cycle.md b/content/billing/using-the-billing-platform/changing-the-duration-of-your-billing-cycle.md index 32249e460793..1ef86a1d5eea 100644 --- a/content/billing/using-the-billing-platform/changing-the-duration-of-your-billing-cycle.md +++ b/content/billing/using-the-billing-platform/changing-the-duration-of-your-billing-cycle.md @@ -21,11 +21,8 @@ shortTitle: Billing cycle --- When you change your billing cycle's duration, your {% data variables.product.prodname_dotcom %} subscription, along with any other paid features and products, will be moved to your new billing cycle on your next billing date. -{% note %} - -**Note:** Certain products, such as {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %}, {% data variables.product.prodname_actions %}, and {% data variables.product.prodname_registry %}, only offer monthly billing. - -{% endnote %} +> [!NOTE] +> Certain products, such as {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %}, {% data variables.product.prodname_actions %}, and {% data variables.product.prodname_registry %}, only offer monthly billing. ## Changing the duration of your personal account's billing cycle @@ -58,11 +55,8 @@ When you change your billing cycle's duration, your {% data variables.product.pr {% data reusables.enterprise-accounts.billing-perms %} -{% note %} - -**Note:** You cannot change the duration of your billing cycle if your enterprise account is invoiced. - -{% endnote %} +> [!NOTE] +> You cannot change the duration of your billing cycle if your enterprise account is invoiced. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/using-the-billing-platform/index.md b/content/billing/using-the-billing-platform/index.md index 7732c9e58380..ff8a0a0a675e 100644 --- a/content/billing/using-the-billing-platform/index.md +++ b/content/billing/using-the-billing-platform/index.md @@ -30,11 +30,3 @@ children: - /troubleshooting-a-declined-credit-card-charge - /unlocking-a-locked-account --- - -{% ifversion us-sales-tax %} - -{% data reusables.billing.us-sales-tax-note %}{% ifversion fpt or ghec %} For more information about updating your billing information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method)."{% endif %} -> ->If you're exempt from sales tax, you can upload a certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)." - -{% endif %} diff --git a/content/billing/using-the-billing-platform/viewing-your-payment-history-and-receipts.md b/content/billing/using-the-billing-platform/viewing-your-payment-history-and-receipts.md index 3215ef5051b9..62bee26762b5 100644 --- a/content/billing/using-the-billing-platform/viewing-your-payment-history-and-receipts.md +++ b/content/billing/using-the-billing-platform/viewing-your-payment-history-and-receipts.md @@ -42,11 +42,8 @@ shortTitle: View history & receipts {% data reusables.enterprise-accounts.billing-perms %} -{% note %} - -**Note:** You cannot view receipts if your enterprise account is invoiced. - -{% endnote %} +> [!NOTE] +> You cannot view receipts if your enterprise account is invoiced. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/using-the-billing-platform/viewing-your-subscriptions-and-billing-date.md b/content/billing/using-the-billing-platform/viewing-your-subscriptions-and-billing-date.md index ca5e536fc47c..5a9b246ac83b 100644 --- a/content/billing/using-the-billing-platform/viewing-your-subscriptions-and-billing-date.md +++ b/content/billing/using-the-billing-platform/viewing-your-subscriptions-and-billing-date.md @@ -39,11 +39,8 @@ shortTitle: Subscriptions & billing date {% data reusables.enterprise-accounts.billing-perms %} -{% note %} - -**Note:** You cannot view your next billing date if your enterprise account is invoiced. - -{% endnote %} +> [!NOTE] +> You cannot view your next billing date if your enterprise account is invoiced. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/content/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises.md b/content/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises.md index 9a64c4d65085..0adc76a78180 100644 --- a/content/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises.md +++ b/content/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises.md @@ -26,7 +26,7 @@ The following products are available in the new billing platform: * {% data variables.product.prodname_registry %} * {% data variables.large_files.product_name_long %} -{% ifversion metered-ghe-ghas%} +{% ifversion metered-ghe-ghas %} {% data reusables.billing.actions-usage-delay %} diff --git a/content/billing/using-the-new-billing-platform/estimating-spending-for-your-enterprise.md b/content/billing/using-the-new-billing-platform/estimating-spending-for-your-enterprise.md index c185b7a07233..0054ec292673 100644 --- a/content/billing/using-the-new-billing-platform/estimating-spending-for-your-enterprise.md +++ b/content/billing/using-the-new-billing-platform/estimating-spending-for-your-enterprise.md @@ -31,7 +31,7 @@ On this page, you can view your usage in the following categories: * **By organization** and **by repository:** The two cards under the graph show the top five organizations and repositories that generate the most usage. You can click {% octicon "kebab-horizontal" aria-label="Open column options" %} in the upper-right corner of each card to view all usage. * **By products:** You can use the product tabs to view usage and discounts for different products. Only products with usage are shown. - ![Screenshot of the product tabs section of the overview page.](/assets/images/help/billing/enhanced-billing-platform-products-tabs.png){% ifversion metered-ghe-ghas%} + ![Screenshot of the product tabs section of the overview page.](/assets/images/help/billing/enhanced-billing-platform-products-tabs.png){% ifversion metered-ghe-ghas %} {% data reusables.billing.actions-usage-delay %} diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md index be841685683a..0589406dcef3 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md @@ -42,11 +42,8 @@ Your core focus should be preparing as many teams to use {% data variables.produ You can programmatically gather information about the different programming languages used in your repositories and use that data to enable {% data variables.product.prodname_code_scanning %} on all repositories that use the same language, using {% data variables.product.product_name %}'s GraphQL API. -{% note %} - -**Note:** To gather this data without manually running the GraphQL queries described in this article, you can use our publicly available tool. For more information, see the "[ghas-enablement tool](https://github.com/NickLiffen/ghas-enablement)" repository. - -{% endnote %} +> [!NOTE] +> To gather this data without manually running the GraphQL queries described in this article, you can use our publicly available tool. For more information, see the "[ghas-enablement tool](https://github.com/NickLiffen/ghas-enablement)" repository. If you want to gather information from repositories belonging to multiple organizations in your enterprise, you can use the query below to obtain the names of your organizations and then feed those into repository query. Replace OCTO-ENTERPRISE with your enterprise name. @@ -128,13 +125,10 @@ Before you can proceed with pilot programs and rolling out {% data variables.pro ## Preparing to enable {% data variables.product.prodname_secret_scanning %} -{% note %} - -**Note:** When a secret is detected in a repository that has enabled {% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dotcom %} alerts all users with access to security alerts for the repository. {% ifversion ghec %} - -Secrets found in public repositories using {% data variables.secret-scanning.partner_alerts %} are reported directly to the partner, without creating an alert on {% data variables.product.product_name %}. For details about the supported partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."{% endif %} - -{% endnote %} +> [!NOTE] +> When a secret is detected in a repository that has enabled {% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dotcom %} alerts all users with access to security alerts for the repository. {% ifversion ghec %} +> +> Secrets found in public repositories using {% data variables.secret-scanning.partner_alerts %} are reported directly to the partner, without creating an alert on {% data variables.product.product_name %}. For details about the supported partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)."{% endif %} If a project communicates with an external service, it might use a token or private key for authentication. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. {% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repositories for secrets and alert you or block the push containing the secret. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md index 1d32a3dca814..f6972bf4c7c1 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md @@ -36,11 +36,8 @@ Using the data you collated in [Phase 2](/code-security/adopting-github-advanced There is a publicly available tool that completes the first two steps called the [ghas-enablement tool](https://github.com/NickLiffen/ghas-enablement). You can re-run the ghas-enablement tool in batches of languages where it makes sense. For example, JavaScript, TypeScript, Python, and Go likely have a similar build process and could therefore use a similar {% data variables.product.prodname_codeql %} analysis file. The ghas-enablement tool can also be used for languages such as Java, C, and C++, but due to the varied nature of how these languages build and compile you may need to create more targeted {% data variables.product.prodname_codeql %} analysis files. -{% note %} - -**Note:** If you are intending to use {% data variables.product.prodname_actions %} to control {% data variables.product.prodname_code_scanning %} and you do not use the [ghas-enablement tool](https://github.com/NickLiffen/ghas-enablement), keep in mind that there is no API access to the `.github/workflow` directory. This means that you cannot create a script without a git client underlying the automation. The workaround is to leverage bash scripting on a machine or container which has a git client. The git client can push and pull files into the `.github/workflows` directory where the `codeql-analysis.yml` file is located. - -{% endnote %} +> [!NOTE] +> If you are intending to use {% data variables.product.prodname_actions %} to control {% data variables.product.prodname_code_scanning %} and you do not use the [ghas-enablement tool](https://github.com/NickLiffen/ghas-enablement), keep in mind that there is no API access to the `.github/workflow` directory. This means that you cannot create a script without a git client underlying the automation. The workaround is to leverage bash scripting on a machine or container which has a git client. The git client can push and pull files into the `.github/workflows` directory where the `codeql-analysis.yml` file is located. It is important to not just push the `codeql-analysis.yml` file the repository's default branch. Using a pull request puts ownership on the development team to review and merge, allowing the development team to learn about {% data variables.product.prodname_code_scanning %} and involving the team in the process. diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md index 8e140ec4a406..f562b611052f 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md @@ -40,20 +40,15 @@ There are a few approaches for tackling newly committed credentials, but one exa 1. **Notify**: Use webhooks to ensure that any new secret alerts are seen by the right teams as quickly as possible. A webhook fires when a secret alert is either created, resolved, or reopened. You can then parse the webhook payload, and integrate it into any tools you and your team use such Slack, Teams, Splunk, or email. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks)" and "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)." 1. **Follow Up**: Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to {% data variables.product.prodname_dotcom %}, and asking the them to revoke, and update the detected secret. - {% note %} + > [!NOTE] + > You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue. - **Note:** You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue. - - {% endnote %} 1. **Educate**: Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well. Repeat the last two steps for any new secrets leaked. This process encourages developers to take responsibility for managing the secrets used in their code securely, and allows you to measure the reduction in newly committed secrets. -{% note %} - -**Note:** More advanced organizations may want to perform auto-remediation of certain types of secrets. There is an open-source initiative called [GitHub Secret Scanner Auto Remediator](https://github.com/NickLiffen/GSSAR) which you can deploy into your AWS, Azure, or GCP environment and tailor to automatically revoke certain types of secrets based on what you define as the most critical. This is also an excellent way to react to new secrets being committed with a more automated approach. - -{% endnote %} +> [!NOTE] +> More advanced organizations may want to perform auto-remediation of certain types of secrets. There is an open-source initiative called [GitHub Secret Scanner Auto Remediator](https://github.com/NickLiffen/GSSAR) which you can deploy into your AWS, Azure, or GCP environment and tailor to automatically revoke certain types of secrets based on what you define as the most critical. This is also an excellent way to react to new secrets being committed with a more automated approach. ## 2. Enable push protection @@ -81,11 +76,8 @@ Once you have decided on the secret types, you can do the following: 1. Define a process for remediating each type of secret. The actual procedure for each secret type is often drastically different. Write down the process for each type of secret in a document or internal knowledge base. - {% note %} - - **Note:** When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them. - - {% endnote %} + > [!NOTE] + > When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them. 1. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to. @@ -99,11 +91,8 @@ Once you have decided on the secret types, you can do the following: * Secret value * Maintainers on repository to contact - {% note %} - - **Note:** Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[AUTOTITLE](/rest/secret-scanning)." - - {% endnote %} + > [!NOTE] + > Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[AUTOTITLE](/rest/secret-scanning)." 1. After you collect information about leaked secrets, create a targeted communication plan for the users who maintain the repositories affected by each secret type. You could use email, messaging, or even create GitHub issues in the affected repositories. If you can use APIs provided by these tools to send out the communications in an automated manner, this will make it easier for you to scale across multiple secret types. diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md index ab441c209e3a..f60dce08d4ba 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md @@ -262,11 +262,8 @@ If you added manual build steps for compiled languages and {% data variables.pro * [Building Java and Kotlin](#building-java-and-kotlin) * [Building Swift](#building-swift) -{% note %} - -**Note**: If your workflow uses a `language` matrix, `autobuild` attempts to build each of the compiled languages listed in the matrix. Without a matrix `autobuild` attempts to build the supported compiled language that has the most source files in the repository. With the exception of Go, analysis of other compiled languages in your repository will fail unless you supply explicit build commands. - -{% endnote %} +> [!NOTE] +> If your workflow uses a `language` matrix, `autobuild` attempts to build each of the compiled languages listed in the matrix. Without a matrix `autobuild` attempts to build the supported compiled language that has the most source files in the repository. With the exception of Go, analysis of other compiled languages in your repository will fail unless you supply explicit build commands. ## Building C/C++ @@ -431,11 +428,8 @@ The `autobuild` process attempts to autodetect a suitable way to install the dep 1. Finally, if configurations files for these dependency managers are not found, rearrange the repository directory structure suitable for addition to `GOPATH`, and use `go get` to install dependencies. The directory structure reverts to normal after extraction completes. 1. Extract all Go code in the repository, similar to running `go build ./...`. -{% note %} - -**Note:** If you use default setup, it will look for a `go.mod` file to automatically install a compatible version of the Go language.{% ifversion code-scanning-default-setup-self-hosted-310 %} If you're using a self-hosted runner with default setup that doesn't have internet access, you can manually install a compatible version of Go.{% endif %} - -{% endnote %} +> [!NOTE] +> If you use default setup, it will look for a `go.mod` file to automatically install a compatible version of the Go language.{% ifversion code-scanning-default-setup-self-hosted-310 %} If you're using a self-hosted runner with default setup that doesn't have internet access, you can manually install a compatible version of Go.{% endif %} ### Extractor options for Go diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md index f35e38c7f46f..d1fbc481a4e7 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md @@ -57,11 +57,10 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by {% data reusables.code-scanning.billing %} {% ifversion fpt %} - {% note %} - **Note:** You can configure {% data variables.product.prodname_code_scanning %} for any public repository where you have write access. + > [!NOTE] + > You can configure {% data variables.product.prodname_code_scanning %} for any public repository where you have write access. - {% endnote %} {% endif %} {% data reusables.repositories.navigate-to-repo %} @@ -69,11 +68,8 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by {% data reusables.user-settings.security-analysis %} 1. Scroll down to the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**. - {% note %} - - **Note:** If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click {% octicon "workflow" aria-hidden="true" %} **Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**. - - {% endnote %} + > [!NOTE] + > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click {% octicon "workflow" aria-hidden="true" %} **Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**. ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "Code security and analysis" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png) diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md index cf22324d3bd8..4d3ca26dee19 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md @@ -76,11 +76,8 @@ Using the `pull_request` trigger, configured to scan the pull request's merge co {% ifversion fpt or ghec %} -{% note %} - -**Note:** If your repository is configured with a merge queue, you need to include the `merge_group` event as an additional trigger for {% data variables.product.prodname_code_scanning %}. This will ensure that pull requests are also scanned when they are added to a merge queue. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue)." - -{% endnote %} +> [!NOTE] +> If your repository is configured with a merge queue, you need to include the `merge_group` event as an additional trigger for {% data variables.product.prodname_code_scanning %}. This will ensure that pull requests are also scanned when they are added to a merge queue. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue)." {% endif %} @@ -99,11 +96,8 @@ on: - '**/*.txt' ``` -{% note %} - -**Note:** `on:pull_request:paths-ignore` and `on:pull_request:paths` set conditions that determine whether the actions in the workflow will run on a pull request. They don't determine what files will be analyzed when the actions _are_ run. When a pull request contains any files that are not matched by `on:pull_request:paths-ignore` or `on:pull_request:paths`, the workflow runs the actions and scans all of the files changed in the pull request, including those matched by `on:pull_request:paths-ignore` or `on:pull_request:paths`, unless the files have been excluded. For information on how to exclude files from analysis, see "[Specifying directories to scan](#specifying-directories-to-scan)." - -{% endnote %} +> [!NOTE] +> `on:pull_request:paths-ignore` and `on:pull_request:paths` set conditions that determine whether the actions in the workflow will run on a pull request. They don't determine what files will be analyzed when the actions _are_ run. When a pull request contains any files that are not matched by `on:pull_request:paths-ignore` or `on:pull_request:paths`, the workflow runs the actions and scans all of the files changed in the pull request, including those matched by `on:pull_request:paths-ignore` or `on:pull_request:paths`, unless the files have been excluded. For information on how to exclude files from analysis, see "[Specifying directories to scan](#specifying-directories-to-scan)." For more information about using `on:pull_request:paths-ignore` and `on:pull_request:paths` to determine when a workflow will run for a pull request, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)." @@ -111,11 +105,8 @@ For more information about using `on:pull_request:paths-ignore` and `on:pull_req If you use the default {% data variables.code-scanning.codeql_workflow %}, the workflow will scan the code in your repository once a week, in addition to the scans triggered by events. To adjust this schedule, edit the `cron` value in the workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onschedule)." -{% note %} - -**Note**: {% data variables.product.prodname_dotcom %} only runs scheduled jobs that are in workflows on the default branch. Changing the schedule in a workflow on any other branch has no effect until you merge the branch into the default branch. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} only runs scheduled jobs that are in workflows on the default branch. Changing the schedule in a workflow on any other branch has no effect until you merge the branch into the default branch. ### Example @@ -138,15 +129,10 @@ This workflow scans: ## Specifying an operating system -{% note %} - -**Notes**: - -* Code scanning of Swift code uses macOS runners by default. {% ifversion fpt or ghec %}{% data variables.product.company_short %}-hosted macOS runners are more expensive than Linux and Windows runners, so you should consider only scanning the build step. For more information about configuring code scanning for Swift, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#considerations-for-building-swift)." For more information about pricing for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."{% endif %} - -* {% data reusables.code-scanning.default-setup-swift-self-hosted-runners %} - -{% endnote %} +> [!NOTE] +> * Code scanning of Swift code uses macOS runners by default. {% ifversion fpt or ghec %}{% data variables.product.company_short %}-hosted macOS runners are more expensive than Linux and Windows runners, so you should consider only scanning the build step. For more information about configuring code scanning for Swift, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#considerations-for-building-swift)." For more information about pricing for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."{% endif %} +> +> * {% data reusables.code-scanning.default-setup-swift-self-hosted-runners %} If your code requires a specific operating system to compile, you can configure the operating system in your {% data variables.code-scanning.codeql_workflow %}. Edit the value of `jobs.analyze.runs-on` to specify the operating system for the machine that runs your {% data variables.product.prodname_code_scanning %} actions. {% ifversion ghes %}You specify the operating system by using an appropriate label as the second element in a two-element array, after `self-hosted`.{% else %} @@ -299,11 +285,8 @@ In this example, the default queries will be run for Java, as well as the querie To add one or more {% data variables.product.prodname_codeql %} query packs, add a `with: packs:` entry within the `uses: {% data reusables.actions.action-codeql-action-init %}` section of the workflow. Within `packs` you specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that are not publicly available, you need to set the `GITHUB_TOKEN` environment variable to a secret that has access to the packages. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)" and "[AUTOTITLE](/actions/security-guides/encrypted-secrets)." -{% note %} - -**Note:** For workflows that generate {% data variables.product.prodname_codeql %} databases for multiple languages, you must instead specify the {% data variables.product.prodname_codeql %} query packs in a configuration file. For more information, see "[Specifying {% data variables.product.prodname_codeql %} query packs](#specifying-codeql-query-packs)" below. - -{% endnote %} +> [!NOTE] +> For workflows that generate {% data variables.product.prodname_codeql %} databases for multiple languages, you must instead specify the {% data variables.product.prodname_codeql %} query packs in a configuration file. For more information, see "[Specifying {% data variables.product.prodname_codeql %} query packs](#specifying-codeql-query-packs)" below. In the example below, `scope` is the organization or personal account that published the package. When the workflow runs, the four {% data variables.product.prodname_codeql %} query packs are downloaded from {% data variables.product.product_name %} and the default queries or query suite for each pack run: * The latest version of `pack1` is downloaded and all default queries are run. @@ -318,18 +301,10 @@ In the example below, `scope` is the organization or personal account that publi packs: scope/pack1,scope/pack2@1.2.3,scope/pack3@~3.2.1,scope/pack4@4.5.6:path/to/queries ``` -{% note %} - -**Note:** If you specify a particular version of a query pack to use, -beware that the version you specify may eventually become too old to -be used efficiently by the default -{% data variables.product.prodname_codeql %} engine used by the -{% data variables.product.prodname_codeql %} action. -To ensure optimal performance, if you need to specify exact query pack versions, you should consider reviewing periodically whether the pinned version of the query pack needs to be moved forward. - -For more information about pack compatibility, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility)." - -{% endnote %} +> [!NOTE] +> If you specify a particular version of a query pack to use, beware that the version you specify may eventually become too old to be used efficiently by the default {% data variables.product.prodname_codeql %} engine used by the {% data variables.product.prodname_codeql %} action. To ensure optimal performance, if you need to specify exact query pack versions, you should consider reviewing periodically whether the pinned version of the query pack needs to be moved forward. +> +> For more information about pack compatibility, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility)." ### Downloading {% data variables.product.prodname_codeql %} packs from {% data variables.product.prodname_ghe_server %} @@ -517,13 +492,9 @@ query-filters: To find the id of a query, you can click the alert in the list of alerts in the **Security** tab. This opens the alert details page. The `Rule ID` field contains the query id. For more information about the alert details page, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details)." -{% tip %} - -**Tips:** -* The order of the filters is important. The first filter instruction that appears after the instructions about the queries and query packs determines whether the queries are included or excluded by default. -* Subsequent instructions are executed in order and the instructions that appear later in the file take precedence over the earlier instructions. - -{% endtip %} +> [!TIP] +> * The order of the filters is important. The first filter instruction that appears after the instructions about the queries and query packs determines whether the queries are included or excluded by default. +> * Subsequent instructions are executed in order and the instructions that appear later in the file take precedence over the earlier instructions. You can find another example illustrating the use of these filters in the "[Example configuration files](#example-configuration-files)" section. @@ -541,15 +512,10 @@ paths-ignore: - '**/*.test.js' ``` -{% note %} - -**Note**: - -* The `paths` and `paths-ignore` keywords, used in the context of the {% data variables.product.prodname_code_scanning %} configuration file, should not be confused with the same keywords when used for `on..paths` in a workflow. When they are used to modify `on.` in a workflow, they determine whether the actions will be run when someone modifies code in the specified directories. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)." -* The filter pattern characters `?`, `+`, `[`, `]`, and `!` are not supported and will be matched literally. -* `**` characters can only be at the start or end of a line, or surrounded by slashes, and you can't mix `**` and other characters. For example, `foo/**`, `**/foo`, and `foo/**/bar` are all allowed syntax, but `**foo` isn't. However you can use single stars along with other characters, as shown in the example. You'll need to quote anything that contains a `*` character. - -{% endnote %} +> [!NOTE] +> * The `paths` and `paths-ignore` keywords, used in the context of the {% data variables.product.prodname_code_scanning %} configuration file, should not be confused with the same keywords when used for `on..paths` in a workflow. When they are used to modify `on.` in a workflow, they determine whether the actions will be run when someone modifies code in the specified directories. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)." +> * The filter pattern characters `?`, `+`, `[`, `]`, and `!` are not supported and will be matched literally. +> * `**` characters can only be at the start or end of a line, or surrounded by slashes, and you can't mix `**` and other characters. For example, `foo/**`, `**/foo`, and `foo/**/bar` are all allowed syntax, but `**foo` isn't. However you can use single stars along with other characters, as shown in the example. You'll need to quote anything that contains a `*` character. For analysis where code is built, if you want to limit {% data variables.product.prodname_code_scanning %} to specific directories in your project, you must specify appropriate build steps in the workflow. The commands you need to use to exclude a directory from the build will depend on your build system. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)." @@ -582,22 +548,17 @@ This step in a {% data variables.product.prodname_actions %} workflow file uses You can use the same approach to specify any valid configuration options in the workflow file. -{% tip %} - -**Tip:** - -You can share one configuration across multiple repositories using {% data variables.product.prodname_actions %} variables. One benefit of this approach is that you can update the configuration in a single place without editing the workflow file. - -In the following example, `vars.CODEQL_CONF` is a {% data variables.product.prodname_actions %} variable. Its value can be the contents of any valid configuration file. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows)." - -```yaml -- uses: {% data reusables.actions.action-codeql-action-init %} - with: - languages: {% raw %}${{ matrix.language }}{% endraw %} - config: {% raw %}${{ vars.CODEQL_CONF }}{% endraw %} -``` - -{% endtip %} +> [!TIP] +> You can share one configuration across multiple repositories using {% data variables.product.prodname_actions %} variables. One benefit of this approach is that you can update the configuration in a single place without editing the workflow file. +> +> In the following example, `vars.CODEQL_CONF` is a {% data variables.product.prodname_actions %} variable. Its value can be the contents of any valid configuration file. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows)." +> +> ```yaml +> - uses: {% data reusables.actions.action-codeql-action-init %} +> with: +> languages: {% raw %}${{ matrix.language }}{% endraw %} +> config: {% raw %}${{ vars.CODEQL_CONF }}{% endraw %} +> ``` ## Configuring {% data variables.product.prodname_code_scanning %} for compiled languages diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md index 6d1befecc170..a9f72a4760f0 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md @@ -30,11 +30,8 @@ If you're configuring {% data variables.product.prodname_code_scanning %} for a You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_cli %} or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_cli %}, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)." -{% note %} - -**Note:** {% data reusables.code-scanning.non-glibc-linux-support %} - -{% endnote %} +> [!NOTE] +> {% data reusables.code-scanning.non-glibc-linux-support %} ## Dependencies for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md index 018be995475d..27c30b89e631 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md @@ -59,11 +59,10 @@ A repository must meet all the following criteria to be eligible for default set {% data reusables.code-scanning.default-setup-pre-enablement-explanation %} {% endif %} {% ifversion code-security-multi-repo-enablement %} -{% note %} -**Note:** Configuring default setup for all repositories in an organization through your organization's settings page _will not_ override existing configurations of default setup. However, configuring default setup on a subset of repositories in an organization through security overview _will_ override existing configurations of default setup on those repositories. +> [!NOTE] +> Configuring default setup for all repositories in an organization through your organization's settings page _will not_ override existing configurations of default setup. However, configuring default setup on a subset of repositories in an organization through security overview _will_ override existing configurations of default setup on those repositories. -{% endnote %} {% endif %} {% ifversion code-scanning-default-setup-automatic-311 %} @@ -84,20 +83,16 @@ Through the "Code security and analysis" page of your organization's settings, y {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Click **Enable all** next to "{% data variables.product.prodname_code_scanning_caps %}".{% ifversion bulk-code-scanning-query-suite%} +1. Click **Enable all** next to "{% data variables.product.prodname_code_scanning_caps %}".{% ifversion bulk-code-scanning-query-suite %} 1. In the "Query suites" section of the "Enable {% data variables.product.prodname_code_scanning %} default setup" dialog box displayed, select the query suite your configuration of default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)." 1. To enable your configuration of default setup, click **Enable for eligible repositories**. 1. Optionally, to recommend the "Extended" query suite throughout your organization when enabling default setup, select "Recommend the extended query suite for repositories enabling default setup."{% else %} 1. In the "Enable {% data variables.product.prodname_code_scanning %} for eligible repositories" dialog box displayed, click **Enable for eligible repositories** to enable your configuration of default setup.{% endif %} -{% note %} - -**Notes:** - * {% data reusables.code-scanning.limitation-org-enable-all %} - * Enabling {% data variables.product.prodname_code_scanning %} for all eligible repositories in an organization will not override existing {% data variables.product.prodname_code_scanning %} configurations. For information on configuring default setup with different settings for specific repositories, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning){% ifversion code-security-multi-repo-enablement %}" and "[Configuring default setup for a subset of repositories in an organization](#configuring-default-setup-for-a-subset-of-repositories-in-an-organization){% endif %}."{% ifversion default-setup-pre-enablement %} - * Enabling default setup for all eligible repositories in an organization includes eligible repositories without {% data variables.product.prodname_codeql %}-supported languages. If a {% data variables.product.prodname_codeql %}-supported language is later added to one of these repositories, default setup will begin scanning that repository and consuming {% data variables.product.prodname_actions %} minutes.{% endif %} - -{% endnote %} +> [!NOTE] +> * {% data reusables.code-scanning.limitation-org-enable-all %} +> * Enabling {% data variables.product.prodname_code_scanning %} for all eligible repositories in an organization will not override existing {% data variables.product.prodname_code_scanning %} configurations. For information on configuring default setup with different settings for specific repositories, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning){% ifversion code-security-multi-repo-enablement %}" and "[Configuring default setup for a subset of repositories in an organization](#configuring-default-setup-for-a-subset-of-repositories-in-an-organization){% endif %}."{% ifversion default-setup-pre-enablement %} +> * Enabling default setup for all eligible repositories in an organization includes eligible repositories without {% data variables.product.prodname_codeql %}-supported languages. If a {% data variables.product.prodname_codeql %}-supported language is later added to one of these repositories, default setup will begin scanning that repository and consuming {% data variables.product.prodname_actions %} minutes.{% endif %} {% endif %} @@ -165,20 +160,12 @@ You can select all of the displayed repositories, or a subset of them, and enabl 1. Optionally, to choose a different query suite than your organization's default query suite, select **Query suite: SUITE NAME**, then click the query suite your configuration of default setup should use. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% endif %} 1. To confirm the enablement of {% data variables.product.prodname_code_scanning %} for the selected repositories, click **Apply changes NUMBER**. Alternatively, to select or deselect more repositories for {% data variables.product.prodname_code_scanning %} enablement, click {% octicon "x" aria-label="Close" %} to close the panel without applying your changes. +> [!NOTE] {% ifversion default-setup-pre-enablement %} - {% note %} - - **Notes:** - * Enabling {% data variables.product.prodname_code_scanning %} for multiple repositories in an organization using security overview will override any existing {% data variables.product.prodname_code_scanning %} configurations for the selected repositories, including any previous query suite selections and workflows for advanced setups. - * You can enable default setup for eligible repositories that do not contain {% data variables.product.prodname_codeql %}-supported languages. If a {% data variables.product.prodname_codeql %}-supported language is later added to one of these repositories, default setup will begin scanning that repository and consuming {% data variables.product.prodname_actions %} minutes. - - {% endnote %} +> * Enabling {% data variables.product.prodname_code_scanning %} for multiple repositories in an organization using security overview will override any existing {% data variables.product.prodname_code_scanning %} configurations for the selected repositories, including any previous query suite selections and workflows for advanced setups. +> * You can enable default setup for eligible repositories that do not contain {% data variables.product.prodname_codeql %}-supported languages. If a {% data variables.product.prodname_codeql %}-supported language is later added to one of these repositories, default setup will begin scanning that repository and consuming {% data variables.product.prodname_actions %} minutes. {% else %} - {% note %} - - **Note:** Enabling {% data variables.product.prodname_code_scanning %} for multiple repositories in an organization using security overview will override any existing {% data variables.product.prodname_code_scanning %} configurations for the selected repositories, including any previous query suite selections and workflows for advanced setups. - - {% endnote %} +> Enabling {% data variables.product.prodname_code_scanning %} for multiple repositories in an organization using security overview will override any existing {% data variables.product.prodname_code_scanning %} configurations for the selected repositories, including any previous query suite selections and workflows for advanced setups. {% endif %} ![Screenshot of the "Security coverage" view with the side panel open. The "Apply changes" button is highlighted in a dark orange outline.](/assets/images/help/security-overview/security-coverage-view-multi-repo-side-panel.png) diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md index 62464949c6ca..b6d6d2d12901 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md @@ -34,11 +34,10 @@ Default setup for {% data variables.product.prodname_code_scanning %} is the qui * On a weekly schedule. {% ifversion code-scanning-default-setup-exclude-dormant-repos %} -{% note %} -**Note:** If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes. +> [!NOTE] +> If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes. -{% endnote %} {% endif %} {% endif %} @@ -89,22 +88,17 @@ Compiled languages are not automatically included in default setup configuration When you initially configure default setup for {% data variables.product.prodname_code_scanning %} for a repository, all {% data variables.product.prodname_codeql %}-supported languages in the repository will be analyzed automatically. The languages that are analyzed successfully will be retained in the new default setup configuration. Languages that are not analyzed successfully will be automatically deselected from the default setup configuration. {% endif %} -{% note %} - -**Note:** {% ifversion default-setup-pre-enablement %}If the analyses fail for all {% data variables.product.prodname_codeql %}-supported languages in a repository, default setup will still be enabled, but it will not run any scans or use any {% data variables.product.prodname_actions %} minutes until another {% data variables.product.prodname_codeql %}-supported language is added to the repository or default setup is manually reconfigured, and the analysis of a {% data variables.product.prodname_codeql %}-supported language succeeds. +> [!NOTE] +{% ifversion default-setup-pre-enablement %} +> If the analyses fail for all {% data variables.product.prodname_codeql %}-supported languages in a repository, default setup will still be enabled, but it will not run any scans or use any {% data variables.product.prodname_actions %} minutes until another {% data variables.product.prodname_codeql %}-supported language is added to the repository or default setup is manually reconfigured, and the analysis of a {% data variables.product.prodname_codeql %}-supported language succeeds. {% else %} -At least one {% data variables.product.prodname_codeql %}-supported language's analysis in a repository must succeed, or else default setup will not be successfully enabled in that repository. +> At least one {% data variables.product.prodname_codeql %}-supported language's analysis in a repository must succeed, or else default setup will not be successfully enabled in that repository. {% endif %} -{% endnote %} - {% data reusables.repositories.navigate-to-repo %} - {% note %} - - **Note:** If you are configuring default setup on a fork, you must first enable {% data variables.product.prodname_actions %}. To enable {% data variables.product.prodname_actions %}, under your repository name, click {% octicon "play" aria-hidden="true" %} **Actions**, then click **I understand my workflows, go ahead and enable them**. Be aware that this will enable all existing workflows on your fork. - - {% endnote %} + > [!NOTE] + > If you are configuring default setup on a fork, you must first enable {% data variables.product.prodname_actions %}. To enable {% data variables.product.prodname_actions %}, under your repository name, click {% octicon "play" aria-hidden="true" %} **Actions**, then click **I understand my workflows, go ahead and enable them**. Be aware that this will enable all existing workflows on your fork. {% data reusables.repositories.sidebar-settings %} {% data reusables.user-settings.security-analysis %} @@ -116,11 +110,8 @@ At least one {% data variables.product.prodname_codeql %}-supported language's a {% ifversion code-scanning-default-setup-recommended-languages %} - {% note %} - - **Note:** If your repository contains _only_ compiled {% data variables.product.prodname_codeql %}-supported languages (for example, Java), you will be taken to the settings page to select the languages you want to add to your default setup configuration. - - {% endnote %} + > [!NOTE] + > If your repository contains _only_ compiled {% data variables.product.prodname_codeql %}-supported languages (for example, Java), you will be taken to the settings page to select the languages you want to add to your default setup configuration. 1. Optionally, to customize your {% data variables.product.prodname_code_scanning %} setup, click {% octicon "pencil" aria-hidden="true" %} **Edit**. * To add or remove a language from the analysis performed by default setup, select or deselect that language in the "Languages" section. {% ifversion code-scanning-default-setup-recommended-languages %}If you would like to analyze a {% data variables.product.prodname_codeql %}-supported compiled language with default setup, select that language here.{% endif %} @@ -134,20 +125,15 @@ At least one {% data variables.product.prodname_codeql %}-supported language's a If you choose the **Extended** query suite, your {% data variables.product.prodname_code_scanning %} configuration will run lower severity and precision queries in addition to the queries included in the **Default** query suite. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)." - {% note %} - - **Note:** If you configure {% data variables.product.prodname_code_scanning %} to use the **Extended** query suite, you may experience a higher rate of false positive alerts. + > [!NOTE] + > If you configure {% data variables.product.prodname_code_scanning %} to use the **Extended** query suite, you may experience a higher rate of false positive alerts. - {% endnote %} {%- endif %} 1. Review the settings for default setup on your repository, then click **Enable {% data variables.product.prodname_codeql %}**. This will trigger a workflow that tests the new, automatically generated configuration. - {% note %} - - **Note:** If you are switching to default setup from advanced setup, you will see a warning informing you that default setup will override existing {% data variables.product.prodname_code_scanning %} configurations. This warning means default setup will disable the existing workflow file and block any {% data variables.product.prodname_codeql %} analysis API uploads. - - {% endnote %} + > [!NOTE] + > If you are switching to default setup from advanced setup, you will see a warning informing you that default setup will override existing {% data variables.product.prodname_code_scanning %} configurations. This warning means default setup will disable the existing workflow file and block any {% data variables.product.prodname_codeql %} analysis API uploads. 1. Optionally, to view your default setup configuration after enablement, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click {% octicon "gear" aria-hidden="true" %} **View {% data variables.product.prodname_codeql %} configuration**. diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index eb50148a57db..5fffafa31b7e 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -129,11 +129,8 @@ If you upload a second SARIF file for a commit with the same category and from t If you use a code analysis engine other than {% data variables.product.prodname_codeql %}, you can review the supported SARIF properties to optimize how your analysis results will appear on {% data variables.product.prodname_dotcom %}. -{% note %} - -**Note:** You must supply an explicit value for any property marked as "required". The empty string is not supported for required properties. - -{% endnote %} +> [!NOTE] +> You must supply an explicit value for any property marked as "required". The empty string is not supported for required properties. Any valid SARIF 2.1.0 output file can be uploaded, however, {% data variables.product.prodname_code_scanning %} will only use the following supported properties. @@ -313,6 +310,86 @@ This SARIF output file has example values to show the minimum required propertie } ``` +### Relative URI Guidance for SARIF Producers + +This SARIF output file has example of values for the field `originalUriBaseIds`, showing the minimum required properties a SARIF producer should include when using relative URI references. + +{% note %} + +**Note:** While this property is not required by {% data variables.product.prodname_dotcom %} for the {% data variables.product.prodname_code_scanning %} results to be displayed correctly, it is required to produce a valid SARIF output when using relative URI references. + +{% endnote %} + +```json +{ + "$schema": "https://json.schemastore.org/sarif-2.1.0.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "Tool Name", + "rules": [ + { + "id": "R01" + ... + "properties" : { + "id" : "java/unsafe-deserialization", + "kind" : "path-problem", + "name" : "...", + "problem.severity" : "error", + "security-severity" : "9.8", + } + } + ] + } + }, + "originalUriBaseIds": { + "PROJECTROOT": { + "uri": "file:///C:/Users/Mary/code/TheProject/", + "description": { + "text": "The root directory for all project files." + } + }, + "%SRCROOT%": { + "uri": "src/", + "uriBaseId": "PROJECTROOT", + "description": { + "text": "The root of the source tree." + } + } + }, + "results": [ + { + "ruleId": "R01", + "message": { + "text": "Result text. This result does not have a rule associated." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "fileURI", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 2, + "startColumn": 7, + "endColumn": 10 + } + } + } + ], + "partialFingerprints": { + "primaryLocationLineHash": "39fa2ee980eb94b0:1" + } + } + ] + } + ] +} +``` + ### Example showing all supported SARIF properties This SARIF output file has example values to show all supported SARIF properties for {% data variables.product.prodname_code_scanning %}. diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md b/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md index 8b079f70b28c..d20ef199cb47 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md +++ b/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md @@ -41,11 +41,10 @@ You can upload the results using {% data variables.product.prodname_actions %}, * A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see "[AUTOTITLE](/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data)"). {% ifversion fpt or ghec %} -{% note %} -**Note:** For private and internal repositories, {% data variables.product.prodname_code_scanning %} is available when {% data variables.product.prodname_GH_advanced_security %} features are enabled for the repository. If you see the error `Advanced Security must be enabled for this repository to use code scanning`, check that {% data variables.product.prodname_GH_advanced_security %} is enabled. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." +> [!NOTE] +> For private and internal repositories, {% data variables.product.prodname_code_scanning %} is available when {% data variables.product.prodname_GH_advanced_security %} features are enabled for the repository. If you see the error `Advanced Security must be enabled for this repository to use code scanning`, check that {% data variables.product.prodname_GH_advanced_security %} is enabled. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." -{% endnote %} {% endif %} ## Uploading a {% data variables.product.prodname_code_scanning %} analysis with {% data variables.product.prodname_actions %} diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md index e07aeb16b13d..09457357f28e 100644 --- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md +++ b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md @@ -50,7 +50,7 @@ To use {% data variables.product.prodname_code_scanning %} on a private reposito ## About tools for {% data variables.product.prodname_code_scanning %} -You can configure {% data variables.product.prodname_code_scanning %} to use the {% data variables.product.prodname_codeql %} product maintained by {% data variables.product.company_short%} or a third-party {% data variables.product.prodname_code_scanning %} tool. +You can configure {% data variables.product.prodname_code_scanning %} to use the {% data variables.product.prodname_codeql %} product maintained by {% data variables.product.company_short %} or a third-party {% data variables.product.prodname_code_scanning %} tool. ### About {% data variables.product.prodname_codeql %} analysis diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md index ca48edcd627f..e058970cbaf7 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md @@ -85,11 +85,8 @@ When you click through to see details for the alert, you can see that the file p {% ifversion codeql-ml-queries %} -{% note %} - -**Note:** Experimental alerts for {% data variables.product.prodname_code_scanning %} were available a {% data variables.release-phases.public_preview %} release for JavaScript using experimental technology in the {% data variables.product.prodname_codeql %} action. This feature was {% data variables.release-phases.retired %}. For more information, see [{% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} deprecates ML-powered alerts](https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/). - -{% endnote %} +> [!NOTE] +> Experimental alerts for {% data variables.product.prodname_code_scanning %} were available a {% data variables.release-phases.public_preview %} release for JavaScript using experimental technology in the {% data variables.product.prodname_codeql %} action. This feature was {% data variables.release-phases.retired %}. For more information, see [{% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} deprecates ML-powered alerts](https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/). {% endif %} diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md b/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md index 9bf1fd845839..6210adb17419 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md @@ -40,11 +40,8 @@ By default, the {% data variables.product.prodname_code_scanning %} alerts page For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)." -{% note %} - -**Note:** You can see information about when {% data variables.product.prodname_code_scanning %} analysis last ran on the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page)." - -{% endnote %} +> [!NOTE] +> You can see information about when {% data variables.product.prodname_code_scanning %} analysis last ran on the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page)." {% ifversion copilot-chat-ghas-alerts %} @@ -94,13 +91,9 @@ You can search the list of alerts. This is useful if there is a large number of | OR search | `sql OR injection` | Returns all the alerts containing `sql` or `injection` | | AND search | `sql AND injection` | Returns all the alerts containing both words `sql` and `injection` | -{% tip %} - -**Tips:** -* The multiple word search is equivalent to an OR search. -* The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details. - -{% endtip %} +> [!TIP] +> * The multiple word search is equivalent to an OR search. +> * The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md b/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md index 12bb7d66c73b..4a65a614103a 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md @@ -44,7 +44,7 @@ With a {% data variables.product.prodname_copilot_enterprise %} license, you can {% data reusables.repositories.sidebar-security %} {% data reusables.repositories.sidebar-code-scanning-alerts %} 1. Click the name of an alert. -1. If {% data variables.product.prodname_copilot_autofix_short %} can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix"%} Generate fix**. +1. If {% data variables.product.prodname_copilot_autofix_short %} can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix" %} Generate fix**. 1. Once the suggested fix has been generated, at the bottom of the page, you can click **Create PR with fix** to automatically generate a pull request with the suggested fix. A new branch is created from the default branch, the generated fix is committed and a draft pull request is created. You can test and edit the suggested fix as you would with any other fix. @@ -64,13 +64,8 @@ Alerts may be fixed in one branch but not in another. You can use the "Branch" f {% data reusables.code-scanning.filter-non-default-branches %} -{% note %} - -**Note:** - -If you run {% data variables.product.prodname_code_scanning %} using multiple configurations, the same alert will sometimes be generated by more than one configuration. Unless you run all configurations regularly, you may see alerts that are fixed in one configuration but not in another. These stale configurations and alerts can be removed from a branch. For more information, see "[Removing stale configurations and alerts from a branch](#removing-stale-configurations-and-alerts-from-a-branch)." - -{% endnote %} +> [!NOTE] +> If you run {% data variables.product.prodname_code_scanning %} using multiple configurations, the same alert will sometimes be generated by more than one configuration. Unless you run all configurations regularly, you may see alerts that are fixed in one configuration but not in another. These stale configurations and alerts can be removed from a branch. For more information, see "[Removing stale configurations and alerts from a branch](#removing-stale-configurations-and-alerts-from-a-branch)." ## Dismissing alerts @@ -126,13 +121,9 @@ You may have multiple code scanning configurations on a single repository. When If you save your changes after accidentally deleting a configuration, re-run the configuration to update the alert. For more information on re-running configurations that use {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow)." -{% note %} - -**Notes:** -* If you remove all {% data variables.product.prodname_code_scanning %} configurations for the default branch of your repository, the default branch will remain in the "Affected branches" sidebar, but it will not be analyzed by any configurations. -* If you remove all {% data variables.product.prodname_code_scanning %} configurations for any branch other than the default branch of your repository, that branch will be removed from the "Affected branches" sidebar. - -{% endnote %} +> [!NOTE] +> * If you remove all {% data variables.product.prodname_code_scanning %} configurations for the default branch of your repository, the default branch will remain in the "Affected branches" sidebar, but it will not be analyzed by any configurations. +> * If you remove all {% data variables.product.prodname_code_scanning %} configurations for any branch other than the default branch of your repository, that branch will be removed from the "Affected branches" sidebar. ## Further reading diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md index 705fd5f9427b..b2f246b8d159 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md @@ -72,10 +72,9 @@ Instead of tracking a {% data variables.product.prodname_code_scanning %} alert * The title contains the name of the {% data variables.product.prodname_code_scanning %} alert. * The body contains the task list item with the full URL to the {% data variables.product.prodname_code_scanning %} alert. 1. Optionally, edit the title and the body of the issue. - {% warning %} - **Warning:** You may want to edit the title of the issue as it may expose security information. You can also edit the body of the issue. Make sure that you keep the task list item with a link to the alert otherwise the issue will no longer track the alert. - {% endwarning %} + > [!WARNING] + > You may want to edit the title of the issue as it may expose security information. You can also edit the body of the issue. Make sure that you keep the task list item with a link to the alert otherwise the issue will no longer track the alert. 1. Click **Submit new issue**. diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md index 8815de960d8a..2d61645b76aa 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md @@ -33,11 +33,8 @@ If the lines of code changed in the pull request generate {% data variables.prod * The **Conversation** tab of the pull request, as part of a pull request review * The **Files changed** tab of the pull request -{% note %} - -**Note:** {% data variables.product.prodname_code_scanning_caps %} displays alerts in pull requests only when all the lines of code identified by the alert exist in the pull request diff. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#specifying-the-location-for-source-files)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_code_scanning_caps %} displays alerts in pull requests only when all the lines of code identified by the alert exist in the pull request diff. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#specifying-the-location-for-source-files)." {% ifversion code-scanning-autofix %} @@ -129,14 +126,10 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr When {% data variables.product.prodname_copilot_autofix_short %} is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_code_scanning %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning)." -{% note %} - -**Notes:** -* {% data variables.product.prodname_copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.product.prodname_copilot_autofix_short %}, see the query tables linked from "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites)." -* When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.product.prodname_copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code. -* On alerts generated from queries that are not supported by {% data variables.product.prodname_copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support. - -{% endnote %} +> [!NOTE] +> * {% data variables.product.prodname_copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.product.prodname_copilot_autofix_short %}, see the query tables linked from "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites)." +> * When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.product.prodname_copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code. +> * On alerts generated from queries that are not supported by {% data variables.product.prodname_copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support. Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an {% data variables.product.prodname_copilot_autofix_short %} comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file. diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md index 25df9424ba7f..a0e2052b18f6 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md @@ -28,11 +28,8 @@ Using the {% data variables.code-scanning.tool_status_page %}, you can see how w You can also see the rules your code was checked against by each configuration of a {% data variables.product.prodname_code_scanning %} tool and download a summary of the results. -{% note %} - -**Note:** The {% data variables.code-scanning.tool_status_page %} shows how tools are working at the repository level, not the organization level. The tool status is only shown for the default branch of the repository for which that tool is configured. - -{% endnote %} +> [!NOTE] +> The {% data variables.code-scanning.tool_status_page %} shows how tools are working at the repository level, not the organization level. The tool status is only shown for the default branch of the repository for which that tool is configured. ## Viewing the {% data variables.code-scanning.tool_status_page %} for a repository @@ -92,19 +89,16 @@ You can download the list of rules that {% data variables.product.prodname_code_ * The SARIF identifier. * How many alerts were found. -To download a report, select a configuration you're interested in. Then click **{% octicon "kebab-horizontal" aria-label="Configuration menu" %}** on the top right of the page, and select **{% octicon "download" aria-hidden="true" %} Download list of rules used**. +To download a report, select a configuration you're interested in. Then click **{% octicon "kebab-horizontal" aria-label="Configuration menu" %}** on the top right of the page, and select **{% octicon "download" aria-hidden="true" %} Download list of rules used**. ### Removing configurations You can remove stale, duplicate, or unwanted configurations for the default branch of your repository. -To remove a configuration, select the configuration you want to delete. Then click **{% octicon "kebab-horizontal" aria-label="Configuration menu" %}** on the top right of the page, and select **{% octicon "trash" aria-hidden="true" %} Delete configuration**. Once you have read the warning about alerts, to confirm the deletion, click the **Delete** button. - -{% note %} +To remove a configuration, select the configuration you want to delete. Then click **{% octicon "kebab-horizontal" aria-label="Configuration menu" %}** on the top right of the page, and select **{% octicon "trash" aria-hidden="true" %} Delete configuration**. Once you have read the warning about alerts, to confirm the deletion, click the **Delete** button. -**Note:** You can only use the {% data variables.code-scanning.tool_status_page %} to remove configurations for the default branch of a repository. For information about removing configurations from non-default branches, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#removing-stale-configurations-and-alerts-from-a-branch)." - -{% endnote %} +> [!NOTE] +> You can only use the {% data variables.code-scanning.tool_status_page %} to remove configurations for the default branch of a repository. For information about removing configurations from non-default branches, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#removing-stale-configurations-and-alerts-from-a-branch)." ## Debugging using the {% data variables.code-scanning.tool_status_page %} @@ -116,10 +110,7 @@ For integrated tools such as {% data variables.product.prodname_codeql %}, you c * If the language has a low scanned percentage, you may wish to investigate diagnostic output produced by {% data variables.product.prodname_codeql %} for that language: for more information see "[AUTOTITLE](/code-security/code-scanning/troubleshooting-code-scanning/codeql-scanned-fewer-lines-than-expected)." * If the language has a scanned percentage of zero, you may have source code in your repository written in languages supported by {% data variables.product.prodname_codeql %} but not currently being analyzed with {% data variables.product.prodname_codeql %}. In this case, you may wish to update your setup to start analyzing these additional languages. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed)." -{% note %} - -**Note:** If you have set up {% data variables.product.prodname_codeql %} using advanced setup and then set up default setup on the same repository, the {% data variables.code-scanning.tool_status_page %} will only show default setup. - -{% endnote %} +> [!NOTE] +> If you have set up {% data variables.product.prodname_codeql %} using advanced setup and then set up default setup on the same repository, the {% data variables.code-scanning.tool_status_page %} will only show default setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/troubleshooting-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads)." diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md index e2aff3c30c21..24e21229890c 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md @@ -22,13 +22,10 @@ Consider configuring {% data variables.actions.hosted_runners %} for default set * Your scans with standard {% data variables.product.prodname_dotcom %}-hosted runners are returning memory or disk errors. * You want to customize aspects of your {% data variables.product.prodname_code_scanning %} runner like the runner size, runner image, and job concurrency without using self-hosted runners. -{% warning %} - -**Warning:** Currently, Swift analysis is not available on {% data variables.actions.hosted_runners %} for default setup. Additionally, if your repository has access to a runner with the `code-scanning` label, such as a {% data variables.actions.hosted_runner %} provisioned for default setup, default setup workflows will _only_ use runners labeled `code-scanning`. If you would like to configure default setup on {% data variables.actions.hosted_runners %} _and_ analyze Swift, you have two options: - * Provision a self-hosted macOS runner with the `code-scanning` label in addition to your {% data variables.actions.hosted_runner %}. For more information, see {% ifversion ghec %}"[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance)."{% else %}"[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)."{% endif %} - * Ensure any repositories containing Swift _do not_ have access to runners with the label `code-scanning`. Default setup workflows for that repository will only use standard runners. - -{% endwarning %} +> [!WARNING] +> Currently, Swift analysis is not available on {% data variables.actions.hosted_runners %} for default setup. Additionally, if your repository has access to a runner with the `code-scanning` label, such as a {% data variables.actions.hosted_runner %} provisioned for default setup, default setup workflows will _only_ use runners labeled `code-scanning`. If you would like to configure default setup on {% data variables.actions.hosted_runners %} _and_ analyze Swift, you have two options: +> * Provision a self-hosted macOS runner with the `code-scanning` label in addition to your {% data variables.actions.hosted_runner %}. For more information, see {% ifversion ghec %}"[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance)."{% else %}"[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)."{% endif %} +> * Ensure any repositories containing Swift _do not_ have access to runners with the label `code-scanning`. Default setup workflows for that repository will only use standard runners. {% ifversion ghec %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md index 9a329863c5e0..bc9a11df53d9 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md @@ -14,15 +14,10 @@ topics: ## About using rulesets for {% data variables.product.prodname_code_scanning %} merge protection -{% note %} - -**Notes:** - -* This feature is currently in {% data variables.release-phases.public_preview %} and subject to change. -* Merge protection with rulesets is not related to status checks. For more information about status checks, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks)." -* Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup. - -{% endnote %} +> [!NOTE] +> * This feature is currently in {% data variables.release-phases.public_preview %} and subject to change. +> * Merge protection with rulesets is not related to status checks. For more information about status checks, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks)." +> * Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup. You can use rulesets to prevent pull requests from being merged when one of the following conditions is met: diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md index 687fab820ab0..58d431f731da 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md @@ -58,11 +58,8 @@ After configuring {% data variables.product.prodname_code_scanning %} for your r 1. Click the entry for the {% data variables.product.prodname_code_scanning %} workflow. - {% note %} - - **Note:** If you are looking for the {% data variables.product.prodname_codeql %} workflow run triggered by enabling default setup, the text of the entry is "{% data variables.product.prodname_codeql %}." - - {% endnote %} + > [!NOTE] + > If you are looking for the {% data variables.product.prodname_codeql %} workflow run triggered by enabling default setup, the text of the entry is "{% data variables.product.prodname_codeql %}." 1. Click the job name on the left. For example, **Analyze (LANGUAGE)**. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md b/content/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md index 1ffeffeada5f..3ac61d92733f 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md +++ b/content/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md @@ -35,7 +35,7 @@ Generate end-user query help from .qhelp files. ### Primary Options -#### `...` +#### `...` \[Mandatory] Query help files to render. Each argument is one of: diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md index 2a59ef1fa5b3..26085d6c3a98 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md +++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md @@ -47,17 +47,14 @@ You can analyze a database by running the following command: codeql database analyze --format= --output= ... ``` -{% note %} - -**Note:** If you analyze more than one {% data variables.product.prodname_codeql %} database for a single commit, you must specify a SARIF category for each set of results generated by this command. When you upload the results to {% data variables.product.product_name %}, {% data variables.product.prodname_code_scanning %} uses this category to store the results for each language separately. If you forget to do this, each upload overwrites the previous results. - -```shell -codeql database analyze --format= \ - --sarif-category= --output= \ - -``` - -{% endnote %} +> [!NOTE] +> If you analyze more than one {% data variables.product.prodname_codeql %} database for a single commit, you must specify a SARIF category for each set of results generated by this command. When you upload the results to {% data variables.product.product_name %}, {% data variables.product.prodname_code_scanning %} uses this category to store the results for each language separately. If you forget to do this, each upload overwrites the previous results. +> +> ```shell +> codeql database analyze --format= \ +> --sarif-category= --output= \ +> +> ``` You must specify ``, `--format`, and `--output`. You can specify additional options depending on what analysis you want to do. @@ -168,17 +165,8 @@ You can run all the queries located in a directory by providing the directory path, rather than listing all the individual query files. Paths are searched recursively, so any queries contained in subfolders will also be executed. -{% note %} - -**Important** - -You should avoid specifying the root of a core {% data variables.product.prodname_codeql %} query pack when executing `database analyze` -as it might contain some special queries that aren’t designed to be used with -the command. Rather, run the query pack to include the -pack’s default queries in the analysis, or run one of the -code scanning query suites. - -{% endnote %} +> [!IMPORTANT] +> You should avoid specifying the root of a core {% data variables.product.prodname_codeql %} query pack when executing `database analyze` as it might contain some special queries that aren’t designed to be used with the command. Rather, run the query pack to include the pack’s default queries in the analysis, or run one of the code scanning query suites. For example, to execute all Python queries contained in the `Functions` directory in the `codeql/python-queries` query pack you would run: diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md index e04a64042e28..94e8d1d8098a 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md +++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md @@ -58,13 +58,10 @@ Before you can use a {% data variables.product.prodname_codeql %} query pack to | | {% octicon "check" aria-label="Required" %} | Specify the scope and name of one or more {% data variables.product.prodname_codeql %} query packs to download using a comma-separated list. Optionally, include the version to download and unzip. By default the latest version of this pack is downloaded. Optionally, include a path to a query, directory, or query suite to run. If no path is included, then run the default queries of this pack. | | --github-auth-stdin | {% octicon "x" aria-label="Optional" %} | Pass the CLI the {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} created for authentication with {% data variables.product.company_short %}'s REST API from your secret store via standard input. This is not needed if the command has access to a `GITHUB_TOKEN` environment variable set with this token. -{% note %} - -**Note:** If you specify a particular version of a query pack to use, be aware that the version you specify may eventually become too old for the latest version of {% data variables.product.prodname_codeql %} to make efficient use of. To ensure optimal performance, if you need to specify exact query pack versions, you should reevaluate which versions you pin to whenever you upgrade the {% data variables.product.prodname_codeql_cli %} you're using. - -For more information about pack compatibility, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility)." - -{% endnote %} +> [!NOTE] +> If you specify a particular version of a query pack to use, be aware that the version you specify may eventually become too old for the latest version of {% data variables.product.prodname_codeql %} to make efficient use of. To ensure optimal performance, if you need to specify exact query pack versions, you should reevaluate which versions you pin to whenever you upgrade the {% data variables.product.prodname_codeql_cli %} you're using. +> +> For more information about pack compatibility, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility)." ### Basic example of downloading and using query packs @@ -148,21 +145,14 @@ pack. * `suites/my-suite.qls` - All queries in the `suites/my-suite.qls` file relative to the current working directory. -{% note %} - -**Tip** - -The default query suite of the standard {% data variables.product.prodname_codeql %} query packs are `codeql-suites/-code-scanning.qls`. Several other useful query suites can also be found in the `codeql-suites` directory of each pack. For example, the `codeql/cpp-queries` pack contains the following query suites: - -* `cpp-code-scanning.qls` - Standard Code Scanning queries for C++. The default query suite for this pack. - -* `cpp-security-extended.qls` - Queries from the default `cpp-code-scanning.qls` suite for C++, plus lower severity and precision queries. - -* `cpp-security-and-quality.qls` - Queries from `cpp-security-extended.qls`, plus maintainability and reliability queries. - -You can see the sources for these query suites in the [{% data variables.product.prodname_codeql %} repository](https://github.com/github/codeql/tree/main/cpp/ql/src/codeql-suites). Query suites for other languages are similar. - -{% endnote %} +> [!TIP] +> The default query suite of the standard {% data variables.product.prodname_codeql %} query packs are `codeql-suites/-code-scanning.qls`. Several other useful query suites can also be found in the `codeql-suites` directory of each pack. For example, the `codeql/cpp-queries` pack contains the following query suites: +> +> * `cpp-code-scanning.qls` - Standard Code Scanning queries for C++. The default query suite for this pack. +> * `cpp-security-extended.qls` - Queries from the default `cpp-code-scanning.qls` suite for C++, plus lower severity and precision queries. +> * `cpp-security-and-quality.qls` - Queries from `cpp-security-extended.qls`, plus maintainability and reliability queries. +> +> You can see the sources for these query suites in the [{% data variables.product.prodname_codeql %} repository](https://github.com/github/codeql/tree/main/cpp/ql/src/codeql-suites). Query suites for other languages are similar. {% ifversion codeql-model-packs %} diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md index 210a964aebf5..9bc43e0f01fd 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md +++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md @@ -149,11 +149,8 @@ When the database is successfully created, you’ll find a new directory at the The {% data variables.product.prodname_codeql_cli %} includes extractors to create databases for non-compiled languages—specifically, JavaScript (and TypeScript), Python, and Ruby. These extractors are automatically invoked when you specify JavaScript, Python, or Ruby as the `--language` option when executing `database create`. When creating databases for these languages you must ensure that all additional dependencies are available. -{% note %} - -**Note:** When you run `database create` for JavaScript, TypeScript, Python, and Ruby, you should not specify a `--command` option. Otherwise this overrides the normal extractor invocation, which will create an empty database. If you create databases for multiple languages and one of them is a compiled language, use the `--no-run-unnecessary-builds` option to skip the command for the languages that don’t need to be compiled. - -{% endnote %} +> [!NOTE] +> When you run `database create` for JavaScript, TypeScript, Python, and Ruby, you should not specify a `--command` option. Otherwise this overrides the normal extractor invocation, which will create an empty database. If you create databases for multiple languages and one of them is a compiled language, use the `--no-run-unnecessary-builds` option to skip the command for the languages that don’t need to be compiled. ### JavaScript and TypeScript @@ -216,24 +213,16 @@ codeql database create --language=cpp /cpp-database If a codebase uses a standard build system, relying on an autobuilder is often the simplest way to create a database. For sources that require non-standard build steps, you may need to explicitly define each step in the command line. -{% note %} - -**Notes:** - -* If you are building a Go database, install the Go toolchain (version 1.11 or later) and, if there are dependencies, the appropriate dependency manager (such as [dep](https://golang.github.io/dep/)). -* The Go autobuilder attempts to automatically detect code written in Go in a repository, and only runs build scripts in an attempt to fetch dependencies. To force {% data variables.product.prodname_codeql %} to limit extraction to the files compiled by your build script, set the environment variable `CODEQL_EXTRACTOR_GO_BUILD_TRACING=on` or use the `--command` option to specify a build command. - -{% endnote %} +> [!NOTE] +> * If you are building a Go database, install the Go toolchain (version 1.11 or later) and, if there are dependencies, the appropriate dependency manager (such as [dep](https://golang.github.io/dep/)). +> * The Go autobuilder attempts to automatically detect code written in Go in a repository, and only runs build scripts in an attempt to fetch dependencies. To force {% data variables.product.prodname_codeql %} to limit extraction to the files compiled by your build script, set the environment variable `CODEQL_EXTRACTOR_GO_BUILD_TRACING=on` or use the `--command` option to specify a build command. ### Specifying build commands The following examples are designed to give you an idea of some of the build commands that you can specify for compiled languages. -{% note %} - -**Note:** The `--command` option accepts a single argument—if you need to use more than one command, specify `--command` multiple times. If you need to pass subcommands and options, the whole argument needs to be quoted to be interpreted correctly. - -{% endnote %} +> [!NOTE] +> The `--command` option accepts a single argument—if you need to use more than one command, specify `--command` multiple times. If you need to pass subcommands and options, the whole argument needs to be quoted to be interpreted correctly. * C/C++ project built using `make`: @@ -362,11 +351,8 @@ You must specify: You may specify other options for the `codeql database init` command as normal. -{% note %} - -**Note:** If the build runs on Windows, you must set either `--trace-process-level ` or `--trace-process-name ` so that the option points to a parent CI process that will observe all build steps for the code being analyzed. - -{% endnote %} +> [!NOTE] +> If the build runs on Windows, you must set either `--trace-process-level ` or `--trace-process-name ` so that the option points to a parent CI process that will observe all build steps for the code being analyzed. The `codeql database init` command will output a message: @@ -387,11 +373,8 @@ Once you have created a {% data variables.product.prodname_codeql %} database us ### Example of creating a {% data variables.product.prodname_codeql %} database using indirect build tracing -{% note %} - -**Note:** If you use Azure DevOps pipelines, the simplest way to create a {% data variables.product.prodname_codeql %} database is to use {% data variables.product.prodname_ghas_azdo %}. For documentation, see [Configure {% data variables.product.prodname_ghas_azdo %}](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features) in Microsoft Learn. - -{% endnote %} +> [!NOTE] +> If you use Azure DevOps pipelines, the simplest way to create a {% data variables.product.prodname_codeql %} database is to use {% data variables.product.prodname_ghas_azdo %}. For documentation, see [Configure {% data variables.product.prodname_ghas_azdo %}](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features) in Microsoft Learn. The following example shows how you could use indirect build tracing in an Azure DevOps pipeline to create a {% data variables.product.prodname_codeql %} database: diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md index 2d3bb67f517f..82585e7feeed 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md +++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md @@ -35,11 +35,8 @@ If you are setting up the {% data variables.product.prodname_codeql_cli %} in yo If you are using macOS on Apple Silicon (for example, Apple M1), ensure that the [Xcode command-line developer tools](https://developer.apple.com/downloads/index.action) and [Rosetta 2](https://support.apple.com/en-us/HT211861) are installed. -{% note %} - -**Note:** The {% data variables.product.prodname_codeql_cli %} is currently not compatible with non-glibc Linux distributions such as (muslc-based) Alpine Linux. - -{% endnote %} +> [!NOTE] +> The {% data variables.product.prodname_codeql_cli %} is currently not compatible with non-glibc Linux distributions such as (muslc-based) Alpine Linux. ### 1. Download the {% data variables.product.prodname_codeql_cli %} tar archive @@ -53,12 +50,8 @@ Extract the {% data variables.product.prodname_codeql_cli %} tar archive to a di {% data reusables.codeql-cli.launch-codeql %} -{% note %} - -**Note:** If you add `codeql` to your `PATH`, it can be accessed by {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} to compile and run queries. - For more information about configuring {% data variables.product.prodname_vscode_shortname %} to access the {% data variables.product.prodname_codeql_cli %}, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli)." - - {% endnote %} +> [!NOTE] +> If you add `codeql` to your `PATH`, it can be accessed by {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} to compile and run queries. For more information about configuring {% data variables.product.prodname_vscode_shortname %} to access the {% data variables.product.prodname_codeql_cli %}, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli)." ## Testing the {% data variables.product.prodname_codeql_cli %} configuration diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md index e469b5636f48..2fc0ad7400cb 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md +++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md @@ -76,11 +76,8 @@ codeql github upload-results \ For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/github-upload-results)." -{% note %} - -**Note:** If you analyzed more than one {% data variables.product.prodname_codeql %} database for a single commit, you must have specified a SARIF category for each set of results generated by this command. When you upload the results to {% data variables.product.product_name %}, {% data variables.product.prodname_code_scanning %} uses this category to store the results for each language separately. If you forget to do this, each upload overwrites the previous results. For more information, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#running-codeql-database-analyze)." - -{% endnote %} +> [!NOTE] +> If you analyzed more than one {% data variables.product.prodname_codeql %} database for a single commit, you must have specified a SARIF category for each set of results generated by this command. When you upload the results to {% data variables.product.product_name %}, {% data variables.product.prodname_code_scanning %} uses this category to store the results for each language separately. If you forget to do this, each upload overwrites the previous results. For more information, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#running-codeql-database-analyze)." ### Basic example of uploading results to {% data variables.product.product_name %} diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md index 8f7815dd9e11..0a5341b0ec38 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md @@ -57,14 +57,11 @@ packs. Along with the queries themselves, {% data variables.product.prodname_cod that tells the {% data variables.product.prodname_codeql_cli %} how to process the query files. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs)." -{% note %} - -**Note:** There are different versions of the {% data variables.product.prodname_codeql %} queries available for different users. Check out the correct version for your use case: - -* For the queries that are intended to be used with the latest {% data variables.product.prodname_codeql_cli %} release, check out the branch tagged `codeql-cli/latest`. You should use this branch for databases you’ve built using the {% data variables.product.prodname_codeql_cli %} or recently downloaded from {% data variables.product.github %}. -* For the most up to date {% data variables.product.prodname_codeql %} queries, check out the `main` branch. This branch represents the very latest version of {% data variables.product.prodname_codeql %}’s analysis. - -{% endnote %} +> [!NOTE] +> There are different versions of the {% data variables.product.prodname_codeql %} queries available for different users. Check out the correct version for your use case: +> +> * For the queries that are intended to be used with the latest {% data variables.product.prodname_codeql_cli %} release, check out the branch tagged `codeql-cli/latest`. You should use this branch for databases you’ve built using the {% data variables.product.prodname_codeql_cli %} or recently downloaded from {% data variables.product.github %}. +> * For the most up to date {% data variables.product.prodname_codeql %} queries, check out the `main` branch. This branch represents the very latest version of {% data variables.product.prodname_codeql %}’s analysis. ### 4. Extract the {% data variables.product.prodname_codeql_cli %} tar archive diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md index 15efaa35d4dd..6e0c4512adc6 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md @@ -105,11 +105,8 @@ Once you've created a model pack, you can publish it in the same way as other {% ## Adding and installing dependencies on a {% data variables.product.prodname_codeql %} pack -{% note %} - -**Note:** This is only supported for {% data variables.product.prodname_codeql %} query and library packs. - -{% endnote %} +> [!NOTE] +> This is only supported for {% data variables.product.prodname_codeql %} query and library packs. You can add dependencies on {% data variables.product.prodname_codeql %} packs using the command `codeql pack add`. You must specify the scope, name, and (optionally) a compatible version range. @@ -129,15 +126,9 @@ codeql pack install This command downloads all dependencies to the shared cache on the local disk. -{% note %} - -**Notes:** - -* Running the `codeql pack add` and `codeql pack install` commands will generate or update the `codeql-pack.lock.yml` file. This file should be checked-in to version control. The `codeql-pack.lock.yml` file contains the precise version numbers used by the pack. For more information, see "[About codeql-pack.lock.yml files](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs##about-codeql-packlockyml-files)." - -* By default `codeql pack install` will install dependencies from the {% data variables.product.prodname_container_registry %} on {% data variables.product.prodname_dotcom_the_website %}. You can install dependencies from a {% data variables.product.prodname_ghe_server %} {% data variables.product.prodname_container_registry %} by creating a `qlconfig.yml` file. For more information, see "[AUTOTITLE](/enterprise-server@latest/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs)" in the {% data variables.product.prodname_ghe_server %} documentation. - -{% endnote %} +> [!NOTE] +> * Running the `codeql pack add` and `codeql pack install` commands will generate or update the `codeql-pack.lock.yml` file. This file should be checked-in to version control. The `codeql-pack.lock.yml` file contains the precise version numbers used by the pack. For more information, see "[About codeql-pack.lock.yml files](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs##about-codeql-packlockyml-files)." +> * By default `codeql pack install` will install dependencies from the {% data variables.product.prodname_container_registry %} on {% data variables.product.prodname_dotcom_the_website %}. You can install dependencies from a {% data variables.product.prodname_ghe_server %} {% data variables.product.prodname_container_registry %} by creating a `qlconfig.yml` file. For more information, see "[AUTOTITLE](/enterprise-server@latest/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs)" in the {% data variables.product.prodname_ghe_server %} documentation. ## Customizing a downloaded {% data variables.product.prodname_codeql %} pack diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md index bd08c63abd90..ce014c9c4f2f 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md @@ -29,11 +29,8 @@ mapping with (usually) a single key. The instructions are executed in the order they appear in the query suite definition. After all the instructions in the suite definition have been executed, the result is a set of selected queries. -{% note %} - -**Note:** Any custom queries that you want to add to a query suite must be in a "[{% data variables.product.prodname_codeql %} pack](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs)" and contain the correct query metadata. For more information, see "[Using custom queries with the {% data variables.product.prodname_codeql_cli %}](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli)." - -{% endnote %} +> [!NOTE] +> Any custom queries that you want to add to a query suite must be in a "[{% data variables.product.prodname_codeql %} pack](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs)" and contain the correct query metadata. For more information, see "[Using custom queries with the {% data variables.product.prodname_codeql_cli %}](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli)." ## Locating queries to add to a query suite @@ -85,11 +82,8 @@ named {% data variables.product.prodname_codeql %} pack: The `version` field is optional and specifies a range of compatible versions of this {% data variables.product.prodname_codeql %} pack. If you don’t specify a version, then the most recent version of the pack is used. -{% note %} - -**Note:** When pathnames appear in query suite definitions, they must always be given with a forward slash, `/`, as a directory separator. This ensures that query suite definitions work on all operating systems. - -{% endnote %} +> [!NOTE] +> When pathnames appear in query suite definitions, they must always be given with a forward slash, `/`, as a directory separator. This ensures that query suite definitions work on all operating systems. You must add at least one `query`, `queries`, or `qlpack` instruction to your suite definition, otherwise no queries will be selected. If the suite @@ -244,12 +238,8 @@ use: - very-high ``` - -{% note %} - -**Note:** You can use the `codeql resolve queries /path/to/suite.qls` command to see which queries are selected by a query suite definition. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/resolve-queries)." - -{% endnote %} +> [!NOTE] +> You can use the `codeql resolve queries /path/to/suite.qls` command to see which queries are selected by a query suite definition. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/resolve-queries)." ## Reusing existing query suite definitions diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md index 603f6c307b5e..f6af538ec9c5 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md @@ -115,11 +115,8 @@ codeql pack publish The published package will be displayed in the packages section of {% data variables.product.prodname_dotcom %} organization specified by the scope in the `qlpack.yml` file. -{% note %} - -**Note:** If you're publishing model packs to the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %} in order to extend coverage to all repositories in an organization as part of a default setup configuration, then you need to ensure that repositories running code scanning can access those model packs. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup)" and "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." - -{% endnote %} +> [!NOTE] +> If you're publishing model packs to the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %} in order to extend coverage to all repositories in an organization as part of a default setup configuration, then you need to ensure that repositories running code scanning can access those model packs. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup)" and "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." ## Running `codeql pack download /` @@ -164,11 +161,8 @@ The `analyze` command will run the default suite of any specified {% data variab codeql analyze / / ``` -{% note %} - -**Note:** The `codeql pack download` command stores the pack it downloads in an internal location that is not intended for local modification. Unexpected (and hard to troubleshoot) behavior may result if the pack is modified after downloading. For more information about customizing packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs)." - -{% endnote %} +> [!NOTE] +> The `codeql pack download` command stores the pack it downloads in an internal location that is not intended for local modification. Unexpected (and hard to troubleshoot) behavior may result if the pack is modified after downloading. For more information about customizing packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs)." ## About {% data variables.product.prodname_codeql %} pack compatibility diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md index 31242212dbd0..4621e36debe9 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md @@ -41,14 +41,10 @@ To apply the same options to more than one command you can: * Omit the ``, which will specify the option for every `` to which it’s relevant. * Omit both `` and ``, which will globally specify the option for every `` and `` to which it’s relevant. -{% note %} - -**Notes:** -* `config` files only accept spaces between option flags and values—{% data variables.product.prodname_codeql %} will throw an error if you use `=` to specify an option value. -* If you specify an option in the command line, this overrides the `config` value defined for that option. -* If you want to specify more than one option for a ``, `` or globally, use one line per option. - -{% endnote %} +> [!NOTE] +> * `config` files only accept spaces between option flags and values—{% data variables.product.prodname_codeql %} will throw an error if you use `=` to specify an option value. +> * If you specify an option in the command line, this overrides the `config` value defined for that option. +> * If you want to specify more than one option for a ``, `` or globally, use one line per option. ### Examples diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md index 7fdf7e405260..df278e4784f5 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md @@ -75,17 +75,12 @@ the example code, by creating a file with the extension `.expected`. Alternative For an example showing how to create and test a query, see the [example](#example) below. -{% note %} - -**Note:** Your `.ql`, `.qlref`, and `.expected` files must have consistent names: - -* If you want to directly specify the `.ql` file itself in the test command, it must have the same base name as the corresponding `.expected` file. For example, if the query is `MyJavaQuery.ql`, the expected results file must be `MyJavaQuery.expected`. - -* If you want to specify a `.qlref` file in the command, it must have the same base name as the corresponding `.expected` file, but the query itself may have a different name. - -* The names of the example code files don’t have to be consistent with the other test files. All example code files found next to the `.qlref` (or `.ql`) file and in any subdirectories will be used to create a test database. Therefore, for simplicity, we recommend you don’t save test files in directories that are ancestors of each other. - -{% endnote %} +> [!NOTE] +> Your `.ql`, `.qlref`, and `.expected` files must have consistent names: +> +> * If you want to directly specify the `.ql` file itself in the test command, it must have the same base name as the corresponding `.expected` file. For example, if the query is `MyJavaQuery.ql`, the expected results file must be `MyJavaQuery.expected`. +> * If you want to specify a `.qlref` file in the command, it must have the same base name as the corresponding `.expected` file, but the query itself may have a different name. +> * The names of the example code files don’t have to be consistent with the other test files. All example code files found next to the `.qlref` (or `.ql`) file and in any subdirectories will be used to create a test database. Therefore, for simplicity, we recommend you don’t save test files in directories that are ancestors of each other. ## Running `codeql test run` diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md index 19eb92c9be38..8f47129b6a9c 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md @@ -43,11 +43,8 @@ When running queries with the `database analyze` command, you must include the f For more information about these metadata properties, see "[Metadata for {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/#metadata-for-codeql-queries)" and the [Query metadata style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md). -{% note %} - -**Note:** Metadata requirements may differ if you want to use your query with other applications. For more information, see "[Metadata for {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/#metadata-for-codeql-queries)." - -{% endnote %} +> [!NOTE] +> Metadata requirements may differ if you want to use your query with other applications. For more information, see "[Metadata for {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/#metadata-for-codeql-queries)." ## Packaging custom QL queries diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md index 6ce09671d74e..95edce9d633a 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md +++ b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md @@ -31,11 +31,8 @@ You can check if a repository has any {% data variables.product.prodname_codeql 1. Once you've chosen a database, it will be displayed in the "Databases" view. To see the menu options for interacting with a database, right-click an entry in the list. You can select multiple databases at once. -{% note %} - -**Note:** You can also analyze test databases. Test databases (folders with a `.testproj` extension) are generated when you run regression tests on custom queries using the {% data variables.product.prodname_codeql_cli %}. If a query fails a regression test, you may want to import the test database into {% data variables.product.prodname_vscode %} to debug the failure. For more information about running query tests, see "[AUTOTITLE](/code-security/codeql-cli/using-the-codeql-cli/testing-custom-queries)." - -{% endnote %} +> [!NOTE] +> You can also analyze test databases. Test databases (folders with a `.testproj` extension) are generated when you run regression tests on custom queries using the {% data variables.product.prodname_codeql_cli %}. If a query fails a regression test, you may want to import the test database into {% data variables.product.prodname_vscode %} to debug the failure. For more information about running query tests, see "[AUTOTITLE](/code-security/codeql-cli/using-the-codeql-cli/testing-custom-queries)." ## Filtering databases and queries by language diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md index e994da9ffc0c..5a79a1ae0558 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md +++ b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md @@ -124,11 +124,8 @@ You can export your results for further analysis or to discuss them with collabo ## Creating a custom list of repositories -{% note %} - -**Note:** {% data variables.product.prodname_codeql %} analysis always requires a {% data variables.product.prodname_codeql %} database to run queries against. When you run variant analysis against a list of repositories, your query will only be executed against the repositories that currently have a {% data variables.product.prodname_codeql %} database available to download. The best way to make a repository available for variant analysis is to enable {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_codeql %} analysis always requires a {% data variables.product.prodname_codeql %} database to run queries against. When you run variant analysis against a list of repositories, your query will only be executed against the repositories that currently have a {% data variables.product.prodname_codeql %} database available to download. The best way to make a repository available for variant analysis is to enable {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)." 1. In the "Variant Analysis Repositories" view, click the "Add list" icon. @@ -161,11 +158,8 @@ You can then insert the `new-repo-list` of repositories into `databases.json`for ### Using {% data variables.product.github %} code search to add repositories to a custom list -{% note %} - -**Note:** This feature uses the legacy code search via the {% data variables.product.github %} code search API. For more information on the syntax to use, see "[AUTOTITLE](/search-github/searching-on-github/searching-code)." - -{% endnote %} +> [!NOTE] +> This feature uses the legacy code search via the {% data variables.product.github %} code search API. For more information on the syntax to use, see "[AUTOTITLE](/search-github/searching-on-github/searching-code)." You can use code search directly in the {% data variables.product.prodname_codeql %} extension to add a subset of repositories from {% data variables.product.github %} to a custom list. @@ -175,7 +169,7 @@ You can add a maximum of 1,000 repositories to a custom list per search. 1. In the "Variant Analysis Repositories" view, choose the list that you want to add repositories to. You can create a new list or choose an existing list that already contains repositories. -1. Right-click on the list you have chosen and then click **Add repositories with {% data variables.product.prodname_dotcom%} code search**. +1. Right-click on the list you have chosen and then click **Add repositories with {% data variables.product.prodname_dotcom %} code search**. 1. In the pop-up that appears at the top of the application, under the search bar, select a language for your search from the choices in the dropdown. diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md index f2641ced6894..cd4a13e99be6 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md +++ b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md @@ -112,11 +112,8 @@ The "Query History" view contains information including the date and time when t 1. Click a query in the "Query History" view to display its results in the "Results" view. - {% note %} - - **Note:** Depending on the query, you can also choose different views such as CSV, [AUTOTITLE](/code-security/codeql-cli/codeql-cli-reference/sarif-output), or [DIL format](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#dil). For example, to view the DIL format, right-click a result and select **View DIL**. The available output views are determined by the format and the metadata of the query. For more information, see "[{% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/#codeql-queries)." - - {% endnote %} + > [!NOTE] + > Depending on the query, you can also choose different views such as CSV, [AUTOTITLE](/code-security/codeql-cli/codeql-cli-reference/sarif-output), or [DIL format](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#dil). For example, to view the DIL format, right-click a result and select **View DIL**. The available output views are determined by the format and the metadata of the query. For more information, see "[{% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/#codeql-queries)." 1. Use the dropdown menu in the "Results" view to choose which results to display, and in what form to display them, such as a formatted alert message or a table of raw results. @@ -126,12 +123,8 @@ If a result links to a source code element, you can click it to display it in th To use standard code navigation features in the source code, you can right-click an element and use the commands **Go to Definition** or **Go to References**. This runs a {% data variables.product.prodname_codeql %} query over the active file, which may take a few seconds. This query needs to run once for every file, so any additional references from the same file will be fast. -{% note %} - -**Note:** If you're using an older database, code navigation commands such as **Go to Definition** and **Go to References** may not work. -To use code navigation, try unzipping the database and running `codeql database cleanup ` on the unzipped database using the {% data variables.product.prodname_codeql_cli %}. Then, re-add the database to {% data variables.product.prodname_vscode %}. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/database-cleanup)." - -{% endnote %} +> [!NOTE] +> If you're using an older database, code navigation commands such as **Go to Definition** and **Go to References** may not work. To use code navigation, try unzipping the database and running `codeql database cleanup ` on the unzipped database using the {% data variables.product.prodname_codeql_cli %}. Then, re-add the database to {% data variables.product.prodname_vscode %}. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/database-cleanup)." ### Comparing query results diff --git a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md b/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md index 650398b07556..a7e3b237789d 100644 --- a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md +++ b/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md @@ -28,11 +28,8 @@ You can access the following logs: * {% data variables.product.prodname_codeql %} Tests -{% note %} - -**Note:** The {% data variables.product.prodname_codeql %} Language Server log contains more advanced debug logs for {% data variables.product.prodname_codeql %} language maintainers. You should only need these to provide details in a bug report. - -{% endnote %} +> [!NOTE] +> The {% data variables.product.prodname_codeql %} Language Server log contains more advanced debug logs for {% data variables.product.prodname_codeql %} language maintainers. You should only need these to provide details in a bug report. ## Accessing logs diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md index ca43157d463c..2e98e89aba77 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md @@ -20,15 +20,9 @@ If you already have the {% data variables.product.prodname_codeql_cli %} install Otherwise, the extension automatically manages access to the executable of the {% data variables.product.prodname_codeql_cli %} for you. This ensures that the {% data variables.product.prodname_codeql_cli %} is compatible with the {% data variables.product.prodname_codeql %} extension. You can also check for updates with the **{% data variables.product.prodname_codeql %}: Check for CLI Updates** command from the {% data variables.product.prodname_vscode_command_palette_shortname %}. -{% note %} - -**Notes:** - -* The extension-managed {% data variables.product.prodname_codeql_cli %} is not accessible from the terminal. If you intend to use the CLI outside of the extension (for example to create databases), we recommend that you install your own copy of the {% data variables.product.prodname_codeql_cli %}." - -* To override the default behavior and use a specific version of the {% data variables.product.prodname_codeql_cli %}, you can specify the {% data variables.product.prodname_codeql_cli %} **Executable Path** in the extension settings. For more information, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings)." - -{% endnote %} +> [!NOTE] +> * The extension-managed {% data variables.product.prodname_codeql_cli %} is not accessible from the terminal. If you intend to use the CLI outside of the extension (for example to create databases), we recommend that you install your own copy of the {% data variables.product.prodname_codeql_cli %}." +> * To override the default behavior and use a specific version of the {% data variables.product.prodname_codeql_cli %}, you can specify the {% data variables.product.prodname_codeql_cli %} **Executable Path** in the extension settings. For more information, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings)." ## Troubleshooting diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md index 1823882d6982..ce16f8b48352 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md @@ -15,11 +15,8 @@ intro: 'You can work from a template to write your own code to create a custom q ## About custom queries -{% note %} - -**Note:** Creating a custom query is optional, and the [`github/codeql`](https://github.com/github/codeql) repository contains a large number of example queries you can use instead. - -{% endnote %} +> [!NOTE] +> Creating a custom query is optional, and the [`github/codeql`](https://github.com/github/codeql) repository contains a large number of example queries you can use instead. You create a new query file from a template for a given language, which imports the standard libraries for analyzing that language. For more information, see "[About {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/)" in the {% data variables.product.prodname_codeql %} documentation. diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md index 464796a07817..dd25c8a94fbd 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md @@ -23,11 +23,8 @@ The abstract syntax tree (AST) of a program represents the program's syntactic s ## Viewing the abstract syntax tree of a source file -{% note %} - -**Note:** If you don't have an appropriate query (usually `printAST.ql`) in your workspace, the **{% data variables.product.prodname_codeql %}: View AST** command in the following steps won't work. To fix this, you can update your copy of the [`github/codeql`](https://github.com/github/codeql) repository from the `main` branch. If you do this, query caches may be discarded, so your next query runs may be slower. - -{% endnote %} +> [!NOTE] +> If you don't have an appropriate query (usually `printAST.ql`) in your workspace, the **{% data variables.product.prodname_codeql %}: View AST** command in the following steps won't work. To fix this, you can update your copy of the [`github/codeql`](https://github.com/github/codeql) repository from the `main` branch. If you do this, query caches may be discarded, so your next query runs may be slower. 1. Open the "Databases" view in the extension, and right-click the database that you want to explore. Click **Add Database Source to Workspace**. diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md index f7b856a9a5c7..4698cf181ed7 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md @@ -26,11 +26,8 @@ There are several different ways to give the extension access to the standard li ### Option 1: Using the starter workspace (recommended) -{% note %} - -**Note:** The {% data variables.product.prodname_codeql %} repository is included as a submodule in the starter workspace. You should use `git submodule update --remote` regularly to keep the submodules up to date, and ensure that they remain compatible with newer versions of the {% data variables.product.prodname_vscode_shortname %} extension and the {% data variables.product.prodname_codeql_cli %}. - -{% endnote %} +> [!NOTE] +> The {% data variables.product.prodname_codeql %} repository is included as a submodule in the starter workspace. You should use `git submodule update --remote` regularly to keep the submodules up to date, and ensure that they remain compatible with newer versions of the {% data variables.product.prodname_vscode_shortname %} extension and the {% data variables.product.prodname_codeql_cli %}. 1. Clone the [vscode-codeql-starter repository](https://github.com/github/vscode-codeql-starter/) to your computer. Make sure you include the submodules, either by using `git clone --recursive`, or by using `git submodule update --init --remote` after cloning. @@ -56,10 +53,7 @@ There are several different ways to give the extension access to the standard li ### Option 3: Open the directory containing the extracted {% data variables.product.prodname_codeql_cli %} archive -{% note %} - -**Note:** For this option, you need to set up the {% data variables.product.prodname_codeql_cli %}. For more information, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli)." - -{% endnote %} +> [!NOTE] +> For this option, you need to set up the {% data variables.product.prodname_codeql_cli %}. For more information, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli)." In {% data variables.product.prodname_vscode_shortname %}, open the directory where you extracted the {% data variables.product.prodname_codeql_cli %} .zip archive to create a {% data variables.product.prodname_codeql %} directory (for example `codeql-home`). diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md index de9c49ab4162..ab718a75ee95 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md @@ -18,11 +18,8 @@ redirect_from: This data will not be shared with any parties outside of {% data variables.product.company_short %}. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days. -{% note %} - -**Note:** Telemetry collection is disabled by default in {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}. When telemetry collection is disabled, no data will be sent to {% data variables.product.company_short %} servers. - -{% endnote %} +> [!NOTE] +> Telemetry collection is disabled by default in {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}. When telemetry collection is disabled, no data will be sent to {% data variables.product.company_short %} servers. ## Why we collect data diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md index b995564e48d8..f58b14c6d063 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md @@ -33,11 +33,8 @@ The rest of this article covers the practical aspects of modelling dependencies ## Displaying the {% data variables.product.prodname_codeql %} model editor -{% note %} - -**Note:** To use this {% data variables.release-phases.public_preview %} functionality, install the latest version of the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %}. - -{% endnote %} +> [!NOTE] +> To use this {% data variables.release-phases.public_preview %} functionality, install the latest version of the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %}. 1. Open your {% data variables.product.prodname_codeql %} workspace in {% data variables.product.prodname_vscode_shortname %}. For example, the [`vscode-codeql-starter` workspace](https://github.com/github/vscode-codeql-starter). If you are using the starter workspace, update the `ql` submodule from `main` to ensure that you have the queries used to gather data for the model editor. @@ -51,11 +48,8 @@ The rest of this article covers the practical aspects of modelling dependencies 1. When the telemetry queries are complete, the APIs that have been identified are shown in the editor. -{% tip %} - -**Tip:** You can move the {% data variables.product.prodname_codeql %} "Method Modeling" view from the primary sidebar to the secondary sidebar, if you want more space while you are modeling calls or methods. If you close the view, you can reopen it from the "View" menu in {% data variables.product.prodname_vscode_shortname %} and clicking **Open View...**. - -{% endtip %} +> [!TIP] +> You can move the {% data variables.product.prodname_codeql %} "Method Modeling" view from the primary sidebar to the secondary sidebar, if you want more space while you are modeling calls or methods. If you close the view, you can reopen it from the "View" menu in {% data variables.product.prodname_vscode_shortname %} and clicking **Open View...**. ## Modeling the calls your codebase makes to external APIs diff --git a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md index 562dcf7418a1..44f9595ad89a 100644 --- a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md @@ -40,28 +40,20 @@ If your code depends on a package with a security vulnerability, this can cause * New advisory data is synchronized to {% data variables.product.prodname_dotcom %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} - {% note %} + > [!NOTE] + > Only advisories that have been reviewed by {% data variables.product.company_short %} will trigger {% data variables.product.prodname_dependabot_alerts %}. - **Note:** Only advisories that have been reviewed by {% data variables.product.company_short %} will trigger {% data variables.product.prodname_dependabot_alerts %}. - - {% endnote %} * The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on{% ifversion fpt or ghec %}, or when the code of one of the dependencies changes{% endif %}. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." -{% note %} - -**Note:** {% data variables.product.prodname_dependabot %} doesn't scan archived repositories. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot %} doesn't scan archived repositories. {% data reusables.repositories.dependency-review %} As {% data variables.product.prodname_dependabot_alerts %} rely on the dependency graph, the ecosystems that are supported by {% data variables.product.prodname_dependabot_alerts %} are the same as those supported by the dependency graph. For a list of these ecosystems, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems)." -{% note %} - -**Note:** It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for insecure dependencies that you use. You may also get alerts for dependencies that you no longer use. - -{% endnote %} +> [!NOTE] +> It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for insecure dependencies that you use. You may also get alerts for dependencies that you no longer use. {% data reusables.dependabot.dependabot-alert-actions-semver %} @@ -90,11 +82,8 @@ When {% data variables.product.product_name %} identifies a vulnerable dependenc {% endif %} -{% warning %} - -**Note**: {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities. We actively maintain {% data variables.product.prodname_advisory_database %} and generate alerts with the most up-to-date information. However, we cannot catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough dependency review when necessary. - -{% endwarning %} +> [!WARNING] +> {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities. We actively maintain {% data variables.product.prodname_advisory_database %} and generate alerts with the most up-to-date information. However, we cannot catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough dependency review when necessary. ## Access to {% data variables.product.prodname_dependabot_alerts %} diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index 9f125069548b..900d00e23330 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -120,11 +120,10 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% endif %} {% ifversion dependabot-alerts-enterprise-enablement %} -{% note %} -**Note:** When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}. +> [!NOTE] +> When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}. -{% endnote%} {% endif %} {% ifversion dependabot-alerts-enterprise-enablement or ghes %} diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index 7241dc58d455..12b8f7f4c8da 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -51,11 +51,8 @@ You can configure notification settings for yourself or your organization from t ![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %} ![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %} -{% note %} - -**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#dependabot-custom-filters)." - -{% endnote %} +> [!NOTE] +> You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#dependabot-custom-filters)." {% data reusables.repositories.security-alerts-x-github-severity %} For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#filtering-email-notifications)." diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index e864dedf923e..748454500455 100644 --- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -77,11 +77,8 @@ When {% data variables.product.prodname_dependabot %} tells you that your reposi For supported languages, {% data variables.product.prodname_dependabot %} automatically detects whether you use a vulnerable function and adds the label "Vulnerable call" to affected alerts. You can use this information in the {% data variables.product.prodname_dependabot_alerts %} view to triage and prioritize remediation work more effectively. -{% note %} - -**Note:** During the {% data variables.release-phases.public_preview %} release, this feature is available only for new Python advisories created _after_ April 14, 2022, and for a subset of historical Python advisories. {% data variables.product.prodname_dotcom %} is working to backfill data across additional historical Python advisories, which are added on a rolling basis. Vulnerable calls are highlighted only on the {% data variables.product.prodname_dependabot_alerts %} pages. - -{% endnote %} +> [!NOTE] +> During the {% data variables.release-phases.public_preview %} release, this feature is available only for new Python advisories created _after_ April 14, 2022, and for a subset of historical Python advisories. {% data variables.product.prodname_dotcom %} is working to backfill data across additional historical Python advisories, which are added on a rolling basis. Vulnerable calls are highlighted only on the {% data variables.product.prodname_dependabot_alerts %} pages. ![Screenshot showing an alert with the "Vulnerable call" label. The label is outlined in orange.](/assets/images/help/repository/dependabot-alerts-vulnerable-call-label.png) @@ -149,10 +146,8 @@ With a {% data variables.product.prodname_copilot_enterprise %} license, you can ## Dismissing {% data variables.product.prodname_dependabot_alerts %} -{% tip %} - -**Tip:** You can only dismiss open alerts. -{% endtip %} +> [!TIP] +> You can only dismiss open alerts. If you schedule extensive work to upgrade a dependency, or decide that an alert does not need to be fixed, you can dismiss the alert. Dismissing alerts that you have already assessed makes it easier to triage new alerts as they appear. diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md index f55973a75c59..21757959c265 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md @@ -30,11 +30,8 @@ Organization owners and security managers can set {% data variables.dependabot.c * **Enforced**: If an organization-level rule is "enforced", repository administrators cannot edit, disable, or delete the rule. * **Enabled**: If an organization-level rule is "enabled", repository administrators can still disable the rule for their repository. -{% note %} - -**Note:** In the event that an organization-level rule and a repository-level rule specify conflicting behaviors, the action set out by the organization-level rule takes precedence. Dismissal rules always act before rules which trigger {% data variables.product.prodname_dependabot %} pull requests. - -{% endnote %} +> [!NOTE] +> In the event that an organization-level rule and a repository-level rule specify conflicting behaviors, the action set out by the organization-level rule takes precedence. Dismissal rules always act before rules which trigger {% data variables.product.prodname_dependabot %} pull requests. You can create rules to target alerts using the following metadata: @@ -58,11 +55,8 @@ For more information about enabling or disabling {% data variables.product.prodn ## Adding {% data variables.dependabot.custom_rules %} to your repository -{% note %} - -**Note:** During the {% data variables.release-phases.public_preview %}, you can create up to 10 {% data variables.dependabot.custom_rules %} for a repository. - -{% endnote %} +> [!NOTE] +> During the {% data variables.release-phases.public_preview %}, you can create up to 10 {% data variables.dependabot.custom_rules %} for a repository. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} @@ -83,11 +77,8 @@ For more information about enabling or disabling {% data variables.product.prodn {% else %} -{% note %} - -**Note:** During the {% data variables.release-phases.public_preview %}, you can create up to 25 {% data variables.dependabot.custom_rules %} for your organization. - -{% endnote %} +> [!NOTE] +> During the {% data variables.release-phases.public_preview %}, you can create up to 25 {% data variables.dependabot.custom_rules %} for your organization. {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md index 32228694551f..eaf44bc12e5c 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md @@ -18,11 +18,8 @@ redirect_from: ## Managing automatically dismissed alerts -{% note %} - -**Note:** The {% data variables.product.prodname_dependabot_alerts %} page defaults to showing open alerts. To filter and view auto-dismissed alerts, you must first clear the `is:open` default filter from the view. - -{% endnote %} +> [!NOTE] +> The {% data variables.product.prodname_dependabot_alerts %} page defaults to showing open alerts. To filter and view auto-dismissed alerts, you must first clear the `is:open` default filter from the view. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md index 07ea451ee67e..8e46bc16d839 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md @@ -26,11 +26,8 @@ The `Dismiss low impact issues for development-scoped dependencies` rule is a {% * At worst, have limited effects like slow builds or long-running tests. * Are not indicative of issues in production. -{% note %} - -**Note:** Automatic dismissal of low impact development alerts is currently only supported for npm. - -{% endnote %} +> [!NOTE] +> Automatic dismissal of low impact development alerts is currently only supported for npm. The `Dismiss low impact issues for development-scoped dependencies` rule includes vulnerabilities relating to resource management, programming and logic, and information disclosure issues. For more information, see "[Publicly disclosed CWEs used by the `Dismiss low impact issues for development-scoped dependencies` rule](#publicly-disclosed-cwes-used-by-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule)." diff --git a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md index a5a95d993404..2d941a81ed4e 100644 --- a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md @@ -47,11 +47,8 @@ If you enable {% data variables.product.prodname_dependabot_security_updates %}, The {% data variables.product.prodname_dependabot_security_updates %} feature is available for repositories where you have enabled the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. You will see a {% data variables.product.prodname_dependabot %} alert for every vulnerable dependency identified in your full dependency graph. However, security updates are triggered only for dependencies that are specified in a manifest or lock file. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#dependencies-included)." -{% note %} - -**Note**: For npm, {% data variables.product.prodname_dependabot %} will raise a pull request to update an explicitly defined dependency to a secure version, even if it means updating the parent dependency or dependencies, or even removing a sub-dependency that is no longer needed by the parent. For other ecosystems, {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency if it would also require an update to the parent dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-tries-to-update-dependencies-without-an-alert)." - -{% endnote %} +> [!NOTE] +> For npm, {% data variables.product.prodname_dependabot %} will raise a pull request to update an explicitly defined dependency to a secure version, even if it means updating the parent dependency or dependencies, or even removing a sub-dependency that is no longer needed by the parent. For other ecosystems, {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency if it would also require an update to the parent dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-tries-to-update-dependencies-without-an-alert)." You can enable a related feature, {% data variables.product.prodname_dependabot_version_updates %}, so that {% data variables.product.prodname_dependabot %} raises pull requests to update the manifest to the latest version of the dependency, whenever it detects an outdated dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)." diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index e0c7e0d71d66..c0a59dd17612 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -68,11 +68,8 @@ To reduce the number of pull requests you may be seeing, you can enable grouped * **{% data variables.product.prodname_dependabot_alerts %}**. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)." * **{% data variables.product.prodname_dependabot_security_updates %}**. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -{% note %} - -**Note:** When grouped security updates are first enabled, {% data variables.product.prodname_dependabot %} will immediately try to create grouped pull requests. You may notice {% data variables.product.prodname_dependabot %} closing old pull requests and opening new ones. - -{% endnote %} +> [!NOTE] +> When grouped security updates are first enabled, {% data variables.product.prodname_dependabot %} will immediately try to create grouped pull requests. You may notice {% data variables.product.prodname_dependabot %} closing old pull requests and opening new ones. {% data reusables.dependabot.dependabot-grouped-security-updates-how-enable %} {% data reusables.dependabot.dependabot-grouped-security-updates-order %} @@ -150,11 +147,8 @@ updates: - "golang.org*"{% endif %} ``` -{% note %} - -**Note:** In order for {% data variables.product.prodname_dependabot %} to use this configuration for security updates, the `directory` must be the path to the manifest files, and you should not specify a `target-branch`. - -{% endnote %} +> [!NOTE] +> In order for {% data variables.product.prodname_dependabot %} to use this configuration for security updates, the `directory` must be the path to the manifest files, and you should not specify a `target-branch`. ## Further reading diff --git a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index dd08f7eb2812..13f096982ab3 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -31,11 +31,8 @@ You must store this file in the `.github` directory of your repository in the de Any options that also affect security updates are used the next time a security alert triggers a pull request for a security update. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -{% note %} - -**Note:** You cannot configure {% data variables.product.prodname_dependabot_alerts %} using the `dependabot.yml` file. - -{% endnote %} +> [!NOTE] +> You cannot configure {% data variables.product.prodname_dependabot_alerts %} using the `dependabot.yml` file. The `dependabot.yml` file has two mandatory top-level keys: `version`, and `updates`. You can, optionally, include a top-level `registries` key. The file must start with `version: 2`. @@ -61,15 +58,12 @@ These options fit broadly into the following categories. In addition, the [`open-pull-requests-limit`](#open-pull-requests-limit) option changes the maximum number of pull requests for version updates that {% data variables.product.prodname_dependabot %} can open. -{% note %} - -**Note:** Some of these configuration options may also affect pull requests raised for security updates of vulnerable package manifests. - -Security updates are raised for vulnerable package manifests only on the default branch. When configuration options are set for the same branch (true unless you use `target-branch`), and specify a `package-ecosystem` and `directory` for the vulnerable manifest, then pull requests for security updates use relevant options. - -In general, security updates use any configuration options that affect pull requests, for example, adding metadata or changing their behavior. For more information about security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." - -{% endnote %} +> [!NOTE] +> Some of these configuration options may also affect pull requests raised for security updates of vulnerable package manifests. +> +> Security updates are raised for vulnerable package manifests only on the default branch. When configuration options are set for the same branch (true unless you use `target-branch`), and specify a `package-ecosystem` and `directory` for the vulnerable manifest, then pull requests for security updates use relevant options. +> +> In general, security updates use any configuration options that affect pull requests, for example, adding metadata or changing their behavior. For more information about security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." ### `package-ecosystem` @@ -79,11 +73,8 @@ If you want to enable vendoring for a package manager that supports it, the vend If you want to allow {% data variables.product.prodname_dependabot %} to access a private package registry when performing a version update, you can include a `registries` setting in the configuration file. For more information, see [`registries`](#registries) below.{% ifversion ghes %} -{% note %} - -**Note:** Enterprise owners can download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action) to get the best ecosystem coverage. {% data reusables.actions.action-bundled-actions %} - -{% endnote %} +> [!NOTE] +> Enterprise owners can download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action) to get the best ecosystem coverage. {% data reusables.actions.action-bundled-actions %} {% endif %} @@ -247,11 +238,8 @@ updates: **Required**. You must define how often to check for new versions for each package manager. By default, {% data variables.product.prodname_dependabot %} randomly assigns a time to apply all the updates in the configuration file. To set a specific time, you can use [`schedule.time`](#scheduletime) and [`schedule.timezone`](#scheduletimezone). -{% note %} - -**Note:** The `schedule.time` option is a best effort, and it may take some time before {% data variables.product.prodname_dependabot %} opens pull requests to update to newer dependency versions. - -{% endnote %} +> [!NOTE] +> The `schedule.time` option is a best effort, and it may take some time before {% data variables.product.prodname_dependabot %} opens pull requests to update to newer dependency versions. | Interval types | Frequency | |----------------|-----------| @@ -279,13 +267,10 @@ updates: interval: "weekly" ``` -{% note %} - -**Note**: `schedule` defines when {% data variables.product.prodname_dependabot %} attempts a new update. However, it's not the only time you may receive pull requests. Updates can be triggered based on changes to your `dependabot.yml` file, {% ifversion dependabot-updates-deprecate-rerun-failed-jobs %}{% else %}changes to your manifest file(s) after a failed update, {% endif %}or {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." - -{% data reusables.dependabot.version-updates-skip-scheduled-runs %} - -{% endnote %} +> [!NOTE] +> `schedule` defines when {% data variables.product.prodname_dependabot %} attempts a new update. However, it's not the only time you may receive pull requests. Updates can be triggered based on changes to your `dependabot.yml` file, {% ifversion dependabot-updates-deprecate-rerun-failed-jobs %}{% else %}changes to your manifest file(s) after a failed update, {% endif %}or {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." +> +> {% data reusables.dependabot.version-updates-skip-scheduled-runs %} ### `allow` @@ -372,11 +357,8 @@ We populate the titles of pull requests based on the commit messages, whether ex Supported options -{% note %} - -**Note:** The `prefix` and the `prefix-development` options have a 50-character limit. - -{% endnote %} +> [!NOTE] +> The `prefix` and the `prefix-development` options have a 50-character limit. * `prefix` specifies a prefix for all commit messages and it will also be added to the start of the PR title. When you specify a prefix for commit messages, {% data variables.product.prodname_dotcom %} will automatically add a colon between the defined prefix and the commit message provided the defined prefix ends with a letter, number, closing parenthesis, or closing bracket. This means that, for example, if you end the prefix with a whitespace, there will be no colon added between the prefix and the commit message. @@ -476,14 +458,9 @@ You can also manage pull requests for grouped version updates and security updat Dependencies can be ignored either by adding them to `ignore` or by using the `@dependabot ignore` command on a pull request opened by {% data variables.product.prodname_dependabot %}. -{% warning %} - -**Warning**: -* We recommend you do _not_ use `ignore` to prevent {% data variables.product.prodname_dependabot %} from accessing private registries. This may work for some ecosystems but we have no means of knowing whether package managers require access to all dependencies to be able to successfully perform updates, which makes this method unreliable. The supported way to handle private dependencies is to give {% data variables.product.prodname_dependabot %} access to private registries or private repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." - -* For {% data variables.product.prodname_actions %} and Docker, you may use `ignore` to prevent {% data variables.product.prodname_dependabot %} from accessing private registries. - -{% endwarning %} +> [!WARNING] +> * We recommend you do _not_ use `ignore` to prevent {% data variables.product.prodname_dependabot %} from accessing private registries. This may work for some ecosystems but we have no means of knowing whether package managers require access to all dependencies to be able to successfully perform updates, which makes this method unreliable. The supported way to handle private dependencies is to give {% data variables.product.prodname_dependabot %} access to private registries or private repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." +> * For {% data variables.product.prodname_actions %} and Docker, you may use `ignore` to prevent {% data variables.product.prodname_dependabot %} from accessing private registries. #### Creating `ignore` conditions from `@dependabot ignore` @@ -535,17 +512,11 @@ updates: versions: '>= 3' ``` -{% note %} - -**Note**: {% data variables.product.prodname_dependabot %} can only run version updates on manifest or lock files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the `ignore` option of your configuration file. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot %} can only run version updates on manifest or lock files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the `ignore` option of your configuration file. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)." -{% note %} - -**Note**: For the `pub` ecosystem, {% data variables.product.prodname_dependabot %} won't perform an update when the version that it tries to update to is ignored, even if an earlier version is available. - -{% endnote %} +> [!NOTE] +> For the `pub` ecosystem, {% data variables.product.prodname_dependabot %} won't perform an update when the version that it tries to update to is ignored, even if an earlier version is available. The following examples show how `ignore` can be used to customize which dependencies are updated. @@ -738,11 +709,8 @@ updates: By default, {% data variables.product.prodname_dependabot %} automatically rebases open pull requests when it detects any changes to the pull request. Use `rebase-strategy` to disable this behavior. -{% note %} - -**Note:** {% data reusables.dependabot.pull-requests-30-days-cutoff %} - -{% endnote %} +> [!NOTE] +> {% data reusables.dependabot.pull-requests-30-days-cutoff %} Available rebase strategies @@ -757,11 +725,8 @@ When `rebase-strategy` is set to `auto`, {% data variables.product.prodname_depe When `rebase-strategy` is set to `disabled`, {% data variables.product.prodname_dependabot %} stops rebasing pull requests. -{% note %} - -**Note:** This behavior only applies to pull requests that go into conflict with the target branch. {% data variables.product.prodname_dependabot %} will keep rebasing (until 30 days after opening) pull requests opened prior to the `rebase-strategy` setting being changed, and pull requests that are part of a scheduled run. - -{% endnote %} +> [!NOTE] +> This behavior only applies to pull requests that go into conflict with the target branch. {% data variables.product.prodname_dependabot %} will keep rebasing (until 30 days after opening) pull requests opened prior to the `rebase-strategy` setting being changed, and pull requests that are part of a scheduled run. {% data reusables.dependabot.option-affects-security-updates %} @@ -1003,11 +968,8 @@ Available update strategies: | `pub` | `auto`, `increase`, `increase-if-necessary`, `widen` | `auto` | | `terraform` | N/A | N/A | -{% note %} - -**Note:** `N/A` indicates that the package manager does not yet support configuring the `versioning-strategy` parameter. The strategy code is open source, so if you'd like a particular ecosystem to support a new strategy, you are always welcome to submit a pull request in https://github.com/dependabot/dependabot-core/. - -{% endnote %} +> [!NOTE] +> `N/A` indicates that the package manager does not yet support configuring the `versioning-strategy` parameter. The strategy code is open source, so if you'd like a particular ecosystem to support a new strategy, you are always welcome to submit a pull request in https://github.com/dependabot/dependabot-core/. ```yaml # Example configuration for customizing the manifest version strategy @@ -1055,22 +1017,21 @@ The top-level `registries` key is optional. It allows you to specify authenticat You can give {% data variables.product.prodname_dependabot %} access to private package registries hosted by GitLab or Bitbucket by specifying a `type` of `git`. For more information, see [`git`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#git). {% ifversion ghes %} -{% note %} - -**Note:** Private registries behind firewalls on private networks are supported for the following ecosystems: - -* Bundler{% ifversion dependabot-updates-cargo-private-registry-support %} -* Cargo{% endif %} -* Docker -* Gradle -* Maven -* Npm -* Nuget{% ifversion dependabot-updates-pub-private-registry %} -* Pub{% endif %} -* Python -* Yarn - -{% endnote %} + +> [!NOTE] +> Private registries behind firewalls on private networks are supported for the following ecosystems: +> +> * Bundler{% ifversion dependabot-updates-cargo-private-registry-support %} +> * Cargo{% endif %} +> * Docker +> * Gradle +> * Maven +> * Npm +> * Nuget{% ifversion dependabot-updates-pub-private-registry %} +> * Pub{% endif %} +> * Python +> * Yarn + {% endif %} The value of the `registries` key is an associative array, each element of which consists of a key that identifies a particular registry and a value which is an associative array that specifies the settings required to access that registry. The following `dependabot.yml` file configures a registry identified as `dockerhub` in the `registries` section of the file and then references this in the `updates` section of the file. @@ -1255,11 +1216,8 @@ The `npm-registry` type supports username and password, or token. {% data reusab When using username and password, your `.npmrc`'s auth token may contain a `base64` encoded `_password`; however, the password referenced in your {% data variables.product.prodname_dependabot %} configuration file must be the original (unencoded) password. -{% note %} - -**Note**: When using `npm.pkg.github.com`, don't include a path. Instead use the `https://npm.pkg.github.com` URL without a path. - -{% endnote %} +> [!NOTE] +> When using `npm.pkg.github.com`, don't include a path. Instead use the `https://npm.pkg.github.com` URL without a path. {% raw %} diff --git a/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md b/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md index b786abbc9a3b..d97b80acef24 100644 --- a/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md +++ b/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md @@ -45,11 +45,12 @@ If you customize the `dependabot.yml` file, you may notice some changes to the p For an example, see "[Setting custom labels](#setting-custom-labels)" below. -{% ifversion dependabot-grouped-security-updates-config %}{% note %} +{% ifversion dependabot-grouped-security-updates-config %} -**Note:** If you use grouped security updates, the grouped pull requests will also inherit non-group configuration settings from the `dependabot.yml` file, and any group rules specified with `applies-to: security-updates` will apply. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)." +> [!NOTE] +> If you use grouped security updates, the grouped pull requests will also inherit non-group configuration settings from the `dependabot.yml` file, and any group rules specified with `applies-to: security-updates` will apply. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)." -{% endnote %}{% endif %} +{% endif %} ## Modifying scheduling @@ -108,11 +109,8 @@ You can use `labels` to override the default labels and specify alternative labe The example `dependabot.yml` file below changes the npm configuration so that all pull requests opened with version and security updates for npm will have custom labels. It also changes the Docker configuration to check for version updates against a custom branch and to raise pull requests with custom labels against that custom branch. The changes to Docker will not affect security update pull requests because security updates are always made against the default branch. -{% note %} - -**Note:** The new `target-branch` must contain a Dockerfile to update, otherwise this change will have the effect of disabling version updates for Docker. - -{% endnote %} +> [!NOTE] +> The new `target-branch` must contain a Dockerfile to update, otherwise this change will have the effect of disabling version updates for Docker. ```yaml # `dependabot.yml` file with @@ -183,11 +181,10 @@ If you would like to un-ignore a dependency or ignore condition, you can delete * Un-ignore all ignore conditions for all dependencies in a {% data variables.product.prodname_dependabot %} pull request {% ifversion dependabot-grouped-security-updates-config %}{% else %} -{% note %} -**Note:** The `@dependabot unignore` comment commands only work on pull requests for grouped version updates. +> [!NOTE] +> The `@dependabot unignore` comment commands only work on pull requests for grouped version updates. -{% endnote %} {% endif %} For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-{% ifversion dependabot-grouped-security-updates-config %}{% else %}version-{% endif %}updates-with-comment-commands)."{% endif %} diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md index fa4bb2803ee2..31e4a7abaf60 100644 --- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md +++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md @@ -15,4 +15,5 @@ topics: shortTitle: Dependabot ecosystems children: - /supported-ecosystems-and-repositories + - /optimizing-java-packages-dependabot --- diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot.md new file mode 100644 index 000000000000..be4d943040e6 --- /dev/null +++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot.md @@ -0,0 +1,54 @@ +--- +title: Optimizing Java packages for Dependabot updates +intro: 'By including metadata in your `pom.xml` file, you can enhance the information available to users in {% data variables.product.prodname_dependabot%} pull requests to update your Java packages.' +shortTitle: Optimize Java packages # Max 31 characters +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '*' +type: how_to +topics: + - Dependabot + - Dependencies + - Repositories +--- + +{% data variables.product.prodname_dependabot %} uses the information defined in `pom.xml` files to create pull requests to update Java dependencies for the Gradle and Maven ecosystems. When you include the project metadata that {% data variables.product.prodname_dependabot %} expects, pull requests contain links to the release notes for the suggested package update and a link where users can report any issues. This information means that users can update their packages with confidence after reviewing all the release information. + +## Including the metadata {% data variables.product.prodname_dependabot %} needs in pom.xml files + +{% data variables.product.prodname_dependabot %} uses the URLs for the project, the source code management system, and the issue management system to build the summary for update pull requests. + +* `url` the home page for the project, see [More Project Information](https://maven.apache.org/pom.html#More_Project_Information) in the POM reference +* `scm` the URL of the source code management system used by the project, see [SCM](https://maven.apache.org/pom.html#scm) in the POM Reference +* `issueManagement` the URL of the issue management system used by the project, see [Issue Management](https://maven.apache.org/pom.html#issue-management) in the POM Reference + +### Example for a project hosted on {% data variables.product.github %} + +```xml + + https://github.com/OWNER/REPOSITORY + + https://github.com/OWNER/REPOSITORY + + + https://github.com/OWNER/REPOSITORY/issues + + +``` + +Replace `OWNER` and `REPOSITORY` with the detailed for your project. + +## Impact of omitting project metadata from pom.xml files + +If you forget to include the URLs that {% data variables.product.prodname_dependabot %} checks for, then pull requests to update Java packages are still created. However, the information available to users in the pull request summary will be limited. + +* **Project repository or Source code management URL undefined:** no links to release notes in {% data variables.product.prodname_dependabot %} pull requests +* **Issue management URL undefined:** no link to the issues page for reporting problems. + +Adding this information helps {% data variables.product.prodname_dependabot %} provide better, more accurate updates for your project, complete with helpful links to release notes and issue trackers. + +## Further reading + +* [Maven SCM Plugin](https://maven.apache.org/scm/maven-scm-plugin/) diff --git a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md index 7a8f3f2fd606..c9e022e89415 100644 --- a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md +++ b/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md @@ -223,11 +223,8 @@ If you want to allow maintainers to mark certain pull requests for auto-merge, y {% ifversion repo-rules %}As an alternative to branch protection rules, you can create rulesets. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)."{% endif %} -{% note %} - -**Note:** If you use status checks to test pull requests, you should enable **Require status checks to pass before merging** for the target branch for {% data variables.product.prodname_dependabot %} pull requests. This branch protection rule ensures that pull requests are not merged unless all the required status checks pass. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule)." - -{% endnote %} +> [!NOTE] +> If you use status checks to test pull requests, you should enable **Require status checks to pass before merging** for the target branch for {% data variables.product.prodname_dependabot %} pull requests. This branch protection rule ensures that pull requests are not merged unless all the required status checks pass. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule)." You can instead use {% data variables.product.prodname_actions %} and the {% data variables.product.prodname_cli %}. Here is an example that auto merges all patch updates to `my-dependency`: diff --git a/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md b/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md index aa60fee6d975..acbe481c42ac 100644 --- a/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md +++ b/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md @@ -32,11 +32,10 @@ If a more recent version of the action is available, {% data variables.product.p {% data variables.product.prodname_dependabot %} also checks workflow files for uses of reusable workflows, and updates the git reference for these called reusable workflows. For more information about reusable workflows, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)." {% ifversion fpt or ghec %} -{% note %} -**Note:** {% data reusables.actions.workflow-runs-dependabot-note %} +> [!NOTE] +> {% data reusables.actions.workflow-runs-dependabot-note %} -{% endnote %} {% endif %} ## Enabling {% data variables.product.prodname_dependabot_version_updates %} for actions diff --git a/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md b/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md index cea9c0047a57..a157cf78c0cb 100644 --- a/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md +++ b/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md @@ -31,11 +31,8 @@ When {% data variables.product.prodname_dependabot %} raises a pull request, you If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific reviewers, assignees, and labels. {% ifversion dependabot-version-updates-groups %} You may also want to group sets of dependencies together, so that multiple dependencies are updated in a single pull request.{% endif %} For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates){% ifversion dependabot-grouped-security-updates-config %}" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-updates-into-a-single-pull-request)."{% else %}" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request)."{% endif %} -{% note %} - -**Note**: If you don't interact with {% data variables.product.prodname_dependabot %} pull requests for a repository during a 90-day time period, {% data variables.product.prodname_dependabot %} considers your repository as inactive, and will automatically pause {% data variables.product.prodname_dependabot_updates %}. For more information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)." - -{% endnote %} +> [!NOTE] +> If you don't interact with {% data variables.product.prodname_dependabot %} pull requests for a repository during a 90-day time period, {% data variables.product.prodname_dependabot %} considers your repository as inactive, and will automatically pause {% data variables.product.prodname_dependabot_updates %}. For more information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)." ## Viewing {% data variables.product.prodname_dependabot %} pull requests @@ -92,11 +89,8 @@ In {% data variables.product.prodname_dependabot %} pull requests for grouped ve * `@dependabot unignore DEPENDENCY_NAME` closes the current pull request, clears all `ignore` conditions stored for the dependency, then opens a new pull request that includes available updates for the specified dependency. For example, `@dependabot unignore lodash` would open a new pull request that includes updates for the Lodash dependency. * `@dependabot unignore DEPENDENCY_NAME IGNORE_CONDITION` closes the current pull request, clears the stored `ignore` condition, then opens a new pull request that includes available updates for the specified ignore condition. For example, `@dependabot unignore express [< 1.9, > 1.8.0]` would open a new pull request that includes updates for Express between versions 1.8.0 and 1.9.0. -{% note %} - -**Tip:** When you want to un-ignore a specific ignore condition, use the `@dependabot show DEPENDENCY_NAME ignore conditions` command to quickly check what ignore conditions a dependency currently has. - -{% endnote %} +> [!TIP] +> When you want to un-ignore a specific ignore condition, use the `@dependabot show DEPENDENCY_NAME ignore conditions` command to quickly check what ignore conditions a dependency currently has. {% elsif dependabot-version-updates-groups %} @@ -104,11 +98,8 @@ In {% data variables.product.prodname_dependabot %} pull requests for grouped ve In {% data variables.product.prodname_dependabot %} pull requests for grouped version updates, you can use comment commands to ignore and un-ignore updates for specific dependencies and versions. You can use any of the following commands to manage ignore conditions for grouped version updates. -{% note %} - -**Note:** The following comment commands do not work for grouped {% data variables.product.prodname_dependabot_security_updates %}. - -{% endnote %} +> [!NOTE] +> The following comment commands do not work for grouped {% data variables.product.prodname_dependabot_security_updates %}. * `@dependabot ignore DEPENDENCY_NAME` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from updating this dependency. * `@dependabot ignore DEPENDENCY_NAME major version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from updating this dependency's major version. @@ -118,9 +109,7 @@ In {% data variables.product.prodname_dependabot %} pull requests for grouped ve * `@dependabot unignore DEPENDENCY_NAME` closes the current pull request, clears all `ignore` conditions stored for the dependency, then opens a new pull request that includes available version updates for the specified dependency. For example, `@dependabot unignore lodash` would open a new pull request that includes version updates for the Lodash dependency. * `@dependabot unignore DEPENDENCY_NAME IGNORE_CONDITION` closes the current pull request, clears the stored `ignore` condition, then opens a new pull request that includes available version updates for the specified ignore condition. For example, `@dependabot unignore express [< 1.9, > 1.8.0]` would open a new pull request that includes version updates for Express between versions 1.8.0 and 1.9.0. -{% note %} - -**Tip:** When you want to un-ignore a specific ignore condition, use the `@dependabot show DEPENDENCY_NAME ignore conditions` command to quickly check what ignore conditions a dependency currently has. +> [!TIP] +> When you want to un-ignore a specific ignore condition, use the `@dependabot show DEPENDENCY_NAME ignore conditions` command to quickly check what ignore conditions a dependency currently has. -{% endnote %} {% endif %} diff --git a/content/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries.md b/content/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries.md index 7d63ccb912d9..60c648fc616f 100644 --- a/content/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries.md +++ b/content/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries.md @@ -25,11 +25,8 @@ You can configure {% data variables.product.prodname_dependabot %} to access _on {% ifversion dependabot-ghes-no-public-internet %} -{% note %} - -**Note:** Before you remove access to public registries from your configuration for {% data variables.product.prodname_dependabot_updates %}, check that your site administrator has set up the {% data variables.product.prodname_dependabot %} runners with access to the private registries you need. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access)." - -{% endnote %} +> [!NOTE] +> Before you remove access to public registries from your configuration for {% data variables.product.prodname_dependabot_updates %}, check that your site administrator has set up the {% data variables.product.prodname_dependabot %} runners with access to the private registries you need. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access)." {% endif %} @@ -53,11 +50,8 @@ To configure the Docker ecosystem to only access private registries, you can use Define the private registry configuration in a `dependabot.yml` file without `replaces-base`. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker-registry)." -{% note %} - -**Note:** Remove `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Remove `replaces-base: true` from the configuration file. ```yaml version: 2 @@ -85,11 +79,8 @@ To configure the Gradle ecosystem to only access private registries, you can use Define the private registry configuration in a `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#maven-repository)." -{% note %} - -**Note**: Remove replaces-base: true from the configuration file. - -{% endnote %} +> [!NOTE] +> Remove replaces-base: true from the configuration file. Additionally, you also need to specify the private registry URL in the `repositories` section of the `build.gradle` file. @@ -138,11 +129,8 @@ To configure the npm ecosystem to only access private registries, you can use th Define the private registry configuration in a `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** Remove `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Remove `replaces-base: true` from the configuration file. The npm ecosystem additionally requires a `.npmrc` file with the private registry URL to be checked into the repository. @@ -154,11 +142,8 @@ The npm ecosystem additionally requires a `.npmrc` file with the private registr If there is no global registry defined in an `.npmrc` file, you can set `replaces-base` as `true` in the `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.npmrc` file. To define private registries for individual scopes, use `@myscope:registry=https://private_registry_url`. - -{% endnote %} +> [!NOTE] +> For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.npmrc` file. To define private registries for individual scopes, use `@myscope:registry=https://private_registry_url`. ### Yarn @@ -172,11 +157,8 @@ To configure the Yarn Classic ecosystem to only access private registries, you c Define the private registry configuration in a `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** Delete `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Delete `replaces-base: true` from the configuration file. To ensure the private registry is listed as the dependency source in the project's `yarn.lock` file, run `yarn install` on a machine with private registry access. Yarn should update the `resolved` field to include the private registry URL. @@ -203,11 +185,8 @@ If the `yarn.lock` file doesn't list the private registry as the dependency sour If there is no global registry defined in a `.yarnrc` file, you can set `replaces-base` as `true` in the `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.npmrc` file. To define private registries for individual scopes, use `@myscope:registry=https://private_registry_url`. - -{% endnote %} +> [!NOTE] +> For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.npmrc` file. To define private registries for individual scopes, use `@myscope:registry=https://private_registry_url`. #### Yarn Berry @@ -217,11 +196,8 @@ To configure the Yarn Berry ecosystem to only access private registries, you can Define the private registry configuration in a `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** Delete `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Delete `replaces-base: true` from the configuration file. To ensure the private registry is listed as the dependency source in the project's `yarn.lock` file, run `yarn install` on a machine with private registry access. Yarn should update the `resolved` field to include the private registry URL. @@ -247,11 +223,8 @@ If the `yarn.lock` file doesn't list the private registry as the dependency sour npmRegistryServer: "https://private_registry_url" ``` -{% note %} - -**Note:** For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.yarnrc` file. To define private registries for individual scopes, use `"@myscope:registry" "https://private_registry_url"`. - -{% endnote %} +> [!NOTE] +> For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.yarnrc` file. To define private registries for individual scopes, use `"@myscope:registry" "https://private_registry_url"`. ## Nuget @@ -318,11 +291,8 @@ To configure the Pip ecosystem to only access private registries, you can use th Define the private registry configuration in a `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** Delete `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Delete `replaces-base: true` from the configuration file. Add the private registry URL to the `[global]` section of the `pip.conf` file and check the file into the repository. @@ -348,11 +318,8 @@ Set `replaces-base` as `true` in the `dependabot.yml` file. For more information Define the private registry configuration in a `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry)." -{% note %} - -**Note:** Delete `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Delete `replaces-base: true` from the configuration file. Add the private registry URL to the `requirements.txt` file and check the file into the repository. @@ -364,11 +331,8 @@ Add the private registry URL to the `requirements.txt` file and check the file i To configure Pipenv to only access private registries, remove `replaces-base` from the `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#python-index)." -{% note %} - -**Note:** Delete `replaces-base: true` from the configuration file. - -{% endnote %} +> [!NOTE] +> Delete `replaces-base: true` from the configuration file. Add the private registry URL to the `[[source]]` section of the `Pipfile` file and check the file into the repository. diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index d8ec84327418..99a9603005ce 100644 --- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md +++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -31,11 +31,8 @@ topics: If anything prevents {% data variables.product.prodname_dependabot %} from raising a pull request, this is reported as an error. -{% note %} - -**Note:** {% data variables.product.prodname_dependabot %} doesn't create pull requests for inactive repositories. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot %} doesn't create pull requests for inactive repositories. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively. {% ifversion dependabot-on-actions-opt-in %} For more information about troubleshooting when running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners)." diff --git a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md index 3716e45fe6b8..a88201555ba2 100644 --- a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md +++ b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md @@ -24,11 +24,8 @@ To give people instructions for reporting security vulnerabilities in your proje You can create a default security policy for your organization or personal account. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)." -{% tip %} - -**Tip:** To help people find your security policy, you can link to your `SECURITY.md` file from other places in your repository, such as your `README` file. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)." - -{% endtip %} +> [!TIP] +> To help people find your security policy, you can link to your `SECURITY.md` file from other places in your repository, such as your `README` file. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)." {% ifversion fpt or ghec %} After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in {% data variables.product.prodname_dotcom %}, see "[AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github)." For more information about repository security advisories, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)." diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md index abde5f9184fd..67410ddce1b1 100644 --- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -111,13 +111,10 @@ At the organization level, if you're unable to coordinate with the user who push If you're unable to coordinate directly with the repository owner to remove data that you're confident you own, you can fill out a DMCA takedown notice form and tell GitHub Support. For more information, see [DMCA takedown notice](https://support.github.com/contact/dmca-takedown). -{% note %} - -**Note:** If one of your repositories has been taken down due to a false claim, you should fill out a DMCA +> [!NOTE] +> If one of your repositories has been taken down due to a false claim, you should fill out a DMCA counter notice form and alert GitHub Support. For more information, see [DMCA counter notice](https://support.github.com/contact/dmca-counter-notice). -{% endnote %} - ## Next steps * "[AUTOTITLE](/code-security/supply-chain-security/end-to-end-supply-chain/securing-code)" diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/getting-started/dependabot-quickstart-guide.md index dd82f829e4d3..5d458e0cdf6c 100644 --- a/content/code-security/getting-started/dependabot-quickstart-guide.md +++ b/content/code-security/getting-started/dependabot-quickstart-guide.md @@ -47,11 +47,8 @@ You need to follow the steps below on the repository you forked in "[Prerequisit 1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}. 1. Optionally, if you are interested in experimenting with {% data variables.product.prodname_dependabot_version_updates %}, click **.github/dependabot.yml**. This will create a default `dependabot.yml` configuration file in the `/.github` directory of your repository. To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file)" for an example. -{% note %} - -**Note:** If the dependency graph is not already enabled for the repository, {% data variables.product.prodname_dotcom %} will enable it automatically when you enable {% data variables.product.prodname_dependabot %}. - -{% endnote %} +> [!NOTE] +> If the dependency graph is not already enabled for the repository, {% data variables.product.prodname_dotcom %} will enable it automatically when you enable {% data variables.product.prodname_dependabot %}. For more information about configuring each of these {% data variables.product.prodname_dependabot %} features, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)," "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)," and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md index 5e41477eaccc..63bd65554d58 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md @@ -82,7 +82,7 @@ If you're not sure about the impact a feature will have, you may want to test th {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. In the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. +1. In the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. On this view, you can use checkboxes to select specific repositories, or you can use the search bar to find the repositories where you want to enable a feature. For example, you can use filters to identify repositories where a certain team has write or admin access, or exclude repositories that don't require the same level of protection, such as test repositories or repositories for internal documentation. Then you can enable features for all selected repositories at once. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md b/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md index 5722404716c8..d9c5ced32677 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md @@ -3,9 +3,9 @@ title: Enabling Copilot secret scanning's generic secret detection shortTitle: Enable generic secret detection intro: 'You can enable {% data variables.secret-scanning.generic-secret-detection %} for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page.' allowTitleToDifferFromFilename: true +permissions: '{% data reusables.permissions.security-repo-enable %}' versions: feature: secret-scanning-ai-generic-secret-detection -product: '{% data reusables.gated-features.secret-scanning %}' type: how_to topics: - Secret scanning diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md b/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md index c4bdabd015fa..fa3f4072df90 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md @@ -2,7 +2,7 @@ title: Generating regular expressions for custom patterns with AI shortTitle: Use the regular expression generator intro: 'You can use the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} to generate regular expressions for custom patterns. The generator uses an AI model to generate expressions that match your input, and optionally example strings.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.security-repo-enable %}' versions: feature: secret-scanning-custom-pattern-ai-generated type: how_to diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/index.md b/content/code-security/secret-scanning/copilot-secret-scanning/index.md index 59f7fb74738d..0faba154b80c 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/index.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/index.md @@ -3,7 +3,7 @@ title: Enhance your secret detection capabilities with Copilot secret scanning shortTitle: Copilot secret scanning allowTitleToDifferFromFilename: true intro: 'Learn how {% data variables.product.prodname_secret_scanning %} uses AI to detect generic secrets in your code, and generate regular expressions for your custom patterns.' -product: '{% data reusables.gated-features.secret-scanning %}' +product: '{% data reusables.gated-features.copilot-secret-scanning %}' versions: ghec: '*' topics: diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md b/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md index a93b3f8d67f7..75c91875cf04 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md @@ -3,6 +3,7 @@ title: Responsible detection of generic secrets with Copilot secret scanning shortTitle: Generic secret detection intro: 'Learn how {% data variables.secret-scanning.copilot-secret-scanning %} uses AI responsibly to scan and create alerts for unstructured secrets, such as passwords.' allowTitleToDifferFromFilename: true +product: '{% data reusables.gated-features.copilot-secret-scanning %}' versions: feature: secret-scanning-ai-generic-secret-detection fpt: '*' diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-use-ai-regex-generator.md b/content/code-security/secret-scanning/copilot-secret-scanning/responsible-use-ai-regex-generator.md index a314b18dc3e9..8a595b4045b7 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-use-ai-regex-generator.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/responsible-use-ai-regex-generator.md @@ -2,7 +2,7 @@ title: Responsible use of AI to define regular expressions shortTitle: Generate regular expressions with AI intro: 'Learn about the capabilities and limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} in helping you to define custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %}.' -product: '{% data reusables.gated-features.secret-scanning %}' +product: '{% data reusables.gated-features.copilot-secret-scanning %}' allowTitleToDifferFromFilename: true versions: feature: secret-scanning-custom-pattern-ai-generated diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md index 5559f593a7d1..006ac2a26699 100644 --- a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md +++ b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md @@ -120,17 +120,11 @@ You can retrieve the {% data variables.product.prodname_dotcom %} secret scannin will provide several `key_identifier` and public keys. You can determine which public key to use based on the value of `Github-Public-Key-Identifier`. -{% note %} +> [!NOTE] +> When you send a request to the public key endpoint above, you may hit rate limits. To avoid hitting rate limits, you can use a {% data variables.product.pat_v1 %} (no scopes required) or a {% data variables.product.pat_v2 %} (only the automatic public repositories read access required) as suggested in the samples below, or use a conditional request. For more information, see "[AUTOTITLE](/rest/guides/getting-started-with-the-rest-api#conditional-requests)." -**Note**: When you send a request to the public key endpoint above, you may hit rate limits. To avoid hitting rate limits, you can use a {% data variables.product.pat_v1 %} (no scopes required) or a {% data variables.product.pat_v2 %} (only the automatic public repositories read access required) as suggested in the samples below, or use a conditional request. For more information, see "[AUTOTITLE](/rest/guides/getting-started-with-the-rest-api#conditional-requests)." - -{% endnote %} - -{% note %} - -**Note**: The signature was generated using the raw message body. So it's important you also use the raw message body for signature validation, instead of parsing and stringifying the JSON, to avoid rearranging the message or changing spacing. - -{% endnote %} +> [!NOTE] +> The signature was generated using the raw message body. So it's important you also use the raw message body for signature validation, instead of parsing and stringifying the JSON, to avoid rearranging the message or changing spacing. **Sample HTTP POST sent to verify endpoint** @@ -403,8 +397,5 @@ A few important points: * For the hashed form of the raw token, you can only use SHA-256 to hash the token, not any other hashing algorithm. * The label indicates whether the token is a true ("true_positive") or a false positive ("false_positive"). Only these two lowercased literal strings are allowed. -{% note %} - -**Note:** Our request timeout is set to be higher (that is, 30 seconds) for partners who provide data about false positives. If you require a timeout higher than 30 seconds, email us at secret-scanning@github.com. - -{% endnote %} +> [!NOTE] +> Our request timeout is set to be higher (that is, 30 seconds) for partners who provide data about false positives. If you require a timeout higher than 30 seconds, email us at secret-scanning@github.com. diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md index 1b484cdd873c..bd693c2e19d1 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md @@ -2,7 +2,8 @@ title: Defining custom patterns for secret scanning shortTitle: Define custom patterns intro: 'You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions.' -product: '{% data reusables.gated-features.secret-scanning %}' +product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}' +permissions: '{% data reusables.permissions.security-enterprise-enable %}' redirect_from: - /code-security/secret-security/defining-custom-patterns-for-secret-scanning - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning @@ -65,11 +66,9 @@ Before defining a custom pattern, you must ensure that {% data variables.product {% endif %} {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %} 1. Optionally, to enable push protection for your custom pattern, click **Enable**. - {% note %} - **Note**: The "Enable" button isn't available until after the dry run succeeds and you publish the pattern. - - {% endnote %} + > [!NOTE] + > The "Enable" button isn't available until after the dry run succeeds and you publish the pattern. For more information about push protection, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." @@ -138,19 +137,14 @@ After your pattern is created, {% data variables.product.prodname_secret_scannin Before defining a custom pattern, you must ensure that you enable secret scanning for your enterprise account. For more information, see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your enterprise]({% ifversion fpt or ghec %}/enterprise-server@latest/{% endif %}/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)." -{% note %} - +> [!NOTE] {% ifversion custom-pattern-dry-run-ga %} -**Notes:** -* At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run. -* {% data reusables.secret-scanning.dry-runs-enterprise-permissions %} +> * At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run. +> * {% data reusables.secret-scanning.dry-runs-enterprise-permissions %} {% else %} -**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}. - +> As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}. {% endif %} -{% endnote %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %} {% data reusables.enterprise-accounts.code-security-and-analysis-policies %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md index d3dad9996c0c..57cfeccf87d7 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md @@ -3,7 +3,7 @@ title: Custom patterns shortTitle: Custom patterns allowTitleToDifferFromFilename: true intro: 'You can extend the capabilities of {% data variables.product.prodname_secret_scanning %} to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.' -product: '{% data reusables.gated-features.secret-scanning %}' +product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}' versions: ghes: '*' ghec: '*' diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md index 77329bd0c7b1..1d386e31ceed 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md @@ -2,7 +2,7 @@ title: Managing custom patterns shortTitle: Manage custom patterns intro: 'You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.security-enterprise-enable %}' versions: ghes: '*' ghec: '*' @@ -22,7 +22,7 @@ When you save a change to a custom pattern, this closes all the {% data variable {% data reusables.secret-scanning.view-custom-pattern %} 1. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}. -{%- ifversion custom-pattern-dry-run-ga %} +{%- ifversion custom-pattern-dry-run-ga %} 1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**. {%- endif %} 1. When you have reviewed and tested your changes, click **Publish changes**.{% ifversion secret-scanning-push-protection-custom-patterns %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md index 41c5a0d2b53d..fc9789681517 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md @@ -2,7 +2,7 @@ title: Metrics for custom patterns shortTitle: Custom pattern metrics intro: 'You can view alert metrics for custom patterns at the repository, organization, and enterprise levels.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.security-enterprise-enable %}' versions: feature: secret-scanning-custom-patterns-metrics type: how_to diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md index b69c704bec11..55b183598a26 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md @@ -45,13 +45,9 @@ You can configure a `secret_scanning.yml` file to exclude directories from {% da - "foo/bar/*.js" ``` - {% note %} - - **Notes:** - * If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans. - * If `secret_scanning.yml` is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file. - - {% endnote %} + > [!NOTE] + > * If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans. + > * If `secret_scanning.yml` is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file. ## Verifying that the folder is excluded from {% data variables.product.prodname_secret_scanning %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md index 4c06b3369570..26364938e3f2 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md @@ -2,7 +2,8 @@ title: Enabling secret scanning for non-provider patterns allowTitleToDifferFromFilename: true intro: 'You can enable {% data variables.product.prodname_secret_scanning %} to detect additional potential secrets at the {% ifversion security-configurations %}repository and organization levels{% else %}repository level{% endif %}.' -product: '{% data reusables.gated-features.push-protection-for-repos %}' +permissions: '{% data reusables.permissions.security-repo-enable %}' +product: '{% data reusables.gated-features.secret-scanning-non-provider-patterns %}' versions: feature: secret-scanning-non-provider-patterns type: how_to @@ -26,7 +27,7 @@ For more information about non-provider patterns, see "{% ifversion fpt or ghec ### Enabling detection of non-provider patterns for a repository -{%endif %} +{% endif %} {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md index 8ee2edb91607..1ae7d48df45a 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md @@ -3,7 +3,7 @@ title: Non-provider patterns shortTitle: Non-provider patterns allowTitleToDifferFromFilename: true intro: '{% data variables.product.prodname_secret_scanning_caps %} can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.' -product: '{% data reusables.gated-features.secret-scanning %}' +product: '{% data reusables.gated-features.secret-scanning-non-provider-patterns %}' versions: feature: secret-scanning-non-provider-patterns topics: diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md index 925115f2d6f7..ca6a4ea4e8fa 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md @@ -2,7 +2,7 @@ title: Working with push protection from the command line shortTitle: Push protection on the command line intro: 'Learn your options for unblocking your push from the command line to {% data variables.product.prodname_dotcom %} if {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.' -permissions: '{% data reusables.permissions.push-protection %}' +permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: fpt: '*' ghes: '*' diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md index 6673e482d784..2a81b932b264 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md @@ -2,7 +2,7 @@ title: Working with push protection from the REST API shortTitle: Push protection from the REST API intro: 'Learn your options for unblocking your push to {% data variables.product.prodname_dotcom %} using the REST API if {% data variables.product.prodname_secret_scanning %} detects a secret in the content of your API request.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: feature: secret-scanning-push-protection-content-endpoints type: how_to diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md index 54ffea784c08..01e179793339 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md @@ -2,7 +2,7 @@ title: Working with push protection in the GitHub UI shortTitle: Push protection in the GitHub UI intro: 'Learn your options for unblocking your commit when {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.' -permissions: '{% data reusables.permissions.push-protection %}' +permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: fpt: '*' ghes: '*' diff --git a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns.md b/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns.md index 003d7115310f..8fb8f8ef8a0a 100644 --- a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns.md +++ b/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns.md @@ -28,7 +28,7 @@ The campaign templates contain filters for the most common alert selections. {% {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. In the left sidebar, next to "Campaigns", click the {% octicon "plus" aria-label="New campaign" %} icon to start creating a campaign. +1. In the left sidebar, next to "Campaigns", click the {% octicon "plus" aria-label="New campaign" %} icon to start creating a campaign. 1. Select one of the pre-defined filter templates to open a "New campaign from TEMPLATE_NAME template" dialog box. 1. If the message "This looks like a big campaign" is displayed, click **Back to filters** to display the {% data variables.product.prodname_code_scanning %} alerts view with the campaign template filter shown. 1. Add further filters to reduce the number of alerts shown, for example, filtering by "Team" or by custom property. diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md index 8a468f586cd0..cec56aee372f 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md @@ -15,11 +15,8 @@ topics: If you no longer need a {% data variables.product.prodname_custom_security_configuration %}, you can delete that configuration to ensure it will not be applied to any repositories in the future. If you are deleting a {% data variables.product.prodname_custom_security_configuration %} because you want to change the security enablement settings in that configuration, you can instead edit the configuration. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration)." -{% warning %} - -**Warning:** Deleting a {% data variables.product.prodname_custom_security_configuration %} will detach all repositories that are linked to that configuration. The existing security settings for those repositories will be unchanged, but you must apply a different {% data variables.product.prodname_security_configuration %} or manage their security settings at the repository level to keep their settings up to date. - -{% endwarning %} +> [!WARNING] +> Deleting a {% data variables.product.prodname_custom_security_configuration %} will detach all repositories that are linked to that configuration. The existing security settings for those repositories will be unchanged, but you must apply a different {% data variables.product.prodname_security_configuration %} or manage their security settings at the repository level to keep their settings up to date. ## Deleting a {% data variables.product.prodname_custom_security_configuration %} from your organization diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md index a8f4df27f244..7896a7e46450 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md @@ -17,11 +17,8 @@ After creating and applying a {% data variables.product.prodname_custom_security To determine if your {% data variables.product.prodname_custom_security_configuration %} is meeting your security needs, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings)." -{% note %} - -**Note:** The {% data variables.product.prodname_github_security_configuration %} is managed by {% data variables.product.company_short %} and cannot be edited. If you would like to customize your security enablement settings, you need to create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." - -{% endnote %} +> [!NOTE] +> The {% data variables.product.prodname_github_security_configuration %} is managed by {% data variables.product.company_short %} and cannot be edited. If you would like to customize your security enablement settings, you need to create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." ## Modifying your {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md index 7be3af0d87ba..7ba4f7fe7cb0 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md @@ -70,11 +70,8 @@ For an introduction to {% data variables.product.prodname_dependabot_alerts %}, To learn how to interpret and resolve {% data variables.product.prodname_dependabot_alerts %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)." -{% note %} - -**Note:** If you enabled {% data variables.product.prodname_dependabot_security_updates %}, {% data variables.product.prodname_dependabot %} can also automatically raise pull requests to update the dependencies used in the repositories of the organization. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." - -{% endnote %} +> [!NOTE] +> If you enabled {% data variables.product.prodname_dependabot_security_updates %}, {% data variables.product.prodname_dependabot %} can also automatically raise pull requests to update the dependencies used in the repositories of the organization. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." ## Next steps diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md index 69a65bfb4319..9988cbdc8474 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md @@ -55,12 +55,8 @@ To learn about GHAS licenses, as well as unique and active committers, see "[AUT 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Disable {% data variables.product.prodname_GH_advanced_security %}**. 1. To finish disabling GHAS features on the selected private or internal repositories, in the "Disable {% data variables.product.prodname_GH_advanced_security %}?" window, click **Disable {% data variables.product.prodname_GH_advanced_security %}**. - {% note %} - - **Notes:** - * Disabling GHAS features for a private or internal repository will also detach that repository from any linked {% data variables.product.prodname_security_configuration %}. - * Disabling GHAS features through the repository table _will not_ disable those features on public repositories since they do not require {% data variables.product.prodname_GH_advanced_security %} licenses. - - {% endnote %} + > [!NOTE] + > * Disabling GHAS features for a private or internal repository will also detach that repository from any linked {% data variables.product.prodname_security_configuration %}. + > * Disabling GHAS features through the repository table _will not_ disable those features on public repositories since they do not require {% data variables.product.prodname_GH_advanced_security %} licenses. {% endif %} diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md index 2268adb79a5a..b2401b83b73c 100644 --- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md @@ -19,11 +19,8 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c ## Creating a {% data variables.product.prodname_custom_security_configuration %} -{% note %} - -**Note:** The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, vulnerability exposure analysis, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}. - -{% endnote %} +> [!NOTE] +> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, vulnerability exposure analysis, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}. {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} @@ -37,11 +34,8 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c * {% data variables.product.prodname_dependabot %}. To learn about {% data variables.product.prodname_dependabot %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." * Security updates. To learn about security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." - {% note %} - - **Note:** You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GH_advanced_security %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled. - - {% endnote %} + > [!NOTE] + > You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GH_advanced_security %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled. 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup)." 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features: diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md index 7778017a9691..d82ab326169a 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md +++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md @@ -25,14 +25,11 @@ If you try to attach a {% data variables.product.prodname_security_configuration For all repositories without an active advanced setup, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled. -{% note %} - -**Note:** If advanced setup is considered inactive for a repository, default setup _will_ still be enabled for that repository. Advanced setup is considered inactive for a repository if the repository meets any of the following criteria: -* The latest {% data variables.product.prodname_codeql %} analysis is more than 90 days old -* All {% data variables.product.prodname_codeql %} configurations have been deleted -* The workflow file has been deleted or disabled (exclusively for YAML-based advanced setup) - -{% endnote %} +> [!NOTE] +> If advanced setup is considered inactive for a repository, default setup _will_ still be enabled for that repository. Advanced setup is considered inactive for a repository if the repository meets any of the following criteria: +> * The latest {% data variables.product.prodname_codeql %} analysis is more than 90 days old +> * All {% data variables.product.prodname_codeql %} configurations have been deleted +> * The workflow file has been deleted or disabled (exclusively for YAML-based advanced setup) ## Solving the problem diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md index 755cc4a681ee..33f21124cad3 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md +++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md @@ -64,11 +64,8 @@ The process for reporting and disclosing vulnerabilities for projects on {% data If there isn't a security policy in place, the most efficient way to establish a private means of communication with maintainers is to create an issue asking for a preferred security contact. It's worth noting that the issue will be immediately publicly visible, so it should not include any information about the bug. Once communication is established, you can suggest the maintainers define a security policy for future use. -{% note %} - -**Note**: _For npm only_ - If we receive a report of malware in an npm package, we try to contact you privately. If you don't address the issue in a timely manner, we will disclose it. For more information, see "[Reporting malware in an npm package](https://docs.npmjs.com/reporting-malware-in-an-npm-package)" on the npm Docs website. - -{% endnote %} +> [!NOTE] +> _For npm only_ - If we receive a report of malware in an npm package, we try to contact you privately. If you don't address the issue in a timely manner, we will disclose it. For more information, see "[Reporting malware in an npm package](https://docs.npmjs.com/reporting-malware-in-an-npm-package)" on the npm Docs website. If you've found a security vulnerability in {% data variables.product.prodname_dotcom %}, please report the vulnerability through our coordinated disclosure process. For more information, see the [{% data variables.product.prodname_dotcom %} Security Bug Bounty](https://bounty.github.com/) website. @@ -84,9 +81,5 @@ The process for reporting and disclosing vulnerabilities for projects on {% data Private vulnerability reporting provides an easy way for vulnerability reporters to privately disclose security risks to repository maintainers, within {% data variables.product.prodname_dotcom %}, and in a way that immediately notifies the repository maintainers of the issue. For more information for security researchers and repository maintainers, see "[AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)" and "[AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities)", respectively. -{% note %} - -**Note**: -If the repository containing the vulnerability doesn't have private vulnerability reporting enabled, both security researchers and repository maintainers need to follow the instructions described in the "[Standard process](#standard-process)" section above. - -{% endnote %} +> [!NOTE] +> If the repository containing the vulnerability doesn't have private vulnerability reporting enabled, both security researchers and repository maintainers need to follow the instructions described in the "[Standard process](#standard-process)" section above. diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md index b6bded7fe0a0..cd14cd02b015 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md +++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md @@ -87,11 +87,8 @@ For examples showing how affected versions are defined in some existing advisori * Each operator sequence must be specified as the operator, a single space, and then the version. For more information about valid operators, see [Supported operators](#supported-operators) above. * The version must begin with a number followed by any number of numbers, letters, dots, dashes, or underscores (anything other than a space or comma). For more information about version formatting, see [Version syntax](#version-syntax) above. - {% note %} - - **Note:** Affected version strings cannot contain leading or trailing spaces. - - {% endnote %} + > [!NOTE] + > Affected version strings cannot contain leading or trailing spaces. * Upper-bound operators can be inclusive or exclusive, i.e. `<=` or `<`, respectively. * Lower-bound operators can be inclusive or exclusive, i.e. `>=` or `>`, respectively. However, if you publish your repository advisory, and we graduate your repository advisory into a global advisory, a different rule applies: lower-bound strings can only be inclusive, i.e. `>=`. The exclusive lower bound operator (`>`) is only allowed when the version is `0`, for example `> 0`. @@ -101,13 +98,10 @@ For examples showing how affected versions are defined in some existing advisori * Do not use a space between a number and a comma in `>= lower bound, <= upper bound`. * Use a space between a comma and the upper bound operator. - {% note %} - - **Notes:** The lower-bound limitation: - * Is due to incompatibilities with the OSV schema. - * Only applies when you make a suggestion on an existing advisory in the {% data variables.product.prodname_advisory_database %}. - - {% endnote %} + > [!NOTE] + > The lower-bound limitation: + > * Is due to incompatibilities with the OSV schema. + > * Only applies when you make a suggestion on an existing advisory in the {% data variables.product.prodname_advisory_database %}. * You cannot specify multiple affected version ranges in the same field, such as `> 2.0, < 2.3, > 3.0, < 3.2`.To specify more than one range, you must create a new **Affected products** section for each range, by clicking the **+ Add another affected product** button. diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md index 5456097440af..b9e710abcc8b 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md +++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md @@ -15,15 +15,11 @@ redirect_from: {% data reusables.security-advisory.private-vulnerability-reporting-enable %} -{% note %} - -**Notes:** -* If you have admin or security permissions for a public repository, you don't need to submit a vulnerability report. Instead, you can create a draft security advisory directly. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory)." -* The ability to privately report a vulnerability in a repository is not related to the presence of a `SECURITY.md` file in that repository's root or `docs` directory. - * The `SECURITY.md` file contains the security policy for the repository. Repository administrators can add and use this file to provide _public_ instructions for how to report a security vulnerability in their repository. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)." - * You can only report a vulnerability privately for repositories where private vulnerability reporting is enabled, and you don't have to follow the instructions in the `SECURITY.md` file. This reporting process is fully private, and {% data variables.product.prodname_dotcom %} notifies the repository administrators directly about your submission. - -{% endnote %} +> [!NOTE] +> * If you have admin or security permissions for a public repository, you don't need to submit a vulnerability report. Instead, you can create a draft security advisory directly. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory)." +> * The ability to privately report a vulnerability in a repository is not related to the presence of a `SECURITY.md` file in that repository's root or `docs` directory. +> * The `SECURITY.md` file contains the security policy for the repository. Repository administrators can add and use this file to provide _public_ instructions for how to report a security vulnerability in their repository. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)." +> * You can only report a vulnerability privately for repositories where private vulnerability reporting is enabled, and you don't have to follow the instructions in the `SECURITY.md` file. This reporting process is fully private, and {% data variables.product.prodname_dotcom %} notifies the repository administrators directly about your submission. ## About privately reporting a security vulnerability diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md index 746d6e1364b3..b009c25350de 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md +++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md @@ -24,11 +24,8 @@ Global security advisories are grouped into these categories: {% data variables. * {% data reusables.advisory-database.unreviewed-overview %} * {% data reusables.advisory-database.malware-overview %} -{% note %} - -**Note:** {% data variables.product.prodname_dependabot %} doesn't generate {% data variables.product.prodname_dependabot_alerts %} for unreviewed and malware advisories. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot %} doesn't generate {% data variables.product.prodname_dependabot_alerts %} for unreviewed and malware advisories. For more information about the {% data variables.product.prodname_advisory_database %}, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database)." diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md index 2975b7c3c233..93bc5c6ef857 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md +++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md @@ -30,11 +30,8 @@ You can access any advisory in the {% data variables.product.prodname_advisory_d 1. Navigate to https://github.com/advisories. 1. Optionally, to filter the list of advisories, use the search field or the drop-down menus at the top of the list. - {% note %} - - **Note:** You can use the sidebar on the left to explore {% data variables.product.company_short %}-reviewed and unreviewed advisories separately, or to filter by ecosystem. - - {% endnote %} + > [!NOTE] + > You can use the sidebar on the left to explore {% data variables.product.company_short %}-reviewed and unreviewed advisories separately, or to filter by ecosystem. 1. Click an advisory to view details. By default, you will see {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. To show malware advisories, use `type:malware` in the search bar. @@ -98,11 +95,10 @@ You can use your local advisory database to check whether a specific security vu 1. Navigate to `https://HOSTNAME/advisories`. 1. Optionally, to filter the list, use any of the drop-down menus. - {% note %} - **Note:** Only reviewed advisories will be listed. Unreviewed advisories can be viewed in the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Accessing an advisory in the GitHub Advisory Database](#accessing-an-advisory-in-the-github-advisory-database)". + > [!NOTE] + > Only reviewed advisories will be listed. Unreviewed advisories can be viewed in the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Accessing an advisory in the GitHub Advisory Database](#accessing-an-advisory-in-the-github-advisory-database)". - {% endnote %} 1. Click an advisory to view details. By default, you will see {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. To show malware advisories, use `type:malware` in the search bar. You can also suggest improvements to any advisory directly from your local advisory database. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database#editing-advisories-from-your-github-enterprise-server-instance)". diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md b/content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md index edad72ae5581..a53f7162446d 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md +++ b/content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md @@ -102,13 +102,10 @@ Additionally, there can be no merge conflicts, and {% data variables.product.pro 1. In the "Security Advisories" list, click the name of the security advisory with changes that you'd like to merge. 1. Scroll to the bottom of the advisory form. Then, under "This advisory is ready to be merged", click **Merge pull request(s)** to merge all open pull requests in the temporary private fork. - ![Screenshot of the "Collaborate on a patch" area of a draft security advisory. The "Merge pull requests" button is outlined in dark orange.](/assets/images/help/security/merge-pull-requests-button.png) + ![Screenshot of the "Collaborate on a patch" area of a draft security advisory. The "Merge pull requests" button is outlined in dark orange.](/assets/images/help/security/merge-pull-requests-button.png) - {% note %} - - **Note:** You can only merge one pull request into the `main` branch of a temporary private fork. If more than one pull request targets the `main` branch, merging is blocked. - - {% endnote %} + > [!NOTE] + > You can only merge one pull request into the `main` branch of a temporary private fork. If more than one pull request targets the `main` branch, merging is blocked. After you merge changes in a security advisory, you can publish the security advisory to alert your community about the security vulnerability in previous versions of your project. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory)." diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md b/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md index dfa0a2f5b70d..a9eb28455a8b 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md +++ b/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md @@ -72,11 +72,8 @@ You can assign different types of credit to people. If someone accepts credit, the person's username appears in the "Credits" section of the security advisory. Anyone with read access to the repository can see the advisory and the people who accepted credit for it. -{% note %} - -**Note:** If you believe you should be credited for a security advisory, please contact the creator of the advisory and to ask for the advisory to be edited to include your credit. Only the creator of the advisory can credit you, so please don't contact {% data variables.product.company_short %} Support about credits for security advisories. - -{% endnote %} +> [!NOTE] +> If you believe you should be credited for a security advisory, please contact the creator of the advisory and to ask for the advisory to be edited to include your credit. Only the creator of the advisory can credit you, so please don't contact {% data variables.product.company_short %} Support about credits for security advisories. ## Next steps diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md b/content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md index 0809bbcd9a53..2b53d847974b 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md +++ b/content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md @@ -39,28 +39,22 @@ When you publish a security advisory, you notify your community about the securi Before you publish a security advisory, you can privately collaborate to fix the vulnerability in a temporary private fork. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability)." -{% warning %} - -**Warning**: Whenever possible, you should always add a fix version to a security advisory prior to publishing the advisory. If you don't, the advisory will be published without a fixed version, and {% data variables.product.prodname_dependabot %} will alert your users about the issue, without offering any safe version to update to. - -We recommend you take the following steps in these different situations: - -* If a fix version is imminently available, and you are able to, wait to disclose the issue when the fix is ready. -* If a fix version is in development but not yet available, mention this in the advisory, and edit the advisory later, after publication. -* If you are not planning to fix the issue, be clear about it in the advisory so that your users don't contact you to ask when a fix will be made. In this case, it is helpful to include steps users can take to mitigate the issue. - -{% endwarning %} +> [!WARNING] +> Whenever possible, you should always add a fix version to a security advisory prior to publishing the advisory. If you don't, the advisory will be published without a fixed version, and {% data variables.product.prodname_dependabot %} will alert your users about the issue, without offering any safe version to update to. +> +> We recommend you take the following steps in these different situations: +> +> * If a fix version is imminently available, and you are able to, wait to disclose the issue when the fix is ready. +> * If a fix version is in development but not yet available, mention this in the advisory, and edit the advisory later, after publication. +> * If you are not planning to fix the issue, be clear about it in the advisory so that your users don't contact you to ask when a fix will be made. In this case, it is helpful to include steps users can take to mitigate the issue. When you publish a draft advisory from a public repository, everyone is able to see: * The current version of the advisory data. * Any advisory credits that the credited users have accepted. -{% note %} - -**Note**: The general public will never have access to the edit history of the advisory, and will only see the published version. - -{% endnote %} +> [!NOTE] +> The general public will never have access to the edit history of the advisory, and will only see the published version. After you publish a security advisory, the URL for the security advisory will remain the same as before you published the security advisory. Anyone with read access to the repository can see the security advisory. Collaborators on the security advisory can continue to view past conversations, including the full comment stream, in the security advisory unless someone with admin permissions removes the collaborator from the security advisory. @@ -78,11 +72,8 @@ Publishing a security advisory deletes the temporary private fork for the securi ![Screenshot of the "Required advisory information has been provided" area of a draft security advisory. The "Publish advisory" button is outlined in dark orange.](/assets/images/help/security/publish-advisory-button.png) - {% note %} - - **Note:** If you selected "Request CVE ID later", you will see a **Request CVE** button in place of the **Publish advisory** button. For more information, see "[Requesting a CVE identification number (Optional)](#requesting-a-cve-identification-number-optional)" below. - - {% endnote %} + > [!NOTE] + > If you selected "Request CVE ID later", you will see a **Request CVE** button in place of the **Publish advisory** button. For more information, see "[Requesting a CVE identification number (Optional)](#requesting-a-cve-identification-number-optional)" below. ## {% data variables.product.prodname_dependabot_alerts %} for published security advisories diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md index c475b80effc5..0b3ec8637760 100644 --- a/content/code-security/security-overview/assessing-adoption-code-security.md +++ b/content/code-security/security-overview/assessing-adoption-code-security.md @@ -41,7 +41,7 @@ You can view data to assess the enablement of code security features across repo {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. +1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. {% data reusables.code-scanning.using-security-overview-coverage %} ![Screenshot of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights.png) diff --git a/content/code-security/security-overview/exporting-data-from-security-overview.md b/content/code-security/security-overview/exporting-data-from-security-overview.md index 129fe6e5cb36..34ef515779bc 100644 --- a/content/code-security/security-overview/exporting-data-from-security-overview.md +++ b/content/code-security/security-overview/exporting-data-from-security-overview.md @@ -24,28 +24,22 @@ The overview page contains data about security alerts across your organization, The CSV file you download will contain data corresponding to the filters you have applied to security overview. For example, if you add the filter `dependabot-alerts:enabled`, your file will only contain data for repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}. -{% note %} - -**Note:** In the "Teams" column of the CSV file, each repository will list a maximum of 20 teams with write access to that repository. If more than 20 teams have write access to a repository, the data will be truncated. - -{% endnote %} +> [!NOTE] +> In the "Teams" column of the CSV file, each repository will list a maximum of 20 teams with write access to that repository. If more than 20 teams have write access to a repository, the data will be truncated. ## Exporting data from your organization's security overview {% data reusables.profile.access_org %} 1. In the "Organizations" section, select the organization for which you would like to download security overview data. {% data reusables.organizations.security-overview %} -1. In the "Security" sidebar, choose the page that you want to export data from by clicking on **{% octicon "graph" aria-hidden="true" %}Overview**, **{% octicon "meter" aria-hidden="true" %} Coverage**, **{% octicon "shield" aria-hidden="true" %} Risk** or **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**. +1. In the "Security" sidebar, choose the page that you want to export data from by clicking on **{% octicon "graph" aria-hidden="true" %}Overview**, **{% octicon "meter" aria-hidden="true" %} Coverage**, **{% octicon "shield" aria-hidden="true" %} Risk** or **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**. 1. Next to the search bar, click {% octicon "download" aria-hidden="true" %} **Export CSV**. It may take a moment for {% data variables.product.product_name %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV. {% ifversion secret-scanning-non-provider-patterns %} -{% note %} - -**Note:** The summary views ({% ifversion security-overview-dashboard %}"Overview", {% endif %}"Coverage" and "Risk") show data only for {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts. {% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %} alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert. - -{% endnote %} +> [!NOTE] +> The summary views ({% ifversion security-overview-dashboard %}"Overview", {% endif %}"Coverage" and "Risk") show data only for {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts. {% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %} alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert. {% endif %} diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md index 391fec24a8fa..850df50113bc 100644 --- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md +++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md @@ -75,11 +75,8 @@ These qualifiers are available in all views. ## Custom repository property filters -{% note %} - -**Note:** Repository properties are in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> Repository properties are in {% data variables.release-phases.public_preview %} and subject to change. Custom repository properties are metadata that organization owners can add to repositories in an organization, providing a way to group repositories by the information you are interested in. For example, you can add custom repository properties for compliance frameworks or data sensitivity. For more information on adding custom repository properties, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)." @@ -160,7 +157,7 @@ The level of risk for a repository is determined by the number and severity of a You can filter the "Overview" view by the type{% ifversion security-overview-3-14-overview %} and property{% endif %} of alerts. Use the `tool` qualifier to display only data for alerts generated by a specific tool{% ifversion security-overview-3-14-overview %} or type of tool{% endif %}. -* `tool:codeql` to show data only for {% data variables.product.prodname_code_scanning %} alerts generated using {% data variables.product.prodname_codeql%}. +* `tool:codeql` to show data only for {% data variables.product.prodname_code_scanning %} alerts generated using {% data variables.product.prodname_codeql %}. * `tool:dependabot` to show data only for {% data variables.product.prodname_dependabot_alerts %}. * `tool:secret-scanning` to show data only for {% data variables.secret-scanning.alerts %}.{% ifversion security-overview-3-14-overview %} * `tool:github` or `tool:third-party` to show data for all types of alerts generated by {% data variables.product.prodname_dotcom %} tools or by third-party tools. diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md index 87f7aaade665..206e1584b52a 100644 --- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md @@ -27,7 +27,7 @@ For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-adva {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. In the sidebar, under "Requests", click **{% octicon "key" aria-hidden="true" %} Push protection bypass**. +1. In the sidebar, under "Requests", click **{% octicon "key" aria-hidden="true" %} Push protection bypass**. 1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, or that have been approved but for which the commits haven't been pushed to the repository yet. 1. Click the request that you want to review. 1. Review the details of the request. diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md index c017c09fcdf4..53a2ec3626d5 100644 --- a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md +++ b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md @@ -40,7 +40,7 @@ You can apply filters to the data. The metrics are based on activity from the de {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**. +1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**. 1. Optionally, use the date picker to set the time range. The date picker will show data based on the pull request alerts' creation dates. 1. Optionally, apply filters in the search box at the top of the page. 1. Alternatively, you can open the advanced filter dialog: diff --git a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md index 5fbaf4fad0f9..2ce78f975b0a 100644 --- a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md +++ b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md @@ -55,7 +55,7 @@ The metrics are based on activity from the default period or your selected perio {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}**. +1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}**. 1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your organization. {% data reusables.security-overview.filter-secret-scanning-metrics %} diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md index 062b9d949bd9..2306af2310c7 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -67,7 +67,7 @@ Keep in mind that the overview page tracks changes over time for security alert {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. The overview page is the primary view that you will see after clicking on the "Security" tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true" %} Overview**.{% ifversion security-overview-3-tab-dashboard %} +1. The overview page is the primary view that you will see after clicking on the "Security" tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true" %} Overview**.{% ifversion security-overview-3-tab-dashboard %} 1. By default, the **Detection** tab is displayed. If you want to switch to another tab to see other metrics, click **Remediation** or **Prevention**.{% endif %} {% data reusables.security-overview.filter-and-toggle %} diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md index e422506f6ed8..23b5c98f368b 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md +++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md @@ -100,11 +100,10 @@ For more information, see {% ifversion ghec %}"[AUTOTITLE](/admin/identity-and-a ### Configure your personal account {% ifversion ghec or ghes %} -{% note %} -**Note**: Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured, you may not be able to enable 2FA for your personal account. +> [!NOTE] +> Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured, you may not be able to enable 2FA for your personal account. -{% endnote %} {% endif %} {% data variables.product.product_name %} supports several options for 2FA, and while any of them is better than nothing, the most secure option is a WebAuthn credential. WebAuthn requires an authenticator such as a FIDO2 hardware security key, a platform authenticator like Windows Hello, an Apple or Google phone, or a password manager. It's possible, although difficult, to phish other forms of 2FA (for example, someone asking you to read them your 6 digit one-time password). However WebAuthn is much more resistant to phishing, because domain scoping is built into the protocol, which prevents credentials from a website impersonating the login page from being used on {% data variables.product.product_name %}. @@ -114,11 +113,10 @@ When you set up 2FA, you should always download the recovery codes and set up mo ### Configure your organization account {% ifversion ghec or ghes %} -{% note %} -**Note**: Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured, you may not be able to require 2FA for your organization. +> [!NOTE] +> Depending on the authentication method that {% ifversion ghec %}an enterprise owner{% elsif ghes %}a site administrator{% endif %} has configured, you may not be able to require 2FA for your organization. -{% endnote %} {% endif %} If you're an organization owner, you can see which users don't have 2FA enabled, help them get set up, and then require 2FA for your organization. To guide you through that process, see: diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md index d6ff8da471a8..bf4199b74c87 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md +++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md @@ -65,11 +65,8 @@ Code often needs to communicate with other systems over a network, and requires ### Automatic detection of secrets committed to a repository -{% note %} - -**Note:** {% data reusables.gated-features.secret-scanning %} - -{% endnote %} +> [!NOTE] +> {% data reusables.gated-features.secret-scanning %} {% data reusables.secret-scanning.enterprise-enable-secret-scanning %} @@ -102,11 +99,8 @@ Besides your code, you probably need to use secrets in other places. For example ## Keep vulnerable coding patterns out of your repository -{% note %} - -**Note:** {% data reusables.gated-features.code-scanning %} - -{% endnote %} +> [!NOTE] +> {% data reusables.gated-features.code-scanning %} {% data reusables.code-scanning.enterprise-enable-code-scanning %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index f322f46ab807..e9952383a43f 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -2,7 +2,7 @@ title: Configuring automatic dependency submission for your repository shortTitle: Automatic dependency submission intro: 'You can use automatic dependency submission to submit transitive dependency data in your repository. This enables you to analyze these transitive dependencies using the dependency graph.' -permissions: 'People with admin permissions to a repository, or the security manager role for the repository, can configure automatic dependency submission for that repository.' +permissions: '{% data reusables.permissions.security-repo-enable %}' redirect_from: - /early-access/ghas/automatic-dependency-submission-for-maven versions: diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md index cc49d2b1e130..ced05270835f 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md @@ -2,6 +2,7 @@ title: Configuring dependency review intro: You can use dependency review to catch vulnerabilities before they are added to your project. shortTitle: Configure dependency review +permissions: '{% data reusables.permissions.security-repo-enable %}' versions: fpt: '*' ghes: '*' @@ -71,11 +72,9 @@ Here is a list of common configuration options. For more information, and a ful | `external-repo-token` | {% octicon "x" aria-label="Optional" %} | Specifies a token for fetching the configuration file, if the file resides in a private external repository. The token must have read access to the repository.| {% ifversion dependency-review-action-licenses %} -{% tip %} -**Tip:** The `allow-licenses` and `deny-licenses` options are mutually exclusive. - -{% endtip %} +> [!TIP] +> The `allow-licenses` and `deny-licenses` options are mutually exclusive. ## Configuring the {% data variables.dependency-review.action_name %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md index 3b04d03e3c7a..774148d0c1a1 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md @@ -1,7 +1,7 @@ --- title: Customizing your dependency review action configuration intro: 'Learn how to add a basic customization to your dependency review configuration.' -product: '{% data reusables.gated-features.dependency-review-action %}' +permissions: '{% data reusables.permissions.security-repo-enable %}' versions: fpt: '*' ghes: '*' diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md index 771fb769a269..364df8aa9d63 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md @@ -1,9 +1,8 @@ --- title: Enforcing dependency review across an organization intro: 'Dependency review lets you catch insecure dependencies before you introduce them to your environment. You can enforce the use of the {% data variables.dependency-review.action_name %} across your organization.' -product: '{% data reusables.gated-features.dependency-review %}' shortTitle: Enforce dependency review -permissions: 'Organization owners can enforce use of the {% data variables.dependency-review.action_name %} in repositories within their organization.' +permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: repo-rules type: overview diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index ab3a0c75e9c3..4ae6c4b68d12 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -65,11 +65,10 @@ Dependencies submitted to a project using the {% data variables.dependency-submi If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}. {% ifversion ghes %} -{% note %} -**Note:** {% data variables.product.product_name %} does not populate the **Dependents** view. +> [!NOTE] +> {% data variables.product.product_name %} does not populate the **Dependents** view. -{% endnote %} {% endif %} {% ifversion fpt or ghec %} diff --git a/content/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace.md b/content/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace.md index 74d75ca0c94a..a727117fcd7b 100644 --- a/content/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace.md +++ b/content/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace.md @@ -22,11 +22,8 @@ For information on choosing a machine type when you create a codespace, see "[AU ## Changing the machine type -{% note %} - -**Note**: {% data reusables.codespaces.codespaces-machine-type-availability %} - -{% endnote %} +> [!NOTE] +> {% data reusables.codespaces.codespaces-machine-type-availability %} {% webui %} diff --git a/content/codespaces/customizing-your-codespace/changing-the-shell-in-a-codespace.md b/content/codespaces/customizing-your-codespace/changing-the-shell-in-a-codespace.md index d14d070da246..c2f120985afd 100644 --- a/content/codespaces/customizing-your-codespace/changing-the-shell-in-a-codespace.md +++ b/content/codespaces/customizing-your-codespace/changing-the-shell-in-a-codespace.md @@ -68,11 +68,8 @@ If the shell you install isn't detected automatically, you can add a new termina You can set a default terminal profile to choose the default shell used for all new terminal windows you open in {% data variables.product.prodname_vscode_shortname %}. The default terminal profile is dependent on your operating system, so you can set a default profile for Linux, if you're using the {% data variables.product.prodname_vscode_shortname %} web client, or for your local operating system, if you're using the desktop application. -{% note %} - -**Note:** Regardless of your default profile, codespaces opened in the web client always open with a `bash` session running initially. - -{% endnote %} +> [!NOTE] +> Regardless of your default profile, codespaces opened in the web client always open with a `bash` session running initially. {% data reusables.codespaces.access-user-settings %} 1. Inside the JSON object, to set the default shell for the relevant operating system, add lines or edit existing lines like the following. @@ -113,11 +110,8 @@ sudo apt-get install -y csh sudo chsh "$(id -un)" --shell "/usr/bin/csh" ``` -{% note %} - -**Note**: If you create a new codespace (for example by using `gh codespace create`), you must wait sufficient time to ensure the script has finished running before you connect to the codespace over SSH. If the script hasn't finished running, you will connect to a default `bash` session. - -{% endnote %} +> [!NOTE] +> If you create a new codespace (for example by using `gh codespace create`), you must wait sufficient time to ensure the script has finished running before you connect to the codespace over SSH. If the script hasn't finished running, you will connect to a default `bash` session. When you have connected to the codespace, for most shells, you can use the command `readlink /proc/$$/exe` to check the correct shell is running. diff --git a/content/codespaces/developing-in-a-codespace/connecting-to-a-private-network.md b/content/codespaces/developing-in-a-codespace/connecting-to-a-private-network.md index 47b27061b611..5d93259c628b 100644 --- a/content/codespaces/developing-in-a-codespace/connecting-to-a-private-network.md +++ b/content/codespaces/developing-in-a-codespace/connecting-to-a-private-network.md @@ -25,11 +25,8 @@ There are currently two methods of accessing resources on a private network with ### Using the GitHub CLI extension to access remote resources -{% warning %} - -**Warning**: The {% data variables.product.prodname_cli %} extension is {% data variables.release-phases.closing_down %} and is no longer supported. - -{% endwarning %} +> [!WARNING] +> The {% data variables.product.prodname_cli %} extension is {% data variables.release-phases.closing_down %} and is no longer supported. The {% data variables.product.prodname_cli %} extension allows you to create a bridge between a codespace and your local machine, so that the codespace can access any remote resource that is accessible from your machine. The codespace uses your local machine as a network gateway to reach those resources. For more information, see "[Using {% data variables.product.prodname_cli %} to access remote resources](https://github.com/github/gh-net#codespaces-network-bridge)." diff --git a/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md b/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md index de72b9d31d4f..6fe81f2b77e4 100644 --- a/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md +++ b/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md @@ -34,20 +34,16 @@ Organizations can enable members and outside collaborators to create and use cod {% data reusables.codespaces.when-you-can-create-codespaces %} {% ifversion ghec %} -{% note %} -**Note:** {% data reusables.codespaces.emus-create-codespaces %} +> [!NOTE] +> {% data reusables.codespaces.emus-create-codespaces %} -{% endnote %} {% endif %} {% data reusables.codespaces.starting-new-project-template %} For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template)." -{% note %} - -**Note**: If you use a JetBrains IDE, you can use {% data variables.product.prodname_cli %} to create a codespace. You can then use the JetBrains Gateway application to open the codespace in a JetBrains IDE. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide)." - -{% endnote %} +> [!NOTE] +> If you use a JetBrains IDE, you can use {% data variables.product.prodname_cli %} to create a codespace. You can then use the JetBrains Gateway application to open the codespace in a JetBrains IDE. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide)." If you create a codespace from a repository, the codespace will be associated with a specific branch, which cannot be empty. You can create more than one codespace per repository or even per branch. @@ -107,17 +103,12 @@ If you want to use Git hooks for your codespace, then you should set up hooks us The options page may also display the names of one or more secrets that it's recommended you create in your {% data variables.product.prodname_codespaces %} settings. For more information, see "[Recommended secrets](#recommended-secrets)." - {% note %} - - **Notes** - - * You can bookmark the options page to give you a quick way to create a codespace for this repository and branch. - * The [https://github.com/codespaces/new](https://github.com/codespaces/new) page provides a quick way to create a codespace for any repository and branch. You can get to this page quickly by typing `codespace.new` into your browser's address bar. - * For more information about dev container configuration files, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." - * For more information about machine types, see "[AUTOTITLE](/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace#about-machine-types)." - * {% data reusables.codespaces.codespaces-machine-type-availability %} - - {% endnote %} + > [!NOTE] + > * You can bookmark the options page to give you a quick way to create a codespace for this repository and branch. + > * The [https://github.com/codespaces/new](https://github.com/codespaces/new) page provides a quick way to create a codespace for any repository and branch. You can get to this page quickly by typing `codespace.new` into your browser's address bar. + > * For more information about dev container configuration files, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." + > * For more information about machine types, see "[AUTOTITLE](/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace#about-machine-types)." + > * {% data reusables.codespaces.codespaces-machine-type-availability %} 1. Click **Create codespace**. diff --git a/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md b/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md index c3d90ed0fccc..7d3016894652 100644 --- a/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md +++ b/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md @@ -27,11 +27,10 @@ If you're starting a new project, you can get started with development work quic You can start from a blank template, choose from templates maintained by {% data variables.product.company_short %} for popular technologies such as React or Jupyter Notebook, or launch a codespace from any template repository on {% data variables.product.prodname_dotcom %}. {% ifversion ghec %} -{% note %} -**Note:** If you have a {% data variables.enterprise.prodname_managed_user %}, you cannot use {% data variables.product.company_short %}'s public templates for {% data variables.product.prodname_github_codespaces %}, because you can only create codespaces that are owned and paid for by your organization or enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-user-accounts)." +> [!NOTE] +> If you have a {% data variables.enterprise.prodname_managed_user %}, you cannot use {% data variables.product.company_short %}'s public templates for {% data variables.product.prodname_github_codespaces %}, because you can only create codespaces that are owned and paid for by your organization or enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-user-accounts)." -{% endnote %} {% endif %} With a blank template, you'll start with an empty directory, with access to cloud-based compute resources and the tools, languages, and runtime environments that come preinstalled with the default dev container image. With other templates, you'll get starter files for the technology you're working with, plus typically some extra files such as a README file, a `.gitignore` file, and dev container configuration files containing some custom environment configuration. For more information on dev containers and the default image, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." @@ -42,11 +41,8 @@ As an example, if you create a codespace from {% data variables.product.company_ The files and configuration included in templates are defined in template repositories. The template repository is cloned into your codespace when you create the codespace. After that, the link is severed, and your codespace won't be linked to a remote repository until you publish to one. -{% tip %} - -**Tip:** To help people get started with your framework, library, or other project, you can set up a template repository for use with {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces)." - -{% endtip %} +> [!TIP] +> To help people get started with your framework, library, or other project, you can set up a template repository for use with {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces)." ## Creating a codespace from a {% data variables.product.company_short %} template @@ -69,11 +65,8 @@ You can create a codespace from any template repository, then publish your work {% data reusables.repositories.navigate-to-repo %} {% data reusables.codespaces.use-this-template %} - {% note %} - - **Note:** If you're a maintainer of the template repository, and want to commit changes to the template repository itself, you should create a codespace from the **{% octicon "code" aria-hidden="true" %} Code** dropdown. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository)." - - {% endnote %} + > [!NOTE] + > If you're a maintainer of the template repository, and want to commit changes to the template repository itself, you should create a codespace from the **{% octicon "code" aria-hidden="true" %} Code** dropdown. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository)." {% data reusables.codespaces.template-codespaces-default-editor %} diff --git a/content/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace.md b/content/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace.md index 13dba8f1abb0..561617e2b949 100644 --- a/content/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace.md +++ b/content/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace.md @@ -18,11 +18,8 @@ redirect_from: {% data variables.product.prodname_dotcom %} sets default environment variables for every codespace. Commands run in codespaces can create, read, and modify environment variables. -{% note %} - -**Note**: Environment variables are case-sensitive. - -{% endnote %} +> [!NOTE] +> Environment variables are case-sensitive. ## List of default environment variables diff --git a/content/codespaces/developing-in-a-codespace/deleting-a-codespace.md b/content/codespaces/developing-in-a-codespace/deleting-a-codespace.md index 26d284a072d9..dd3e8ee78138 100644 --- a/content/codespaces/developing-in-a-codespace/deleting-a-codespace.md +++ b/content/codespaces/developing-in-a-codespace/deleting-a-codespace.md @@ -27,11 +27,8 @@ You can manually delete a codespace in a variety of ways: Use the tabs at the top of this article to display instructions for each of these ways of deleting a codespace. -{% note %} - -**Note**: You can't delete a codespace from within the JetBrains Gateway, or the JetBrains client application, or from within JupyterLab. - -{% endnote %} +> [!NOTE] +> You can't delete a codespace from within the JetBrains Gateway, or the JetBrains client application, or from within JupyterLab. ## Why you should delete unused codespaces @@ -50,11 +47,8 @@ There are costs associated with storing codespaces. You should therefore delete {% endwebui %} -{% note %} - -**Note**: You may have prebuild codespaces that are consuming additional storage which are not displayed on this dashboard. To delete them, follow the steps for “[Deleting a prebuild configuration](/codespaces/prebuilding-your-codespaces/managing-prebuilds#deleting-a-prebuild-configuration).” - -{% endnote %} +> [!NOTE] +> You may have prebuild codespaces that are consuming additional storage which are not displayed on this dashboard. To delete them, follow the steps for “[Deleting a prebuild configuration](/codespaces/prebuilding-your-codespaces/managing-prebuilds#deleting-a-prebuild-configuration).” {% vscode %} diff --git a/content/codespaces/developing-in-a-codespace/forwarding-ports-in-your-codespace.md b/content/codespaces/developing-in-a-codespace/forwarding-ports-in-your-codespace.md index 7ac72db934cf..04242a0b0fed 100644 --- a/content/codespaces/developing-in-a-codespace/forwarding-ports-in-your-codespace.md +++ b/content/codespaces/developing-in-a-codespace/forwarding-ports-in-your-codespace.md @@ -162,11 +162,8 @@ Copy the address and paste it somewhere for later use. 1. Copy the token. - {% note %} - - **Important**: Don't share this access token with anyone. - - {% endnote %} + > [!IMPORTANT] + > Don't share this access token with anyone. 1. Exit the SSH session. diff --git a/content/codespaces/developing-in-a-codespace/getting-started-with-github-codespaces-for-machine-learning.md b/content/codespaces/developing-in-a-codespace/getting-started-with-github-codespaces-for-machine-learning.md index bb31d23f79ea..a3722a093372 100644 --- a/content/codespaces/developing-in-a-codespace/getting-started-with-github-codespaces-for-machine-learning.md +++ b/content/codespaces/developing-in-a-codespace/getting-started-with-github-codespaces-for-machine-learning.md @@ -63,11 +63,8 @@ You can open your codespace in JupyterLab from the "Your codespaces" page at [gi ## Configuring NVIDIA CUDA for your codespace -{% note %} - -**Note**: This section only applies to customers who can create codespaces on machines that use a GPU. The ability to choose a machine type that uses a GPU was offered to selected customers during a trial period. This option is not generally available. - -{% endnote %} +> [!NOTE] +> This section only applies to customers who can create codespaces on machines that use a GPU. The ability to choose a machine type that uses a GPU was offered to selected customers during a trial period. This option is not generally available. Some software requires you to install NVIDIA CUDA to use your codespace’s GPU. Where this is the case, you can create your own custom configuration, by using a `devcontainer.json` file, and specify that CUDA should be installed. For more information on creating a custom configuration, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#creating-a-custom-dev-container-configuration)." diff --git a/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md b/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md index 5de714bf1513..75f0175ba4dd 100644 --- a/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md +++ b/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md @@ -52,11 +52,8 @@ You can quickly resume a codespace when you're viewing a repository on {% data v Alternatively, if you want to create a new codespace for this branch of the repository, click **Create a new one**. - {% note %} - - **Note**: If you don't have an existing codespace for this branch, the page is titled "Create codespace" and a button labeled **Create a new codespace** is displayed. - - {% endnote %} + > [!NOTE] + > If you don't have an existing codespace for this branch, the page is titled "Create codespace" and a button labeled **Create a new codespace** is displayed. You can bookmark the address of this page if you want to get back to it quickly to resume your codespace. Alternatively you can use the address in a link to provide other people with a quick way of creating and resuming their own codespaces for this repository. @@ -91,11 +88,8 @@ You can bookmark the address of this page if you want to get back to it quickly ## Reopening an existing codespace -{% note %} - -**Note:** {% data reusables.codespaces.using-codespaces-in-vscode %} See "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-github-codespaces-in-visual-studio-code)." - -{% endnote %} +> [!NOTE] +> {% data reusables.codespaces.using-codespaces-in-vscode %} See "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-github-codespaces-in-visual-studio-code)." 1. In the {% data variables.product.prodname_vscode_shortname %} desktop application, open the Command Palette with Command+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux). 1. Type "Codespaces" and select one of the following commands. @@ -128,11 +122,8 @@ You can also access the commands listed above by navigating to the Remote Explor gh codespace code ``` - {% note %} - - **Note**: You must have {% data variables.product.prodname_vscode_shortname %} installed on your local machine. See "[Setting up {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/docs/setup/setup-overview)" in the {% data variables.product.prodname_vscode_shortname %} documentation. - - {% endnote %} + > [!NOTE] + > You must have {% data variables.product.prodname_vscode_shortname %} installed on your local machine. See "[Setting up {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/docs/setup/setup-overview)" in the {% data variables.product.prodname_vscode_shortname %} documentation. * To open a codespace in the browser, enter: @@ -146,11 +137,8 @@ You can also access the commands listed above by navigating to the Remote Explor gh codespace jupyter ``` - {% note %} - - **Note**: {% data reusables.codespaces.jupyterlab-installed-in-codespace %} - - {% endnote %} + > [!NOTE] + > {% data reusables.codespaces.jupyterlab-installed-in-codespace %} * To access a codespace from the command line, over SSH, enter: diff --git a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-visual-studio-code.md b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-visual-studio-code.md index 59b96105fb2e..e91ece92b5ad 100644 --- a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-visual-studio-code.md +++ b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-visual-studio-code.md @@ -58,11 +58,8 @@ Use the {% data variables.product.prodname_vscode_marketplace %} to install the {% data reusables.codespaces.codespaces-machine-types %} You can change the machine type of your codespace at any time. -{% note %} - -**Note**: {% data reusables.codespaces.codespaces-machine-type-availability %} - -{% endnote %} +> [!NOTE] +> {% data reusables.codespaces.codespaces-machine-type-availability %} {% data reusables.codespaces.changing-machine-type-in-vscode %} diff --git a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md index 537c097d0ba8..fe2e290ba626 100644 --- a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md +++ b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md @@ -23,11 +23,8 @@ After installing the JetBrains Gateway, you can set JetBrains as your default ed When you work in a codespace, you use the JetBrains thin client application on your local computer. This provides the graphical interface for the full JetBrains IDE of your choice, which runs on the remote virtual machine that hosts your codespace. The thin client is always used, even if the full JetBrains IDE is installed locally. Any local JetBrains IDE settings are imported and used by the thin client. -{% note %} - -**Note:** Only existing codespaces are available in the JetBrains Gateway. You can create codespaces in {% data variables.product.github %}, or by using {% data variables.product.prodname_cli %}. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository)." - -{% endnote %} +> [!NOTE] +> Only existing codespaces are available in the JetBrains Gateway. You can create codespaces in {% data variables.product.github %}, or by using {% data variables.product.prodname_cli %}. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository)." ### The JetBrains remote development connection process @@ -72,11 +69,8 @@ You must have an existing codespace to connect to, and the virtual machine that For more information about the `devcontainer.json` file and the default container image, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." -{% note %} - -**Note**: For help with connecting to your codespace over SSH, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-github-codespaces-clients?tool=jetbrains#ssh-connection-issues)." - -{% endnote %} +> [!NOTE] +> For help with connecting to your codespace over SSH, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-github-codespaces-clients?tool=jetbrains#ssh-connection-issues)." ## Setting up the JetBrains Gateway diff --git a/content/codespaces/developing-in-a-codespace/using-github-codespaces-with-github-cli.md b/content/codespaces/developing-in-a-codespace/using-github-codespaces-with-github-cli.md index ac60d2869d2f..845ea364d4c7 100644 --- a/content/codespaces/developing-in-a-codespace/using-github-codespaces-with-github-cli.md +++ b/content/codespaces/developing-in-a-codespace/using-github-codespaces-with-github-cli.md @@ -63,11 +63,8 @@ The sections below give example commands for each of the available operations. For a complete reference of `gh` commands for {% data variables.product.prodname_github_codespaces %}, including details of all available options for each command, see the {% data variables.product.prodname_cli %} online help for "[gh codespace](https://cli.github.com/manual/gh_codespace)." Alternatively, on the command line, use `gh codespace --help` for general help or `gh codespace SUBCOMMAND --help` for help with a specific subcommand. -{% note %} - -**Note**: The `-c CODESPACE_NAME` flag, used with many commands, is optional. If you omit it a list of codespaces is displayed for you to choose from. - -{% endnote %} +> [!NOTE] +> The `-c CODESPACE_NAME` flag, used with many commands, is optional. If you omit it a list of codespaces is displayed for you to choose from. ### List all of your codespaces @@ -148,13 +145,10 @@ To run commands on the remote codespace machine, from your terminal, you can SSH gh codespace ssh -c CODESPACE-NAME ``` -{% note %} - -**Note**: {% data reusables.codespaces.ssh-server-installed %} - -
    For more information about the `devcontainer.json` file and the default container image, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." - -{% endnote %} +> [!NOTE] +> {% data reusables.codespaces.ssh-server-installed %} +> +> For more information about the `devcontainer.json` file and the default container image, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." {% data variables.product.prodname_github_codespaces %} creates a local SSH key automatically to provide a seamless authentication experience. For more information on connecting with SSH, see [`gh codespace ssh`](https://cli.github.com/manual/gh_codespace_ssh). @@ -254,11 +248,8 @@ For more information about the creation log, see "[AUTOTITLE](/codespaces/troubl You can use the {% data variables.product.prodname_cli %} extension to create a bridge between a codespace and your local machine, so that the codespace can access any remote resource that is accessible from your machine. For more information on using the extension, see "[Using {% data variables.product.prodname_cli %} to access remote resources](https://github.com/github/gh-net#codespaces-network-bridge)." -{% note %} - -**Note**: The {% data variables.product.prodname_cli %} extension is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> The {% data variables.product.prodname_cli %} extension is currently in {% data variables.release-phases.public_preview %} and subject to change. ### Change the machine type of a codespace diff --git a/content/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace.md b/content/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace.md index 4b426c237d24..46263a62700e 100644 --- a/content/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace.md +++ b/content/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace.md @@ -44,11 +44,8 @@ A typical workflow for updating a file using {% data variables.product.prodname_ * Commit the change. * Raise a pull request. -{% note %} - -**Note:** By default, {% data variables.product.prodname_github_codespaces %} uses the HTTPS protocol to transfer data to and from a remote repository, and authenticates with a `GITHUB_TOKEN` configured with read and write access to the repository from which you create the codespace. If you're having issues with authentication, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository)." - -{% endnote %} +> [!NOTE] +> By default, {% data variables.product.prodname_github_codespaces %} uses the HTTPS protocol to transfer data to and from a remote repository, and authenticates with a `GITHUB_TOKEN` configured with read and write access to the repository from which you create the codespace. If you're having issues with authentication, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository)." ## About automatic forking @@ -60,14 +57,9 @@ If you make a commit from the codespace, or push a new branch, {% data variables If you make a commit from the command line, you will see a prompt asking if you would like to proceed with linking your codespace to a new or existing fork. Enter `y` to proceed. If you commit changes from the **Source Control** view in {% data variables.product.prodname_vscode_shortname %}, or from the navigation bar in a JetBrains IDE, your codespace is automatically linked to a fork without you being prompted. -{% note %} - -**Notes:** - -* If you delete your fork repository, then any codespaces linked to the fork are deleted, even if you originally created them from the upstream repository. -* If you make a commit from the command line and refuse the new fork by entering `n`, you should push your changes from the command line rather than from {% data variables.product.prodname_vscode_shortname %}'s Source Control view. If you use the Source Control view, {% data variables.product.prodname_vscode_shortname %} will still try to create a fork for you on push. - -{% endnote %} +> [!NOTE] +> * If you delete your fork repository, then any codespaces linked to the fork are deleted, even if you originally created them from the upstream repository. +> * If you make a commit from the command line and refuse the new fork by entering `n`, you should push your changes from the command line rather than from {% data variables.product.prodname_vscode_shortname %}'s Source Control view. If you use the Source Control view, {% data variables.product.prodname_vscode_shortname %} will still try to create a fork for you on push. When {% data variables.product.prodname_github_codespaces %} creates a fork, or links your codespace to an existing fork, the following things happen. @@ -121,11 +113,8 @@ For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-re ![Screenshot of the branches pop-up menu with the "origin/templates" branch selected and "Checkout" selected in the submenu.](/assets/images/help/codespaces/jetbrains-checkout-submenu.png) - {% tip %} - - **Tip**: If someone has recently changed a file on the remote repository, in the branch you switched to, you may not see those changes until you pull the changes into your codespace. - - {% endtip %} + > [!TIP] + > If someone has recently changed a file on the remote repository, in the branch you switched to, you may not see those changes until you pull the changes into your codespace. ## Committing your changes diff --git a/content/codespaces/developing-in-a-codespace/working-collaboratively-in-a-codespace.md b/content/codespaces/developing-in-a-codespace/working-collaboratively-in-a-codespace.md index 5dc908a2cda3..e1d8aac93ad6 100644 --- a/content/codespaces/developing-in-a-codespace/working-collaboratively-in-a-codespace.md +++ b/content/codespaces/developing-in-a-codespace/working-collaboratively-in-a-codespace.md @@ -43,11 +43,8 @@ For more information about Live Share, see "[What is {% data variables.product.p 1. Send the link in your clipboard to anyone you want to join you in your Live Share session. - {% note %} - - **Important**: Given the level of access Live Share sessions can provide to guests, you should only share with people you trust, and you should think through the implications of what you are sharing. For more information, see "[Security features of Live Share](https://learn.microsoft.com/en-us/visualstudio/liveshare/reference/security)" in the {% data variables.product.prodname_vs %} documentation. - - {% endnote %} + > [!IMPORTANT] + > Given the level of access Live Share sessions can provide to guests, you should only share with people you trust, and you should think through the implications of what you are sharing. For more information, see "[Security features of Live Share](https://learn.microsoft.com/en-us/visualstudio/liveshare/reference/security)" in the {% data variables.product.prodname_vs %} documentation. ## Stopping a Live Share session diff --git a/content/codespaces/getting-started/deep-dive.md b/content/codespaces/getting-started/deep-dive.md index 30516c7a8949..524137fcf020 100644 --- a/content/codespaces/getting-started/deep-dive.md +++ b/content/codespaces/getting-started/deep-dive.md @@ -28,11 +28,8 @@ Your codespace can be ephemeral if you need to test something or you can return For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository)," "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template)," and "[AUTOTITLE](/codespaces/developing-in-a-codespace/opening-an-existing-codespace)." -{% note %} - -**Note**: You can create more than one codespace per repository or even per branch. However, there are limits to the number of codespaces you can create, and the number of codespaces you can run at the same time. If you reach the maximum number of codespaces and try to create another, a message is displayed telling you that you must remove an existing codespace before you can create a new one. - -{% endnote %} +> [!NOTE] +> You can create more than one codespace per repository or even per branch. However, there are limits to the number of codespaces you can create, and the number of codespaces you can run at the same time. If you reach the maximum number of codespaces and try to create another, a message is displayed telling you that you must remove an existing codespace before you can create a new one. ### The codespace creation process @@ -48,13 +45,10 @@ A [shallow clone](https://github.blog/2020-12-21-get-up-to-speed-with-partial-cl {% data variables.product.prodname_github_codespaces %} uses a Docker container as the development environment. This container is created based on configurations that you can define in a `devcontainer.json` file and, optionally, a Dockerfile. If you create a codespace from {% data variables.product.company_short %}'s blank template, or from a repository with no `devcontainer.json` file, {% data variables.product.prodname_github_codespaces %} uses a default image, which has many languages and runtimes available. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." For details of what the default image for dev containers includes, see the [`devcontainers/images`](https://github.com/devcontainers/images/tree/main/src/universal) repository. -{% note %} - -**Note:** If you want to use Git hooks in your codespace and apply anything in the [git template directory](https://git-scm.com/docs/git-init#_template_directory) to your codespace, then you must set up hooks during step 4 after the container is created. - -Since your repository is cloned onto the host VM before the container is created, anything in the [git template directory](https://git-scm.com/docs/git-init#_template_directory) will not apply in your codespace unless you set up hooks in your `devcontainer.json` configuration file using the `postCreateCommand` in step 4. For more information, see "[Step 4: Post-creation setup](#step-4-post-creation-setup)." - -{% endnote %} +> [!NOTE] +> If you want to use Git hooks in your codespace and apply anything in the [git template directory](https://git-scm.com/docs/git-init#_template_directory) to your codespace, then you must set up hooks during step 4 after the container is created. +> +> Since your repository is cloned onto the host VM before the container is created, anything in the [git template directory](https://git-scm.com/docs/git-init#_template_directory) will not apply in your codespace unless you set up hooks in your `devcontainer.json` configuration file using the `postCreateCommand` in step 4. For more information, see "[Step 4: Post-creation setup](#step-4-post-creation-setup)." ### Step 3: Connecting to the codespace @@ -128,11 +122,8 @@ If you're working in a codespace created from a template, Git is installed by de For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace)." -{% note %} - -**Note:** Commits from your codespace will be attributed to the name and public email configured at https://github.com/settings/profile. A token scoped to the repository, included in the environment as `GITHUB_TOKEN`, and your GitHub credentials will be used to authenticate. - -{% endnote %} +> [!NOTE] +> Commits from your codespace will be attributed to the name and public email configured at https://github.com/settings/profile. A token scoped to the repository, included in the environment as `GITHUB_TOKEN`, and your GitHub credentials will be used to authenticate. ## Personalizing your codespace with extensions or plugins diff --git a/content/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization.md b/content/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization.md index 73cbf0939f21..189f12aca9a5 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization.md +++ b/content/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization.md @@ -41,11 +41,10 @@ If an organization chooses for codespaces to be **organization-owned**, the orga For more information about enabling {% data variables.product.prodname_github_codespaces %} for members and collaborators, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization)." {% ifversion ghec %} -{% note %} -**Note:** If you own an {% data variables.enterprise.prodname_emu_org %} and do not allow {% data variables.product.prodname_github_codespaces %} to be billed to your organization, members with {% data variables.enterprise.prodname_managed_users %} will not be able to use {% data variables.product.prodname_github_codespaces %}. See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-user-accounts)." +> [!NOTE] +> If you own an {% data variables.enterprise.prodname_emu_org %} and do not allow {% data variables.product.prodname_github_codespaces %} to be billed to your organization, members with {% data variables.enterprise.prodname_managed_users %} will not be able to use {% data variables.product.prodname_github_codespaces %}. See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-user-accounts)." -{% endnote %} {% endif %} ## About ownership of codespaces @@ -72,11 +71,8 @@ If you change from **user ownership** to **organization ownership**, existing co ## Choosing who owns and pays for codespaces -{% note %} - -**Note:** If you cannot access the option to make codespaces **organization-owned**, this may be because you have disabled {% data variables.product.prodname_github_codespaces %} for all users in your organization's private{% ifversion ghec %} and internal{% endif %} repositories. See "[About choosing who pays for codespaces](#about-choosing-who-pays-for-codespaces)." - -{% endnote %} +> [!NOTE] +> If you cannot access the option to make codespaces **organization-owned**, this may be because you have disabled {% data variables.product.prodname_github_codespaces %} for all users in your organization's private{% ifversion ghec %} and internal{% endif %} repositories. See "[About choosing who pays for codespaces](#about-choosing-who-pays-for-codespaces)." {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} diff --git a/content/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization.md b/content/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization.md index 082ef7058342..d4d9f31fe62e 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization.md +++ b/content/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization.md @@ -42,11 +42,10 @@ In addition, to allow users to create codespaces, you must ensure that{% ifversi * Your{% else %} your{% endif %} organization does not have an IP address allow list enabled. For more information, see "[Managing allowed IP addresses for your organization](/{% ifversion fpt %}enterprise-cloud@latest/{% endif %}organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} {% ifversion fpt %} -{% note %} -**Note:** If you are a verified educator or a teacher, you must enable {% data variables.product.prodname_github_codespaces %} from a {% data variables.product.prodname_classroom %} to use your {% data variables.product.prodname_codespaces %} Education benefit. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom#about-the-codespaces-education-benefit-for-verified-teachers)." +> [!NOTE] +> If you are a verified educator or a teacher, you must enable {% data variables.product.prodname_github_codespaces %} from a {% data variables.product.prodname_classroom %} to use your {% data variables.product.prodname_codespaces %} Education benefit. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom#about-the-codespaces-education-benefit-for-verified-teachers)." -{% endnote %} {% endif %} ## About changing your settings @@ -59,11 +58,8 @@ Once a user loses access to a codespace, the codespace is retained for a period ## Enabling or disabling {% data variables.product.prodname_github_codespaces %} -{% note %} - -**Note:** If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from your organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[About changing your settings](#about-changing-your-settings)." - -{% endnote %} +> [!NOTE] +> If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from your organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[About changing your settings](#about-changing-your-settings)." {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} diff --git a/content/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization.md b/content/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization.md index 1cb07c30b11d..ef63316c6896 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization.md +++ b/content/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization.md @@ -41,11 +41,8 @@ To list all of the current codespaces for an organization that were created by a gh codespace list --org ORGANIZATION --user USER ``` -{% note %} - -**Note**: In the above commands, replace `ORGANIZATION` with the name of the organization you are querying. You must be an owner of the organization. - -{% endnote %} +> [!NOTE] +> In the above commands, replace `ORGANIZATION` with the name of the organization you are querying. You must be an owner of the organization. ### Using the REST API to list codespaces diff --git a/content/codespaces/managing-codespaces-for-your-organization/managing-the-cost-of-github-codespaces-in-your-organization.md b/content/codespaces/managing-codespaces-for-your-organization/managing-the-cost-of-github-codespaces-in-your-organization.md index 70c8a38229bb..a36d1868afb9 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/managing-the-cost-of-github-codespaces-in-your-organization.md +++ b/content/codespaces/managing-codespaces-for-your-organization/managing-the-cost-of-github-codespaces-in-your-organization.md @@ -32,11 +32,8 @@ You can set a spending limit for {% data variables.product.prodname_github_codes You can check the compute and storage usage for {% data variables.product.prodname_github_codespaces %} for the current billing month. For information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage)." -{% note %} - -**Note**: Prebuilds for {% data variables.product.prodname_github_codespaces %} are created and updated using {% data variables.product.prodname_actions %}. This may incur billable costs for {% data variables.product.prodname_actions %}. You can set a spending limit for {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions)." Storage of the generated prebuilds is charged at the same rate as your codespaces, and is included in your {% data variables.product.prodname_github_codespaces %} spending limit. - -{% endnote %} +> [!NOTE] +> Prebuilds for {% data variables.product.prodname_github_codespaces %} are created and updated using {% data variables.product.prodname_actions %}. This may incur billable costs for {% data variables.product.prodname_actions %}. You can set a spending limit for {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions)." Storage of the generated prebuilds is charged at the same rate as your codespaces, and is included in your {% data variables.product.prodname_github_codespaces %} spending limit. ## Disabling or limiting billing for {% data variables.product.prodname_codespaces %} @@ -60,11 +57,8 @@ Your users can delete their own codespaces in https://github.com/codespaces and As an organization owner, you can delete any codespace in your organization. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/deleting-a-codespace#deleting-codespaces-in-your-organization)." -{% note %} - -**Note:** Codespaces are automatically deleted after they have been stopped and have remained inactive for a user-definable number of days. For more information, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces)." As an organization owner, you can set the maximum retention period for codespaces owned by your organization. This will override a user's personal retention setting. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces)." - -{% endnote %} +> [!NOTE] +> Codespaces are automatically deleted after they have been stopped and have remained inactive for a user-definable number of days. For more information, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces)." As an organization owner, you can set the maximum retention period for codespaces owned by your organization. This will override a user's personal retention setting. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces)." ## Further reading diff --git a/content/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types.md b/content/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types.md index 973a412f4cc3..8ff3511bfc6f 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types.md +++ b/content/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types.md @@ -26,11 +26,8 @@ If there are existing codespaces that no longer conform to a policy you have def If you remove higher specification machine types that are required by the {% data variables.product.prodname_github_codespaces %} configuration for an individual repository in your organization, then it won't be possible to create a codespace for that repository. When someone attempts to create a codespace they will see a message telling them that there are no valid machine types available that meet the requirements of the repository's {% data variables.product.prodname_github_codespaces %} configuration. -{% note %} - -**Note**: Anyone who can edit the `devcontainer.json` configuration file in a repository can set a minimum specification for machines that can be used for codespaces for that repository. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/setting-a-minimum-specification-for-codespace-machines)." - -{% endnote %} +> [!NOTE] +> Anyone who can edit the `devcontainer.json` configuration file in a repository can set a minimum specification for machines that can be used for codespaces for that repository. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/setting-a-minimum-specification-for-codespace-machines)." If setting a policy for machine types prevents people from using {% data variables.product.prodname_github_codespaces %} for a particular repository there are two options: diff --git a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces.md b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces.md index 2ef7289af777..5d88cef103b2 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces.md +++ b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces.md @@ -40,14 +40,10 @@ Using the CLI, the error message is: If the image for a codespace is specified in a Dockerfile, and does not match the policy, a codespace is created in recovery mode, using the default recovery container rather than the specified image. A message to this effect is included at the end of the creation log. For more information about the creation log, see "[AUTOTITLE](/codespaces/troubleshooting/github-codespaces-logs#creation-logs)." -{% note %} - -**Notes**: -* The dev container base image should not be confused with the host image. The host image is the image used to build the virtual machine on which the dev container runs. For more information, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/choosing-the-stable-or-beta-host-image)." -* The base image policy is applied when a codespace is created, and when you perform a full container rebuild. For more information, see "[AUTOTITLE](/codespaces/getting-started/understanding-the-codespace-lifecycle#rebuilding-a-codespace)." -* The base image policy does not apply to the default image, or the image that's used to recover a codespace if an error is introduced into a dev container configuration which prevents the container from being rebuilt. - -{% endnote %} +> [!NOTE] +> * The dev container base image should not be confused with the host image. The host image is the image used to build the virtual machine on which the dev container runs. For more information, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/choosing-the-stable-or-beta-host-image)." +> * The base image policy is applied when a codespace is created, and when you perform a full container rebuild. For more information, see "[AUTOTITLE](/codespaces/getting-started/understanding-the-codespace-lifecycle#rebuilding-a-codespace)." +> * The base image policy does not apply to the default image, or the image that's used to recover a codespace if an error is introduced into a dev container configuration which prevents the container from being rebuilt. ### Setting organization-wide and repository-specific policies diff --git a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period.md b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period.md index a4589ae21d5d..45d4e4b42b23 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period.md +++ b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period.md @@ -20,11 +20,8 @@ The personal settings of a {% data variables.product.prodname_dotcom %} user all As an organization owner, you may want to configure constraints on the maximum idle timeout period for codespaces created for repositories owned by your organization. This can help you to limit costs associated with codespaces that are left to timeout after long periods of inactivity. You can set a maximum timeout for the codespaces for all repositories owned by your organization, or for the codespaces of specific repositories. -{% note %} - -**Note**: Maximum idle timeout constraints only apply to codespaces that are owned by your organization. - -{% endnote %} +> [!NOTE] +> Maximum idle timeout constraints only apply to codespaces that are owned by your organization. For more information about pricing for {% data variables.product.prodname_github_codespaces %} compute usage, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)." diff --git a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-number-of-organization-billed-codespaces-a-user-can-create.md b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-number-of-organization-billed-codespaces-a-user-can-create.md index 281554de90a7..19d1485168fc 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-number-of-organization-billed-codespaces-a-user-can-create.md +++ b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-number-of-organization-billed-codespaces-a-user-can-create.md @@ -45,11 +45,8 @@ Policies with the "Maximum codespaces per user" constraint are applied to every * "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period)" * "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces)" - {% note %} - - **Note**: When you add a constraint to a policy that already contains the "Maximum codespaces per user" constraint, you won't be able to restrict the additional constraint to specific repositories, as the "Maximum codespaces per user" constraint applies to all repositories in the organization. - - {% endnote %} + > [!NOTE] + > When you add a constraint to a policy that already contains the "Maximum codespaces per user" constraint, you won't be able to restrict the additional constraint to specific repositories, as the "Maximum codespaces per user" constraint applies to all repositories in the organization. 1. After you've finished adding constraints to your policy, click **Save**. diff --git a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces.md b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces.md index ce0d4ff35f88..2b00ccf197b5 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces.md +++ b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces.md @@ -20,11 +20,8 @@ product: '{% data reusables.gated-features.codespaces-org %}' As an organization owner, you may want to configure constraints on the maximum retention period for codespaces created for the repositories owned by your organization. This can help you to limit the storage costs associated with codespaces that are stopped and then left unused until they are automatically deleted. For more information about storage charges, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)." You can set a maximum retention period for all, or for specific, repositories owned by your organization. -{% note %} - -**Note**: Setting a maximum retention policy for a repository prevents people from exempting a codespace from automatic deletion. The "Keep codespace" option will be unavailable for codespaces created for that repository. For more information, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces?tool=webui#avoiding-automatic-deletion-of-codespaces)." - -{% endnote %} +> [!NOTE] +> Setting a maximum retention policy for a repository prevents people from exempting a codespace from automatic deletion. The "Keep codespace" option will be unavailable for codespaces created for that repository. For more information, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces?tool=webui#avoiding-automatic-deletion-of-codespaces)." ### Setting organization-wide and repository-specific policies @@ -45,14 +42,10 @@ If you add an organization-wide policy with a retention constraint, you should s ![Screenshot of a dropdown with a field labeled "Maximum value" set to 8 days. Below this are "Cancel" and "Save" buttons.](/assets/images/help/codespaces/maximum-days-retention.png) - {% note %} - - **Notes** - * A day, in this context, is a 24-hour period, beginning at the time of day when the codespace was stopped. - * The valid range is 0-30 days. - * Setting the period to `0` will result in codespaces being immediately deleted when they are stopped, or when they timeout due to inactivity. - - {% endnote %} + > [!NOTE] + > * A day, in this context, is a 24-hour period, beginning at the time of day when the codespace was stopped. + > * The valid range is 0-30 days. + > * Setting the period to `0` will result in codespaces being immediately deleted when they are stopped, or when they timeout due to inactivity. {% data reusables.codespaces.codespaces-policy-targets %} 1. If you want to add another constraint to the policy, click **Add constraint** and choose another constraint. For information about other constraints, see: diff --git a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports.md b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports.md index 06044a814402..d05e8c8043d9 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports.md +++ b/content/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports.md @@ -22,11 +22,8 @@ As an organization owner, you may want to configure constraints on the visibilit If there are existing codespaces that no longer conform to a policy you have defined, these codespaces will continue to operate until they are stopped or time out. When the user resumes the codespace, it will be subject to the policy constraints. -{% note %} - -**Note**: You can't disable private port forwarding, as private port forwarding is required by {% data variables.product.prodname_github_codespaces %} to continue working as designed, for example to forward SSH on port 22. - -{% endnote %} +> [!NOTE] +> You can't disable private port forwarding, as private port forwarding is required by {% data variables.product.prodname_github_codespaces %} to continue working as designed, for example to forward SSH on port 22. ### Setting organization-wide and repository-specific policies diff --git a/content/codespaces/managing-your-codespaces/managing-gpg-verification-for-github-codespaces.md b/content/codespaces/managing-your-codespaces/managing-gpg-verification-for-github-codespaces.md index 4501a82885a6..3bfdf3c90a3a 100644 --- a/content/codespaces/managing-your-codespaces/managing-gpg-verification-for-github-codespaces.md +++ b/content/codespaces/managing-your-codespaces/managing-gpg-verification-for-github-codespaces.md @@ -26,11 +26,8 @@ By default, GPG verification is disabled for codespaces you create. If you enabl For more information about managing your preferences for Settings Sync, see "[AUTOTITLE](/codespaces/setting-your-user-preferences/personalizing-github-codespaces-for-your-account#managing-your-preferences-for-settings-sync)." -{% note %} - -**Note:** If you have linked a dotfiles repository with {% data variables.product.prodname_github_codespaces %}, the Git configuration in your dotfiles may conflict with the configuration that {% data variables.product.prodname_github_codespaces %} requires to sign commits. For more information, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces)." - -{% endnote %} +> [!NOTE] +> If you have linked a dotfiles repository with {% data variables.product.prodname_github_codespaces %}, the Git configuration in your dotfiles may conflict with the configuration that {% data variables.product.prodname_github_codespaces %} requires to sign commits. For more information, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces)." ## Enabling or disabling GPG verification diff --git a/content/codespaces/managing-your-codespaces/managing-repository-access-for-your-codespaces.md b/content/codespaces/managing-your-codespaces/managing-repository-access-for-your-codespaces.md index 8ee068ca0fc3..7f59675bd079 100644 --- a/content/codespaces/managing-your-codespaces/managing-repository-access-for-your-codespaces.md +++ b/content/codespaces/managing-your-codespaces/managing-repository-access-for-your-codespaces.md @@ -24,11 +24,8 @@ For more information, see "[AUTOTITLE](/codespaces/reference/security-in-github- If your project needs additional permissions for other repositories, you can configure this in the `devcontainer.json` file, as described in "[Setting additional repository permissions](#setting-additional-repository-permissions)" later in this article. When permissions are listed in the `devcontainer.json` file, you will be prompted to review and authorize the additional permissions as part of codespace creation for that repository. Once you've authorized the listed permissions, {% data variables.product.prodname_github_codespaces %} will remember your choice and will not prompt you for authorization unless the permissions in the `devcontainer.json` file change. -{% note %} - -**Note:** Updating the permissions in the `devcontainer.json` file does not change the permissions of existing codespaces. If you need additional permissions in an existing codespace, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository#authenticating-to-repositories-that-you-didnt-create-the-codespace-from)." - -{% endnote %} +> [!NOTE] +> Updating the permissions in the `devcontainer.json` file does not change the permissions of existing codespaces. If you need additional permissions in an existing codespace, see "[AUTOTITLE](/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository#authenticating-to-repositories-that-you-didnt-create-the-codespace-from)." ## Creating codespaces with custom permissions @@ -61,13 +58,9 @@ You configure repository permissions for {% data variables.product.prodname_gith } ``` - {% note %} - - **Notes:** - * You can only reference repositories that belong to the same personal account or organization as the repository you are currently working in. - * You can use the `*` wildcard to grant permissions to multiple repositories in an organization. For example, to grant permissions to all repositories in the `my_org` organization use `my_org/*`. This syntax is only valid for codespaces. In any `devcontainer.json` files that are used for prebuilds, you must define permissions for each repository separately. For more information, see "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories)." - - {% endnote %} + > [!NOTE] + > * You can only reference repositories that belong to the same personal account or organization as the repository you are currently working in. + > * You can use the `*` wildcard to grant permissions to multiple repositories in an organization. For example, to grant permissions to all repositories in the `my_org` organization use `my_org/*`. This syntax is only valid for codespaces. In any `devcontainer.json` files that are used for prebuilds, you must define permissions for each repository separately. For more information, see "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories)." You can grant as many or as few of the following permissions for each repository listed: * `actions` - read / write diff --git a/content/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds.md b/content/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds.md index a01c83e5a624..ac5a756453dd 100644 --- a/content/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds.md +++ b/content/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds.md @@ -20,17 +20,14 @@ If it currently takes more than 2 minutes to create a codespace for a repository By default, whenever you push changes to your repository, {% data variables.product.prodname_github_codespaces %} uses {% data variables.product.prodname_actions %} to automatically update your prebuilds. -When prebuilds are available for a particular branch of a repository, a particular dev container configuration file, and for your region, you'll see the "{% octicon "zap" aria-hidden="true" %} Prebuild ready" label in the list of machine type options when you create a codespace. If a prebuild is still being created, you will see the "{% octicon "history" aria-hidden="true" %} Prebuild in progress" label. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository)." +When prebuilds are available for a particular branch of a repository, a particular dev container configuration file, and for your region, you'll see the "{% octicon "zap" aria-hidden="true" %} Prebuild ready" label in the list of machine type options when you create a codespace. If a prebuild is still being created, you will see the "{% octicon "history" aria-hidden="true" %} Prebuild in progress" label. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository)." ![Screenshot of a list of available machine types: 2, 4, 8, 16, and 32 core, all labeled "Prebuild ready."](/assets/images/help/codespaces/choose-custom-machine-type.png) When you create a codespace from a template on the "Your codespaces" page, {% data variables.product.prodname_dotcom %} may automatically use a prebuild to speed up creation time. For more information on templates, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template)." -{% note %} - -**Note**: Each prebuild that's created consumes storage space that will either incur a billable charge or, for repositories owned by your personal {% data variables.product.prodname_dotcom %} account, will use some of your monthly included storage. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)." - -{% endnote %} +> [!NOTE] +> Each prebuild that's created consumes storage space that will either incur a billable charge or, for repositories owned by your personal {% data variables.product.prodname_dotcom %} account, will use some of your monthly included storage. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)." ## The prebuild process diff --git a/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md b/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md index d6ab85169f4d..4341c60ea64a 100644 --- a/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md +++ b/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md @@ -19,14 +19,9 @@ By default, the {% data variables.product.prodname_actions %} workflow for a pre You can configure read access to other {% data variables.product.prodname_dotcom %} repositories, with the same repository owner, by specifying permissions in the `devcontainer.json` file used by your prebuild configuration. For more information, see "[AUTOTITLE](/codespaces/managing-your-codespaces/managing-repository-access-for-your-codespaces)." -{% note %} - -**Notes**: - -* You can only authorize read permissions in this way, and the owner of the target repository must be the same as the owner of the repository for which you're creating a prebuild. For example, if you're creating a prebuild configuration for the `octo-org/octocatrepository`, then you'll be able to grant read permissions for other repositories, such `asocto-org/octodemo`, if this is specified in the `devcontainer.json` file, and provided you have the permissions yourself. -* You can't use wildcards to specify repositories. You must define permissions for each repository for which you want to grant access. - -{% endnote %} +> [!NOTE] +> * You can only authorize read permissions in this way, and the owner of the target repository must be the same as the owner of the repository for which you're creating a prebuild. For example, if you're creating a prebuild configuration for the `octo-org/octocatrepository`, then you'll be able to grant read permissions for other repositories, such `asocto-org/octodemo`, if this is specified in the `devcontainer.json` file, and provided you have the permissions yourself. +> * You can't use wildcards to specify repositories. You must define permissions for each repository for which you want to grant access. When you create or edit a prebuild configuration for a `devcontainer.json` file that sets up read access to other repositories with the same repository owner, you'll be prompted to grant these permissions when you click **Create** or **Update**. For more information, see "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-prebuilds)." @@ -38,11 +33,9 @@ You will need to create a new personal account and then use this account to crea 1. Create a new personal account on {% data variables.product.prodname_dotcom %}. - {% warning %} - - **Warning**: Although you can generate the {% data variables.product.pat_v1 %} using your existing personal account, we strongly recommend creating a new account with access only to the target repositories required for your scenario. This is because the access token's `repository` permission grants access to all of the repositories that the account has access to. For more information, see "[AUTOTITLE](/get-started/start-your-journey/creating-an-account-on-github)" and "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#considering-cross-repository-access)." + > [!WARNING] + > Although you can generate the {% data variables.product.pat_v1 %} using your existing personal account, we strongly recommend creating a new account with access only to the target repositories required for your scenario. This is because the access token's `repository` permission grants access to all of the repositories that the account has access to. For more information, see "[AUTOTITLE](/get-started/start-your-journey/creating-an-account-on-github)" and "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#considering-cross-repository-access)." - {% endwarning %} 1. Give the new account read access to the required repositories. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-an-individuals-access-to-an-organization-repository)." 1. While signed into the new account, create a {% data variables.product.pat_v1 %} with the `repo` scope. Optionally, if the prebuild will need to download packages from the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}, also select the `read:packages` scope. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)." diff --git a/content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md b/content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md index b1fc2d3b0349..c38fdf2157d6 100644 --- a/content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md +++ b/content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md @@ -25,11 +25,8 @@ Prebuilds are created using {% data variables.product.prodname_actions %}. As a You can set up prebuilds in any repository owned by a personal account. The prebuild will consume storage space that will either incur a billable charge or, for repositories owned by your personal account, will use some of your monthly included storage. -{% note %} - -**Note**: {% data reusables.codespaces.prebuilds-billing-for-forks %} See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#how-billing-is-handled-for-forked-repositories)." - -{% endnote %} +> [!NOTE] +> {% data reusables.codespaces.prebuilds-billing-for-forks %} See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#how-billing-is-handled-for-forked-repositories)." For repositories owned by an organization, you can set up prebuilds if the organization is on a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan. Additionally, you must have added a payment method and set a spending limit for {% data variables.product.prodname_github_codespaces %} on the organization account or its parent enterprise. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces#managing-the-github-codespaces-spending-limit-for-your-organization-account)" and "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." @@ -44,11 +41,8 @@ For repositories owned by an organization, you can set up prebuilds if the organ ![Screenshot of the "Configuration" settings for a prebuild with a dropdown menu listing branches to select. The "main" branch is currently selected.](/assets/images/help/codespaces/prebuilds-choose-branch.png) - {% note %} - - **Note**: Any branches created from a prebuild-enabled base branch will typically also get prebuilds for the same dev container configuration. For example, if you enable prebuilds for a dev container configuration file on the default branch of the repository, branches based on the default branch will, in most cases, also get prebuilds for the same dev container configuration. - - {% endnote %} + > [!NOTE] + > Any branches created from a prebuild-enabled base branch will typically also get prebuilds for the same dev container configuration. For example, if you enable prebuilds for a dev container configuration file on the default branch of the repository, branches based on the default branch will, in most cases, also get prebuilds for the same dev container configuration. 1. Optionally, in the **Configuration file** dropdown menu that's displayed, choose the `devcontainer.json` configuration file that you want to use for your prebuilds. See "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#devcontainerjson)." @@ -61,11 +55,8 @@ For repositories owned by an organization, you can set up prebuilds if the organ * **On configuration change** - With this setting, prebuilds will be updated every time any of the following files is changed: * `.devcontainer/devcontainer.json` - {% note %} - - **Note**: Prebuild updates are not triggered by changes to `devcontainer.json` files within subdirectories of `.devcontainer`. - - {% endnote %} + > [!NOTE] + > Prebuild updates are not triggered by changes to `devcontainer.json` files within subdirectories of `.devcontainer`. * The Dockerfile referenced in the `build.dockerfile` property of the `.devcontainer/devcontainer.json` file. @@ -81,13 +72,9 @@ For repositories owned by an organization, you can set up prebuilds if the organ ![Screenshot of the "Region availability" settings. "Reduce prebuild available to only specific regions" is selected with two regions selected.](/assets/images/help/codespaces/prebuilds-regions.png) - {% note %} - - **Notes**: - * The prebuild in each region incurs individual storage charges. You should, therefore, only enable prebuilds for regions in which you know they'll be used. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)." - * Developers can set their default region for {% data variables.product.prodname_github_codespaces %}, which can allow you to enable prebuilds for fewer regions. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/setting-your-default-region-for-github-codespaces)." - - {% endnote %} + > [!NOTE] + > * The prebuild in each region incurs individual storage charges. You should, therefore, only enable prebuilds for regions in which you know they'll be used. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)." + > * Developers can set their default region for {% data variables.product.prodname_github_codespaces %}, which can allow you to enable prebuilds for fewer regions. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/setting-your-default-region-for-github-codespaces)." 1. Optionally, under **Template history**, set the number of prebuild versions to be retained. You can input any number between 1 and 5. The default number of saved versions is 2, which means that only the latest prebuild and the previous version are saved. @@ -103,11 +90,8 @@ For repositories owned by an organization, you can set up prebuilds if the organ ![Screenshot of the "Failure notifications" setting. The team named "octocat-team" has been added.](/assets/images/help/codespaces/prebuilds-failure-notification-setting.png) - {% note %} - - **Note**: People will only receive notifications of failed prebuilds if they have enabled notifications for failed Actions workflows in their personal settings. See "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#github-actions-notification-options)." - - {% endnote %} + > [!NOTE] + > People will only receive notifications of failed prebuilds if they have enabled notifications for failed Actions workflows in their personal settings. See "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#github-actions-notification-options)." 1. Optionally, at the bottom of the page, click **Show advanced options**. diff --git a/content/codespaces/prebuilding-your-codespaces/managing-prebuilds.md b/content/codespaces/prebuilding-your-codespaces/managing-prebuilds.md index 3f351084e677..2f0ad7107b7c 100644 --- a/content/codespaces/prebuilding-your-codespaces/managing-prebuilds.md +++ b/content/codespaces/prebuilding-your-codespaces/managing-prebuilds.md @@ -75,11 +75,8 @@ Disabling the workflow runs for a prebuild configuration is useful if you need t ## Deleting a prebuild configuration -{% note %} - -**Note**: You can find a list of the repositories that contain a prebuild by obtaining a copy of your “[usage report](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage).” - -{% endnote %} +> [!NOTE] +> You can find a list of the repositories that contain a prebuild by obtaining a copy of your “[usage report](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage).” Deleting a prebuild configuration also deletes all previously created prebuilds for that configuration. As a result, shortly after you delete a configuration, prebuilds generated by that configuration will no longer be available when you create a new codespace. diff --git a/content/codespaces/prebuilding-your-codespaces/testing-dev-container-changes.md b/content/codespaces/prebuilding-your-codespaces/testing-dev-container-changes.md index 4da4c4e70da5..b2d6294132e5 100644 --- a/content/codespaces/prebuilding-your-codespaces/testing-dev-container-changes.md +++ b/content/codespaces/prebuilding-your-codespaces/testing-dev-container-changes.md @@ -25,8 +25,5 @@ For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-c 1. Apply the changes by rebuilding the container. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#applying-configuration-changes-to-a-codespace)." 1. After everything looks good, we also recommend creating a new codespace from your test branch to ensure everything is working. You can then commit your changes to your repository's default branch or an active feature branch, triggering an update of the prebuild for that branch. - {% note %} - - **Note**: Creating this codespace will take longer than usual because it will not be created from a prebuild. - - {% endnote %} + > [!NOTE] + > Creating this codespace will take longer than usual because it will not be created from a prebuild. diff --git a/content/codespaces/reference/disaster-recovery-for-github-codespaces.md b/content/codespaces/reference/disaster-recovery-for-github-codespaces.md index abc3ad41d73e..33ba5244ca46 100644 --- a/content/codespaces/reference/disaster-recovery-for-github-codespaces.md +++ b/content/codespaces/reference/disaster-recovery-for-github-codespaces.md @@ -18,11 +18,8 @@ Although disaster recovery scenarios are rare occurrences, we recommend that you The following guidance provides options on how to handle service disruption to the entire region where your codespace is deployed. -{% note %} - -**Note:** You can reduce the potential impact of service-wide outages by pushing to remote repositories frequently. - -{% endnote %} +> [!NOTE] +> You can reduce the potential impact of service-wide outages by pushing to remote repositories frequently. ## Option 1: Create a new codespace in another region @@ -46,8 +43,5 @@ While this option does not configure a development environment for you, it will If your repository has a `devcontainer.json`, consider using the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) in {% data variables.product.prodname_vscode %} to build and attach to a local development container for your repository. The setup time for this option will vary depending on your local specifications and the complexity of your dev container setup. For more information, see "[Developing inside a container](https://code.visualstudio.com/docs/remote/containers#_quick-start-open-a-git-repository-or-github-pr-in-an-isolated-container-volume)" in the {% data variables.product.prodname_vscode_shortname %} documentation. -{% note %} - -**Note:** Be sure your local setup meets the [minimum requirements](https://code.visualstudio.com/docs/remote/containers#_system-requirements) before attempting this option. - -{% endnote %} +> [!NOTE] +> Be sure your local setup meets the [minimum requirements](https://code.visualstudio.com/docs/remote/containers#_system-requirements) before attempting this option. diff --git a/content/codespaces/reference/security-in-github-codespaces.md b/content/codespaces/reference/security-in-github-codespaces.md index f7365cf6d765..56915d838138 100644 --- a/content/codespaces/reference/security-in-github-codespaces.md +++ b/content/codespaces/reference/security-in-github-codespaces.md @@ -97,13 +97,10 @@ When you create a codespace from a PR branch from a fork, the token in the codes We also further protect you in these scenarios by not injecting any of your codespace secrets into the environment. For more information, see "[AUTOTITLE](/codespaces/managing-your-codespaces/managing-your-account-specific-secrets-for-github-codespaces)." -{% note %} - -**Note:** The scope of the token in the codespace can change if you create a codespace from a fork to which you only have read access, then make a commit or push a new branch in the codespace. In this situation, as with any other repository, {% data variables.product.prodname_github_codespaces %} automatically creates a new fork, or links your codespace to an existing fork owned by your account, and updates the token to have read and write access to the newly linked fork. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace#about-automatic-forking)." - -When {% data variables.product.prodname_github_codespaces %} links your codespace to an existing fork, this existing fork can be either a fork of the fork from which you created a codespace, or your own fork of the shared upstream repository. - -{% endnote %} +> [!NOTE] +> The scope of the token in the codespace can change if you create a codespace from a fork to which you only have read access, then make a commit or push a new branch in the codespace. In this situation, as with any other repository, {% data variables.product.prodname_github_codespaces %} automatically creates a new fork, or links your codespace to an existing fork owned by your account, and updates the token to have read and write access to the newly linked fork. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace#about-automatic-forking)." +> +> When {% data variables.product.prodname_github_codespaces %} links your codespace to an existing fork, this existing fork can be either a fork of the fork from which you created a codespace, or your own fork of the shared upstream repository. ### Additional good practices diff --git a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md index a5969c6104f8..30e3cfb199c9 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md @@ -65,11 +65,8 @@ The Dockerfile is a text file that contains the instructions needed to create a The Dockerfile for a dev container is typically located in the `.devcontainer` folder, alongside the `devcontainer.json` in which it is referenced. -{% note %} - -**Note**: As an alternative to using a Dockerfile you can use the `image` property in the `devcontainer.json` file to refer directly to an existing image you want to use. The image you specify here must be allowed by any organization image policy that has been set. See "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces)." If neither a Dockerfile nor an image is found then the default container image is used. See "[Using the default dev container configuration](#using-the-default-dev-container-configuration)." - -{% endnote %} +> [!NOTE] +> As an alternative to using a Dockerfile you can use the `image` property in the `devcontainer.json` file to refer directly to an existing image you want to use. The image you specify here must be allowed by any organization image policy that has been set. See "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces)." If neither a Dockerfile nor an image is found then the default container image is used. See "[Using the default dev container configuration](#using-the-default-dev-container-configuration)." #### Simple Dockerfile example @@ -100,11 +97,8 @@ COPY ./script-in-your-repo.sh /tmp/scripts/script-in-codespace.sh RUN apt-get update && bash /tmp/scripts/script-in-codespace.sh ``` -{% note %} - -**Note**: In the above example, the script that's copied to the codespace (`script-in-your-repo.sh`) must exist in your repository. - -{% endnote %} +> [!NOTE] +> In the above example, the script that's copied to the codespace (`script-in-your-repo.sh`) must exist in your repository. For more information about Dockerfile instructions, see "[Dockerfile reference](https://docs.docker.com/engine/reference/builder)" in the Docker documentation. @@ -130,11 +124,8 @@ If you don't add a dev container configuration to your repository, or if your co The default configuration is a good option if you're working on a small project that uses the languages and tools that {% data variables.product.prodname_github_codespaces %} provides. -{% note %} - -**Note**: {% data variables.product.prodname_dotcom %} does not charge for storage of containers built from the default dev container image. For more information about billing for codespace storage, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-storage-usage)." {% data reusables.codespaces.check-for-default-image %} - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} does not charge for storage of containers built from the default dev container image. For more information about billing for codespace storage, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-storage-usage)." {% data reusables.codespaces.check-for-default-image %} ## Using a predefined dev container configuration @@ -174,13 +165,9 @@ If none of the predefined configurations meets your needs, you can create a cust * If you're adding a single `devcontainer.json` file that will be used by everyone who creates a codespace from your repository, create the file within a `.devcontainer` directory at the root of the repository. * If you want to offer users a choice of configuration, you can create multiple custom `devcontainer.json` files, each located within a separate subdirectory of the `.devcontainer` directory. - {% note %} - - **Notes**: - * You can't locate your `devcontainer.json` files in directories more than one level below `.devcontainer`. For example, a file at `.devcontainer/teamA/devcontainer.json` will work, but `.devcontainer/teamA/testing/devcontainer.json` will not. - * {% data reusables.codespaces.configuration-choice-templates %} See "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces)." - - {% endnote %} + > [!NOTE] + > * You can't locate your `devcontainer.json` files in directories more than one level below `.devcontainer`. For example, a file at `.devcontainer/teamA/devcontainer.json` will work, but `.devcontainer/teamA/testing/devcontainer.json` will not. + > * {% data reusables.codespaces.configuration-choice-templates %} See "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces)." If multiple `devcontainer.json` files are found in the repository, they are listed in the **Dev container configuration** dropdown on the codespace creation options page. See "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository)." @@ -212,11 +199,8 @@ You can add and edit the supported configuration keys in the `devcontainer.json` The `devcontainer.json` file is written using the JSONC (JSON with comments) format. This allows you to include comments within the configuration file. See "[Editing JSON with {% data variables.product.prodname_vscode_shortname %}](https://code.visualstudio.com/docs/languages/json#_json-with-comments)" in the {% data variables.product.prodname_vscode_shortname %} documentation. -{% note %} - -**Note**: If you use a linter to validate the `devcontainer.json` file, make sure it is set to JSONC and not JSON or comments will be reported as errors. - -{% endnote %} +> [!NOTE] +> If you use a linter to validate the `devcontainer.json` file, make sure it is set to JSONC and not JSON or comments will be reported as errors. ### Interface settings for {% data variables.product.prodname_vscode_shortname %} diff --git a/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/automatically-opening-files-in-the-codespaces-for-a-repository.md b/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/automatically-opening-files-in-the-codespaces-for-a-repository.md index 724a1a56a632..263c4922f02a 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/automatically-opening-files-in-the-codespaces-for-a-repository.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/automatically-opening-files-in-the-codespaces-for-a-repository.md @@ -20,11 +20,8 @@ If there's a particular file that's useful for people to see when they create a The file, or files, you specify are only opened the first time a codespace is opened in the web client. If the person closes the specified files, those files are not automatically reopened the next time that person opens or restarts the codespace. -{% note %} - -**Note**: This automation only applies to the {% data variables.product.prodname_vscode_shortname %} web client, not to the {% data variables.product.prodname_vscode_shortname %} desktop application, or other supported editors. - -{% endnote %} +> [!NOTE] +> This automation only applies to the {% data variables.product.prodname_vscode_shortname %} web client, not to the {% data variables.product.prodname_vscode_shortname %} desktop application, or other supported editors. ## Setting files to be opened automatically diff --git a/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/setting-a-minimum-specification-for-codespace-machines.md b/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/setting-a-minimum-specification-for-codespace-machines.md index d031ea95e78a..0ab35e281910 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/setting-a-minimum-specification-for-codespace-machines.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/setting-a-minimum-specification-for-codespace-machines.md @@ -22,11 +22,8 @@ If your project needs a certain level of compute power, you can configure {% dat {% data reusables.codespaces.machine-types-for-unpublished-codespaces %} -{% note %} - -**Important:** Access to some machine types may be restricted at the organization level. Typically this is done to prevent people choosing higher resourced machines that are billed at a higher rate. If your repository is affected by an organization-level policy for machine types you should make sure you don't set a minimum specification that would leave no available machine types for people to choose. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types)." - -{% endnote %} +> [!IMPORTANT] +> Access to some machine types may be restricted at the organization level. Typically this is done to prevent people choosing higher resourced machines that are billed at a higher rate. If your repository is affected by an organization-level policy for machine types you should make sure you don't set a minimum specification that would leave no available machine types for people to choose. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types)." ## Setting a minimum machine specification diff --git a/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/specifying-recommended-secrets-for-a-repository.md b/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/specifying-recommended-secrets-for-a-repository.md index 0df9ded528c8..dc1391d862f2 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/specifying-recommended-secrets-for-a-repository.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/specifying-recommended-secrets-for-a-repository.md @@ -24,11 +24,8 @@ Recommended secrets are listed at the bottom of the page. Screenshot of the "Create codespace" page with four recommended secrets highlighted with a dark orange outline. -{% note %} - -**Note**: The names of the recommended secrets are only listed on this page when the container configuration on the selected branch specifies these secrets. - -{% endnote %} +> [!NOTE] +> The names of the recommended secrets are only listed on this page when the container configuration on the selected branch specifies these secrets. Each recommended secret is displayed in one of three ways: diff --git a/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/facilitating-quick-creation-and-resumption-of-codespaces.md b/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/facilitating-quick-creation-and-resumption-of-codespaces.md index 4d2933d8d2e8..bc74a102a590 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/facilitating-quick-creation-and-resumption-of-codespaces.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/facilitating-quick-creation-and-resumption-of-codespaces.md @@ -66,14 +66,9 @@ For example, the URL `https://codespaces.new/octo-org/octo-repo?quickstart=1` op ![Screenshot of the "Resume codespace" page showing the "Resume this codespace" and "Create a new one" buttons.](/assets/images/help/codespaces/resume-codespace.png) -{% note %} - -**Notes**: - -* If the `codespaces.new` URL already contains a query string, add `&quickstart=1` at the end of the query string. -* This type of URL will always open a codespace in the {% data variables.product.prodname_vscode_shortname %} web client, even if this is not set as your default editor for {% data variables.product.prodname_github_codespaces %}. - -{% endnote %} +> [!NOTE] +> * If the `codespaces.new` URL already contains a query string, add `&quickstart=1` at the end of the query string. +> * This type of URL will always open a codespace in the {% data variables.product.prodname_vscode_shortname %} web client, even if this is not set as your default editor for {% data variables.product.prodname_github_codespaces %}. If no matching codespaces are found, the page is titled "Create codespace" and a button is displayed for creating a new codespace with matching parameters. @@ -81,11 +76,8 @@ This type of URL is useful, for instance, in a README for your repository as it ## Creating an "Open in {% data variables.product.prodname_github_codespaces %}" badge -{% tip %} - -**Tip:** You can use the "Share a deep link" option to create a Markdown or HTML snippet that includes an "Open in {% data variables.product.prodname_github_codespaces %}" badge with a custom URL. For more information, see "[Configuring more options](#configuring-more-options)." - -{% endtip %} +> [!TIP] +> You can use the "Share a deep link" option to create a Markdown or HTML snippet that includes an "Open in {% data variables.product.prodname_github_codespaces %}" badge with a custom URL. For more information, see "[Configuring more options](#configuring-more-options)." 1. Get the URL to the codespace creation page, or the "Resume codespace" page, as described in the previous sections. 1. Add the following Markdown to, for example, the `README.md` file of your repository: diff --git a/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces.md b/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces.md index 17125b0f8fe8..55c022a0d6d6 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-repository/setting-up-a-template-repository-for-github-codespaces.md @@ -49,11 +49,8 @@ For guidance on the kinds of files to include, you can look at the starter files You can add dev container configuration files to your template repository to customize the development environment for people using your template with {% data variables.product.prodname_github_codespaces %}. You can choose from a list of predefined configuration settings in {% data variables.product.prodname_vscode %}, or you can create a custom configuration by writing your own `devcontainer.json` file. If you don't add configuration files, the default container image will be used. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)" and "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration)." -{% note %} - -**Note:** {% data reusables.codespaces.configuration-choice-templates %} - -{% endnote %} +> [!NOTE] +> {% data reusables.codespaces.configuration-choice-templates %} You should configure your dev container with the tools and customization to give users the best experience with your template. For example, in your `devcontainer.json` file: * You can use the `openFiles` property to define a list of files to be opened automatically in the {% data variables.product.prodname_vscode_shortname %} web client when a codespace is created from your template. diff --git a/content/codespaces/setting-your-user-preferences/choosing-the-stable-or-beta-host-image.md b/content/codespaces/setting-your-user-preferences/choosing-the-stable-or-beta-host-image.md index 70e3b37a4bc5..763ce9684369 100644 --- a/content/codespaces/setting-your-user-preferences/choosing-the-stable-or-beta-host-image.md +++ b/content/codespaces/setting-your-user-preferences/choosing-the-stable-or-beta-host-image.md @@ -19,14 +19,9 @@ The VM for a codespace is built using a host image that defines the operating sy The stable image is the default selected setting. Changing the setting to the beta host image gives you early access to improvements and new features on the host VM, but may also introduce incompatibilities with your current dev container configuration. This gives you the opportunity to alter your dev container configuration to avoid problems before the beta image is promoted to the stable image. If you do encounter problems with the beta host image, you can switch back to the stable host image at any time. -{% note %} - -**Notes**: - -* It's unlikely you will encounter problems using the beta host image unless your dev container configuration has dependencies on components of the VM host kernel. -* The virtual machine host image should not be confused with the dev container image, which provides the environment of your codespace. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces#overview)." - -{% endnote %} +> [!NOTE] +> * It's unlikely you will encounter problems using the beta host image unless your dev container configuration has dependencies on components of the VM host kernel. +> * The virtual machine host image should not be confused with the dev container image, which provides the environment of your codespace. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces#overview)." If you choose to use the beta host image but no beta image is currently available, your codespaces will be built using the stable host image. diff --git a/content/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces.md b/content/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces.md index 8d81ff805329..0aeee6165cca 100644 --- a/content/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces.md +++ b/content/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces.md @@ -16,11 +16,8 @@ By default, {% data variables.product.prodname_github_codespaces %} are automati However, because {% data variables.product.prodname_github_codespaces %} incurs storage charges, you may prefer to reduce the retention period by changing your default period in your personal settings for {% data variables.product.prodname_github_codespaces %}. For more information about storage charges, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)." -{% note %} - -**Note**: Whether or not you have set a personal codespace retention period, it's a good idea to get into the habit of deleting codespaces that you no longer need. See "[AUTOTITLE](/codespaces/developing-in-a-codespace/deleting-a-codespace)." - -{% endnote %} +> [!NOTE] +> Whether or not you have set a personal codespace retention period, it's a good idea to get into the habit of deleting codespaces that you no longer need. See "[AUTOTITLE](/codespaces/developing-in-a-codespace/deleting-a-codespace)." Automatic deletion happens irrespective of whether a codespace contains unpushed changes. To prevent automatic deletion of a codespace, just open the codespace again. The retention period is reset every time you connect to a codespace, and the retention countdown restarts when the codespace is stopped. @@ -31,11 +28,8 @@ Each codespace has its own retention period. You may, therefore, have codespaces * You created a codespace using {% data variables.product.prodname_cli %} and specified a different retention period. * You created a codespace for an organization-owned repository that has a retention period configured in the organization settings. The ownership of the codespaces you create is shown on the "[Your codespaces](https://github.com/settings/codespaces)" page. -{% note %} - -**Note**: The retention period is specified in days. A day represents a 24-hour period, beginning at the time of day when you stop a codespace. - -{% endnote %} +> [!NOTE] +> The retention period is specified in days. A day represents a 24-hour period, beginning at the time of day when you stop a codespace. {% webui %} @@ -49,11 +43,8 @@ Each codespace has its own retention period. You may, therefore, have codespaces You can set your default retention period between `0` and `30` days. - {% warning %} - - **Warning**: Setting the period to `0` will result in your codespaces being immediately deleted when you stop them, or when they timeout due to inactivity. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces)." - - {% endwarning %} + > [!WARNING] + > Setting the period to `0` will result in your codespaces being immediately deleted when you stop them, or when they timeout due to inactivity. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces)." 1. Click **Save**. @@ -73,11 +64,8 @@ When an inactive codespace is approaching the end of its retention period, this You may have a codespace that you want to keep for longer than the retention period defined in your personal settings. You can do this by using the "Keep codespace" option. When you select this option, your codespace will be retained indefinitely, until you delete it manually. -{% note %} - -**Note**: The "Keep codespace" option is not available for organization-owned codespaces affected by an organization retention policy. - -{% endnote %} +> [!NOTE] +> The "Keep codespace" option is not available for organization-owned codespaces affected by an organization retention policy. Codespaces incur storage costs, or consume your included storage allowance if the codespace is owned by your personal {% data variables.product.prodname_dotcom %} account. You should therefore be aware of the cost implications of storing codespaces indefinitely. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-storage-usage)." diff --git a/content/codespaces/setting-your-user-preferences/personalizing-github-codespaces-for-your-account.md b/content/codespaces/setting-your-user-preferences/personalizing-github-codespaces-for-your-account.md index 57653792df5c..f922a6f82992 100644 --- a/content/codespaces/setting-your-user-preferences/personalizing-github-codespaces-for-your-account.md +++ b/content/codespaces/setting-your-user-preferences/personalizing-github-codespaces-for-your-account.md @@ -81,22 +81,16 @@ Your updates will take effect in new codespaces. However, you can turn on Settin ### Turning on Settings Sync in a codespace -{% note %} - -**Note:** You should only turn on Settings Sync in codespaces created from repositories you trust. For more information, see "[AUTOTITLE](/codespaces/reference/security-in-github-codespaces#using-settings-sync)." - -{% endnote %} +> [!NOTE] +> You should only turn on Settings Sync in codespaces created from repositories you trust. For more information, see "[AUTOTITLE](/codespaces/reference/security-in-github-codespaces#using-settings-sync)." The following procedure describes how to turn on Settings Sync in a codespace opened in the web client. For information about turning on Settings Sync in the {% data variables.product.prodname_vscode_shortname %} desktop application, see [Settings Sync](https://code.visualstudio.com/docs/editor/settings-sync#_turning-on-settings-sync) in the {% data variables.product.prodname_vscode_shortname %} documentation. 1. In {% data variables.product.prodname_vscode_shortname %}, at the bottom of the Activity Bar, select {% octicon "gear" aria-label="Manage" %}, then click **Sign in to Sync Settings**. 1. If the repository from which you created the codespace is not in your list of trusted repositories, a browser window will open asking you to authorize additional permissions for Settings Sync. If you trust the repository, click **Authorize**, then close the browser window. The codespace will reload and display your latest synced settings. - {% note %} - - **Note:** If you have Settings Sync disabled in your user preferences, and have set your trusted repositories to all repositories, you will see a warning about enabling Settings Sync for all repositories. Review the warning and choose whether to enable Settings Sync for all repositories or revise your list of trusted repositories. - - {% endnote %} + > [!NOTE] + > If you have Settings Sync disabled in your user preferences, and have set your trusted repositories to all repositories, you will see a warning about enabling Settings Sync for all repositories. Review the warning and choose whether to enable Settings Sync for all repositories or revise your list of trusted repositories. 1. To configure which settings you want to sync, open the Command Palette with Shift+Command+P (Mac) / Ctrl+Shift+P (Windows/Linux), then start typing "Settings Sync". Click **Settings Sync: Configure...**. 1. Select the settings you want to sync, then click **OK**. @@ -130,21 +124,15 @@ If none of these files are found, then any files or folders in your selected dot Any changes to your selected dotfiles repository will apply only to each new codespace, and do not affect any existing codespace. -{% note %} - -**Note:** Currently, {% data variables.product.prodname_codespaces %} does not support personalizing the User-scoped settings for {% data variables.product.prodname_vscode_shortname %} with your `dotfiles` repository. You can set default Workspace and Remote [Codespaces] settings for a specific project in the project's repository. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#creating-a-custom-dev-container-configuration)." - -{% endnote %} +> [!NOTE] +> Currently, {% data variables.product.prodname_codespaces %} does not support personalizing the User-scoped settings for {% data variables.product.prodname_vscode_shortname %} with your `dotfiles` repository. You can set default Workspace and Remote [Codespaces] settings for a specific project in the project's repository. For more information, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#creating-a-custom-dev-container-configuration)." ### Enabling your dotfiles repository for {% data variables.product.prodname_codespaces %} You can use your selected dotfiles repository to personalize your {% data variables.product.prodname_github_codespaces %} environment. Once you choose your dotfiles repository, you can add your scripts, preferences, and configurations to it. You then need to enable your dotfiles from your personal {% data variables.product.prodname_github_codespaces %} settings page. -{% warning %} - -**Warning:** Dotfiles have the ability to run arbitrary scripts, which may contain unexpected or malicious code. Before installing a dotfiles repo, we recommend checking scripts to ensure they don't perform any unexpected actions. - -{% endwarning %} +> [!WARNING] +> Dotfiles have the ability to run arbitrary scripts, which may contain unexpected or malicious code. Before installing a dotfiles repo, we recommend checking scripts to ensure they don't perform any unexpected actions. {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.codespaces-tab %} diff --git a/content/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces.md b/content/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces.md index 256ec781526e..66f5ca64057e 100644 --- a/content/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces.md +++ b/content/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces.md @@ -17,11 +17,8 @@ type: how_to A codespace will stop running after a period of inactivity. By default this period is 30 minutes, but you can specify a longer or shorter default timeout period in your personal settings on {% data variables.product.prodname_dotcom %}. The updated setting will apply to any new codespaces you create, or to existing codespaces the next time you start them. You can also specify a timeout when you use {% data variables.product.prodname_cli %} to create a codespace. -{% warning %} - -**Warning**: Codespaces compute usage is billed for the duration for which a codespace is active. If you're not using a codespace but it remains running, and hasn't yet timed out, you are billed for the total time that the codespace was active, irrespective of whether you were using it. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)." - -{% endwarning %} +> [!WARNING] +> Codespaces compute usage is billed for the duration for which a codespace is active. If you're not using a codespace but it remains running, and hasn't yet timed out, you are billed for the total time that the codespace was active, irrespective of whether you were using it. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)." ### Inactivity defined diff --git a/content/codespaces/the-githubdev-web-based-editor.md b/content/codespaces/the-githubdev-web-based-editor.md index 86c67cea473c..734eb8c8d26d 100644 --- a/content/codespaces/the-githubdev-web-based-editor.md +++ b/content/codespaces/the-githubdev-web-based-editor.md @@ -51,7 +51,7 @@ Both {% data variables.codespaces.serverless %} and {% data variables.product.pr | **Cost** | Free. | Free monthly quota of usage for personal accounts. For information on pricing, see "[AUTOTITLE](/free-pro-team@latest/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-github-codespaces-pricing)."| | **Availability** | Available to everyone on GitHub.com. | Available to everyone on GitHub.com. | | **Start up** | {% data variables.codespaces.serverless %} opens instantly with a key-press and you can start using it right away, without having to wait for additional configuration or installation. | When you create or resume a codespace, the codespace is assigned a VM and the container is configured based on the contents of a `devcontainer.json` file. This set up may take a few minutes to create the environment. See "[AUTOTITLE](/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository)." | -| **Compute** | There is no associated compute, so you won’t be able to build and run your code or use the integrated terminal. | With {% data variables.product.prodname_github_codespaces %}, you get the power of a dedicated VM on which you can run and debug your application.| +| **Compute** | There is no associated compute, so you won’t be able to build and run your code or use the integrated terminal. | With {% data variables.product.prodname_github_codespaces %}, you get the power of a dedicated VM on which you can run and debug your application.| | **Terminal access** | None. | {% data variables.product.prodname_github_codespaces %} provides a common set of tools by default, meaning that you can use the Terminal exactly as you would in your local environment.| | **Extensions** | Only a subset of extensions that can run in the web will appear in the Extensions View and can be installed. See "[Using extensions](#using-extensions)."| With {% data variables.product.prodname_github_codespaces %}, you can use most extensions from the {% data variables.product.prodname_vscode_marketplace %}.| diff --git a/content/codespaces/troubleshooting/exporting-changes-to-a-branch.md b/content/codespaces/troubleshooting/exporting-changes-to-a-branch.md index e2edd4595c39..724466497ebf 100644 --- a/content/codespaces/troubleshooting/exporting-changes-to-a-branch.md +++ b/content/codespaces/troubleshooting/exporting-changes-to-a-branch.md @@ -20,11 +20,8 @@ You can export your changes in one of several ways, depending on how you created * If you created the codespace from a repository to which you only have read access, you can export your changes to a fork of the repository. {% data variables.product.prodname_github_codespaces %} will create a new fork for you, or link your codespace to an existing fork if you already have one for the repository, and export your changes to a new branch of the fork. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/using-source-control-in-your-codespace#about-automatic-forking)." * If you created the codespace from a template, and have not yet published it, you can publish the codespace to a new repository. -{% note %} - -**Note:** {% data variables.product.prodname_dotcom %} blocks pushes containing files larger than 100 MiB. If your codespace contains large files you will not be able to export your changes to a branch or fork. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} blocks pushes containing files larger than 100 MiB. If your codespace contains large files you will not be able to export your changes to a branch or fork. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github)." ## Exporting changes to a branch diff --git a/content/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository.md b/content/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository.md index 18d82283ef8a..a773fc7932fa 100644 --- a/content/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository.md +++ b/content/codespaces/troubleshooting/troubleshooting-authentication-to-a-repository.md @@ -60,8 +60,5 @@ To use the token to authenticate in your codespace, you have the following optio This will store the access token for the specific repository, so you will be able to push to and pull from the repository without overriding the existing credential helper. - {% note %} - - **Note:** If you clone in this way, the token will be visible in your Git configuration. You should only use this method when working in a codespace created from a repository you trust, and you should limit the scope of the access token as much as possible. - - {% endnote %} + > [!NOTE] + > If you clone in this way, the token will be visible in your Git configuration. You should only use this method when working in a codespace created from a repository you trust, and you should limit the scope of the access token as much as possible. diff --git a/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md b/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md index b3e25a2b17cf..60fa85fdab84 100644 --- a/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md +++ b/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md @@ -49,11 +49,8 @@ If you still cannot create a codespace for a repository where {% data variables. If the creation of a codespace fails, it's likely to be due to a temporary infrastructure issue in the cloud - for example, a problem provisioning a virtual machine for the codespace. A less common reason for failure is if it takes longer than an hour to build the container. In this case, the build is canceled and codespace creation will fail. -{% note %} - -**Note:** A codespace that was not successfully created is never going to be usable and should be deleted. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/deleting-a-codespace)." - -{% endnote %} +> [!NOTE] +> A codespace that was not successfully created is never going to be usable and should be deleted. For more information, see "[AUTOTITLE](/codespaces/developing-in-a-codespace/deleting-a-codespace)." If you create a codespace and the creation fails: @@ -63,20 +60,18 @@ If you create a codespace and the creation fails: One common scenario where this could happen is if you have a script running that is prompting for user input and waiting for an answer. If this is the case, remove the interactive prompt so that the build can complete non-interactively. - {% note %} - - **Note**: To view the logs during a build: - * **In the browser**, if the initial steps of the build process take more than a few seconds, the "Setting up your codespace" page is displayed. Click **View logs.** - - ![Screenshot of the "Setting up your codespace" page in a browser. The link "View logs" is highlighted with a dark orange outline.](/assets/images/help/codespaces/web-ui-view-logs.png) - - * **In the {% data variables.product.prodname_vscode_shortname %} desktop application**, click **Building codespace** in the "Setting up remote connection" popup message that's displayed. - - ![Screenshot of a popup message in {% data variables.product.prodname_vscode_shortname %}, reading "Setting up remote connection: Building codespace."](/assets/images/help/codespaces/vs-code-building-codespace.png) - - Log messages are printed to the Terminal in {% data variables.product.prodname_vscode_shortname %} + > [!NOTE] + > To view the logs during a build: + > * **In the browser**, if the initial steps of the build process take more than a few seconds, the "Setting up your codespace" page is displayed. Click **View logs.** + > + > ![Screenshot of the "Setting up your codespace" page in a browser. The link "View logs" is highlighted with a dark orange outline.](/assets/images/help/codespaces/web-ui-view-logs.png) + > + > * **In the {% data variables.product.prodname_vscode_shortname %} desktop application**, click **Building codespace** in the "Setting up remote connection" popup message that's displayed. + > + > ![Screenshot of a popup message in {% data variables.product.prodname_vscode_shortname %}, reading "Setting up remote connection: Building codespace."](/assets/images/help/codespaces/vs-code-building-codespace.png) + > + > Log messages are printed to the Terminal in {% data variables.product.prodname_vscode_shortname %} - {% endnote %} 1. If you have a container that takes a long time to build, consider using prebuilds to speed up codespace creations. For more information, see "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-prebuilds)." ## Deleting codespaces diff --git a/content/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces.md b/content/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces.md index 83e6f8401265..47fd9cfb900a 100644 --- a/content/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces.md +++ b/content/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces.md @@ -73,11 +73,8 @@ If you want to keep automatic GPG verification for {% data variables.product.pro For example, if the global `.gitconfig` file on your local machine contains a `gpg.program` value, and you have pushed this file to a dotfiles repository that is linked with {% data variables.product.prodname_github_codespaces %}, then you may want to remove `gpg.program` from this file and set it at the system level on your local machine instead. -{% note %} - -**Note:** Any changes to your dotfiles repository will apply to new codespaces you create, but not to your existing codespaces. - -{% endnote %} +> [!NOTE] +> Any changes to your dotfiles repository will apply to new codespaces you create, but not to your existing codespaces. 1. On your local machine, open a terminal. 1. To remove the conflicting value from `~/.gitconfig` (Mac/Linux) or `C:\Users\YOUR-USER\.gitconfig` (Windows), use the `git config --global --unset` command. diff --git a/content/codespaces/troubleshooting/troubleshooting-included-usage.md b/content/codespaces/troubleshooting/troubleshooting-included-usage.md index 6ffce5e2ca24..c5f03d002152 100644 --- a/content/codespaces/troubleshooting/troubleshooting-included-usage.md +++ b/content/codespaces/troubleshooting/troubleshooting-included-usage.md @@ -13,11 +13,8 @@ topics: Personal {% data variables.product.prodname_dotcom %} accounts include a quota of free use of {% data variables.product.prodname_github_codespaces %} every month. -{% note %} - -**Note**: Free use of {% data variables.product.prodname_github_codespaces %} is included in personal accounts only. It is not included in organization or enterprise accounts. - -{% endnote %} +> [!NOTE] +> Free use of {% data variables.product.prodname_github_codespaces %} is included in personal accounts only. It is not included in organization or enterprise accounts. There are two types of {% data variables.product.prodname_codespaces %} usage: compute and storage. During your monthly billing period, as you use {% data variables.product.prodname_codespaces %}, your compute and storage usage is deducted from the quota of free usage that's included in your personal {% data variables.product.prodname_dotcom %} account, until either compute or storage is consumed. Once one of those limits is reached, your use of {% data variables.product.prodname_github_codespaces %} will be restricted, unless you've set up a spending limit and a payment method. You will not be able to create new codespaces or open existing codespaces, that you would be billed for, until your quota renews. If you have access to repositories owned by an organization that pays for use of {% data variables.product.prodname_github_codespaces %}, you may still be able to create codespaces for those repositories. @@ -35,11 +32,8 @@ You can see the storage usage for each of your codespaces on the "Your codespace ![Screenshot of a list of three codespaces on the https://github.com/codespaces page."](/assets/images/help/codespaces/your-codespaces-list.png) -{% note %} - -**Note**: If the dev container for a codespace was built from the default image, the size of the codespace shown on this page does not include the size of the base dev container. Storage for the base dev container is provided free of charge. See "[Storage usage for your base dev container](#storage-usage-for-your-base-dev-container)". - -{% endnote %} +> [!NOTE] +> If the dev container for a codespace was built from the default image, the size of the codespace shown on this page does not include the size of the base dev container. Storage for the base dev container is provided free of charge. See "[Storage usage for your base dev container](#storage-usage-for-your-base-dev-container)". For billing purposes, {% data variables.product.prodname_codespaces %} storage is counted in GB-months. This is a cumulative measure of the total storage each codespace consumes from creation to deletion, plus the storage for prebuilds. See the "Billing for storage usage" section of "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-storage-usage)." @@ -85,11 +79,10 @@ If the dev container for the current codespace was built from the default image, * Your codespaces consume compute usage while they are running. If you're not using a codespace, stopping the codespace prevents unnecessary compute usage. See "[AUTOTITLE](/codespaces/developing-in-a-codespace/stopping-and-starting-a-codespace)." * You can reduce the idle timeout for {% data variables.product.prodname_codespaces %} in your personal settings to less than the default 30 minutes. This will shorten the period of inactivity before your codespaces are automatically stopped. This can save on compute usage. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/setting-your-timeout-period-for-github-codespaces)." * Your codespaces consume storage while they exist. You should delete a codespace you have finished using and know that you will not use again. See "[AUTOTITLE](/codespaces/developing-in-a-codespace/deleting-a-codespace)." - {% note %} - **Note**: Deleting a codespace will not reduce your used storage amount for the billing current month as this is a cumulative figure. + > [!NOTE] + > Deleting a codespace will not reduce your used storage amount for the billing current month as this is a cumulative figure. - {% endnote %} * Configure your retention period to ensure codespaces you forget to delete are deleted automatically. The default retention period is 30 days. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces)." * {% data variables.product.prodname_vscode %} extensions consume storage. Make sure you are only installing extensions that you need. You can find out how much space is being used by extensions by running this command in your codespace. @@ -98,17 +91,15 @@ If the dev container for the current codespace was built from the default image, ``` * Monitor your compute and storage usage by going to your billing page on {% data variables.product.github %}, https://github.com/settings/billing, and reviewing the figures in the "{% data variables.product.prodname_codespaces %}" section. - {% note %} - **Note**: Storage is calculated hourly and added to your existing storage usage. Consumed storage is therefore cumulative for the duration of your month-long billing cycle. This means that, during the billing period, the value you see on your billing page will only increase or remain the same. Usage will be reset to zero when a new billing cycle starts. Deleting a codespace, or a prebuild, will not reduce the usage figure for the current month, but it will reduce the rate at which storage usage accumulates. + > [!NOTE] + > Storage is calculated hourly and added to your existing storage usage. Consumed storage is therefore cumulative for the duration of your month-long billing cycle. This means that, during the billing period, the value you see on your billing page will only increase or remain the same. Usage will be reset to zero when a new billing cycle starts. Deleting a codespace, or a prebuild, will not reduce the usage figure for the current month, but it will reduce the rate at which storage usage accumulates. - {% endnote %} * Ensure that you are using prebuilds for only as many versions and as many regions as you need. See "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#about-billing-for-codespaces-prebuilds)." - {% note %} - **Note**: If your included storage usage is exhausted, new prebuilds are disabled until you set up a spending limit or your included usage quota renews. + > [!NOTE] + > If your included storage usage is exhausted, new prebuilds are disabled until you set up a spending limit or your included usage quota renews. - {% endnote %} * If you have configured prebuilds in a repository's settings, but you're not using {% data variables.product.prodname_github_codespaces %} for that repository, consider deleting the prebuild configuration to avoid prebuilds for that repository consuming your included storage allowance unnecessarily. When you delete a prebuild configuration all the associated prebuilds are deleted, reducing your storage consumption from that point onward. See "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/managing-prebuilds#deleting-a-prebuild-configuration)." You can check for prebuild configurations in the "{% data variables.product.prodname_codespaces %}" page of a repository's settings. See "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-prebuilds)." diff --git a/content/communities/documenting-your-project-with-wikis/about-wikis.md b/content/communities/documenting-your-project-with-wikis/about-wikis.md index af517d29fd11..d8a0b4b71417 100644 --- a/content/communities/documenting-your-project-with-wikis/about-wikis.md +++ b/content/communities/documenting-your-project-with-wikis/about-wikis.md @@ -25,20 +25,16 @@ If you create a wiki in a public repository, the wiki is available to {% ifversi You can edit wikis directly on {% data variables.product.product_name %}, or you can edit wiki files locally. By default, only people with write access to your repository can make changes to wikis, although you can allow everyone on {% data variables.location.product_location %} to contribute to a wiki in a public repository. For more information, see "[AUTOTITLE](/communities/documenting-your-project-with-wikis/changing-access-permissions-for-wikis)." {% ifversion fpt or ghec %} -{% note %} -**Note:** Search engines will only index wikis with 500 or more stars that you configure to prevent public editing. For more information, see "[AUTOTITLE](/communities/documenting-your-project-with-wikis/changing-access-permissions-for-wikis)." +> [!NOTE] +> Search engines will only index wikis with 500 or more stars that you configure to prevent public editing. For more information, see "[AUTOTITLE](/communities/documenting-your-project-with-wikis/changing-access-permissions-for-wikis)." +> +> If you need search engines to index your content, you can use {% data variables.product.prodname_pages %} in a public repository. For more information, see "[{% data variables.product.prodname_pages %}](/pages)." -If you need search engines to index your content, you can use {% data variables.product.prodname_pages %} in a public repository. For more information, see "[{% data variables.product.prodname_pages %}](/pages)." - -{% endnote %} {% endif %} -{% note %} - -**Note:** For performance reasons, wikis have a soft limit of 5,000 total files, regardless of file type. If you exceed this limit, some pages may be inaccessible to users. If you need a larger wiki, we recommend using {% data variables.product.prodname_pages %}. For more information, see "[{% data variables.product.prodname_pages %}](/pages)." - -{% endnote %} +> [!NOTE] +> For performance reasons, wikis have a soft limit of 5,000 total files, regardless of file type. If you exceed this limit, some pages may be inaccessible to users. If you need a larger wiki, we recommend using {% data variables.product.prodname_pages %}. For more information, see "[{% data variables.product.prodname_pages %}](/pages)." ## Further reading diff --git a/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md b/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md index 93cc84e1791d..ee3882bf9432 100644 --- a/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md +++ b/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization.md @@ -16,11 +16,8 @@ You can block non-members from within your organization's settings or from a spe {% data reusables.organizations.blocking-a-user %} -{% tip %} - -**Tip:** If you're blocking a user because of a heated conversation, consider locking the conversation so only collaborators can comment. For more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/locking-conversations)." - -{% endtip %} +> [!TIP] +> If you're blocking a user because of a heated conversation, consider locking the conversation so only collaborators can comment. For more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/locking-conversations)." At the time that you block a user from your organization: * The user stops watching your organization's repositories diff --git a/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-personal-account.md b/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-personal-account.md index 959caf4ee682..e406d7cd137e 100644 --- a/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-personal-account.md +++ b/content/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-personal-account.md @@ -16,11 +16,8 @@ shortTitle: Block from your account You can block a user in your account settings or from the user's profile. {% data variables.product.prodname_dotcom %} will not notify the user when you block them. If you want to avoid contributing to the same project as someone you've blocked, you can choose to display a warning on any repositories with prior contributions from a blocked user. For more information, see "[Blocking a user in your account settings](#blocking-a-user-in-your-account-settings)." You may still see the activity of blocked users in shared spaces and blocked users can delete their existing content. -{% tip %} - -**Tip:** If you're blocking a user because of a heated conversation, consider locking the conversation so only collaborators can comment. For more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/locking-conversations)." - -{% endtip %} +> [!TIP] +> If you're blocking a user because of a heated conversation, consider locking the conversation so only collaborators can comment. For more information, see "[AUTOTITLE](/communities/moderating-comments-and-conversations/locking-conversations)." When you block a user: * The user stops following you diff --git a/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md b/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md index 8d9b4a725f81..c381d8ce6ef5 100644 --- a/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md +++ b/content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md @@ -80,14 +80,9 @@ If reported content is enabled for a public repository, you can also report cont 1. In the lower-right corner of the template chooser, click **Report abuse**. 1. Complete the contact form to tell {% data variables.contact.github_support %} about the contact link's behavior, then click **Send request**. -{% note %} - -**Notes:** - -* In order to get accurate information about the abuse, the abuse report form will direct you to use the in-product abuse report links. If an in-product link is not available, contact {% data variables.contact.contact_support %} to report abuse or report content. -* Users in India can contact {% data variables.product.prodname_dotcom %}'s Grievance Officer for India through [support.github.com/contact/india-grievance-officer](https://support.github.com/contact/india-grievance-officer). - -{% endnote %} +> [!NOTE] +> * In order to get accurate information about the abuse, the abuse report form will direct you to use the in-product abuse report links. If an in-product link is not available, contact {% data variables.contact.contact_support %} to report abuse or report content. +> * Users in India can contact {% data variables.product.prodname_dotcom %}'s Grievance Officer for India through [support.github.com/contact/india-grievance-officer](https://support.github.com/contact/india-grievance-officer). ## Further reading diff --git a/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization.md b/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization.md index e22bf5e668b0..25ad3fb450ca 100644 --- a/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization.md +++ b/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization.md @@ -16,11 +16,8 @@ After unblocking a user from your organization, they'll be able to contribute to If you selected a specific amount of time to block the user, they will be automatically unblocked when that period of time ends. For more information, see "[AUTOTITLE](/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization)." -{% tip %} - -**Tip**: Any settings that were removed when you blocked the user from your organization, such as collaborator status, stars, and watches, will not be restored when you unblock the user. - -{% endtip %} +> [!TIP] +> Any settings that were removed when you blocked the user from your organization, such as collaborator status, stars, and watches, will not be restored when you unblock the user. ## Unblocking a user in a comment diff --git a/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-personal-account.md b/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-personal-account.md index ee3d4ac08408..28b0a8c6f3cd 100644 --- a/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-personal-account.md +++ b/content/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-personal-account.md @@ -32,11 +32,8 @@ You can unblock a user in your account settings or from the user's profile page. ![Screenshot of the sidebar of a user's profile page. A link, labeled "Unblock or report", is outlined in dark orange.](/assets/images/help/profile/profile-unblock-or-report-user.png) 1. Click **Unblock user**. -{% tip %} - -**Tip**: Settings that were removed when you blocked the user, such as collaborator status, stars, and follows, are not restored when you unblock the user. - -{% endtip %} +> [!TIP] +> Settings that were removed when you blocked the user, such as collaborator status, stars, and follows, are not restored when you unblock the user. ## Further reading diff --git a/content/communities/moderating-comments-and-conversations/managing-disruptive-comments.md b/content/communities/moderating-comments-and-conversations/managing-disruptive-comments.md index a380d21061ca..9fdf47d0c898 100644 --- a/content/communities/moderating-comments-and-conversations/managing-disruptive-comments.md +++ b/content/communities/moderating-comments-and-conversations/managing-disruptive-comments.md @@ -82,11 +82,8 @@ Deleting a comment creates a timeline event that is visible to anyone with read ![Screenshot of a timeline event, which says "octo-org deleted a comment from hubot 6 minutes ago."](/assets/images/help/issues/anonymized-timeline-entry-for-deleted-comment.png) -{% note %} - -**Note:** The initial comment (or body) of an issue or pull request can't be deleted. Instead, you can edit issue and pull request bodies to remove unwanted content. - -{% endnote %} +> [!NOTE] +> The initial comment (or body) of an issue or pull request can't be deleted. Instead, you can edit issue and pull request bodies to remove unwanted content. ### Steps to delete a comment diff --git a/content/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project.md b/content/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project.md index ee8ce2484ec7..63854ef21e80 100644 --- a/content/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project.md +++ b/content/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project.md @@ -19,11 +19,8 @@ To direct people to specific support resources, you can add a SUPPORT file to yo You can create default support resources for your organization or personal account. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)." -{% tip %} - -**Tip:** To help people find your support guidelines, you can link to your SUPPORT file from other places in your repository, such as your [README file](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes). - -{% endtip %} +> [!TIP] +> To help people find your support guidelines, you can link to your SUPPORT file from other places in your repository, such as your [README file](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes). ## Adding support resources to your project diff --git a/content/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors.md b/content/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors.md index ffd0cff40541..871514c0e68f 100644 --- a/content/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors.md +++ b/content/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors.md @@ -25,11 +25,8 @@ For both owners and contributors, contribution guidelines save time and hassle c You can create default contribution guidelines for your organization or personal account. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)." -{% tip %} - -**Tip:** Repository maintainers can set specific guidelines for issues by creating an issue or pull request template for the repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates)." - -{% endtip %} +> [!TIP] +> Repository maintainers can set specific guidelines for issues by creating an issue or pull request template for the repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates)." ## Adding a _CONTRIBUTING_ file diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md index 81e885accc5c..0627277491f2 100644 --- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md +++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md @@ -67,11 +67,8 @@ Here is the rendered version of the issue form. You can encourage contributors to use issue templates by setting `blank_issues_enabled` to `false`. If you set `blank_issues_enabled` to `true`, people will have the option to open a blank issue. -{% note %} - -**Note:** If you used the legacy workflow to manually create an `issue_template.md` file in the `.github` folder and enable blank issues in your _config.yml_ file, the template in `issue_template.md` will be used when people choose to open a blank issue. If you disable blank issues, the template will never be used. - -{% endnote %} +> [!NOTE] +> If you used the legacy workflow to manually create an `issue_template.md` file in the `.github` folder and enable blank issues in your _config.yml_ file, the template in `issue_template.md` will be used when people choose to open a blank issue. If you disable blank issues, the template will never be used. If you prefer to receive certain reports outside of {% data variables.product.product_name %}, you can direct people to external sites with `contact_links`. diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository.md index c29aadfec0f9..90d881d19534 100644 --- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository.md +++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository.md @@ -32,11 +32,8 @@ assignees: octocat --- ``` -{% note %} - -**Note:** If a front matter value includes a YAML-reserved character such as `:` , you must put the whole value in quotes. For example, `":bug: Bug"` or `":new: triage needed, :bug: bug"`. - -{% endnote %} +> [!NOTE] +> If a front matter value includes a YAML-reserved character such as `:` , you must put the whole value in quotes. For example, `":bug: Bug"` or `":new: triage needed, :bug: bug"`. {% ifversion fpt or ghec %} diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema.md index f3c081b051ee..6643c6c306b6 100644 --- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema.md +++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema.md @@ -9,11 +9,8 @@ topics: - Community --- -{% note %} - -**Note:** {% data variables.product.company_short %}'s form schema is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> {% data variables.product.company_short %}'s form schema is currently in {% data variables.release-phases.public_preview %} and subject to change. ## About {% data variables.product.company_short %}'s form schema @@ -89,13 +86,10 @@ You can use a `markdown` element to display Markdown in your form that provides | --- | ----------- | -------- | ---- | ------- | ------- | | `value` | The text that is rendered. Markdown formatting is supported. | {% octicon "check" aria-label="Required" %} | String | {% octicon "dash" aria-label="Not applicable" %} | {% octicon "dash" aria-label="Not applicable" %} | -{% tip %} - -**Tips:** YAML processing will treat the hash symbol as a comment. To insert Markdown headers, wrap your text in quotes. - -For multi-line text, you can use the pipe operator. - -{% endtip %} +> [!TIP] +> YAML processing will treat the hash symbol as a comment. To insert Markdown headers, wrap your text in quotes. +> +> For multi-line text, you can use the pipe operator. #### Example of `markdown` diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md index 3cf52041d2cf..90428e7d598c 100644 --- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md +++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md @@ -19,11 +19,8 @@ Issue forms are not supported for pull requests. You can create pull request tem This example YAML configuration file defines an issue form using several inputs to report a bug. -{% note %} - -**Note:** The `required` field key is only supported in public repositories. In private and internal repositories, all fields are optional. - -{% endnote %} +> [!NOTE] +> The `required` field key is only supported in public repositories. In private and internal repositories, all fields are optional. {% data reusables.community.issue-forms-sample %} diff --git a/content/contributing/collaborating-on-github-docs/about-contributing-to-github-docs.md b/content/contributing/collaborating-on-github-docs/about-contributing-to-github-docs.md index c0a2bd0c9dd6..b575b809d5f9 100644 --- a/content/contributing/collaborating-on-github-docs/about-contributing-to-github-docs.md +++ b/content/contributing/collaborating-on-github-docs/about-contributing-to-github-docs.md @@ -16,11 +16,8 @@ The documentation repository is the place to discuss and collaborate on the docu If you've found something in the documentation content, or something about the docs.github.com website, that should be updated, search the open issues to see if someone else has reported the same thing. If it's something new, open an issue using a [template](https://github.com/github/docs/issues/new/choose). We'll use the issue to have a conversation about the problem you'd like to be fixed. -{% note %} - -**Note**: {% data variables.product.prodname_dotcom %} employees should open issues in the private `docs-content` repository. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} employees should open issues in the private `docs-content` repository. ## Pull requests diff --git a/content/contributing/collaborating-on-github-docs/using-git-on-github-docs.md b/content/contributing/collaborating-on-github-docs/using-git-on-github-docs.md index 7ddf10da3144..b82d560cbe29 100644 --- a/content/contributing/collaborating-on-github-docs/using-git-on-github-docs.md +++ b/content/contributing/collaborating-on-github-docs/using-git-on-github-docs.md @@ -39,15 +39,12 @@ To keep your local branches in sync with their remotes and avoid merge conflicts git checkout -b YOUR-TOPIC-BRANCH ``` - {% note %} - - **Note**: You can use forward slashes as part of the branch name, for example to include your user name: - - ```shell - git checkout -b my-username/new-codespace-policy - ``` - - {% endnote %} + > [!NOTE] + > You can use forward slashes as part of the branch name, for example to include your user name: + > + > ```shell + > git checkout -b my-username/new-codespace-policy + > ``` * To work on an existing project, switch to your topic branch and merge changes from `main`. @@ -128,11 +125,10 @@ To keep your local branches in sync with their remotes and avoid merge conflicts * Favor commits that contain small, focused groups of changes over commits with large, unfocused groups of changes, since this will help you write commit messages that other people can easily understand. An exception is the initial commit for a new project or category. These commits are sometimes large, as they often introduce the bare versions of many articles at once to provide an organizational scheme for subsequent work. * If you are incorporating feedback or want to address a set of changes to a particular person or team for review, @mention the person whose suggestions you are incorporating. For example: "Incorporating feedback from @octocat," or "Updating billing configuration steps - cc @monalisa for accuracy." * If a commit addresses an issue, you can reference the issue number in the commit, and a link to the commit will appear in the issue conversation timeline: "Addresses #1234 - adds steps for backing up the VM before upgrading." - {% note %} - **Note**: We generally don't close an issue via a commit. To close an issue, open a pull request and add "Closes #1234" to the description. The linked issue will be closed when the pull request is merged. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)." + > [!NOTE] + > We generally don't close an issue via a commit. To close an issue, open a pull request and add "Closes #1234" to the description. The linked issue will be closed when the pull request is merged. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)." - {% endnote %} * Make commit messages clear, detailed, and imperative. For example: "Adds a conceptual article about 2FA," not "Add info." * Try not to leave uncommitted changes in your local branch when you finish working for the day. Get to a good stopping point and commit and push your changes so your work is backed up to the remote repository. * Only push up to {% data variables.product.prodname_dotcom %} after you've made a few commits. Pushing after every commit adds noise to our ops channels on Slack and causes unnecessary builds to run. @@ -167,11 +163,8 @@ There are two ways to handle merge conflicts: If there are multiple files with merge conflicts, repeat the previous steps until you resolve all conflicts. - {% note %} - - **Note**: You should apply care when resolving merge conflicts. Sometimes you will simply accept your own changes, sometimes you will use the upstream changes from the `main` branch, and sometimes you will combine both sets of changes. If you're unsure of the best resolution, be wary of replacing the changes from upstream as these may have been made for specific reasons that you're not aware of. - - {% endnote %} + > [!NOTE] + > You should apply care when resolving merge conflicts. Sometimes you will simply accept your own changes, sometimes you will use the upstream changes from the `main` branch, and sometimes you will combine both sets of changes. If you're unsure of the best resolution, be wary of replacing the changes from upstream as these may have been made for specific reasons that you're not aware of. 1. In the terminal, stage the file, or files, that you just modified. @@ -195,10 +188,7 @@ There are two ways to handle merge conflicts: We recommend you open your pull request on {% data variables.product.prodname_dotcom %} early. Create the pull request as a draft until you are ready for it to be reviewed. Each time you push changes, your commits will be added to the pull request. -{% note %} - -**Note**: You can quickly access pull requests you've created by clicking **Pull requests** at the top of every page on {% data variables.product.prodname_dotcom %}. - -{% endnote %} +> [!NOTE] +> You can quickly access pull requests you've created by clicking **Pull requests** at the top of every page on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request?tool=webui#creating-the-pull-request)." diff --git a/content/contributing/collaborating-on-github-docs/using-the-todocs-placeholder-to-leave-notes.md b/content/contributing/collaborating-on-github-docs/using-the-todocs-placeholder-to-leave-notes.md index 00e79db955c6..0e7824c51fe6 100644 --- a/content/contributing/collaborating-on-github-docs/using-the-todocs-placeholder-to-leave-notes.md +++ b/content/contributing/collaborating-on-github-docs/using-the-todocs-placeholder-to-leave-notes.md @@ -13,11 +13,8 @@ Sometimes technical writers use placeholders while writing documentation to remi To prevent slips, use the string `TODOCS` as your placeholder. The Docs test suite includes a [linting test](https://github.com/github/docs/tree/main/src/content-linter) that will fail if it finds this string anywhere in a Markdown or YAML file. -{% note %} - -**Note**: If you use {% data variables.product.prodname_vscode_shortname %} as your text editor, the "[TODO Highlight](https://marketplace.visualstudio.com/items?itemName=wayou.vscode-todo-highlight)" extension is useful for highlighting instances of "TODOCS" in your files. Add "TODOCS" and other varieties of casing, such as "todocs," to the settings for this extension. - -{% endnote %} +> [!NOTE] +> If you use {% data variables.product.prodname_vscode_shortname %} as your text editor, the "[TODO Highlight](https://marketplace.visualstudio.com/items?itemName=wayou.vscode-todo-highlight)" extension is useful for highlighting instances of "TODOCS" in your files. Add "TODOCS" and other varieties of casing, such as "todocs," to the settings for this extension. ### Example diff --git a/content/contributing/setting-up-your-environment-to-work-on-github-docs/creating-a-local-environment.md b/content/contributing/setting-up-your-environment-to-work-on-github-docs/creating-a-local-environment.md index 8bba1b296ef8..e0d915d71028 100644 --- a/content/contributing/setting-up-your-environment-to-work-on-github-docs/creating-a-local-environment.md +++ b/content/contributing/setting-up-your-environment-to-work-on-github-docs/creating-a-local-environment.md @@ -53,13 +53,9 @@ You should now have a running server. To access your local preview environment, When you're ready to stop your local server, type Ctrl+C in your terminal window. -{% note %} - -**Note:** You should typically only need to run `npm ci` and `npm run build` each time you pull the latest version of a branch. - * `npm ci` does a clean install of dependencies, without updating the `package-lock.json` file. - * `npm run build` creates static assets, such as JavaScript and CSS files. - -{% endnote %} +> [!NOTE] You should typically only need to run `npm ci` and `npm run build` each time you pull the latest version of a branch. +> * `npm ci` does a clean install of dependencies, without updating the `package-lock.json` file. +> * `npm run build` creates static assets, such as JavaScript and CSS files. If you would like to read more about debugging and troubleshooting the {% data variables.product.prodname_docs %} application, see "[AUTOTITLE](/contributing/setting-up-your-environment-to-work-on-github-docs/troubleshooting-your-environment)" in the github/docs repository. @@ -73,11 +69,8 @@ By default, the local server does not run with all supported languages enabled. For example, to enable Japanese and Portuguese in addition to English, you can edit `package.json` and set `ENABLED_LANGUAGES='en,ja,pt'` in the `start` script. Then restart the server for the change to take effect. -{% note %} - -**Note:** Before you commit your changes, you should revert the `package.json` file to its original state. - -{% endnote %} +> [!NOTE] +> Before you commit your changes, you should revert the `package.json` file to its original state. The supported language codes are defined in [`src/languages/lib/languages.js`](https://github.com/github/docs/blob/main/src/languages/lib/languages.js). diff --git a/content/contributing/writing-for-github-docs/creating-screenshots.md b/content/contributing/writing-for-github-docs/creating-screenshots.md index a5bdd8379829..784384640189 100644 --- a/content/contributing/writing-for-github-docs/creating-screenshots.md +++ b/content/contributing/writing-for-github-docs/creating-screenshots.md @@ -150,21 +150,16 @@ The stroke is the color `fg.severe` in the [Primer Design System](https://primer * Pixel depth: 144dpi (equivalent to "2x" on Snagit for Mac) * Pixel width: 1000 pixels maximum - {% note %} + > [!NOTE] + > On Windows, you may need to select **Advanced** to change the resolution. Ensure **Use resampling** is disabled. - **Note:** On Windows, you may need to select **Advanced** to change the resolution. Ensure **Use resampling** is disabled. - - {% endnote %} 1. With the {% data variables.product.prodname_docs %} theme open in the Shapes sidebar, select the dark orange rectangle. 1. Drag and drop across the image to create a rectangle. 1. Adjust the rectangle's height and width by dragging edges. Do not adjust the corner rounding, which should remain 4 px. Adjust the space between the UI element and the stroke so it's about the width of the stroke itself. 1. Export image to PNG. -{% note %} - -**Note:** A bug in Snagit may corrupt the corner rounding, causing rectangles to become ovals. If this occurs, delete and reinstall the {% data variables.product.prodname_docs %} theme (Windows and Mac), or click and drag the yellow dot at the top right of the shape to reset corner rounding to 4 px (Mac only). - -{% endnote %} +> [!NOTE] +> A bug in Snagit may corrupt the corner rounding, causing rectangles to become ovals. If this occurs, delete and reinstall the {% data variables.product.prodname_docs %} theme (Windows and Mac), or click and drag the yellow dot at the top right of the shape to reset corner rounding to 4 px (Mac only). ## Replacing screenshots diff --git a/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md b/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md index 21035b8b9fbe..bd5ac1596757 100644 --- a/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md +++ b/content/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs.md @@ -394,11 +394,8 @@ For more information about links, see "[AUTOTITLE](/contributing/style-guide-and Because the site is dynamic, it does not build HTML files for each different version of an article. Instead it generates a "permalink" for every version of the article. It does this based on the article's [`versions` frontmatter](/contributing/syntax-and-versioning-for-github-docs/using-yaml-frontmatter#versions). -{% note %} - -**Note**: As of early 2021, the `free-pro-team@latest` version is not included in URLs. A helper function called `lib/remove-fpt-from-path.js` removes the version from URLs. - -{% endnote %} +> [!NOTE] +> As of early 2021, the `free-pro-team@latest` version is not included in URLs. A helper function called `lib/remove-fpt-from-path.js` removes the version from URLs. For example, an article that is available in currently supported versions will have permalink URLs like the following: @@ -414,11 +411,8 @@ An article that is not available in {% data variables.product.prodname_ghe_serve * `/en/get-started/getting-started-with-git/set-up-git` -{% note %} - -**Note:** If you are a content contributor, you don't need to worry about supported versions when adding a link to a document. Following the examples above, if you want to reference an article, you can just use its relative location: `/github/getting-started-with-github/set-up-git`. - -{% endnote %} +> [!NOTE] +> If you are a content contributor, you don't need to worry about supported versions when adding a link to a document. Following the examples above, if you want to reference an article, you can just use its relative location: `/github/getting-started-with-github/set-up-git`. ### Internal links with AUTOTITLE @@ -430,11 +424,8 @@ When linking to another {% data variables.product.prodname_docs %} page, use sta * `For more information, see "[AUTOTITLE](/path/to/page#section-link)."` * `For more information, see the TOOLNAME documentation in "[AUTOTITLE](/path/to/page?tool=TOOLNAME)."` -{% note %} - -**Note:** Same-page section links do not work with this keyword. Type out the full header text instead. - -{% endnote %} +> [!NOTE] +> Same-page section links do not work with this keyword. Type out the full header text instead. ### Linking to the current article in a different version of the docs diff --git a/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md b/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md index 1d6870796145..ef4dc4be9ad0 100644 --- a/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md +++ b/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md @@ -228,11 +228,8 @@ defaultTool: cli * Type: `String`. This should reference learning tracks' names defined in [`data/learning-tracks/*.yml`](https://github.com/github/docs/tree/main/data/learning-tracks). * Optional -{% note %} - -**Note:** the featured track is set by a specific property in the learning tracks YAML. See that [README](https://github.com/github/docs/blob/main/data/learning-tracks/README.md) for details. - -{% endnote %} +> [!NOTE] +> The featured track is set by a specific property in the learning tracks YAML. See that [README](https://github.com/github/docs/blob/main/data/learning-tracks/README.md) for details. ### `includeGuides` @@ -274,11 +271,8 @@ includeGuides: * Type: `string` YEAR-MONTH-DAY e.g. 2021-10-04 is October 4th, 2021 * Optional. -{% note %} - -**Note:** The `effectiveDate` frontmatter value is for use by {% data variables.product.company_short %} staff only. - -{% endnote %} +> [!NOTE] +> The `effectiveDate` frontmatter value is for use by {% data variables.product.company_short %} staff only. ## Escaping single quotes @@ -304,11 +298,8 @@ When adding a new article, make sure the filename is a [kebab-cased](https://en. Index pages are the table of contents files for the Docs site. Every product, category, and map topic subdirectory has an `index.md` file that provides an overview of the content and links to every child article. Each `index.md` must contain a `children` frontmatter property with a list of relative links to the child pages of the product, category, or map topic. Index pages require a `versions` frontmatter property, and the actual value will be computed at runtime based on the versions of children articles. -{% note %} - -**Note**: The site only knows about paths included in `children` frontmatter. If a directory or article exists but is **not** included in `children`, its path will return a 404. - -{% endnote %} +> [!NOTE] +> The site only knows about paths included in `children` frontmatter. If a directory or article exists but is **not** included in `children`, its path will return a 404. ## Homepage diff --git a/content/contributing/writing-for-github-docs/versioning-documentation.md b/content/contributing/writing-for-github-docs/versioning-documentation.md index 347622a71fc8..97c5301953f0 100644 --- a/content/contributing/writing-for-github-docs/versioning-documentation.md +++ b/content/contributing/writing-for-github-docs/versioning-documentation.md @@ -106,15 +106,10 @@ We use the [Liquid template language](https://shopify.github.io/liquid/basics/in If you define multiple products in the `versions` key within a page's YAML frontmatter, you can use the conditional operators `ifversion`/`else` (or `ifversion`/`elsif`/`else`) in the Markdown to control how the site renders content on the page for a particular product. For example, a feature may have more options on {% data variables.product.prodname_dotcom_the_website %} than on {% data variables.product.prodname_ghe_server %}, so you can version the content appropriately via the `versions` frontmatter, and use Liquid conditionals to describe the additional options for {% data variables.product.prodname_dotcom_the_website %}. -{% note %} - -**Notes:** - -* Use `ifversion` for product-based versioning and [feature-based versioning](#about-feature-based-versioning). -* Do not use `if` or `unless`. -* Make sure to use `elsif` and not `else if`. Liquid does not recognize `else if` and will not render content inside an `else if` block. - -{% endnote %} +> [!NOTE] +> * Use `ifversion` for product-based versioning and [feature-based versioning](#about-feature-based-versioning). +> * Do not use `if` or `unless`. +> * Make sure to use `elsif` and not `else if`. Liquid does not recognize `else if` and will not render content inside an `else if` block. ### Comparison operators @@ -195,11 +190,8 @@ Feature-based versioning provides named "feature flags" that simplify the mainte Each feature is managed through individual YAML files in `data/features/`. -{% note %} - -**Note**: Do not delete `data/features/placeholder.yml` because it is used by tests. - -{% endnote %} +> [!NOTE] +> Do not delete `data/features/placeholder.yml` because it is used by tests. To create a new feature, first create a new YAML file with the feature name you want to use in this directory. For a feature named `meow`, that would be `data/features/meow.yml`. diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md index 5b44a617ea2e..8d52f349d829 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md @@ -47,7 +47,7 @@ redirect_from: {% data reusables.copilot.more-details-content-exclusion-logs %} -{% ifversion ghec%} +{% ifversion ghec %} ## Reviewing changes in your enterprise diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md index b362cd4fbe5a..10663b5939de 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-user-activity-data-for-copilot-in-your-organization.md @@ -72,7 +72,7 @@ For more information about enabling telemetry in various IDEs, see: ## Further reading -{% ifversion ghec%} +{% ifversion ghec %} * "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/viewing-copilot-usage-for-your-enterprise)"{% endif %} * [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center) * "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/granting-access-to-copilot-for-members-of-your-organization)." diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md index d49c52f3c791..0f13ebf1f106 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md @@ -33,7 +33,7 @@ You can use content exclusions to configure {% data variables.product.prodname_c ### Who can configure content exclusion -Repository administrators{% ifversion ghec%}, organization owners, and enterprise owners{% else %} and organization owners{% endif %} can configure content exclusion. +Repository administrators{% ifversion ghec %}, organization owners, and enterprise owners{% else %} and organization owners{% endif %} can configure content exclusion. {% data reusables.copilot.content-exclusions-scope %} @@ -45,6 +45,7 @@ Repository administrators{% ifversion ghec%}, organization owners, and enterpris | {% data variables.product.prodname_vscode %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | JetBrains IDEs | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | Vim/Neovim | {% octicon "check" aria-label="Supported" %} | Not applicable | +| Xcode | {% octicon "check" aria-label="Supported" %} | Not applicable | | Azure Data Studio | {% octicon "x" aria-label="Not supported" %} | Not applicable | | The {% data variables.product.github %} website | Not applicable | {% octicon "x" aria-label="Not supported" %} | @@ -65,7 +66,7 @@ You can use your repository settings to specify content in your repository that 1. In the "Code & automation" section of the side bar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**. - If your repository inherits any exclusions from {%ifversion fpt %}its parent organization{% else %} organizations in the same enterprise{% endif %}, you'll see {%ifversion ghec %}one or more{% else %} a{% endif %} gray box{%ifversion ghec %}es{% endif %} at the top of the page containing details of these exclusions. You cannot edit these settings. + If your repository inherits any exclusions from {% ifversion fpt %}its parent organization{% else %} organizations in the same enterprise{% endif %}, you'll see {% ifversion ghec %}one or more{% else %} a{% endif %} gray box{% ifversion ghec %}es{% endif %} at the top of the page containing details of these exclusions. You cannot edit these settings. 1. In the box following "Paths to exclude in this repository," enter the paths to files from which {% data variables.product.prodname_copilot_short %} should be excluded. diff --git a/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md b/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md index 0bc017dad2ea..00f2a34e2391 100644 --- a/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md +++ b/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md @@ -33,7 +33,7 @@ When a file is affected by a content exclusion setting, {% data variables.produc {% data reusables.copilot.content-exclusion-note %} -Content exclusion can be configured at the repository{% ifversion ghec%}, organization, and enterprise{% else %} and organization{% endif %} level. The scope of the exclusion is determined by the level at which the rule is set: +Content exclusion can be configured at the repository{% ifversion ghec %}, organization, and enterprise{% else %} and organization{% endif %} level. The scope of the exclusion is determined by the level at which the rule is set: {% data reusables.copilot.content-exclusions-scope %} diff --git a/content/copilot/troubleshooting-github-copilot/viewing-logs-for-github-copilot-in-your-environment.md b/content/copilot/troubleshooting-github-copilot/viewing-logs-for-github-copilot-in-your-environment.md index 0d444c17cfee..a9e1a78a2fa3 100644 --- a/content/copilot/troubleshooting-github-copilot/viewing-logs-for-github-copilot-in-your-environment.md +++ b/content/copilot/troubleshooting-github-copilot/viewing-logs-for-github-copilot-in-your-environment.md @@ -33,10 +33,10 @@ These steps describe how to view and collect the log files for the following Jet * RubyMine * WebStorm -The {% data variables.product.prodname_copilot%} extension logs to the IDEA log location for IntelliJ plugins. +The {% data variables.product.prodname_copilot %} extension logs to the IDEA log location for IntelliJ plugins. 1. In your JetBrains IDE, open the **Help** menu. 1. Go to **Show Log in Finder**. -1. Open the `idea.log` in your preferred editor and look for any errors related to {% data variables.product.prodname_dotcom%} or {% data variables.product.prodname_copilot%}. +1. Open the `idea.log` in your preferred editor and look for any errors related to {% data variables.product.prodname_dotcom %} or {% data variables.product.prodname_copilot %}. For more information, see the [Locating IDE log files](https://intellij-support.jetbrains.com/hc/en-us/articles/207241085-Locating-IDE-log-files) in the IntelliJ documentation. @@ -45,7 +45,7 @@ For more information, see the [Locating IDE log files](https://intellij-support. 1. In Rider, open the **Help** menu. 1. Go to **Diagnostic Tools**. 1. Go to **Show Log in**. -1. Open the `idea.log` in your preferred editor and look for any errors related to {% data variables.product.prodname_dotcom%} or {% data variables.product.prodname_copilot%}. +1. Open the `idea.log` in your preferred editor and look for any errors related to {% data variables.product.prodname_dotcom %} or {% data variables.product.prodname_copilot %}. ## Enabling debug mode @@ -66,17 +66,17 @@ If you find the log file doesn't contain enough information to resolve an issue, ## Viewing network connectivity diagnostics logs -If you encounter problems connecting to {% data variables.product.prodname_copilot%} due to network restrictions, firewalls, or your proxy setup, use the following troubleshooting steps. +If you encounter problems connecting to {% data variables.product.prodname_copilot %} due to network restrictions, firewalls, or your proxy setup, use the following troubleshooting steps. -1. In the menu bar, click **Tools**, select **{% data variables.product.prodname_copilot%}**, and click **Log Diagnostics**. +1. In the menu bar, click **Tools**, select **{% data variables.product.prodname_copilot %}**, and click **Log Diagnostics**. 1. The `idea.log` file should open in the JetBrains IDE with the diagnostics output. Alternatively, you can open the `idea.log` file in your preferred editor. -1. Check the section on **Reachability** to determine if {% data variables.product.prodname_copilot%} can access the necessary services. +1. Check the section on **Reachability** to determine if {% data variables.product.prodname_copilot %} can access the necessary services. ## Troubleshooting certificate-related errors If you're using a custom certificate, ensure the certificate is installed correctly in the operating system, see "[AUTOTITLE](/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot)". Then use the following troubleshooting steps. -1. In the menu bar, click **Tools**, select **{% data variables.product.prodname_copilot%}**, and click **Log CA Certificates**. +1. In the menu bar, click **Tools**, select **{% data variables.product.prodname_copilot %}**, and click **Log CA Certificates**. 1. The `idea.log` file should open in the JetBrains IDE with the trusted CA certificates logged in PEM format. You may need to refresh the `idea.log` file to view all of the output. Alternatively, you can open the `idea.log` file in your preferred editor. 1. Check to see if the expected custom certificate is included in the certificate list output. @@ -86,10 +86,10 @@ If you're using a custom certificate, ensure the certificate is installed correc ## Viewing logs in {% data variables.product.prodname_vs %} -The log files for the {% data variables.product.prodname_copilot%} extension are stored in the standard log location for {% data variables.product.prodname_vs %} extensions. +The log files for the {% data variables.product.prodname_copilot %} extension are stored in the standard log location for {% data variables.product.prodname_vs %} extensions. 1. Open the **View** menu in {% data variables.product.prodname_vs %}. 1. Click **Output**. -1. On the right of the Output view pane, select **{% data variables.product.prodname_copilot%}** from the dropdown menu. +1. On the right of the Output view pane, select **{% data variables.product.prodname_copilot %}** from the dropdown menu. ## Further reading @@ -101,10 +101,10 @@ The log files for the {% data variables.product.prodname_copilot%} extension are ## Viewing and collecting log files -The log files for the {% data variables.product.prodname_copilot%} extension are stored in the standard log location for {% data variables.product.prodname_vscode %} extensions. The log files are useful for diagnosing connection issues. +The log files for the {% data variables.product.prodname_copilot %} extension are stored in the standard log location for {% data variables.product.prodname_vscode %} extensions. The log files are useful for diagnosing connection issues. 1. Open the **View** menu in {% data variables.product.prodname_vscode %}. 1. Click **Output**. -1. On the right of the Output view pane, select **{% data variables.product.prodname_copilot%}** from the dropdown menu. +1. On the right of the Output view pane, select **{% data variables.product.prodname_copilot %}** from the dropdown menu. Alternatively, you can open the log folder for {% data variables.product.prodname_vscode %} extensions in your system's file explorer. This is useful if you need to forward the log files to the support team. @@ -117,15 +117,15 @@ Alternatively, you can open the log folder for {% data variables.product.prodnam ## Viewing network connectivity diagnostics logs -If you encounter problems connecting to {% data variables.product.prodname_copilot%} due to network restrictions, firewalls, or your proxy setup, use the following troubleshooting steps. +If you encounter problems connecting to {% data variables.product.prodname_copilot %} due to network restrictions, firewalls, or your proxy setup, use the following troubleshooting steps. 1. Open the {% data variables.product.prodname_vscode_command_palette_shortname %} * For Mac: * Use: Shift+Command+P * For Windows or Linux: * Use: Ctrl+Shift+P -1. Type "Diagnostics", and then select **{% data variables.product.prodname_copilot%}: Collect Diagnostics** from the list. This opens a new editor with the relevant information that you can inspect yourself or share with the support team. -1. Check the section on **Reachability** to determine if {% data variables.product.prodname_copilot%} can actually access the necessary services. +1. Type "Diagnostics", and then select **{% data variables.product.prodname_copilot %}: Collect Diagnostics** from the list. This opens a new editor with the relevant information that you can inspect yourself or share with the support team. +1. Check the section on **Reachability** to determine if {% data variables.product.prodname_copilot %} can actually access the necessary services. ## Viewing Electron logs @@ -150,7 +150,7 @@ In rare cases, errors might not be propagated to the corresponding error handler {% vimneovim %} -## Checking if {% data variables.product.prodname_copilot%} is operational +## Checking if {% data variables.product.prodname_copilot %} is operational To check if GitHub Copilot is operational, run the following command in Vim/Neovim: diff --git a/content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md index 36e87895f460..8f1deaa75991 100644 --- a/content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md +++ b/content/copilot/using-github-copilot/asking-github-copilot-questions-in-github-mobile.md @@ -34,9 +34,9 @@ With {% data variables.product.prodname_copilot_enterprise_short %}, you can als ## Limitations -The following {% ifversion fpt%}limitation applies{% else %} limitations apply{% endif %} to {% data variables.product.prodname_copilot_mobile_short %}: +The following {% ifversion fpt %}limitation applies{% else %} limitations apply{% endif %} to {% data variables.product.prodname_copilot_mobile_short %}: -{% ifversion ghec%} +{% ifversion ghec %} * Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. {% data reusables.copilot.indexing-who-can-do-this %}{% endif %} * The quality of the results from {% data variables.product.prodname_copilot_chat_short %} may, in some situations, be degraded if very large files, or a large number of files, are used as a context for a question. diff --git a/content/desktop/adding-and-cloning-repositories/adding-a-repository-from-your-local-computer-to-github-desktop.md b/content/desktop/adding-and-cloning-repositories/adding-a-repository-from-your-local-computer-to-github-desktop.md index ea5398be8048..ec0e481313a1 100644 --- a/content/desktop/adding-and-cloning-repositories/adding-a-repository-from-your-local-computer-to-github-desktop.md +++ b/content/desktop/adding-and-cloning-repositories/adding-a-repository-from-your-local-computer-to-github-desktop.md @@ -9,11 +9,9 @@ versions: feature: desktop shortTitle: Add a repository --- -{% tip %} -**Tip:** You can add a Git repository from your local computer to GitHub Desktop by dragging the folder onto the {% data variables.product.prodname_desktop %} window. If you drag multiple Git folders into {% data variables.product.prodname_desktop %} at the same time, each folder will be added as a separate Git repository. - -{% endtip %} +> [!TIP] +> You can add a Git repository from your local computer to GitHub Desktop by dragging the folder onto the {% data variables.product.prodname_desktop %} window. If you drag multiple Git folders into {% data variables.product.prodname_desktop %} at the same time, each folder will be added as a separate Git repository. {% mac %} diff --git a/content/desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop.md b/content/desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop.md index 51e5b4705fc2..5209b00830b2 100644 --- a/content/desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop.md +++ b/content/desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop.md @@ -9,11 +9,9 @@ versions: feature: desktop shortTitle: Clone a GitHub repo --- -{% tip %} -**Tip:** You also can use {% data variables.product.prodname_desktop %} to clone repositories that exist on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/desktop/adding-and-cloning-repositories/cloning-and-forking-repositories-from-github-desktop)." - -{% endtip %} +> [!TIP] +> You also can use {% data variables.product.prodname_desktop %} to clone repositories that exist on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/desktop/adding-and-cloning-repositories/cloning-and-forking-repositories-from-github-desktop)." 1. Sign in to {% data variables.product.github %} and {% data variables.product.prodname_desktop %} before you start to clone. {% data reusables.repositories.navigate-to-repo %} @@ -22,10 +20,7 @@ shortTitle: Clone a GitHub repo ![Screenshot of the "URL" tab of the "Clone a Repository" window. Next to the "Local Path" field, a button, labeled "Choose", is highlighted with an orange outline.](/assets/images/help/desktop/clone-choose-button-url-mac.png) - {% note %} - - **Note:** If the repository is configured to use LFS, you will be prompted to initialize {% data variables.large_files.product_name_short %}. - - {% endnote %} + > [!NOTE] + > If the repository is configured to use LFS, you will be prompted to initialize {% data variables.large_files.product_name_short %}. 1. Click **Clone**. diff --git a/content/desktop/configuring-and-customizing-github-desktop/configuring-a-default-editor-in-github-desktop.md b/content/desktop/configuring-and-customizing-github-desktop/configuring-a-default-editor-in-github-desktop.md index a9dd91c59183..e7ad0bfc37e1 100644 --- a/content/desktop/configuring-and-customizing-github-desktop/configuring-a-default-editor-in-github-desktop.md +++ b/content/desktop/configuring-and-customizing-github-desktop/configuring-a-default-editor-in-github-desktop.md @@ -122,22 +122,20 @@ If you want to open another repository in the default editor, you can use the re 1. In the upper-left corner of {% data variables.product.prodname_desktop %}, to the right of the current repository name, click {% octicon "triangle-down" aria-label="The triangle-down icon" %}. 1. Right-click the repository, then click **Open in default editor**. -{% tip %} - {% mac %} -**Tip:** You can use the Shift+Command+A keyboard shortcut to open a repository in the default editor. +> [!TIP] +> You can use the Shift+Command+A keyboard shortcut to open a repository in the default editor. {% endmac %} {% windows %} -**Tip:** You can use the Ctrl+Shift+A keyboard shortcut to open a repository in the default editor. +> [!TIP] +> You can use the Ctrl+Shift+A keyboard shortcut to open a repository in the default editor. {% endwindows %} -{% endtip %} - ## Opening a file in the default editor 1. Navigate to the "Changes" tab in the left sidebar. diff --git a/content/desktop/configuring-and-customizing-github-desktop/configuring-git-for-github-desktop.md b/content/desktop/configuring-and-customizing-github-desktop/configuring-git-for-github-desktop.md index c2416ab7ea68..a0c4a2535e31 100644 --- a/content/desktop/configuring-and-customizing-github-desktop/configuring-git-for-github-desktop.md +++ b/content/desktop/configuring-and-customizing-github-desktop/configuring-git-for-github-desktop.md @@ -19,11 +19,8 @@ If the email address that has been set in your Git configuration does not match {% data variables.product.prodname_desktop %} also allows you to change the default branch name that you would like to use when creating new repositories. By default, {% data variables.product.prodname_desktop %} uses `main` as the default branch name in any new repositories you create. -{% tip %} - -**Tip**: Anyone will be able to see the email address in your Git configuration if you make public commits. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)." - -{% endtip %} +> [!TIP] +> Anyone will be able to see the email address in your Git configuration if you make public commits. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)." ## Configuring your global author information diff --git a/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md b/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md index b4c0920688b5..39fa1cae38a0 100644 --- a/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md +++ b/content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md @@ -44,11 +44,8 @@ You can install {% data variables.product.prodname_desktop %} on {% data variabl You can install {% data variables.product.prodname_desktop %} on {% data variables.desktop.windows-versions %}. -{% warning %} - -**Warning**: You must have a 64-bit operating system to run {% data variables.product.prodname_desktop %}. - -{% endwarning %} +> [!WARNING] +> You must have a 64-bit operating system to run {% data variables.product.prodname_desktop %}. {% data reusables.desktop.download-desktop-page %} 1. Click **Download for Windows**. diff --git a/content/desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project-in-github-desktop.md b/content/desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project-in-github-desktop.md index 3c4bc9114ef2..e19497969878 100644 --- a/content/desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project-in-github-desktop.md +++ b/content/desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project-in-github-desktop.md @@ -88,11 +88,8 @@ Discarded changes are saved in a dated file in the Trash. You can recover discar You can discard one or more changed lines that are uncommitted. -{% note %} - -**Note:** Discarding single lines is disabled in a group of changes that adds and removes lines. - -{% endnote %} +> [!NOTE] +> Discarding single lines is disabled in a group of changes that adds and removes lines. To discard one added line, in the list of changed lines, right-click the line number of the line you want to discard, then select **Discard Added Line**. @@ -106,11 +103,8 @@ To discard a group of changed lines, right-click the vertical bar to the right o Once you're satisfied with the changes you've chosen to include in your commit, write your commit message and push your changes. If you've collaborated on a commit, you can also attribute a commit to more than one author. -{% note %} - -**Note**: {% data reusables.desktop.tags-push-with-commits %} For more information, see "[AUTOTITLE](/desktop/managing-commits/managing-tags-in-github-desktop)." - -{% endnote %} +> [!NOTE] +> {% data reusables.desktop.tags-push-with-commits %} For more information, see "[AUTOTITLE](/desktop/managing-commits/managing-tags-in-github-desktop)." {% data reusables.desktop.commit-message %} diff --git a/content/desktop/making-changes-in-a-branch/managing-branches-in-github-desktop.md b/content/desktop/making-changes-in-a-branch/managing-branches-in-github-desktop.md index 416450259a4c..586ad7423d87 100644 --- a/content/desktop/making-changes-in-a-branch/managing-branches-in-github-desktop.md +++ b/content/desktop/making-changes-in-a-branch/managing-branches-in-github-desktop.md @@ -35,11 +35,8 @@ Repository administrators can also enable rulesets. Rulesets can be used to requ ## Creating a branch -{% tip %} - -**Tip:** The first new branch you create will be based on the default branch. If you have more than one branch, you can choose to base the new branch on the currently checked out branch or the default branch. - -{% endtip %} +> [!TIP] +> The first new branch you create will be based on the default branch. If you have more than one branch, you can choose to base the new branch on the currently checked out branch or the default branch. {% data reusables.desktop.click-base-branch-in-drop-down %} {% data reusables.desktop.create-new-branch %} @@ -72,11 +69,9 @@ If you create a branch on {% data variables.product.product_name %}, you'll need ## Switching between branches You can view and make commits to any of your repository's branches. If you have uncommitted, saved changes, you'll need to decide what to do with your changes before you can switch branches. You can commit your changes on the current branch, stash your changes to temporarily save them on the current branch, or bring the changes to your new branch. If you want to commit your changes before switching branches, see "[AUTOTITLE](/desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project-in-github-desktop)." -{% tip %} - -**Tip**: You can set a default behavior for switching branches in the **Prompts** settings. For more information, see "[AUTOTITLE](/desktop/configuring-and-customizing-github-desktop/configuring-basic-settings-in-github-desktop)." -{% endtip %} +> [!TIP] +> You can set a default behavior for switching branches in the **Prompts** settings. For more information, see "[AUTOTITLE](/desktop/configuring-and-customizing-github-desktop/configuring-basic-settings-in-github-desktop)." 1. In the repository bar, click {% octicon "git-branch" aria-hidden="true" %} **Current Branch**, then click the branch that you want to switch to. ![Screenshot of the "Current Branch" dropdown view. Under "Recent Branches", a branch, named "my-feature", is highlighted with an orange outline.](/assets/images/help/desktop/select-branch-from-dropdown.png) diff --git a/content/desktop/making-changes-in-a-branch/pushing-changes-to-github-from-github-desktop.md b/content/desktop/making-changes-in-a-branch/pushing-changes-to-github-from-github-desktop.md index f7fb03c0ef66..8ea356794f32 100644 --- a/content/desktop/making-changes-in-a-branch/pushing-changes-to-github-from-github-desktop.md +++ b/content/desktop/making-changes-in-a-branch/pushing-changes-to-github-from-github-desktop.md @@ -27,16 +27,13 @@ Repository administrators can also enable rulesets for a branch, which will prev ## Pushing changes to {% data variables.product.prodname_dotcom %} -{% note %} - -**Note:** {% data variables.product.prodname_desktop %} will reject a push if it exceeds certain limits. - -* A push contains a large file over {% data variables.large_files.max_github_size %} in size. -* A push is over {% data variables.large_files.max_file_size %} in total size. - -If you configure {% data variables.large_files.product_name_long %} to track your large files, you can push large files that would normally be rejected. For more information, see "[AUTOTITLE](/desktop/configuring-and-customizing-github-desktop/about-git-large-file-storage-and-github-desktop)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_desktop %} will reject a push if it exceeds certain limits. +> +> * A push contains a large file over {% data variables.large_files.max_github_size %} in size. +> * A push is over {% data variables.large_files.max_file_size %} in total size. +> +> If you configure {% data variables.large_files.product_name_long %} to track your large files, you can push large files that would normally be rejected. For more information, see "[AUTOTITLE](/desktop/configuring-and-customizing-github-desktop/about-git-large-file-storage-and-github-desktop)." {% data reusables.desktop.push-origin %} 1. If there are commits on the remote branch that you don't have on your local branch, {% data variables.product.prodname_desktop %} prompts you to fetch new commits from the remote. In the "New Commits on Remote" window, click **Fetch**. diff --git a/content/desktop/managing-commits/checking-out-a-commit-in-github-desktop.md b/content/desktop/managing-commits/checking-out-a-commit-in-github-desktop.md index f4bedf3cafc1..adf86f3567eb 100644 --- a/content/desktop/managing-commits/checking-out-a-commit-in-github-desktop.md +++ b/content/desktop/managing-commits/checking-out-a-commit-in-github-desktop.md @@ -14,11 +14,8 @@ Checking out a commit allows you to view your repository in a previous state wit Checking out a commit puts your repository in a "detached HEAD" state. In Git terminology "HEAD" is the reference that points to the tip, or latest commit, of a named branch in your repository. A "detached HEAD" state means that HEAD refers to a specific commit, but not on a named branch in your repository. -{% note %} - -**Note:** Any commits made in a "detached HEAD" state will be lost when switching branches, since these commits have not been made on a named branch. If you need to recover the lost commits, see "[Troubleshooting](#troubleshooting)." - -{% endnote %} +> [!NOTE] +> Any commits made in a "detached HEAD" state will be lost when switching branches, since these commits have not been made on a named branch. If you need to recover the lost commits, see "[Troubleshooting](#troubleshooting)." ## Checking out a commit diff --git a/content/desktop/managing-commits/managing-tags-in-github-desktop.md b/content/desktop/managing-commits/managing-tags-in-github-desktop.md index bb7d6d2dd544..f59465d7a37e 100644 --- a/content/desktop/managing-commits/managing-tags-in-github-desktop.md +++ b/content/desktop/managing-commits/managing-tags-in-github-desktop.md @@ -27,11 +27,9 @@ versions: {% data reusables.desktop.history-tab %} 1. Click the commit. - {% note %} - **Note**: {% data variables.product.prodname_desktop %} displays an arrow {% octicon "arrow-up" aria-label="The up arrow icon" %} if the tag has not been pushed to the remote repository. - - {% endnote %} + > [!NOTE] + > {% data variables.product.prodname_desktop %} displays an arrow {% octicon "arrow-up" aria-label="The up arrow icon" %} if the tag has not been pushed to the remote repository. ![Screenshot of a list of commits in the "History" tab. Next to a commit, a "hello-tag" label and an "up arrow" icon are outlined in orange.](/assets/images/help/desktop/viewing-tags-in-history.png) @@ -41,11 +39,8 @@ versions: ## Deleting tags -{% note %} - -**Note**: You can only delete tags associated with commits that have not yet been pushed. - -{% endnote %} +> [!NOTE] +> You can only delete tags associated with commits that have not yet been pushed. {% data reusables.desktop.history-tab %} {% data reusables.desktop.delete-tag %} diff --git a/content/desktop/managing-commits/options-for-managing-commits-in-github-desktop.md b/content/desktop/managing-commits/options-for-managing-commits-in-github-desktop.md index e6199597ddef..f92403a3b9d3 100644 --- a/content/desktop/managing-commits/options-for-managing-commits-in-github-desktop.md +++ b/content/desktop/managing-commits/options-for-managing-commits-in-github-desktop.md @@ -16,11 +16,8 @@ When you're contributing changes to a repository, your commit history should tel Often, it is difficult to follow these best practices perfectly at the point where you're making changes. You might realize you need to undo the changes in a commit you've made, edit a commit message, or reorder your commits to tell a clearer story. With {% data variables.product.prodname_desktop %}, you can manage your commit history directly from the user interface. -{% note %} - -**Note:** Where possible, you should avoid changing the history of commits that have already been pushed to the remote repository. Other contributors may have already based work on these commits. - -{% endnote %} +> [!NOTE] +> Where possible, you should avoid changing the history of commits that have already been pushed to the remote repository. Other contributors may have already based work on these commits. ## Options for managing commit history in {% data variables.product.prodname_desktop %} diff --git a/content/desktop/managing-commits/reverting-a-commit-in-github-desktop.md b/content/desktop/managing-commits/reverting-a-commit-in-github-desktop.md index 59c2475cc141..5ad99b60d976 100644 --- a/content/desktop/managing-commits/reverting-a-commit-in-github-desktop.md +++ b/content/desktop/managing-commits/reverting-a-commit-in-github-desktop.md @@ -12,11 +12,8 @@ versions: --- When you revert to a previous commit, the revert is also a commit. The original commit also remains in the repository's history. -{% tip %} - -**Tip:** When you revert multiple commits, it's best to revert in order from newest to oldest. If you revert commits in a different order, you may see merge conflicts. - -{% endtip %} +> [!TIP] +> When you revert multiple commits, it's best to revert in order from newest to oldest. If you revert commits in a different order, you may see merge conflicts. {% data reusables.desktop.history-tab %} {% data reusables.desktop.revert-commit %} diff --git a/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/creating-an-issue-or-pull-request-from-github-desktop.md b/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/creating-an-issue-or-pull-request-from-github-desktop.md index 4ce51daa761c..480e724325c2 100644 --- a/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/creating-an-issue-or-pull-request-from-github-desktop.md +++ b/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/creating-an-issue-or-pull-request-from-github-desktop.md @@ -43,11 +43,8 @@ Before you create a pull request, you'll need to push changes to a branch on {% 1. On {% data variables.product.prodname_dotcom %}, click **Get started** to open an issue template or click **Open a blank issue**. -{% note %} - -**Note**: If issue templates aren't enabled in your current repository, {% data variables.product.prodname_desktop %} will direct you to a blank issue on {% data variables.product.prodname_dotcom %}. - -{% endnote %} +> [!NOTE] +> If issue templates aren't enabled in your current repository, {% data variables.product.prodname_desktop %} will direct you to a blank issue on {% data variables.product.prodname_dotcom %}. ## Creating a pull request diff --git a/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/syncing-your-branch-in-github-desktop.md b/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/syncing-your-branch-in-github-desktop.md index 391f50f4397a..b2e58c4eeed4 100644 --- a/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/syncing-your-branch-in-github-desktop.md +++ b/content/desktop/working-with-your-remote-repository-on-github-or-github-enterprise/syncing-your-branch-in-github-desktop.md @@ -40,11 +40,9 @@ Some workflows require or benefit from rebasing instead of merging. By rebasing {% data reusables.desktop.choose-a-branch-to-merge %} {% data reusables.desktop.confirm-merging-branch %} - {% note %} + > [!NOTE] + > If there are merge conflicts, {% data variables.product.prodname_desktop %} will warn you above the **Merge BRANCH into BRANCH** button. You will not be able to merge the branches until you have resolved all conflicts. - **Note:** If there are merge conflicts, {% data variables.product.prodname_desktop %} will warn you above the **Merge BRANCH into BRANCH** button. You will not be able to merge the branches until you have resolved all conflicts. - - {% endnote %} {% data reusables.desktop.push-origin %} ## Rebasing your project branch onto another branch @@ -88,11 +86,9 @@ Some workflows require or benefit from rebasing instead of merging. By rebasing 1. In the "Squash and merge" window, click the branch you want to merge into the current branch, then click **Squash and merge**. - {% note %} - - **Note:** If there are merge conflicts, {% data variables.product.prodname_desktop %} will warn you above the **Squash and merge** button. You will not be able to squash and merge the branch until you have resolved all conflicts. + > [!NOTE] + > If there are merge conflicts, {% data variables.product.prodname_desktop %} will warn you above the **Squash and merge** button. You will not be able to squash and merge the branch until you have resolved all conflicts. - {% endnote %} {% data reusables.desktop.push-origin %} ## Further Reading diff --git a/content/discussions/managing-discussions-for-your-community/moderating-discussions.md b/content/discussions/managing-discussions-for-your-community/moderating-discussions.md index 7c51d1db6879..d777a0ad94f8 100644 --- a/content/discussions/managing-discussions-for-your-community/moderating-discussions.md +++ b/content/discussions/managing-discussions-for-your-community/moderating-discussions.md @@ -20,11 +20,10 @@ versions: It's appropriate to lock a conversation when the entire conversation is not constructive or violates your community's code of conduct or {% data variables.product.prodname_dotcom %}'s [Community Guidelines](/free-pro-team@latest/site-policy/github-terms/github-community-guidelines). You can also lock a conversation to prevent comments on a discussion you want to use as an announcement to the community. When you lock a conversation, people with write access to the repository, or source repository for organization discussions, will still be able to comment on the discussion. {% ifversion discussions-lock-allow-reactions %}You can also allow emoji reactions to a locked discussion.{% endif %} {% ifversion discussions-closable %} -{% note %} -**Note:** You can also close a discussion. For more information, see "[Closing a discussion](/discussions/managing-discussions-for-your-community/managing-discussions#closing-a-discussion)." +> [!NOTE] +> You can also close a discussion. For more information, see "[Closing a discussion](/discussions/managing-discussions-for-your-community/managing-discussions#closing-a-discussion)." -{% endnote %} {% endif %} {% data reusables.discussions.navigate-to-repo-or-org %} diff --git a/content/discussions/managing-discussions-for-your-community/viewing-insights-for-your-discussions.md b/content/discussions/managing-discussions-for-your-community/viewing-insights-for-your-discussions.md index 9425871fa172..a72570d98147 100644 --- a/content/discussions/managing-discussions-for-your-community/viewing-insights-for-your-discussions.md +++ b/content/discussions/managing-discussions-for-your-community/viewing-insights-for-your-discussions.md @@ -19,11 +19,8 @@ You can use discussions insights to help understand the contribution activity, p ![Screenshot of the "Community insights" page. A dashboard displays graphs for data related to Discussions, such as page views.](/assets/images/help/discussions/discussions-dashboard.png) -{% note %} - -**Note:** To view the exact data for a time period, hover over that time period in the graph. - -{% endnote %} +> [!NOTE] +> To view the exact data for a time period, hover over that time period in the graph. ## Viewing discussions insights diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md index 892aaa1a4f6e..483593afd7c1 100644 --- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md +++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/about-github-education-for-students.md @@ -37,11 +37,8 @@ Once you are a verified {% data variables.product.prodname_global_campus %} stud * **{% data variables.product.prodname_copilot %}**: Verified students receive a free subscription for {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer)." * **{% data variables.product.prodname_github_codespaces %}**: {% data reusables.education.student-codespaces-benefit %} For more information on getting started with {% data variables.product.prodname_github_codespaces %}, see "[AUTOTITLE](/codespaces/overview)." -{% note %} - -**Note:** {% data reusables.education.note-on-student-codespaces-usage %} For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom)." - -{% endnote %} +> [!NOTE] +> {% data reusables.education.note-on-student-codespaces-usage %} For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom)." ## Further reading diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md index 8806eafbcf4f..5d20ddcc4b59 100644 --- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md +++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student.md @@ -26,11 +26,8 @@ Documents that prove your current student status include a picture of your schoo During your tenure as a student, you may be prompted to periodically re-verify your current academic status. -{% note %} - -**Note:** You cannot transfer academic discounts from one account to another. If you have more than one account you want to apply the discount to, consider [merging](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts) your personal accounts and [renaming](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/changing-your-github-username) the retained account if desired. - -{% endnote %} +> [!NOTE] +> You cannot transfer academic discounts from one account to another. If you have more than one account you want to apply the discount to, consider [merging](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts) your personal accounts and [renaming](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/changing-your-github-username) the retained account if desired. For information about renewing your {% data variables.product.prodname_global_campus %} access, see "[AUTOTITLE](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/apply-to-github-global-campus-as-a-student#expiration-and-renewals)." diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/why-wasnt-my-application-to-github-education-for-students-approved.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/why-wasnt-my-application-to-github-education-for-students-approved.md index 81e653600b8a..b9590b209c9e 100644 --- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/why-wasnt-my-application-to-github-education-for-students-approved.md +++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/why-wasnt-my-application-to-github-education-for-students-approved.md @@ -14,11 +14,9 @@ versions: fpt: '*' shortTitle: Application not approved --- -{% tip %} -**Tip:** {% data reusables.education.about-github-education-link %} - -{% endtip %} +> [!TIP] +> {% data reusables.education.about-github-education-link %} ## Unclear academic affiliation documents @@ -46,11 +44,8 @@ If you have other questions or concerns about the school domain please ask your If your academic email address was already used to request a {% data variables.product.prodname_student_pack %} for a different {% data variables.product.prodname_dotcom %} account, you cannot reuse the academic email address to successfully apply for another {% data variables.product.prodname_student_pack %}. -{% note %} - -**Note:** It is against the {% data variables.product.prodname_dotcom %} [Terms of Service](/site-policy/github-terms/github-terms-of-service#3-account-requirements) to maintain more than one individual account. - -{% endnote %} +> [!NOTE] +> It is against the {% data variables.product.prodname_dotcom %} [Terms of Service](/site-policy/github-terms/github-terms-of-service#3-account-requirements) to maintain more than one individual account. If you have more than one personal account, you must merge your accounts. To retain the discount, keep the account that was granted the discount. You can rename the retained account and keep your contribution history by adding all your email addresses to the retained account. diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/why-wasnt-my-application-to-github-education-for-teachers-approved.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/why-wasnt-my-application-to-github-education-for-teachers-approved.md index 015ded6693f1..3072c1ffe5dd 100644 --- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/why-wasnt-my-application-to-github-education-for-teachers-approved.md +++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-teachers/why-wasnt-my-application-to-github-education-for-teachers-approved.md @@ -14,11 +14,9 @@ versions: fpt: '*' shortTitle: Application not approved --- -{% tip %} -**Tip:** {% data reusables.education.about-github-education-link %} - -{% endtip %} +> [!TIP] +> {% data reusables.education.about-github-education-link %} ## Unclear proof of affiliation documents diff --git a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md index cac0a9790bcc..f757796e8b57 100644 --- a/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md +++ b/content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md @@ -10,15 +10,12 @@ shortTitle: Apply to Campus Experts To apply to the {% data variables.product.prodname_student_leader_program %} program, you must first submit an application form, then submit a video resume. Applications to the program open in February and August, and you’ll have a full month to apply. -{% note %} - -**Note:** The application process helps us get to know the applicant. Here are some things we want to learn about you: -* Motivation: What makes you tick? What drives you? -* Interest: Why do you want to be part of the program? -* Growth and potential: What skills do you want to learn, and how will they help you grow personally and professionally? -* Contribution: What impact do you want to make on your campus? - -{% endnote %} +> [!NOTE] +> The application process helps us get to know the applicant. Here are some things we want to learn about you: +> * Motivation: What makes you tick? What drives you? +> * Interest: Why do you want to be part of the program? +> * Growth and potential: What skills do you want to learn, and how will they help you grow personally and professionally? +> * Contribution: What impact do you want to make on your campus? ### Eligibility criteria @@ -48,11 +45,8 @@ In the application form, we’re looking for students to tell us about the chall In your video resume, we look forward to getting to know you as an individual. -{% note %} - -**Note:** A video using your webcam and computer microphone is more than enough! We understand this process might not be accessible to all students. If you require an alternative method to make your submission, please reach out to the GitHub Education team. - -{% endnote %} +> [!NOTE] +> A video using your webcam and computer microphone is more than enough! We understand this process might not be accessible to all students. If you require an alternative method to make your submission, please reach out to the GitHub Education team. 1. Open the email you received after submitting your application form. 1. Using the guidelines included in the application status email, record your video resume. diff --git a/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/about-using-visual-studio-code-with-github-classroom.md b/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/about-using-visual-studio-code-with-github-classroom.md index d8b56e95cda8..71c25a816409 100644 --- a/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/about-using-visual-studio-code-with-github-classroom.md +++ b/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/about-using-visual-studio-code-with-github-classroom.md @@ -8,11 +8,8 @@ redirect_from: - /education/manage-coursework-with-github-classroom/about-using-vs-code-with-github-classroom --- -{% note %} - -**Note:** The [{% data variables.product.prodname_classroom %} extension for {% data variables.product.prodname_vscode_shortname %}](https://aka.ms/classroom-vscode-ext) is no longer in active development. The **Open in {% data variables.product.prodname_vscode_shortname %}** badge in student repositories still works, but other features of the extension may not function as expected. - -{% endnote %} +> [!NOTE] +> The [{% data variables.product.prodname_classroom %} extension for {% data variables.product.prodname_vscode_shortname %}](https://aka.ms/classroom-vscode-ext) is no longer in active development. The **Open in {% data variables.product.prodname_vscode_shortname %}** badge in student repositories still works, but other features of the extension may not function as expected. ## About {% data variables.product.prodname_vscode %} @@ -32,11 +29,8 @@ When creating an assignment, {% data variables.product.prodname_vscode_shortname This will include an "Open in {% data variables.product.prodname_vscode_shortname %}" badge in all student repositories. This badge handles installing {% data variables.product.prodname_vscode_shortname %}, the Classroom extension pack, and opening to the active assignment with one click. -{% note %} - -**Note:** The student must have Git installed on their computer to push code from {% data variables.product.prodname_vscode_shortname %} to their repository. This is not automatically installed when clicking the **Open in {% data variables.product.prodname_vscode_shortname %}** button. The student can download Git from [Git download](https://git-scm.com/downloads). - -{% endnote %} +> [!NOTE] +> The student must have Git installed on their computer to push code from {% data variables.product.prodname_vscode_shortname %} to their repository. This is not automatically installed when clicking the **Open in {% data variables.product.prodname_vscode_shortname %}** button. The student can download Git from [Git download](https://git-scm.com/downloads). ### How to use {% data variables.product.prodname_classroom %} extension pack diff --git a/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom.md b/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom.md index cad6fcdad597..538120623a43 100644 --- a/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom.md +++ b/content/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/using-github-codespaces-with-github-classroom.md @@ -19,19 +19,13 @@ Setting {% data variables.product.prodname_github_codespaces %} as the preferred For assignments with complex setup environments, teachers can customize the dev container configuration for a repository's codespaces. This ensures that when a student creates a codespace, it automatically opens with the development environment configured by the teacher. For more information on dev containers, see "[AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)." -{% note %} - -**Note**: Individual codespaces are automatically deleted if they are stopped and left unused for a prolonged period. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces)." - -{% endnote %} +> [!NOTE] +> Individual codespaces are automatically deleted if they are stopped and left unused for a prolonged period. See "[AUTOTITLE](/codespaces/setting-your-user-preferences/configuring-automatic-deletion-of-your-codespaces)." {% data reusables.education.student-codespaces-benefit %} -{% note %} - -**Note:** {% data reusables.education.note-on-student-codespaces-usage %} - -{% endnote %} +> [!NOTE] +> {% data reusables.education.note-on-student-codespaces-usage %} ## About the {% data variables.product.prodname_codespaces %} Education benefit for verified teachers diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md index a7e67d4078bb..50f991412174 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/about-assignments.md @@ -23,11 +23,8 @@ With {% data variables.product.prodname_classroom %}, you can create individual {% data reusables.classroom.reuse-assignment-link %} -{% note %} - -**Note:** {% data reusables.classroom.assignments-classroom-prerequisite %} - -{% endnote %} +> [!NOTE] +> {% data reusables.classroom.assignments-classroom-prerequisite %} ## Types of assignments diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom.md index 779f4b3445cd..98a655360ebf 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom.md @@ -23,11 +23,8 @@ You can connect a learning management system (LMS) to {% data variables.product. Before you can connect your LMS to a classroom, an administrator for your LMS instance needs to register your LMS with GitHub Classroom to initiate the OAuth handshake. An admin only needs to do this registration process once, then any teacher who uses their LMS instance may sync their LMS courses to classrooms. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/register-a-learning-management-system-with-github-classroom)." -{% note %} - -**Note:** {% data reusables.classroom.google-classroom-note %} - -{% endnote %} +> [!NOTE] +> {% data reusables.classroom.google-classroom-note %} To configure an LMS to connect to {% data variables.product.prodname_classroom %}, you must first create a classroom. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms#creating-a-classroom)." diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md index a94ccb2a595a..03722a6b5124 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment.md @@ -61,15 +61,9 @@ Under "Individual or group assignment", select the drop-down menu, then click ** If you've already created a group assignment for the classroom, you can reuse a set of teams for the new assignment. To create a new set with the teams that your students create for the assignment, type the name for the set. Optionally, type the maximum number of team members and total teams. -{% note %} - -**Note**: - -* We recommend including details about the set of teams in the name for the set. For example, if you want to use the set of teams for one assignment, name the set after the assignment. If you want to reuse the set throughout a semester or course, name the set after the semester or course. - -* If you'd like to assign students to a specific team, give your students a name for the team and provide a list of members. - -{% endnote %} +> [!NOTE] +> * We recommend including details about the set of teams in the name for the set. For example, if you want to use the set of teams for one assignment, name the set after the assignment. If you want to reuse the set throughout a semester or course, name the set after the semester or course. +> * If you'd like to assign students to a specific team, give your students a name for the team and provide a list of members. ### Choosing a visibility for assignment repositories diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md index f23abb6ba326..8c7bd891b741 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/editing-an-assignment.md @@ -16,20 +16,14 @@ After creating an assignment, you can edit many aspects of the assignment to bet {% data reusables.classroom.click-classroom-in-list %} 1. In the {% octicon "repo" aria-hidden="true" %} **Assignments** tab, next to the assignment you would like to edit, click {% octicon "pencil" aria-label="The pencil icon" %}. - {% note %} - - **Note:** You can also edit an assignment from the assignment's page. To access the assignment's page, in the **Assignments** tab, click the assignment name. - - {% endnote %} + > [!NOTE] + > You can also edit an assignment from the assignment's page. To access the assignment's page, in the **Assignments** tab, click the assignment name. 1. Under "Assignment title," click in the text field, then delete the existing text and type the new assignment title. 1. Optionally, to edit the default prefix for each student's assignment repository, next to the name of the prefix, click {% octicon "pencil" aria-label="The pencil icon" %}. - {% note %} - - **Note:** Editing an assignment's title or default repository prefix will not change the name of existing assignment repositories. - - {% endnote %} + > [!NOTE] + > Editing an assignment's title or default repository prefix will not change the name of existing assignment repositories. Then, type the new prefix under "Custom repository prefix." @@ -39,27 +33,18 @@ After creating an assignment, you can edit many aspects of the assignment to bet 1. To change the status of an assignment, select the **Assignment status** dropdown menu, then click **Active** or **Inactive**. - {% note %} - - **Note:** Inactive assignments cannot be accepted by students. You should change an assignment status to inactive once no more students should accept an assignment or the assignment deadline has passed. - - {% endnote %} + > [!NOTE] + > Inactive assignments cannot be accepted by students. You should change an assignment status to inactive once no more students should accept an assignment or the assignment deadline has passed. 1. Under "Repository visibility," select a visibility. If you use private repositories, only the student or team can see the feedback you provide. - {% note %} - - **Note:** Changing the visibility for assignment repositories will not retroactively change the visibility of existing assignment repositories. - - {% endnote %} + > [!NOTE] + > Changing the visibility for assignment repositories will not retroactively change the visibility of existing assignment repositories. 1. Optionally, select or deselect **Grant students admin access to their repository**. For more information on admin permissions for repositories, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." - {% note %} - - **Note:** Granting or revoking student admin access after an assignment has been created will not retroactively change the permissions for existing assignment repositories. - - {% endnote %} + > [!NOTE] + > Granting or revoking student admin access after an assignment has been created will not retroactively change the permissions for existing assignment repositories. 1. To set up or change the template repository for your assignment, in the "Add a template repository to give students starter code" section, select the **Select a repository** dropdown menu. * To choose a template repository, begin typing the repository name in the text field, then click the repository in the search results. @@ -67,11 +52,8 @@ After creating an assignment, you can edit many aspects of the assignment to bet You cannot change the template repository after a student has accepted the assignment. If you wish to provide updates to the starter code after students have accepted the assignment, see "[Making changes to assignment starter code](#making-changes-to-assignment-starter-code)." - {% note %} - - **Note:** By default, an assignment will create an empty repository for each student on the roster for the classroom. - - {% endnote %} + > [!NOTE] + > By default, an assignment will create an empty repository for each student on the roster for the classroom. 1. To add a new autograding test, in the "Add autograding tests" section, select the **Add test** dropdown menu, then click a grading method from the options that appear. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/use-autograding)." @@ -81,19 +63,13 @@ After creating an assignment, you can edit many aspects of the assignment to bet Additionally, delete existing protected paths by clicking {% octicon "trash" aria-label="The trash icon" %}. - {% note %} - - **Note:** If you remove a protected file path, the "Protected file(s) modified" label will be removed from any submissions that edited files in that path - - {% endnote %} + > [!NOTE] + > If you remove a protected file path, the "Protected file(s) modified" label will be removed from any submissions that edited files in that path 1. To turn feedback pull requests on or off, select or deselect **Enable feedback pull requests**. - {% note %} - - **Note:** Enabling or disabling feedback pull requests for an assignment will not create or delete feedback pull requests for existing assignment repositories. - - {% endnote %} + > [!NOTE] + > Enabling or disabling feedback pull requests for an assignment will not create or delete feedback pull requests for existing assignment repositories. {% data reusables.classroom.update-assignment %} diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/extending-an-assignments-deadline-for-an-individual-or-group.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/extending-an-assignments-deadline-for-an-individual-or-group.md index d44f1d4acfff..d7c0cbeebcec 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/extending-an-assignments-deadline-for-an-individual-or-group.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/extending-an-assignments-deadline-for-an-individual-or-group.md @@ -10,13 +10,9 @@ shortTitle: Extend deadline If you set a cutoff date for an assignment in {% data variables.product.prodname_classroom %}, individual students and groups will lose write access to their assignment repositories once that date has passed. To extend access to assignment repositories for specific students or groups, you can grant those students or groups an extension for that assignment. Extensions extend the cutoff date indefinitely, allowing students to submit an assignment at any time. For more information on setting a cutoff date, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-an-individual-assignment#assigning-a-deadline-for-an-assignment)" and "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/create-a-group-assignment#assigning-a-deadline-for-an-assignment)." -{% note %} - -**Notes:** -* If your assignment has a deadline, but it does not have a cutoff date, you will not be able to grant students extensions. Instead, you can inform the student or group of their extension directly and ignore the "Late" label applied to the student or group's entry on the assignment overview. -* If you grant a student or group an extension, and they submit their work after the initial cutoff date, the assignment will still be marked "Late". You can ignore the "Late" label, as it will not affect the student or group's grade, or write access to their assignment repository. - -{% endnote %} +> [!NOTE] +> * If your assignment has a deadline, but it does not have a cutoff date, you will not be able to grant students extensions. Instead, you can inform the student or group of their extension directly and ignore the "Late" label applied to the student or group's entry on the assignment overview. +> * If you grant a student or group an extension, and they submit their work after the initial cutoff date, the assignment will still be marked "Late". You can ignore the "Late" label, as it will not affect the student or group's grade, or write access to their assignment repository. ## Extending an assignment's deadline diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms.md index 203d4caebf37..c56e982f160b 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms.md @@ -58,11 +58,8 @@ If your course already has a roster, you can update the students on the roster o {% data reusables.classroom.click-students %} 1. To connect {% data variables.product.prodname_classroom %} to your LMS and import a roster, your LMS administrator will first need to register your LMS instance and then you will need to connect your LMS course to your classroom. Once connected, you can click the **Import from...** button to import a roster from your LMS course. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom)." - {% note %} - - **Note:** {% data reusables.classroom.google-classroom-note %} - - {% endnote %} + > [!NOTE] + > {% data reusables.classroom.google-classroom-note %} 1. Provide the student identifiers for your roster. @@ -81,11 +78,10 @@ Your classroom must have an existing roster to add students to the roster. For m 1. To the right of "Classroom roster", click **Update students**. If you have already linked your classroom to an LMS course, then you will see a **Sync from...** button instead. 1. Follow the instructions to add students to the roster. * To import students from an LMS, your LMS administrator will first need to register your LMS instance and then you will need to connect your LMS course to your classroom. Once connected, you can click the **Sync from...** button. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom)." - {% note %} - **Note:** {% data reusables.classroom.google-classroom-note %} + > [!NOTE] + > {% data reusables.classroom.google-classroom-note %} - {% endnote %} * To manually add students, under "Manually add students", click **Upload a CSV or text file** or type the identifiers for the students, then click **Add roster entries**. ## Renaming a classroom diff --git a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/register-a-learning-management-system-with-github-classroom.md b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/register-a-learning-management-system-with-github-classroom.md index 8cca103f86f5..636becc13005 100644 --- a/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/register-a-learning-management-system-with-github-classroom.md +++ b/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/register-a-learning-management-system-with-github-classroom.md @@ -10,11 +10,8 @@ shortTitle: Register an LMS Before you can connect your LMS to a classroom, an administrator for your LMS instance needs to configure your LMS to allow {% data variables.product.prodname_classroom %} and then register your LMS with {% data variables.product.prodname_classroom %} to initiate the OAuth handshake. An admin only needs to do this registration process once, then any teacher who uses their LMS instance may sync their LMS courses to classrooms. For more information on connecting an LMS course to a classroom, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom)." -{% note %} - -**Note:** {% data reusables.classroom.google-classroom-note %} - -{% endnote %} +> [!NOTE] +> {% data reusables.classroom.google-classroom-note %} ## Supported LMSes @@ -35,7 +32,7 @@ You can register your Canvas installation with {% data variables.product.prodnam | Field in Canvas app configuration | Value or setting | | :- | :- | | **Method** | `Manual Entry` | - | **Title** | `GitHub Classroom`

    **Note**: You can use any name, but if you set this to something else, be sure this is communicated to teachers. | + | **Title** | `GitHub Classroom`

    **Note:** You can use any name, but if you set this to something else, be sure this is communicated to teachers. | | **Description** | `Sync Canvas course rosters to GitHub Classroom` (or something similar) | | **Target Link URI** | `https://classroom.github.com/context-link` | | **OpenID Connect Initiation URL** | `https://classroom.github.com/lti1p3/openid-connect/auth` | @@ -44,7 +41,7 @@ You can register your Canvas installation with {% data variables.product.prodnam | **Redirect URIs** | `https://classroom.github.com/lti1p3/openid-connect/redirect` | | **LTI Advantage Services** dropdown | Select the "Can retrieve user data associated with the context the tool is installed in" checkbox. | | **Additional Settings** dropdown | Under "Privacy Level", select `Public` | - | **Placements** | Select `Course Settings Sub Navigation`.

    **Note**: If you set the placement to something else, this must be communicated to teachers. Our documentation will expect that this is the placement of the button. | + | **Placements** | Select `Course Settings Sub Navigation`.

    **Note:** If you set the placement to something else, this must be communicated to teachers. Our documentation will expect that this is the placement of the button. | 1. Click **Save**. 1. In the table on the "Developer Keys" page, in the row for the GitHub Classroom developer key, take note of the value of the client ID in the "Details" column -- this must be communicated to teachers for them to finish setup. 1. In the table on the "Developer Keys" page, under the "State" column, toggle the state of the key to "On". @@ -91,7 +88,7 @@ You must be using Moodle version 3.0 or greater. | Field in Moodle app configuration | Value or setting | | :- | :- | - | **Tool name** | `GitHub Classroom`

    **Note**: You can use any name, but if you set this to something else, be sure this is communicated to teachers. | + | **Tool name** | `GitHub Classroom`

    **Note:** You can use any name, but if you set this to something else, be sure this is communicated to teachers. | | **Tool URL** | `https://classroom.github.com` | | **LTI version** | `LTI 1.3` | | **Public Key type** | `Keyset URL` | @@ -133,7 +130,7 @@ You must be using Moodle version 3.0 or greater. | Field in Sakai app configuration | Value or setting | | :- | :- | - | **Tool name** | GitHub Classroom - [Your Course Name]

    **Note**: You can use any name, but if you set this to something else, be sure this is communicated to teachers. | + | **Tool name** | GitHub Classroom - [Your Course Name]

    **Note:** You can use any name, but if you set this to something else, be sure this is communicated to teachers. | | **Button Text** (Text in tool menu) | What the teacher will see on the button to launch to {% data variables.product.prodname_classroom %}. For example, the value could be `sync`. | | **Launch URL** | `https://classroom.github.com/context-link` | | **Send User Names to External Tool** | Select this checkbox. | diff --git a/content/education/quickstart.md b/content/education/quickstart.md index 4c715c42b553..21118adbd75f 100644 --- a/content/education/quickstart.md +++ b/content/education/quickstart.md @@ -13,11 +13,8 @@ Educators who teach a course on software development can use discounts, partners In this guide, you'll get started with {% data variables.product.product_name %}, sign up for accounts and discounted services through {% data variables.product.prodname_education %}, and create a space for your course and assignment on {% data variables.product.prodname_classroom %}. -{% tip %} - -**Tip**: If you're a student and you'd like to take advantage of an academic discount, see "[AUTOTITLE](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student)." - -{% endtip %} +> [!TIP] +> If you're a student and you'd like to take advantage of an academic discount, see "[AUTOTITLE](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-education-for-students/apply-to-github-education-as-a-student)." ## Creating accounts on {% data variables.product.product_name %} @@ -39,11 +36,8 @@ For more information, see "[AUTOTITLE](/get-started/learning-about-github/types- Next, you'll sign up for teacher benefits and resources from {% data variables.product.company_short %} by applying to {% data variables.product.prodname_global_campus %}, a portal that allows you to access your education benefits all in one place. {% data reusables.education.educator-requirements %} -{% tip %} - -**Tip** In addition to individual discounts, {% data variables.product.company_short %} offers partnerships with educational institutions through the {% data variables.product.prodname_campus_program %}. For more information, see the [{% data variables.product.prodname_campus_program %}](https://education.github.com/schools) website. - -{% endtip %} +> [!TIP] +> In addition to individual discounts, {% data variables.product.company_short %} offers partnerships with educational institutions through the {% data variables.product.prodname_campus_program %}. For more information, see the [{% data variables.product.prodname_campus_program %}](https://education.github.com/schools) website. {% data reusables.education.benefits-page %} {% data reusables.education.click-get-teacher-benefits %} @@ -63,11 +57,8 @@ With your personal account and organization account, you're ready to get started 1. To authorize {% data variables.product.prodname_classroom %} to access your personal account on {% data variables.product.prodname_dotcom %}, review the information, then click **Authorize {% data variables.product.prodname_classroom %}**. 1. Review the information. To authorize {% data variables.product.prodname_classroom %} to access your organization account on {% data variables.product.prodname_dotcom %}, click **Grant**. - {% tip %} - - **Tip**: If you see a **Request** button instead of a **Grant** button, you are a member of the organization, not an owner. An owner must approve your request for {% data variables.product.prodname_classroom %}. You must be an organization owner to create and manage classrooms and assignments in {% data variables.product.prodname_classroom %}. For more information, see "[AUTOTITLE](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps#oauth-apps-and-organizations)." - - {% endtip %} + > [!TIP] + > If you see a **Request** button instead of a **Grant** button, you are a member of the organization, not an owner. An owner must approve your request for {% data variables.product.prodname_classroom %}. You must be an organization owner to create and manage classrooms and assignments in {% data variables.product.prodname_classroom %}. For more information, see "[AUTOTITLE](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps#oauth-apps-and-organizations)." 1. Click **Authorize github**. diff --git a/content/get-started/accessibility/github-command-palette.md b/content/get-started/accessibility/github-command-palette.md index be2c9ab3da76..6682e40a54f8 100644 --- a/content/get-started/accessibility/github-command-palette.md +++ b/content/get-started/accessibility/github-command-palette.md @@ -40,13 +40,9 @@ When you open the command palette, it shows your location at the top left and us ![Screenshot of the command palette. "octo-org" is highlighted with an orange outline.](/assets/images/help/command-palette/command-palette-launch.png) -{% note %} - -**Notes:** -* If you are editing Markdown text, open the command palette with Ctrl+Alt+K (Windows and Linux) or Command+Option+K (Mac).{% ifversion projects-v2 %} -* If you are working on a {% data variables.projects.project_v2 %}, a project-specific command palette is displayed instead. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view)."{% endif %} - -{% endnote %} +> [!NOTE] +> * If you are editing Markdown text, open the command palette with Ctrl+Alt+K (Windows and Linux) or Command+Option+K (Mac).{% ifversion projects-v2 %} +> * If you are working on a {% data variables.projects.project_v2 %}, a project-specific command palette is displayed instead. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view)."{% endif %} ### Customizing your {% data variables.product.prodname_command_palette %} keyboard shortcuts diff --git a/content/get-started/accessibility/managing-your-theme-settings.md b/content/get-started/accessibility/managing-your-theme-settings.md index b9a0c85d1be1..32a607a672bd 100644 --- a/content/get-started/accessibility/managing-your-theme-settings.md +++ b/content/get-started/accessibility/managing-your-theme-settings.md @@ -39,11 +39,8 @@ If you have low vision, you may benefit from a high contrast theme, with greater {% ifversion command-palette %} -{% note %} - -**Note:** You can also change your theme settings with the command palette. For more information, see "[AUTOTITLE](/get-started/accessibility/github-command-palette)." - -{% endnote %} +> [!NOTE] +> You can also change your theme settings with the command palette. For more information, see "[AUTOTITLE](/get-started/accessibility/github-command-palette)." {% endif %} diff --git a/content/get-started/exploring-integrations/featured-github-integrations.md b/content/get-started/exploring-integrations/featured-github-integrations.md index 252e12bdb421..24ed639b4d57 100644 --- a/content/get-started/exploring-integrations/featured-github-integrations.md +++ b/content/get-started/exploring-integrations/featured-github-integrations.md @@ -22,11 +22,10 @@ shortTitle: Featured integrations You can connect to {% data variables.product.product_name %} repositories within third-party editor tools such as {% data variables.product.prodname_vs %}. {% ifversion fpt %} -{% note %} -**Note:** To see an example of how third-party editor tools connect to repositories for {% data variables.product.prodname_classroom %}, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/integrate-github-classroom-with-an-ide)." +> [!NOTE] +> To see an example of how third-party editor tools connect to repositories for {% data variables.product.prodname_classroom %}, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/integrate-github-classroom-with-an-ide/integrate-github-classroom-with-an-ide)." -{% endnote %} {% endif %} ### {% data variables.product.product_name %} for {% data variables.product.prodname_vs %} diff --git a/content/get-started/exploring-projects-on-github/contributing-to-a-project.md b/content/get-started/exploring-projects-on-github/contributing-to-a-project.md index 89b48c9766be..a56b9cb68003 100644 --- a/content/get-started/exploring-projects-on-github/contributing-to-a-project.md +++ b/content/get-started/exploring-projects-on-github/contributing-to-a-project.md @@ -41,11 +41,8 @@ This tutorial uses [the Spoon-Knife project](https://github.com/octocat/Spoon-Kn For many forking scenarios, such as contributing to open-source projects, you only need to copy the default branch. If you do not select this option, all branches will be copied into the new fork. 1. Click **Create fork**. -{% note %} - -**Note:** If you want to copy additional branches from the upstream repository, you can do so from the **Branches** page. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository)." - -{% endnote %} +> [!NOTE] +> If you want to copy additional branches from the upstream repository, you can do so from the **Branches** page. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository)." ## Cloning a fork diff --git a/content/get-started/exploring-projects-on-github/saving-repositories-with-stars.md b/content/get-started/exploring-projects-on-github/saving-repositories-with-stars.md index cfbc8a753a3a..bed3ae100199 100644 --- a/content/get-started/exploring-projects-on-github/saving-repositories-with-stars.md +++ b/content/get-started/exploring-projects-on-github/saving-repositories-with-stars.md @@ -49,11 +49,8 @@ To view everyone who has starred a repository, add `/stargazers` to the end of t ## Organizing starred repositories with lists -{% note %} - -**Note:** Lists are currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> Lists are currently in {% data variables.release-phases.public_preview %} and subject to change. Curate repositories that you've starred with public lists. You can create public lists that appear on your stars page at `https://github.com/USERNAME?tab=stars`. diff --git a/content/get-started/getting-started-with-git/about-remote-repositories.md b/content/get-started/getting-started-with-git/about-remote-repositories.md index fd0d255c066e..d02ba55d1eb1 100644 --- a/content/get-started/getting-started-with-git/about-remote-repositories.md +++ b/content/get-started/getting-started-with-git/about-remote-repositories.md @@ -56,13 +56,9 @@ When you `git clone`, `git fetch`, `git pull`, or `git push` to a remote reposit {% data reusables.command_line.provide-an-access-token %} -{% tip %} - -**Tips**: -* You can use a credential helper so Git will remember your {% data variables.product.prodname_dotcom %} credentials every time it talks to {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/caching-your-github-credentials-in-git)." -* To clone a repository without authenticating to {% data variables.product.product_name %} on the command line, you can use {% data variables.product.prodname_desktop %} to clone instead. For more information, see "[AUTOTITLE](/desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop)." - -{% endtip %} +> [!TIP] +> * You can use a credential helper so Git will remember your {% data variables.product.prodname_dotcom %} credentials every time it talks to {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/caching-your-github-credentials-in-git)." +> * To clone a repository without authenticating to {% data variables.product.product_name %} on the command line, you can use {% data variables.product.prodname_desktop %} to clone instead. For more information, see "[AUTOTITLE](/desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop)." {% ifversion fpt or ghec %}If you'd rather use SSH but cannot connect over port 22, you might be able to use SSH over the HTTPS port. For more information, see "[AUTOTITLE](/authentication/troubleshooting-ssh/using-ssh-over-the-https-port)."{% endif %} @@ -74,11 +70,8 @@ When you `git clone`, `git fetch`, `git pull`, or `git push` to a remote reposit {% ifversion fpt or ghec %}If you are accessing an organization that uses SAML single sign-on (SSO), you must authorize your SSH key to access the organization before you authenticate. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)" and "[AUTOTITLE](/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %} -{% tip %} - -**Tip**: You can use an SSH URL to clone a repository to your computer, or as a secure way of deploying your code to production servers. You can also use SSH agent forwarding with your deploy script to avoid managing keys on the server. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding)." - -{% endtip %} +> [!TIP] +> You can use an SSH URL to clone a repository to your computer, or as a secure way of deploying your code to production servers. You can also use SSH agent forwarding with your deploy script to avoid managing keys on the server. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding)." ## Cloning with {% data variables.product.prodname_cli %} diff --git a/content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md b/content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md index 427928e2cf20..f92a3ec2529f 100644 --- a/content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md +++ b/content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md @@ -15,11 +15,8 @@ versions: shortTitle: Caching credentials --- -{% tip %} - -**Tip:** If you clone {% data variables.product.product_name %} repositories using SSH, then you can authenticate using an SSH key instead of using other credentials. For information about setting up an SSH connection, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh)." - -{% endtip %} +> [!TIP] +> If you clone {% data variables.product.product_name %} repositories using SSH, then you can authenticate using an SSH key instead of using other credentials. For information about setting up an SSH connection, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh)." ## {% data variables.product.prodname_cli %} @@ -70,17 +67,11 @@ Once you've authenticated successfully, your credentials are stored in the Windo
    -{% warning %} - -**Warning:** Older versions of Git for Windows came with Git Credential Manager for Windows. This older product is no longer supported and cannot connect to GitHub via OAuth. We recommend you upgrade to [the latest version of Git for Windows](https://github.com/git-for-windows/git/releases/latest). - -{% endwarning %} - -{% warning %} - -**Warning:** If you cached incorrect or outdated credentials in Credential Manager for Windows, Git will fail to access {% data variables.product.product_name %}. To reset your cached credentials so that Git prompts you to enter your credentials, access the Credential Manager in the Windows Control Panel under User Accounts > Credential Manager. Look for the {% data variables.product.product_name %} entry and delete it. +> [!WARNING] +> Older versions of Git for Windows came with Git Credential Manager for Windows. This older product is no longer supported and cannot connect to GitHub via OAuth. We recommend you upgrade to [the latest version of Git for Windows](https://github.com/git-for-windows/git/releases/latest). -{% endwarning %} +> [!WARNING] +> If you cached incorrect or outdated credentials in Credential Manager for Windows, Git will fail to access {% data variables.product.product_name %}. To reset your cached credentials so that Git prompts you to enter your credentials, access the Credential Manager in the Windows Control Panel under User Accounts > Credential Manager. Look for the {% data variables.product.product_name %} entry and delete it. {% endwindows %} diff --git a/content/get-started/getting-started-with-git/managing-remote-repositories.md b/content/get-started/getting-started-with-git/managing-remote-repositories.md index a5ab27ee76ca..48f378cb5684 100644 --- a/content/get-started/getting-started-with-git/managing-remote-repositories.md +++ b/content/get-started/getting-started-with-git/managing-remote-repositories.md @@ -70,11 +70,8 @@ To fix this, you can: The `git remote set-url` command changes an existing remote repository URL. -{% tip %} - -**Tip:** For information on the difference between HTTPS and SSH URLs, see "[AUTOTITLE](/get-started/getting-started-with-git/about-remote-repositories)." - -{% endtip %} +> [!TIP] +> For information on the difference between HTTPS and SSH URLs, see "[AUTOTITLE](/get-started/getting-started-with-git/about-remote-repositories)." The `git remote set-url` command takes two arguments: @@ -234,12 +231,8 @@ $ git remote -v > origin https://{% data variables.product.product_url %}/OWNER/REPOSITORY.git (push) ``` -{% warning %} - -**Note**: `git remote rm` does not delete the remote repository from the server. It simply -removes the remote and its references from your local repository. - -{% endwarning %} +> [!NOTE] +> `git remote rm` does not delete the remote repository from the server. It simply removes the remote and its references from your local repository. ### Troubleshooting: Could not remove config section 'remote.[name]' diff --git a/content/get-started/getting-started-with-git/set-up-git.md b/content/get-started/getting-started-with-git/set-up-git.md index f2008586e88d..aaaf45db4cf1 100644 --- a/content/get-started/getting-started-with-git/set-up-git.md +++ b/content/get-started/getting-started-with-git/set-up-git.md @@ -40,16 +40,13 @@ If you do not need to work with files locally, {% data variables.product.product 1. [Download and install the latest version of Git](https://git-scm.com/downloads). - {% note %} - - **Note**: Most Chrome OS devices from 2020 onwards now have a built-in Linux environment, which includes Git. To enable it, go to the Launcher, search for Linux, and click **Turn on**. - - If you are using an older Chrome OS device, another method is required: - - 1. Install a terminal emulator such as Termux from the Google Play Store on your Chrome OS device. - 1. From the terminal emulator that you installed, install Git. For example, in Termux, enter `apt install git` and then type `y` when prompted. - - {% endnote %} + > [!NOTE] + > Most Chrome OS devices from 2020 onwards now have a built-in Linux environment, which includes Git. To enable it, go to the Launcher, search for Linux, and click **Turn on**. + > + > If you are using an older Chrome OS device, another method is required: + > + > 1. Install a terminal emulator such as Termux from the Google Play Store on your Chrome OS device. + > 1. From the terminal emulator that you installed, install Git. For example, in Termux, enter `apt install git` and then type `y` when prompted. 1. [Set your username in Git](/get-started/getting-started-with-git/setting-your-username-in-git). 1. [Set your commit email address in Git](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address). @@ -58,11 +55,8 @@ If you do not need to work with files locally, {% data variables.product.product When you connect to a {% data variables.product.prodname_dotcom %} repository from Git, you will need to authenticate with {% data variables.product.product_name %} using either HTTPS or SSH. -{% note %} - -**Note:** You can authenticate to {% data variables.product.product_name %} using {% data variables.product.prodname_cli %}, for either HTTP or SSH. For more information, see [`gh auth login`](https://cli.github.com/manual/gh_auth_login). - -{% endnote %} +> [!NOTE] +> You can authenticate to {% data variables.product.product_name %} using {% data variables.product.prodname_cli %}, for either HTTP or SSH. For more information, see [`gh auth login`](https://cli.github.com/manual/gh_auth_login). ### Connecting over HTTPS (recommended) diff --git a/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md b/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md index 7fd6685149a3..cd3f4106565e 100644 --- a/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md +++ b/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md @@ -13,19 +13,18 @@ versions: ghec: '*' shortTitle: macOS Keychain credentials --- -{% note %} -**Note:** Updating credentials from the macOS Keychain only applies to users who manually configured a {% data variables.product.pat_generic %} using the `osxkeychain` helper that is built-in to macOS. - -We recommend you either [configure SSH](/authentication/connecting-to-github-with-ssh) or upgrade to the [Git Credential Manager](/get-started/getting-started-with-git/caching-your-github-credentials-in-git) (GCM) instead. GCM can manage authentication on your behalf (no more manual {% data variables.product.pat_generic %}s) including 2FA (two-factor auth). - -{% endnote %} +> [!NOTE] +> Updating credentials from the macOS Keychain only applies to users who manually configured a {% data variables.product.pat_generic %} using the `osxkeychain` helper that is built-in to macOS. +> +> We recommend you either [configure SSH](/authentication/connecting-to-github-with-ssh) or upgrade to the [Git Credential Manager](/get-started/getting-started-with-git/caching-your-github-credentials-in-git) (GCM) instead. GCM can manage authentication on your behalf (no more manual {% data variables.product.pat_generic %}s) including 2FA (two-factor auth). {% data reusables.user-settings.password-authentication-deprecation %} {% ifversion ghec %} -> [!NOTE] {% data reusables.enterprise-data-residency.access-domain %} +> [!NOTE] +> {% data reusables.enterprise-data-residency.access-domain %} {% endif %} diff --git a/content/get-started/learning-about-github/about-github-advanced-security.md b/content/get-started/learning-about-github/about-github-advanced-security.md index a4f5279c1c07..965531427ef2 100644 --- a/content/get-started/learning-about-github/about-github-advanced-security.md +++ b/content/get-started/learning-about-github/about-github-advanced-security.md @@ -22,11 +22,8 @@ shortTitle: GitHub Advanced Security {% ifversion ghes %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% elsif ghec %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security)."{% elsif fpt %}To purchase a {% data variables.product.prodname_GH_advanced_security %} license, you must be using {% data variables.product.prodname_enterprise %}. For information about upgrading to {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% endif %} -{% note %} - -**Note:** If you want to use {% data variables.product.prodname_GH_advanced_security %} with Azure Repos, see [{% data variables.product.prodname_GH_advanced_security %} & Azure DevOps](https://resources.github.com/ghazdo/) in our resources site. For documentation, see [Configure {% data variables.product.prodname_ghas_azdo %}](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features) in Microsoft Learn. - -{% endnote %} +> [!NOTE] +> If you want to use {% data variables.product.prodname_GH_advanced_security %} with Azure Repos, see [{% data variables.product.prodname_GH_advanced_security %} & Azure DevOps](https://resources.github.com/ghazdo/) in our resources site. For documentation, see [Configure {% data variables.product.prodname_ghas_azdo %}](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features) in Microsoft Learn. ## About {% data variables.product.prodname_advanced_security %} features diff --git a/content/get-started/learning-about-github/github-language-support.md b/content/get-started/learning-about-github/github-language-support.md index 6e9c2ed3b1ba..d814c83fd804 100644 --- a/content/get-started/learning-about-github/github-language-support.md +++ b/content/get-started/learning-about-github/github-language-support.md @@ -41,12 +41,7 @@ Some features are supported for additional languages or package managers. If you {% data reusables.supported-languages.swift %} {% data reusables.supported-languages.typescript %} -{% note %} - -**Notes:** - -{% ifversion fpt or ghec %}- The language support for {% data variables.product.prodname_copilot %} varies depending on the volume and diversity of training data for that language.{% endif %} -* The support of Gradle for the dependency graph and {% data variables.product.prodname_dependabot_alerts %} is limited to the upload of data obtained using the {% data variables.dependency-submission-api.name %}. -* PHP, Rust, and Scala are supported for {% data variables.product.prodname_code_scanning %} by third-party actions. - -{% endnote %} +> [!NOTE] +{% ifversion fpt or ghec %}> * The language support for {% data variables.product.prodname_copilot %} varies depending on the volume and diversity of training data for that language.{% endif %} +> * The support of Gradle for the dependency graph and {% data variables.product.prodname_dependabot_alerts %} is limited to the upload of data obtained using the {% data variables.dependency-submission-api.name %}. +> * PHP, Rust, and Scala are supported for {% data variables.product.prodname_code_scanning %} by third-party actions. diff --git a/content/get-started/learning-about-github/githubs-plans.md b/content/get-started/learning-about-github/githubs-plans.md index 91edf97e1a22..9b0988ced7a5 100644 --- a/content/get-started/learning-about-github/githubs-plans.md +++ b/content/get-started/learning-about-github/githubs-plans.md @@ -36,7 +36,7 @@ With {% data variables.product.prodname_free_user %}, your personal account incl * {% data variables.product.prodname_dependabot_alerts %} * Deployment protection rules for public repositories * Two-factor authentication enforcement -* 500 MB {% data variables.product.prodname_registry %} storage {% ifversion fpt or ghec%} +* 500 MB {% data variables.product.prodname_registry %} storage {% ifversion fpt or ghec %} * 120 {% data variables.product.prodname_github_codespaces %} core hours per month * 15 GB {% data variables.product.prodname_github_codespaces %} storage per month {% endif %} * {% data variables.product.prodname_actions %} features: @@ -49,7 +49,7 @@ With {% data variables.product.prodname_free_user %}, your personal account incl In addition to the features available with {% data variables.product.prodname_free_user %} for personal accounts, {% data variables.product.prodname_pro %} includes: * {% data variables.contact.github_support %} via email * 3,000 {% data variables.product.prodname_actions %} minutes per month -* 2 GB {% data variables.product.prodname_registry %} storage {% ifversion fpt or ghec%} +* 2 GB {% data variables.product.prodname_registry %} storage {% ifversion fpt or ghec %} * 180 {% data variables.product.prodname_github_codespaces %} core hours per month * 20 GB {% data variables.product.prodname_github_codespaces %} storage per month {% endif %} * Advanced tools and insights in private repositories: @@ -60,11 +60,8 @@ In addition to the features available with {% data variables.product.prodname_fr * Auto-linked references * {% data variables.product.prodname_pages %} - {% note %} - - **Note:** To publish a {% data variables.product.prodname_pages %} site privately, you need to have an organization account. Additionally, your organization must use {% data variables.product.prodname_ghe_cloud %}. - - {% endnote %} + > [!NOTE] + > To publish a {% data variables.product.prodname_pages %} site privately, you need to have an organization account. Additionally, your organization must use {% data variables.product.prodname_ghe_cloud %}. * Wikis * Repository insights graphs: Pulse, contributors, traffic, commits, code frequency, network, and forks @@ -97,11 +94,8 @@ In addition to the features available with {% data variables.product.prodname_fr * Scheduled reminders * {% data variables.product.prodname_pages %} - {% note %} - - **Note:** To publish a {% data variables.product.prodname_pages %} site privately, you need to have an organization account. Additionally, your organization must use {% data variables.product.prodname_ghe_cloud %}. - - {% endnote %} + > [!NOTE] + > To publish a {% data variables.product.prodname_pages %} site privately, you need to have an organization account. Additionally, your organization must use {% data variables.product.prodname_ghe_cloud %}. * Wikis * Repository insights graphs: Pulse, contributors, traffic, commits, code frequency, network, and forks diff --git a/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md b/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md index 8335328794b0..7f85dfd08310 100644 --- a/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md +++ b/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md @@ -69,10 +69,10 @@ To audit access to enterprise-owned resources or user license usage, you can vie ## Part 3: Managing security with {% data variables.product.prodname_ghe_cloud %} -* [Managing security with {% data variables.product.prodname_emus %}](#managing-security-with-enterprise-managed-users) -* [Managing security without {% data variables.product.prodname_emus %}](#managing-security-without-enterprise-managed-users) +* [Managing security with {% data variables.product.prodname_emus %}](#managing-security-with-enterprise-managed-users) +* [Managing security without {% data variables.product.prodname_emus %}](#managing-security-without-enterprise-managed-users) -### Managing security with {% data variables.product.prodname_emus %} +### Managing security with {% data variables.product.prodname_emus %} With {% data variables.product.prodname_emus %}, access and identity is managed centrally through your identity provider. Two-factor authentication and other access requirements should be enabled and enforced on your IdP. @@ -92,7 +92,7 @@ You can configure an allow list for specific IP addresses to restrict access to {% data reusables.getting-started.enterprise-advanced-security %} -### Managing security without {% data variables.product.prodname_emus %} +### Managing security without {% data variables.product.prodname_emus %} To manage security for your enterprise, you can require two-factor authentication, manage allowed IP addresses, enable SAML single sign-on and team synchronization, and sign up for and enforce GitHub Advanced Security features. diff --git a/content/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications.md b/content/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications.md index e7bca0574b43..09f047d4340e 100644 --- a/content/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications.md +++ b/content/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications.md @@ -8,11 +8,8 @@ versions: {% ifversion ghec %} -{% note %} - -**Note:** {% data variables.enterprise.prodname_managed_users_caps %} do not have access to the {% data variables.product.prodname_certifications %} program. - -{% endnote %} +> [!NOTE] +> {% data variables.enterprise.prodname_managed_users_caps %} do not have access to the {% data variables.product.prodname_certifications %} program. {% endif %} diff --git a/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md b/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md index 79e8103e15a0..a60b3e2495d7 100644 --- a/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md +++ b/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md @@ -9,11 +9,8 @@ shortTitle: Registering for an exam {% ifversion ghec %} -{% note %} - -**Note:** {% data variables.enterprise.prodname_managed_users_caps %} do not have access to the {% data variables.product.prodname_certifications %} program. - -{% endnote %} +> [!NOTE] +> {% data variables.enterprise.prodname_managed_users_caps %} do not have access to the {% data variables.product.prodname_certifications %} program. {% endif %} diff --git a/content/get-started/start-your-journey/setting-up-your-profile.md b/content/get-started/start-your-journey/setting-up-your-profile.md index bb783fac29a6..17459e170b72 100644 --- a/content/get-started/start-your-journey/setting-up-your-profile.md +++ b/content/get-started/start-your-journey/setting-up-your-profile.md @@ -46,11 +46,9 @@ Next, we'll add some basic information about yourself to share with other {% dat 1. On your profile page, under your profile picture, click **Edit profile**. 1. Under "Bio", write one or two sentences about yourself, such as who you are and what you do. - {% note %} + > [!NOTE] + > Keep the bio short; we'll add a longer description of your interests in your profile README in the section below. - **Note:** Keep the bio short; we'll add a longer description of your interests in your profile README in the section below. - - {% endnote %} 1. To add an emoji to your bio, visit "[Emoji cheat sheet](https://www.webfx.com/tools/emoji-cheat-sheet/)" and copy and paste an emoji into the "Bio" dialog box. 1. Optionally, add your {% ifversion profile-pronouns %}preferred pronouns,{% endif %} workplace, location and timezone{% ifversion profile-social-links %}, and any links to your personal website and social accounts{% endif %}. {% ifversion profile-pronouns %}{% data reusables.profile.pronouns-visibility %}{% endif %} 1. Click **Save**. diff --git a/content/get-started/start-your-journey/uploading-a-project-to-github.md b/content/get-started/start-your-journey/uploading-a-project-to-github.md index 414d876ff38c..42cc8dbe776e 100644 --- a/content/get-started/start-your-journey/uploading-a-project-to-github.md +++ b/content/get-started/start-your-journey/uploading-a-project-to-github.md @@ -19,7 +19,7 @@ This tutorial will show you how to upload a group of files to a {% data variable Uploading your files to a {% data variables.product.prodname_dotcom %} repository lets you: * **Apply version control** when you make edits to the files, so your project's history is protected and manageable. -* **Back up** your work{% ifversion fpt or ghec%}, because your files are now stored in the cloud{% endif %}. +* **Back up** your work{% ifversion fpt or ghec %}, because your files are now stored in the cloud{% endif %}. * **Pin** the repository to your personal profile, so that others can see your work. * **Share** and discuss your work with others, either publicly or privately. @@ -64,13 +64,12 @@ In this step, we'll edit your project's `README.md` using Markdown so that it in 1. Delete the existing text apart from `#`, then type a proper title for your project. * Example: `# About my first project on GitHub`. 1. Next, add some information about your project, such as a description of the project's purpose or its main features. - {% note %} - **Note:** If you're not sure what to write, take a look at other repositories on {% data variables.product.product_name %} to see how other people describe their projects. + > [!NOTE] + > If you're not sure what to write, take a look at other repositories on {% data variables.product.product_name %} to see how other people describe their projects. + > + > To apply more sophisticated formatting, such as adding images, links, and footnotes, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)." - To apply more sophisticated formatting, such as adding images, links, and footnotes, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)." - - {% endnote %} {% data reusables.files.preview_change %} 1. Take a look at how the file will render once we save our changes, then toggle back to "Edit". 1. Continue to edit and preview the text until you're happy with the content of your README. diff --git a/content/get-started/using-git/about-git-rebase.md b/content/get-started/using-git/about-git-rebase.md index fd5f69289bdc..542b64935fc0 100644 --- a/content/get-started/using-git/about-git-rebase.md +++ b/content/get-started/using-git/about-git-rebase.md @@ -19,11 +19,8 @@ Typically, you would use `git rebase` to: * Combine multiple commits into one * Delete or revert commits that are no longer necessary -{% warning %} - -**Warning**: Because changing your commit history can make things difficult for everyone else using the repository, it's considered bad practice to rebase commits when you've already pushed to a repository. To learn how to safely rebase, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges)." - -{% endwarning %} +> [!WARNING] +> Because changing your commit history can make things difficult for everyone else using the repository, it's considered bad practice to rebase commits when you've already pushed to a repository. To learn how to safely rebase, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges)." ## Rebasing commits against a branch diff --git a/content/get-started/using-git/about-git-subtree-merges.md b/content/get-started/using-git/about-git-subtree-merges.md index 4772c59d685f..dc3a2bd65b88 100644 --- a/content/get-started/using-git/about-git-subtree-merges.md +++ b/content/get-started/using-git/about-git-subtree-merges.md @@ -101,11 +101,8 @@ The best way to explain subtree merges is to show by example. We will: Although we've only added one subproject, any number of subprojects can be incorporated into a Git repository. -{% tip %} - -**Tip**: If you create a fresh clone of the repository in the future, the remotes you've added will not be created for you. You will have to add them again using [the `git remote add` command](/get-started/getting-started-with-git/managing-remote-repositories). - -{% endtip %} +> [!TIP] +> If you create a fresh clone of the repository in the future, the remotes you've added will not be created for you. You will have to add them again using [the `git remote add` command](/get-started/getting-started-with-git/managing-remote-repositories). ## Synchronizing with updates and changes diff --git a/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md b/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md index 337d3a57f6cc..78089feda7bd 100644 --- a/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md +++ b/content/get-started/using-git/splitting-a-subfolder-out-into-a-new-repository.md @@ -14,11 +14,8 @@ versions: shortTitle: Splitting a subfolder --- -{% note %} - -**Note:** You need Git version 2.22.0 or later to follow these instructions, otherwise `git filter-repo` will not work. - -{% endnote %} +> [!NOTE] +> You need Git version 2.22.0 or later to follow these instructions, otherwise `git filter-repo` will not work. If you create a new clone of the repository, you won't lose any of your Git history or changes when you split a folder into a separate repository. However, note that the new repository won't have the branches and tags of the original repository. @@ -43,11 +40,8 @@ If you create a new clone of the repository, you won't lose any of your Git hist {% windows %} - {% tip %} - - **Tip:** Windows users should use `/` to delimit folders. - - {% endtip %} + > [!TIP] + > Windows users should use `/` to delimit folders. {% endwindows %} @@ -71,11 +65,8 @@ If you create a new clone of the repository, you won't lose any of your Git hist ![Screenshot of the "Quick Setup" header in a repository. Next to the remote URL, an icon of two overlapping squares is highlighted with an orange outline.](/assets/images/help/repository/copy-remote-repository-url-quick-setup.png) - {% tip %} - - **Tip:** For information on the difference between HTTPS and SSH URLs, see "[AUTOTITLE](/get-started/getting-started-with-git/about-remote-repositories)." - - {% endtip %} + > [!TIP] + > For information on the difference between HTTPS and SSH URLs, see "[AUTOTITLE](/get-started/getting-started-with-git/about-remote-repositories)." 1. Add a new remote name with the URL you copied for your repository. For example, `origin` or `upstream` are two common choices. diff --git a/content/get-started/using-github-docs/about-versions-of-github-docs.md b/content/get-started/using-github-docs/about-versions-of-github-docs.md index a5b624acbae4..6ae994a37e77 100644 --- a/content/get-started/using-github-docs/about-versions-of-github-docs.md +++ b/content/get-started/using-github-docs/about-versions-of-github-docs.md @@ -20,11 +20,8 @@ At the top of a page on {% data variables.product.prodname_docs %}, select the d ![Screenshot of the header of {% data variables.product.prodname_docs %}. The "Version" dropdown menu is expanded and highlighted with an orange outline.](/assets/images/help/docs/version-picker.png) -{% note %} - -**Note**: You can try changing the version now. You're viewing {% ifversion ghes %}a{% else %}the{% endif %} **{% ifversion fpt %}Free, Pro, & Team{% else %}{% data variables.product.product_name %}{% endif %}** version of this article. - -{% endnote %} +> [!NOTE] +> You can try changing the version now. You're viewing {% ifversion ghes %}a{% else %}the{% endif %} **{% ifversion fpt %}Free, Pro, & Team{% else %}{% data variables.product.product_name %}{% endif %}** version of this article. ## Determining which {% data variables.product.company_short %} product you use diff --git a/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md b/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md index 3480678f3198..8e26b190aee9 100644 --- a/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md +++ b/content/get-started/using-github/allowing-access-to-githubs-services-from-a-restricted-network.md @@ -15,10 +15,7 @@ In rare cases, an institution's network access policy may restrict access to spe You can use the REST API to retrieve a list of {% data variables.product.company_short %}'s domain names. -{% warning %} - -**Warning**: The list of domains from the REST API is not intended to be comprehensive. If you block access to services using DNS, but selectively allow access to {% data variables.product.company_short %}'s domain names, any or all of {% data variables.product.prodname_dotcom %} and related services may not function properly or at all for your end users. - -{% endwarning %} +> [!WARNING] +> The list of domains from the REST API is not intended to be comprehensive. If you block access to services using DNS, but selectively allow access to {% data variables.product.company_short %}'s domain names, any or all of {% data variables.product.prodname_dotcom %} and related services may not function properly or at all for your end users. For more information, see "[AUTOTITLE](/rest/meta)." diff --git a/content/get-started/using-github/exploring-early-access-releases-with-feature-preview.md b/content/get-started/using-github/exploring-early-access-releases-with-feature-preview.md index 2f792a86c391..31fe92e86d60 100644 --- a/content/get-started/using-github/exploring-early-access-releases-with-feature-preview.md +++ b/content/get-started/using-github/exploring-early-access-releases-with-feature-preview.md @@ -18,7 +18,7 @@ shortTitle: Feature preview | Phase | Description | |-------|-------------| -| {% data variables.release-phases.private_preview_caps %} | The product or feature is under heavy development and often has changing requirements and scope. The feature is available for demonstration and test purposes but may not be documented. {% data variables.release-phases.private_preview_caps %} releases are not necessarily feature complete, no service level agreements (SLAs) are provided, and there are no technical support obligations.

    **Note**: A product or feature released as a "Technology Preview" is considered to be in the {% data variables.release-phases.private_preview %} release stage. Technology Preview releases share the same characteristics of {% data variables.release-phases.private_preview %} releases as described above.| +| {% data variables.release-phases.private_preview_caps %} | The product or feature is under heavy development and often has changing requirements and scope. The feature is available for demonstration and test purposes but may not be documented. {% data variables.release-phases.private_preview_caps %} releases are not necessarily feature complete, no service level agreements (SLAs) are provided, and there are no technical support obligations.

    **Note:** A product or feature released as a "Technology Preview" is considered to be in the {% data variables.release-phases.private_preview %} release stage. Technology Preview releases share the same characteristics of {% data variables.release-phases.private_preview %} releases as described above.| | {% data variables.release-phases.public_preview_caps %} | The product or feature is ready for broader distribution. {% data variables.release-phases.public_preview_caps %} releases can be public or private, are documented, but do not have any SLAs or technical support obligations. | | General availability (GA) | The product or feature is fully tested and open publicly to all users. GA releases are ready for production use, and associated SLA and technical support obligations apply. | @@ -26,6 +26,6 @@ shortTitle: Feature preview You can see a list of features that are available in {% data variables.release-phases.public_preview %} and a brief description for each feature. Each feature includes a link to give feedback. -{% data reusables.feature-preview.feature-preview-setting %} +{% data reusables.feature-preview.feature-preview-setting %} 1. To view details for a feature, in the left sidebar, click the feature's name. 1. Optionally, to the right of a feature's name, click **Enable** or **Disable**. diff --git a/content/get-started/using-github/github-flow.md b/content/get-started/using-github/github-flow.md index 900de92ef2e2..3b232f56ac4e 100644 --- a/content/get-started/using-github/github-flow.md +++ b/content/get-started/using-github/github-flow.md @@ -27,11 +27,8 @@ To follow {% data variables.product.prodname_dotcom %} flow, you will need a {% ## Following {% data variables.product.prodname_dotcom %} flow -{% tip %} - -**Tip:** You can complete all steps of {% data variables.product.prodname_dotcom %} flow through the {% data variables.product.prodname_dotcom %} web interface, command line and [{% data variables.product.prodname_cli %}](https://cli.github.com), or [{% data variables.product.prodname_desktop %}](/free-pro-team@latest/desktop). For more information about the tools you can use to connect to {% data variables.product.prodname_dotcom %}, see "[AUTOTITLE](/get-started/using-github/connecting-to-github)." - -{% endtip %} +> [!TIP] +> You can complete all steps of {% data variables.product.prodname_dotcom %} flow through the {% data variables.product.prodname_dotcom %} web interface, command line and [{% data variables.product.prodname_cli %}](https://cli.github.com), or [{% data variables.product.prodname_desktop %}](/free-pro-team@latest/desktop). For more information about the tools you can use to connect to {% data variables.product.prodname_dotcom %}, see "[AUTOTITLE](/get-started/using-github/connecting-to-github)." ### Create a branch @@ -53,11 +50,8 @@ By committing and pushing your changes, you back up your work to remote storage. Continue to make, commit, and push changes to your branch until you are ready to ask for feedback. -{% tip %} - -**Tip:** Make a separate branch for each set of unrelated changes. This makes it easier for reviewers to give feedback. It also makes it easier for you and future collaborators to understand the changes and to revert or build on them. Additionally, if there is a delay in one set of changes, your other changes aren't also delayed. - -{% endtip %} +> [!TIP] +> Make a separate branch for each set of unrelated changes. This makes it easier for reviewers to give feedback. It also makes it easier for you and future collaborators to understand the changes and to revert or build on them. Additionally, if there is a delay in one set of changes, your other changes aren't also delayed. ### Create a pull request diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md b/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md index 4f6abbcbc035..dfcd9651138a 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md @@ -43,11 +43,8 @@ If you add a task list to the body of an issue, the list has added functionality {% data reusables.repositories.task-list-markdown %} -{% tip %} - -**Tip:** You cannot create task list items within closed issues or issues with linked pull requests. - -{% endtip %} +> [!TIP] +> You cannot create task list items within closed issues or issues with linked pull requests. ## Reordering tasks diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/attaching-files.md b/content/get-started/writing-on-github/working-with-advanced-formatting/attaching-files.md index ffd94df152a9..4ca98307f8bb 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/attaching-files.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/attaching-files.md @@ -16,21 +16,16 @@ topics: --- {% ifversion ghes %} -{% warning %} -**Warning:** When you upload an image or video to a pull request or issue comment, or upload a file to a ticket in the {% data variables.contact.landing_page_portal %}, anyone can view the anonymized URL without authentication, even if the pull request or issue is in a private repository, or if private mode is enabled. To keep sensitive media files private, serve them from a private network or server that requires authentication. +> [!WARNING] +> When you upload an image or video to a pull request or issue comment, or upload a file to a ticket in the {% data variables.contact.landing_page_portal %}, anyone can view the anonymized URL without authentication, even if the pull request or issue is in a private repository, or if private mode is enabled. To keep sensitive media files private, serve them from a private network or server that requires authentication. -{% endwarning %} {% endif %} {% ifversion fpt or ghec %} -{% note %} - -**Note:** For public repositories, uploaded files can be accessed without authentication. -In the case of private and internal repositories, only people with access to the repository can view the uploaded files. - -{% endnote %} +> [!NOTE] +> For public repositories, uploaded files can be accessed without authentication. In the case of private and internal repositories, only people with access to the repository can view the uploaded files. {% endif %} @@ -48,11 +43,8 @@ To attach a file to an issue or pull request conversation, drag and drop it into When you attach a file, it is uploaded immediately to {% data variables.product.product_name %} and the text field is updated to show the anonymized URL for the file. {% ifversion fpt or ghec %}For more information on anonymized URLs see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/about-anonymized-urls)."{% endif %} -{% note %} - -**Note:** In many browsers, you can copy-and-paste images directly into the box. - -{% endnote %} +> [!NOTE] +> In many browsers, you can copy-and-paste images directly into the box. The maximum file size is: @@ -62,11 +54,8 @@ The maximum file size is: * 100MB for videos{% endif %} * 25MB for all other files -{% note %} - -**Note:** To upload videos greater than 10MB to a repository owned by a user or organization on a paid {% data variables.product.prodname_dotcom %} plan, you must either be an organization member or outside collaborator, or be on a paid plan. - -{% endnote %} +> [!NOTE] +> To upload videos greater than 10MB to a repository owned by a user or organization on a paid {% data variables.product.prodname_dotcom %} plan, you must either be an organization member or outside collaborator, or be on a paid plan. We support these files: @@ -82,18 +71,12 @@ We support these files: * Text files (`.txt`) * Patch files (`.patch`) - {% note %} - - **Note:** If you use Linux and try to upload a `.patch` file, you will receive an error message. This is a known issue. - - {% endnote %} + > [!NOTE] + > If you use Linux and try to upload a `.patch` file, you will receive an error message. This is a known issue. * PDFs (`.pdf`) * ZIP (`.zip`, `.gz`, `.tgz`) * Video (`.mp4`, `.mov`, `.webm`) - {% note %} - - **Note:** Video codec compatibility is browser specific, and it's possible that a video you upload to one browser is not viewable on another browser. At the moment we recommend using H.264 for greatest compatibility. - - {% endnote %} + > [!NOTE] + > Video codec compatibility is browser specific, and it's possible that a video you upload to one browser is not viewable on another browser. At the moment we recommend using H.264 for greatest compatibility. diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls.md b/content/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls.md index 7bba20ce96f5..e45a367d9fb3 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls.md @@ -25,11 +25,8 @@ For more information on creating links, see "[AUTOTITLE](/get-started/writing-on Within conversations on {% data variables.product.product_name %}, references to issues and pull requests are automatically converted to shortened links. -{% note %} - -**Note:** Autolinked references are not created in wikis or files in a repository. - -{% endnote %} +> [!NOTE] +> Autolinked references are not created in wikis or files in a repository. | Reference type | Raw reference | Short link | | --- | --- | --- | @@ -53,11 +50,8 @@ The URL of a label can be found by navigating to the labels page and clicking on https://github.com/github/docs/labels/enhancement ``` -{% note %} - -**Note:** If the label name contains a period (`.`), the label will not automatically render from the label URL. - -{% endnote %} +> [!NOTE] +> If the label name contains a period (`.`), the label will not automatically render from the label URL. ## Commit SHAs diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet.md b/content/get-started/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet.md index 3cea2901e4e4..a5ed14520dc7 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet.md @@ -21,11 +21,8 @@ This type of permanent link will render as a code snippet only in the repository ![Screenshot of an issue comment. A code snippet has a header that lists the file name and line numbers, and a body that lists the code on those lines.](/assets/images/help/repository/rendered-code-snippet.png) -{% tip %} - -**Tip:** To create a permalink for an entire file, see "[AUTOTITLE](/repositories/working-with-files/using-files/getting-permanent-links-to-files)." - -{% endtip %} +> [!TIP] +> To create a permalink for an entire file, see "[AUTOTITLE](/repositories/working-with-files/using-files/getting-permanent-links-to-files)." {% data reusables.repositories.navigate-to-repo %} 1. Locate the code you'd like to link to: diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md b/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md index c2748493e14c..b2744b949f32 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md @@ -26,11 +26,8 @@ function test() { ![Screenshot of rendered {% data variables.product.prodname_dotcom %} Markdown showing how triple backticks render code blocks in raw formatting. The block begins with "function test() {."](/assets/images/help/writing/fenced-code-block-rendered.png) -{% tip %} - -**Tip:** To preserve your formatting within a list, make sure to indent non-fenced code blocks by eight spaces. - -{% endtip %} +> [!TIP] +> To preserve your formatting within a list, make sure to indent non-fenced code blocks by eight spaces. To display triple backticks in a fenced code block, wrap them inside quadruple backticks. diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md b/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md index c558578f909f..f62232540336 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md @@ -32,11 +32,8 @@ graph TD; ![Screenshot of a rendered Mermaid flow chart with four lavender boxes labeled A, B, C, and D. Arrows extend from A to B, B to D, A to C, and C to D.](/assets/images/help/writing/mermaid-flow-chart.png) -{% note %} - -**Note:** You may observe errors if you run a third-party Mermaid plugin when using Mermaid syntax on {% data variables.product.company_short %}. - -{% endnote %} +> [!NOTE] +> You may observe errors if you run a third-party Mermaid plugin when using Mermaid syntax on {% data variables.product.company_short %}. ### Checking your version of Mermaid diff --git a/content/get-started/writing-on-github/working-with-saved-replies/using-saved-replies.md b/content/get-started/writing-on-github/working-with-saved-replies/using-saved-replies.md index 7bb933dc865a..ed481a5e53c1 100644 --- a/content/get-started/writing-on-github/working-with-saved-replies/using-saved-replies.md +++ b/content/get-started/writing-on-github/working-with-saved-replies/using-saved-replies.md @@ -18,13 +18,9 @@ versions: 1. From the list, select the saved reply you'd like to add to your comment. Optionally, edit the content of the saved reply. 1. Select **Comment** to add your comment. -{% tip %} - -**Tips:** -* You can use a keyboard shortcut to autofill the comment with a saved reply. For more information, see "[AUTOTITLE](/get-started/accessibility/keyboard-shortcuts#comments)." -* You can filter the list by typing the title of the saved reply. - -{% endtip %} +> [!TIP] +> * You can use a keyboard shortcut to autofill the comment with a saved reply. For more information, see "[AUTOTITLE](/get-started/accessibility/keyboard-shortcuts#comments)." +> * You can filter the list by typing the title of the saved reply. ## Further reading diff --git a/content/github-cli/github-cli/creating-github-cli-extensions.md b/content/github-cli/github-cli/creating-github-cli-extensions.md index 5c998b437fd1..34ee5c5975c8 100644 --- a/content/github-cli/github-cli/creating-github-cli-extensions.md +++ b/content/github-cli/github-cli/creating-github-cli-extensions.md @@ -15,19 +15,13 @@ topics: You need a repository for each extension that you create. The repository name must start with `gh-`. The rest of the repository name is the name of the extension. The repository must have an executable file at its root with the same name as the repository or a set of precompiled binary executables attached to a release. -{% note %} - -**Note**: When relying on an executable script, we recommend using a bash script because bash is a widely available interpreter. You may use non-bash scripts, but the user must have the necessary interpreter installed in order to use the extension. If you would prefer to not rely on users having interpreters installed, consider a precompiled extension. - -{% endnote %} +> [!NOTE] +> When relying on an executable script, we recommend using a bash script because bash is a widely available interpreter. You may use non-bash scripts, but the user must have the necessary interpreter installed in order to use the extension. If you would prefer to not rely on users having interpreters installed, consider a precompiled extension. ## Creating an interpreted extension with `gh extension create` -{% note %} - -**Note**: Running `gh extension create` with no arguments will start an interactive wizard. - -{% endnote %} +> [!NOTE] +> Running `gh extension create` with no arguments will start an interactive wizard. You can use the `gh extension create` command to create a project for your extension, including a bash script that contains some starter code. @@ -73,11 +67,8 @@ You can use the `--precompiled=other` argument to create a project for your non- 1. In the directory that you created, add an executable file with the same name as the directory. - {% note %} - - **Note:** Make sure that your file is executable. On Unix, you can execute `chmod +x file_name` in the command line to make `file_name` executable. On Windows, you can run `git init -b main`, `git add file_name`, then `git update-index --chmod=+x file_name`. - - {% endnote %} + > [!NOTE] + > Make sure that your file is executable. On Unix, you can execute `chmod +x file_name` in the command line to make `file_name` executable. On Windows, you can run `git init -b main`, `git add file_name`, then `git update-index --chmod=+x file_name`. 1. Write your script in the executable file. For example: @@ -229,11 +220,8 @@ For more information, see [`gh help formatting`](https://cli.github.com/manual/g 1. From your directory, create a repository to publish your extension. Replace `EXTENSION-NAME` with the name of your extension. - {% note %} - - **Note:** Be careful not to commit the binary produced by your compilation step to version control. - - {% endnote %} + > [!NOTE] + > Be careful not to commit the binary produced by your compilation step to version control. ```shell git init -b main @@ -246,11 +234,8 @@ For more information, see [`gh help formatting`](https://cli.github.com/manual/g For example, an extension named `whoami` compiled for Windows 64bit would have the name `gh-whoami-windows-amd64.exe` while the same extension compiled for Linux 32bit would have the name `gh-whoami-linux-386`. To see an exhaustive list of OS and architecture combinations recognized by `gh`, see [this source code](https://github.com/cli/cli/blob/14f704fd0da58cc01413ee4ba16f13f27e33d15e/pkg/cmd/extension/manager.go#L696). - {% note %} - - **Note:** For your extension to run properly on Windows, its asset file must have a `.exe` extension. No extension is needed for other operating systems. - - {% endnote %} + > [!NOTE] + > For your extension to run properly on Windows, its asset file must have a `.exe` extension. No extension is needed for other operating systems. Releases can be created from the command line. For example: diff --git a/content/github-cli/github-cli/quickstart.md b/content/github-cli/github-cli/quickstart.md index aeba5b188243..67f728c3efbd 100644 --- a/content/github-cli/github-cli/quickstart.md +++ b/content/github-cli/github-cli/quickstart.md @@ -22,11 +22,8 @@ shortTitle: Quickstart ## Some useful commands -{% note %} - -**Note**: When you use some commands for the first time - for example, `gh codespace SUBCOMMAND` - you'll be prompted to add extra scopes to your authentication token. Follow the onscreen instructions. - -{% endnote %} +> [!NOTE] +> When you use some commands for the first time - for example, `gh codespace SUBCOMMAND` - you'll be prompted to add extra scopes to your authentication token. Follow the onscreen instructions. ### Viewing your status diff --git a/content/github-cli/github-cli/using-github-cli-extensions.md b/content/github-cli/github-cli/using-github-cli-extensions.md index b32bc83ab4d2..8b5121257091 100644 --- a/content/github-cli/github-cli/using-github-cli-extensions.md +++ b/content/github-cli/github-cli/using-github-cli-extensions.md @@ -11,11 +11,8 @@ topics: ## About {% data variables.product.prodname_cli %} extensions -{% note %} - -**Note:** Extensions outside of {% data variables.product.product_name %} and {% data variables.product.prodname_cli %} are not certified by {% data variables.product.product_name %} and are governed by separate terms of service, privacy policy, and support documentation. To mitigate risk when using third-party extensions, audit the source code of the extension before installing or updating the extension. - -{% endnote %} +> [!NOTE] +> Extensions outside of {% data variables.product.product_name %} and {% data variables.product.prodname_cli %} are not certified by {% data variables.product.product_name %} and are governed by separate terms of service, privacy policy, and support documentation. To mitigate risk when using third-party extensions, audit the source code of the extension before installing or updating the extension. {% data reusables.cli.cli-extensions %} For more information about how to create {% data variables.product.prodname_cli %} extensions, see "[AUTOTITLE](/github-cli/github-cli/creating-github-cli-extensions)." diff --git a/content/graphql/guides/forming-calls-with-graphql.md b/content/graphql/guides/forming-calls-with-graphql.md index f131daffae54..cfc9778c3907 100644 --- a/content/graphql/guides/forming-calls-with-graphql.md +++ b/content/graphql/guides/forming-calls-with-graphql.md @@ -63,11 +63,8 @@ curl -H "Authorization: bearer TOKEN" -X POST -d " \ " {% data variables.product.graphql_url %} ``` -{% tip %} - -**Note**: The string value of `"query"` must escape newline characters or the schema will not parse it correctly. For the `POST` body, use outer double quotes and escaped inner double quotes. - -{% endtip %} +> [!NOTE] +> The string value of `"query"` must escape newline characters or the schema will not parse it correctly. For the `POST` body, use outer double quotes and escaped inner double quotes. ### About query and mutation operations @@ -115,11 +112,8 @@ For a real-world example, see "[Example mutation](#example-mutation)." [Variables](https://graphql.org/learn/queries/#variables) can make queries more dynamic and powerful, and they can reduce complexity when passing mutation input objects. -{% note %} - -**Note**: If you're using the Explorer, make sure to enter variables in the separate [Query Variables pane](/graphql/guides/using-the-explorer#using-the-variable-pane), and do not include the word `variables` before the JSON object. - -{% endnote %} +> [!NOTE] +> If you're using the Explorer, make sure to enter variables in the separate [Query Variables pane](/graphql/guides/using-the-explorer#using-the-variable-pane), and do not include the word `variables` before the JSON object. Here's an example query with a single variable: @@ -319,11 +313,8 @@ Let's examine the query line by line: When we run the query, we get the `id`: `MDU6SXNzdWUyMzEzOTE1NTE=` -{% tip %} - -**Note**: The `id` returned in the query is the value we'll pass as the `subjectID` in the mutation. Neither the docs nor schema introspection will indicate this relationship; you'll need to understand the concepts behind the names to figure this out. - -{% endtip %} +> [!NOTE] +> The `id` returned in the query is the value we'll pass as the `subjectID` in the mutation. Neither the docs nor schema introspection will indicate this relationship; you'll need to understand the concepts behind the names to figure this out. With the ID known, we can proceed with the mutation: diff --git a/content/graphql/guides/introduction-to-graphql.md b/content/graphql/guides/introduction-to-graphql.md index 6ceae788fe40..349ba9ea73ea 100644 --- a/content/graphql/guides/introduction-to-graphql.md +++ b/content/graphql/guides/introduction-to-graphql.md @@ -118,11 +118,9 @@ GraphQL is [introspective](https://graphql.org/learn/introspection/). This means curl -H "Authorization: bearer TOKEN" {% data variables.product.graphql_url %} ``` - {% note %} - - **Note**: If you get the response `"message": "Bad credentials"` or `401 Unauthorized`, check that you are using a valid token. If you receive a `403` error with `Resource not accessible by {% data variables.product.pat_generic %}`, ensure that your {% data variables.product.pat_v2 %} is targeted to the correct resource owner. For example, it must target the organization that owns the repository you are trying to access. - {% endnote %} - + > [!NOTE] + > If you get the response `"message": "Bad credentials"` or `401 Unauthorized`, check that you are using a valid token. If you receive a `403` error with `Resource not accessible by {% data variables.product.pat_generic %}`, ensure that your {% data variables.product.pat_v2 %} is targeted to the correct resource owner. For example, it must target the organization that owns the repository you are trying to access. + The results are in JSON, so we recommend pretty-printing them for easier reading and searching. You can use a command-line tool like [jq](https://stedolan.github.io/jq/) or pipe the results into `python -m json.tool` for this purpose. Alternatively, you can pass the `idl` media type to return the results in IDL format, which is a condensed version of the schema: @@ -132,10 +130,7 @@ GraphQL is [introspective](https://graphql.org/learn/introspection/). This means {% data variables.product.graphql_url %} ``` - {% note %} - - **Note**: The introspection query is probably the only `GET` request you'll run in GraphQL. If you're passing a body, the GraphQL request method is `POST`, whether it's a query or a mutation. - - {% endnote %} + > [!NOTE] + > The introspection query is probably the only `GET` request you'll run in GraphQL. If you're passing a body, the GraphQL request method is `POST`, whether it's a query or a mutation. For more information about performing queries, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql)." diff --git a/content/graphql/guides/using-global-node-ids.md b/content/graphql/guides/using-global-node-ids.md index e4f96ff46d9d..26c4fb355485 100644 --- a/content/graphql/guides/using-global-node-ids.md +++ b/content/graphql/guides/using-global-node-ids.md @@ -13,11 +13,8 @@ topics: You can access most objects in GitHub (users, issues, pull requests, etc.) using either the REST API or the GraphQL API. You can find the **global node ID** of many objects from within the REST API and use these IDs in your GraphQL operations. For more information, see "[Preview GraphQL API Node IDs in REST API resources](https://developer.github.com/changes/2017-12-19-graphql-node-id/)." -{% note %} - -**Note:** In REST, the global node ID field is named `node_id`. In GraphQL, it's an `id` field on the `node` interface. For a refresher on what "node" means in GraphQL, see "[AUTOTITLE](/graphql/guides/introduction-to-graphql#node)." - -{% endnote %} +> [!NOTE] +> In REST, the global node ID field is named `node_id`. In GraphQL, it's an `id` field on the `node` interface. For a refresher on what "node" means in GraphQL, see "[AUTOTITLE](/graphql/guides/introduction-to-graphql#node)." ## Putting global node IDs to use diff --git a/content/graphql/guides/using-the-explorer.md b/content/graphql/guides/using-the-explorer.md index df5ff864d42e..fd7d137b03ee 100644 --- a/content/graphql/guides/using-the-explorer.md +++ b/content/graphql/guides/using-the-explorer.md @@ -14,11 +14,10 @@ topics: ## About the GraphQL Explorer {% ifversion ghec %} -{% note %} -**Note**: If your {% data variables.product.prodname_ghe_cloud %} organization uses {% data variables.product.prodname_dotcom %}'s IP allow list, you won't be able to use the GraphQL Explorer. Instead, we recommend using an alternative GraphQL client IDE. +> [!NOTE] +> If your {% data variables.product.prodname_ghe_cloud %} organization uses {% data variables.product.prodname_dotcom %}'s IP allow list, you won't be able to use the GraphQL Explorer. Instead, we recommend using an alternative GraphQL client IDE. -{% endnote %} {% endif %} {% ifversion fpt or ghec %} @@ -92,11 +91,8 @@ There are many open source GraphQL client IDEs. For example, you can use Altair 1. In Altair, click on **Docs** on the top right, then the three dots and **Load Schema...** 1. Select the file public schema that you downloaded in an earlier step. -{% note %} - -**Note**: For more information about why `POST` is the method, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql#communicating-with-graphql)." - -{% endnote %} +> [!NOTE] +> For more information about why `POST` is the method, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql#communicating-with-graphql)." You can test your access by querying yourself: @@ -155,8 +151,5 @@ It's possible you might run into an unexpected error that is not related to the } ``` -{% note %} - -**Note:** {% data variables.product.prodname_dotcom %} recommends checking for errors before using data in a production environment. In GraphQL, failure is not total: portions of GraphQL queries may succeed while others fail. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} recommends checking for errors before using data in a production environment. In GraphQL, failure is not total: portions of GraphQL queries may succeed while others fail. diff --git a/content/graphql/overview/explorer.md b/content/graphql/overview/explorer.md index d46b0399adb3..9879809723e1 100644 --- a/content/graphql/overview/explorer.md +++ b/content/graphql/overview/explorer.md @@ -16,11 +16,10 @@ autogenerated: graphql For more information about how to use the explorer, see "[AUTOTITLE](/graphql/guides/using-the-explorer)." {% ifversion ghec %} -{% note %} -**Note**: If your {% data variables.product.prodname_ghe_cloud %} organization uses {% data variables.product.prodname_dotcom %}'s IP allow list, you won't be able to use the GraphQL Explorer. Instead, we recommend using an alternative GraphQL client IDE. +> [!NOTE] +> If your {% data variables.product.prodname_ghe_cloud %} organization uses {% data variables.product.prodname_dotcom %}'s IP allow list, you won't be able to use the GraphQL Explorer. Instead, we recommend using an alternative GraphQL client IDE. -{% endnote %} {% endif %} diff --git a/content/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api.md b/content/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api.md index 7877ef9e5638..38824ab95084 100644 --- a/content/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api.md +++ b/content/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api.md @@ -212,11 +212,8 @@ You can also roughly calculate the point value of a query before you make the qu 1. Add up the number of requests needed to fulfill each unique connection in the call. Assume every request will reach the `first` or `last` argument limits. 1. Divide the number by **100** and round the result to the nearest whole number to get the final aggregate point value. This step normalizes large numbers. -{% note %} - -**Note**: The minimum point value of a call to the GraphQL API is **1**. - -{% endnote %} +> [!NOTE] +> The minimum point value of a call to the GraphQL API is **1**. Here's an example query and score calculation: diff --git a/content/graphql/overview/schema-previews.md b/content/graphql/overview/schema-previews.md index 22b86552f458..5e66caac15be 100644 --- a/content/graphql/overview/schema-previews.md +++ b/content/graphql/overview/schema-previews.md @@ -16,10 +16,7 @@ During the preview period, we may change some features based on developer feedba To access a schema preview, you'll need to provide a custom [media type](/rest/overview/media-types) in the `Accept` header for your requests. Feature documentation for each preview specifies which custom media type to provide. -{% note %} +> [!NOTE] +> The GraphQL schema members under preview cannot be accessed via the Explorer at this time. -**Note:** The GraphQL schema members under preview cannot be accessed via the Explorer at this time. - -{% endnote %} - - \ No newline at end of file + diff --git a/content/graphql/reference/queries.md b/content/graphql/reference/queries.md index 21ed51e8e230..69985f7c2b61 100644 --- a/content/graphql/reference/queries.md +++ b/content/graphql/reference/queries.md @@ -19,10 +19,7 @@ Every GraphQL schema has a root type for both queries and mutations. The [query For more information, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql#about-queries)." -{% note %} - -**Note:** For {% data variables.product.prodname_github_app %} requests made with user access tokens, you should use separate queries for issues and pull requests. For example, use the `is:issue` or `is:pull-request` filters and their equivalents. Using the `search` connection to return a combination of issues and pull requests in a single query will result in an empty set of nodes. - -{% endnote %} +> [!NOTE] +> For {% data variables.product.prodname_github_app %} requests made with user access tokens, you should use separate queries for issues and pull requests. For example, use the `is:issue` or `is:pull-request` filters and their equivalents. Using the `search` connection to return a combination of issues and pull requests in a single query will result in an empty set of nodes. diff --git a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/configuring-automation-for-project-boards.md b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/configuring-automation-for-project-boards.md index 0cfb7d0eee79..34ad7ef9225c 100644 --- a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/configuring-automation-for-project-boards.md +++ b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/configuring-automation-for-project-boards.md @@ -24,11 +24,8 @@ allowTitleToDifferFromFilename: true {% data reusables.project-management.resync-automation %} -{% tip %} - -**Tip**: To edit columns that already have configured automation, click **Manage** at the bottom of the column. - -{% endtip %} +> [!TIP] +> To edit columns that already have configured automation, click **Manage** at the bottom of the column. 1. Navigate to the {% data variables.projects.projects_v1_board %} you want to automate. 1. In the column you want to automate, click {% octicon "kebab-horizontal" aria-label="Column menu" %}. diff --git a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board.md index a4f089084ba2..735ba93ea34a 100644 --- a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board.md @@ -60,11 +60,10 @@ You can also configure workflow automations to keep your {% data variables.proje {% data reusables.projects.classic-project-creation %} {% ifversion classic-project-visibility-permissions %} -{% note %} -**Note:** {% data reusables.projects.owners-can-limit-visibility-permissions %} +> [!NOTE] +> {% data reusables.projects.owners-can-limit-visibility-permissions %} -{% endnote %} {% endif %} {% data reusables.profile.access_org %} diff --git a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/deleting-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/deleting-a-project-board.md index b00530b431b8..ab01f9219d5b 100644 --- a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/deleting-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/deleting-a-project-board.md @@ -14,11 +14,8 @@ allowTitleToDifferFromFilename: true --- {% data reusables.projects.project_boards_old %} -{% tip %} - -**Tip**: If you'd like to retain access to a completed or unneeded {% data variables.projects.projects_v1_board %} without losing access to its contents, you can [close the {% data variables.projects.projects_v1_board %}](/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board) instead of deleting it. - -{% endtip %} +> [!TIP] +> If you'd like to retain access to a completed or unneeded {% data variables.projects.projects_v1_board %} without losing access to its contents, you can [close the {% data variables.projects.projects_v1_board %}](/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board) instead of deleting it. 1. Navigate to the {% data variables.projects.projects_v1_board %} you want to delete. {% data reusables.project-management.click-menu %} diff --git a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/editing-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/editing-a-project-board.md index a03a688c7b39..917ca25bb04c 100644 --- a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/editing-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/editing-a-project-board.md @@ -17,11 +17,8 @@ allowTitleToDifferFromFilename: true {% ifversion projects-v1-can-create %} -{% tip %} - -**Tip:** For details on adding, removing, or editing columns in your {% data variables.projects.projects_v1_board %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board)." - -{% endtip %} +> [!TIP] +> For details on adding, removing, or editing columns in your {% data variables.projects.projects_v1_board %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board)." {% endif %} diff --git a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/linking-a-repository-to-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/linking-a-repository-to-a-project-board.md index 7f4b73cb1c02..ef5749ad69c1 100644 --- a/content/issues/organizing-your-work-with-project-boards/managing-project-boards/linking-a-repository-to-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/managing-project-boards/linking-a-repository-to-a-project-board.md @@ -26,11 +26,8 @@ Anyone with write permissions to a {% data variables.projects.projects_v1_board 1. Search for the repository you'd like to link. 1. Click **Link**. To unlink, click **Unlink**. -{% note %} - -**Note:** In order to link a repository to your organization or user owned {% data variables.projects.projects_v1_board %} the repository needs to have issues enabled. That is, the repository has an "Issues" tab (in forked repositories issues are disabled by default). For information on how to enable or disable issues for a repository, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/disabling-issues)." - -{% endnote %} +> [!NOTE] +> In order to link a repository to your organization or user owned {% data variables.projects.projects_v1_board %} the repository needs to have issues enabled. That is, the repository has an "Issues" tab (in forked repositories issues are disabled by default). For information on how to enable or disable issues for a repository, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/disabling-issues)." ## Further reading diff --git a/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-issues-and-pull-requests-to-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-issues-and-pull-requests-to-a-project-board.md index 364bca00c1d5..8849d3fefc46 100644 --- a/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-issues-and-pull-requests-to-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-issues-and-pull-requests-to-a-project-board.md @@ -22,11 +22,8 @@ You can add issue or pull request cards to your {% data variables.projects.proje You can put a maximum of 2,500 cards into each project column. If a column has reached the maximum number of cards, no cards can be moved into that column. -{% note %} - -**Note:** You can also add notes to your {% data variables.projects.projects_v1_board %} to serve as task reminders, references to issues and pull requests from any repository on {% data variables.product.product_name %}, or to add related information to your {% data variables.projects.projects_v1_board %}. For more information, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board)." - -{% endnote %} +> [!NOTE] +> You can also add notes to your {% data variables.projects.projects_v1_board %} to serve as task reminders, references to issues and pull requests from any repository on {% data variables.product.product_name %}, or to add related information to your {% data variables.projects.projects_v1_board %}. For more information, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board)." {% data reusables.project-management.edit-in-project %} @@ -39,20 +36,14 @@ You can put a maximum of 2,500 cards into each project column. If a column has r ![Screenshot showing the header of a project. The "Add cards" button is highlighted with an orange outline.](/assets/images/help/projects/add-cards-button.png) 1. Search for issues and pull requests to add to your {% data variables.projects.projects_v1_board %} using search qualifiers such as `is:issue is:open`. For more information on search qualifiers you can use, see "[AUTOTITLE](/search-github/searching-on-github/searching-issues-and-pull-requests)." - {% tip %} - - **Tips:** - * You can also add an issue or pull request by typing the URL in a card. - * If you're working on a specific feature, you can apply a label to each related issue or pull request for that feature, and then easily add cards to your {% data variables.projects.projects_v1_board %} by searching for the label name. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/managing-labels)." + > [!TIP] + > * You can also add an issue or pull request by typing the URL in a card. + > * If you're working on a specific feature, you can apply a label to each related issue or pull request for that feature, and then easily add cards to your {% data variables.projects.projects_v1_board %} by searching for the label name. For more information, see "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/managing-labels)." - {% endtip %} 1. From the filtered list of issues and pull requests, drag the card you'd like to add to your {% data variables.projects.projects_v1_board %} and drop it in the correct column. Alternatively, you can move cards using keyboard shortcuts. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} - {% tip %} - - **Tip:** You can drag and drop or use keyboard shortcuts to reorder cards and move them between columns. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} - - {% endtip %} + > [!TIP] + > You can drag and drop or use keyboard shortcuts to reorder cards and move them between columns. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} ## Adding issues and pull requests to a {% data variables.projects.projects_v1_board %} from the sidebar diff --git a/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board.md index 8a6b94ed0fb0..318650fe62ca 100644 --- a/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/adding-notes-to-a-project-board.md @@ -15,14 +15,10 @@ allowTitleToDifferFromFilename: true --- {% data reusables.projects.project_boards_old %} -{% tip %} - -**Tips:** -* You can format your note using Markdown syntax. For example, you can use headings, links, task lists, or emoji. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)." -* You can drag and drop or use keyboard shortcuts to reorder notes and move them between columns. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} -* Your {% data variables.projects.projects_v1_board %} must have at least one column before you can add notes.{% ifversion projects-v1-can-create %} For more information, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board)."{% endif %} - -{% endtip %} +> [!TIP] +> * You can format your note using Markdown syntax. For example, you can use headings, links, task lists, or emoji. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)." +> * You can drag and drop or use keyboard shortcuts to reorder notes and move them between columns. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} +> * Your {% data variables.projects.projects_v1_board %} must have at least one column before you can add notes.{% ifversion projects-v1-can-create %} For more information, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/creating-a-project-board)."{% endif %} When you add a URL for an issue, pull request, or another {% data variables.projects.projects_v1_board %} to a note, you'll see a preview in a summary card below your text. @@ -33,11 +29,8 @@ When you add a URL for an issue, pull request, or another {% data variables.proj ![Screenshot showing a project column. The 'add a note to this column' button is highlighted with an orange outline.](/assets/images/help/projects/add-note-button.png) 1. Type your note, then click **Add**. - {% tip %} - - **Tip:** You can reference an issue or pull request in your note by typing its URL in the card. - - {% endtip %} + > [!TIP] + > You can reference an issue or pull request in your note by typing its URL in the card. ## Converting a note to an issue @@ -45,11 +38,8 @@ If you've created a note and find that it isn't sufficient for your needs, you c When you convert a note to an issue, the issue is automatically created using the content from the note. The first line of the note will be the issue title and any additional content from the note will be added to the issue description. -{% tip %} - -**Tip:** You can add content in the body of your note to @mention someone, link to another issue or pull request, and add emoji. These {% data variables.product.prodname_dotcom %} Flavored Markdown features aren't supported within {% data variables.projects.projects_v1_board %} notes, but once your note is converted to an issue, they'll appear correctly. For more information on using these features, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/about-writing-and-formatting-on-github)." - -{% endtip %} +> [!TIP] +> You can add content in the body of your note to @mention someone, link to another issue or pull request, and add emoji. These {% data variables.product.prodname_dotcom %} Flavored Markdown features aren't supported within {% data variables.projects.projects_v1_board %} notes, but once your note is converted to an issue, they'll appear correctly. For more information on using these features, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/about-writing-and-formatting-on-github)." 1. Navigate to the note that you want to convert to an issue. {% data reusables.project-management.project-note-more-options %} diff --git a/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/filtering-cards-on-a-project-board.md b/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/filtering-cards-on-a-project-board.md index 93f95f105acd..1348893679e5 100644 --- a/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/filtering-cards-on-a-project-board.md +++ b/content/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/filtering-cards-on-a-project-board.md @@ -33,11 +33,8 @@ You can also use the "Filter cards" search bar at the top of each {% data variab 1. Navigate to the {% data variables.projects.projects_v1_board %} that contains the cards you want to filter. 1. Above the project card columns, click into the "Filter cards" search bar and type a search query to filter the cards. -{% tip %} - -**Tip:** You can drag and drop filtered cards or use keyboard shortcuts to move them between columns. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} - -{% endtip %} +> [!TIP] +> You can drag and drop filtered cards or use keyboard shortcuts to move them between columns. {% data reusables.project-management.for-more-info-project-keyboard-shortcuts %} ## Further reading diff --git a/content/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions.md b/content/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions.md index f3650c92c628..63b63699fec9 100644 --- a/content/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions.md +++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions.md @@ -28,11 +28,8 @@ For more information about other changes you can make to your project through th You may also want to use the **actions/add-to-project** workflow, which is maintained by {% data variables.product.company_short %} and will add the current issue or pull request to the project specified. For more information, see the [actions/add-to-project](https://github.com/actions/add-to-project) repository and README. -{% note %} - -**Note:** `GITHUB_TOKEN` is scoped to the repository level and cannot access {% data variables.projects.projects_v2 %}. To access {% data variables.projects.projects_v2 %} you can either create a {% data variables.product.prodname_github_app %} (recommended for organization projects) or a {% data variables.product.pat_generic %} (recommended for user projects). Workflow examples for both approaches are shown below. - -{% endnote %} +> [!NOTE] +> `GITHUB_TOKEN` is scoped to the repository level and cannot access {% data variables.projects.projects_v2 %}. To access {% data variables.projects.projects_v2 %} you can either create a {% data variables.product.prodname_github_app %} (recommended for organization projects) or a {% data variables.product.pat_generic %} (recommended for user projects). Workflow examples for both approaches are shown below. ## Example workflow authenticating with a {% data variables.product.prodname_github_app %} @@ -41,25 +38,21 @@ For more information about authenticating in a {% data variables.product.prodnam 1. Create a {% data variables.product.prodname_github_app %} or choose an existing {% data variables.product.prodname_github_app %} owned by your organization. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)." 1. Give your {% data variables.product.prodname_github_app %} read and write permissions to organization projects. For this specific example, your {% data variables.product.prodname_github_app %} will also need read permissions to repository pull requests and repository issues. For more information, see "[AUTOTITLE](/apps/maintaining-github-apps/editing-a-github-apps-permissions)." - {% note %} - - **Note:** You can control your app's permission to organization projects and to repository projects. You must give permission to read and write organization projects; permission to read and write repository projects will not be sufficient. - - {% endnote %} + > [!NOTE] + > You can control your app's permission to organization projects and to repository projects. You must give permission to read and write organization projects; permission to read and write repository projects will not be sufficient. 1. Install the {% data variables.product.prodname_github_app %} in your organization. Install it for all repositories that your project needs to access. For more information, see "[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps#installing-your-private-github-app-on-your-repository)." 1. Store your {% data variables.product.prodname_github_app %}'s ID as a configuration variable in your repository or organization. In the following workflow, replace `APP_ID` with the name of the configuration variable. You can find your app ID on the settings page for your app or through the App API. For more information, see "[AUTOTITLE](/rest/apps#get-an-app)." For more information about configuration variables, see "[AUTOTITLE](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows)." 1. Generate a private key for your app. Store the contents of the resulting file as a secret in your repository or organization. (Store the entire contents of the file, including `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----`.) In the following workflow, replace `APP_PEM` with the name of the secret. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)." For more information about storing secrets, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)." 1. In the following workflow, replace `YOUR_ORGANIZATION` with the name of your organization. For example, `octo-org`. Replace `YOUR_PROJECT_NUMBER` with your project number. To find the project number, look at the project URL. For example, `https://github.com/orgs/octo-org/projects/5` has a project number of 5. In order for this specific example to work, your project must also have a "Date posted" date field. - {% ifversion ghes < 3.12 %}{% note %} - - **Notes:** + {% ifversion ghes < 3.12 %} - * {% data reusables.actions.actions-not-certified-by-github %} - * {% data reusables.actions.actions-use-sha-pinning %} + > [!NOTE] + > * {% data reusables.actions.actions-not-certified-by-github %} + > * {% data reusables.actions.actions-use-sha-pinning %} - {% endnote %}{% endif %} + {% endif %} ```yaml annotate copy # @@ -259,7 +252,7 @@ jobs: # - To get the ID of a field called `Team`, add `echo 'TEAM_FIELD_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Team") | .id' project_data.json) >> $GITHUB_ENV`. # - To get the ID of an option called `Octoteam` for the `Team` single select field, add `echo 'OCTOTEAM_OPTION_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Team") |.options[] | select(.name=="Octoteam") |.id' project_data.json) >> $GITHUB_ENV`. # - # **Note**: This workflow assumes that you have a project with a single select field called "Status" that includes an option called "Todo" and a date field called "Date posted". You must modify this section to match the fields that are present in your table. + # **Note:** This workflow assumes that you have a project with a single select field called "Status" that includes an option called "Todo" and a date field called "Date posted". You must modify this section to match the fields that are present in your table. echo 'PROJECT_ID='$(jq '.data.organization.projectV2.id' project_data.json) >> $GITHUB_ENV echo 'DATE_FIELD_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Date posted") | .id' project_data.json) >> $GITHUB_ENV diff --git a/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects.md b/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects.md index 3790c023202a..2095b4985365 100644 --- a/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects.md +++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects.md @@ -459,11 +459,8 @@ A project may contain items that a user does not have permission to view. In thi Use mutations to update projects. For more information, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql#about-mutations)." -{% note %} - -**Note:** You cannot add and update an item in the same call. You must use `addProjectV2ItemById` to add the item and then use `updateProjectV2ItemFieldValue` to update the item. - -{% endnote %} +> [!NOTE] +> You cannot add and update an item in the same call. You must use `addProjectV2ItemById` to add the item and then use `updateProjectV2ItemFieldValue` to update the item. ### Adding an item to a project @@ -635,19 +632,16 @@ gh api graphql -f query=' {% endcli %} -{% note %} - -**Note:** You cannot use `updateProjectV2ItemFieldValue` to change `Assignees`, `Labels`, `Milestone`, or `Repository` because these fields are properties of pull requests and issues, not of project items. Instead, you may use the following mutations: - -* [addAssigneesToAssignable](/graphql/reference/mutations#addassigneestoassignable) -* [removeAssigneesFromAssignable](/graphql/reference/mutations#removeassigneesfromassignable) -* [addLabelsToLabelable](/graphql/reference/mutations#addlabelstolabelable) -* [removeLabelsFromLabelable](/graphql/reference/mutations#removelabelsfromlabelable) -* [updateIssue](/graphql/reference/mutations#updateissue) -* [updatePullRequest](/graphql/reference/mutations#updatepullrequest) -* [transferIssue](/graphql/reference/mutations#transferissue) - -{% endnote %} +> [!NOTE] +> You cannot use `updateProjectV2ItemFieldValue` to change `Assignees`, `Labels`, `Milestone`, or `Repository` because these fields are properties of pull requests and issues, not of project items. Instead, you may use the following mutations: +> +> * [addAssigneesToAssignable](/graphql/reference/mutations#addassigneestoassignable) +> * [removeAssigneesFromAssignable](/graphql/reference/mutations#removeassigneesfromassignable) +> * [addLabelsToLabelable](/graphql/reference/mutations#addlabelstolabelable) +> * [removeLabelsFromLabelable](/graphql/reference/mutations#removelabelsfromlabelable) +> * [updateIssue](/graphql/reference/mutations#updateissue) +> * [updatePullRequest](/graphql/reference/mutations#updatepullrequest) +> * [transferIssue](/graphql/reference/mutations#transferissue) ### Updating a single select field diff --git a/content/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic.md b/content/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic.md index 752419ccdc72..93de7d16eb78 100644 --- a/content/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic.md +++ b/content/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic.md @@ -11,18 +11,13 @@ topics: allowTitleToDifferFromFilename: true --- -{% note %} - -**Notes:** - -* If the project you are migrating contains more than {% data variables.projects.item_limit %} items, open issues will be prioritized followed by open pull requests and then notes. Remaining space will be used for closed issues, merged pull requested, and closed pull requests. Items that cannot be migrated due to this limit will be moved to the archive. If the archive limit of {% data variables.projects.archived_item_limit %} items is reached, additional items will not be migrated. -* Note cards are converted to draft issues, and the contents are saved to the body of the draft issue. If information appears to be missing, make any hidden fields visible. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view#showing-and-hiding-fields)." -* Automation will not be migrated. -* Triage, archive, and activity will not be migrated. -* After migration, the new migrated project and old project will not be kept in sync. -* {% data reusables.projects.migration-permissions-warning %} - -{% endnote %} +> [!NOTE] +> * If the project you are migrating contains more than {% data variables.projects.item_limit %} items, open issues will be prioritized followed by open pull requests and then notes. Remaining space will be used for closed issues, merged pull requested, and closed pull requests. Items that cannot be migrated due to this limit will be moved to the archive. If the archive limit of {% data variables.projects.archived_item_limit %} items is reached, additional items will not be migrated. +> * Note cards are converted to draft issues, and the contents are saved to the body of the draft issue. If information appears to be missing, make any hidden fields visible. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view#showing-and-hiding-fields)." +> * Automation will not be migrated. +> * Triage, archive, and activity will not be migrated. +> * After migration, the new migrated project and old project will not be kept in sync. +> * {% data reusables.projects.migration-permissions-warning %} ## About project migration @@ -49,11 +44,8 @@ You can migrate your {% data variables.projects.projects_v1_boards %} to the new ## Migrating a repository {% data variables.projects.projects_v1_board %} -{% note %} - -**Note:** {% data variables.projects.projects_v2_caps %} does not support repository level projects. When you migrate a repository {% data variables.projects.projects_v1_board %}, it will migrate to either the organization or personal account that owns the repository project, and the migrated project will be pinned to the original repository. - -{% endnote %} +> [!NOTE] +> {% data variables.projects.projects_v2_caps %} does not support repository level projects. When you migrate a repository {% data variables.projects.projects_v1_board %}, it will migrate to either the organization or personal account that owns the repository project, and the migrated project will be pinned to the original repository. {% data reusables.repositories.navigate-to-repo %} 1. Under your repository name, click {% octicon "table" aria-hidden="true" %} **Projects**. diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md index a59f7ba12912..e19aec0792d2 100644 --- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md +++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout.md @@ -71,11 +71,8 @@ In the board layout, you can choose which columns to display. The available colu You can sort items by a field value. -{% note %} - -**Note:** When a board is sorted, you cannot manually reorder items within a column. You can continue to move items from column to column. - -{% endnote %} +> [!NOTE] +> When a board is sorted, you cannot manually reorder items within a column. You can continue to move items from column to column. {% data reusables.projects.customize.sort %} diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout.md index 6f13f34af2de..861963b419f8 100644 --- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout.md +++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout.md @@ -67,11 +67,8 @@ You can sort items by a field value. {% ifversion projects-v2-consistent-sorting %}{% else %} -{% note %} - -**Note:** When a table is sorted, you cannot manually reorder rows. - -{% endnote %} +> [!NOTE] +> When a table is sorted, you cannot manually reorder rows. {% endif %} diff --git a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md index 1d533ff7c05e..88bcfa991ba3 100644 --- a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md +++ b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project.md @@ -10,11 +10,8 @@ topics: allowTitleToDifferFromFilename: true --- -{% note %} - -**Note:** A project can contain a maximum of {% data variables.projects.item_limit %} items and {% data variables.projects.archived_item_limit %} archived items. To learn more about automatically archiving items when they meet specific criteria, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)." - -{% endnote %} +> [!NOTE] +> A project can contain a maximum of {% data variables.projects.item_limit %} items and {% data variables.projects.archived_item_limit %} archived items. To learn more about automatically archiving items when they meet specific criteria, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)." ## Adding issues and pull requests to a project @@ -22,11 +19,8 @@ You have several options for adding issues and pull requests to your project. Yo {% ifversion projects-v2-timeline-events %} -{% note %} - -**Note:** Timeline events for Projects is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> Timeline events for Projects is currently in {% data variables.release-phases.public_preview %} and subject to change. When you add an issue or pull request to your project, an event will be added to the issue or pull request's timeline. Timeline events will also be added when you remove issues or pull requests and when changes are made to its `status` field for those items. Timeline events are only visible to people who have at least read permission for the project. If a change is made by a built-in workflow, the activity will be attributed to **@github-project-automation**. @@ -119,8 +113,5 @@ Draft issues are useful to quickly capture ideas. Unlike issues and pull request Draft issues can have a title, text body, assignees, and any custom fields from your project. In order to populate the repository, labels, or milestones for a draft issue, you must first convert the draft issue to an issue. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/converting-draft-issues-to-issues)." -{% note %} - -**Note**: Users will not receive notifications when they are assigned to or mentioned in a draft issue unless the draft issue is converted to an issue. - -{% endnote %} +> [!NOTE] +> Users will not receive notifications when they are assigned to or mentioned in a draft issue unless the draft issue is converted to an issue. diff --git a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md index b784f010d573..90af3af3a4b3 100644 --- a/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md +++ b/content/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project.md @@ -10,11 +10,8 @@ topics: allowTitleToDifferFromFilename: true --- -{% note %} - -**Note:** A project can contain a maximum of {% data variables.projects.item_limit %} items and {% data variables.projects.archived_item_limit %} archived items. - -{% endnote %} +> [!NOTE] +> A project can contain a maximum of {% data variables.projects.item_limit %} items and {% data variables.projects.archived_item_limit %} archived items. ## Archiving items diff --git a/content/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team.md b/content/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team.md index 99bf3cc41661..2a4e62ce86fa 100644 --- a/content/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team.md +++ b/content/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team.md @@ -29,11 +29,8 @@ Teams are granted read permissions on any project they are added to. This permis 1. Click **Link a project**. 1. In the search field, start typing the name of the project you want to add and then select the project in the list of matches. - {% note %} - - **Note:** If this change will result in increased project permissions for the team's members, {% data variables.product.product_name %} will prompt you to confirm your choice. - - {% endnote %} + > [!NOTE] + > If this change will result in increased project permissions for the team's members, {% data variables.product.product_name %} will prompt you to confirm your choice. ## Removing a project from a team diff --git a/content/issues/tracking-your-work-with-issues/administering-issues/closing-an-issue.md b/content/issues/tracking-your-work-with-issues/administering-issues/closing-an-issue.md index 87cabeb716c4..825d277bc5b0 100644 --- a/content/issues/tracking-your-work-with-issues/administering-issues/closing-an-issue.md +++ b/content/issues/tracking-your-work-with-issues/administering-issues/closing-an-issue.md @@ -14,11 +14,8 @@ redirect_from: - /issues/tracking-your-work-with-issues/closing-an-issue --- -{% note %} - -**Note:** You can also close issues automatically with keywords in pull requests and commit messages. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword#linking-a-pull-request-to-an-issue-using-a-keyword)." - -{% endnote %} +> [!NOTE] +> You can also close issues automatically with keywords in pull requests and commit messages. For more information, see "[AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword#linking-a-pull-request-to-an-issue-using-a-keyword)." {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-issues %} diff --git a/content/issues/tracking-your-work-with-issues/administering-issues/transferring-an-issue-to-another-repository.md b/content/issues/tracking-your-work-with-issues/administering-issues/transferring-an-issue-to-another-repository.md index 2f9d78b68988..503729544f6c 100644 --- a/content/issues/tracking-your-work-with-issues/administering-issues/transferring-an-issue-to-another-repository.md +++ b/content/issues/tracking-your-work-with-issues/administering-issues/transferring-an-issue-to-another-repository.md @@ -17,11 +17,8 @@ shortTitle: Transfer an issue --- To transfer an open issue to another repository, you must have write access to the repository the issue is in and the repository you're transferring the issue to. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." -{% note %} - -**Note**: You can only transfer issues between repositories owned by the same user or organization account. A private repository issue cannot be transferred to a public repository. - -{% endnote %} +> [!NOTE] +> You can only transfer issues between repositories owned by the same user or organization account. A private repository issue cannot be transferred to a public repository. When you transfer an issue, comments and assignees are retained. Labels and milestones are also retained if they're present in the target repository, with labels matching by name and milestones matching by both name and due date. {% ifversion projects-v1 %}This issue will stay on any user-owned or organization-wide {% data variables.projects.projects_v1_boards %} and be removed from any repository {% data variables.projects.projects_v1_boards %}. For more information, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)."{% endif %} diff --git a/content/issues/tracking-your-work-with-issues/using-issues/about-slash-commands.md b/content/issues/tracking-your-work-with-issues/using-issues/about-slash-commands.md index ff2bc9c63b06..5fa65792a88f 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/about-slash-commands.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/about-slash-commands.md @@ -8,11 +8,8 @@ redirect_from: - /issues/tracking-your-work-with-issues/about-slash-commands --- -{% note %} - -**Note:** Slash commands are currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> Slash commands are currently in {% data variables.release-phases.public_preview %} and subject to change. ## About slash commands diff --git a/content/issues/tracking-your-work-with-issues/using-issues/creating-a-branch-for-an-issue.md b/content/issues/tracking-your-work-with-issues/using-issues/creating-a-branch-for-an-issue.md index 5b07db81b4e7..293394da023e 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/creating-a-branch-for-an-issue.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/creating-a-branch-for-an-issue.md @@ -13,11 +13,8 @@ redirect_from: - /issues/tracking-your-work-with-issues/creating-a-branch-for-an-issue --- -{% note %} - -**Note:** The ability to create a branch for an issue is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> The ability to create a branch for an issue is currently in {% data variables.release-phases.public_preview %} and subject to change. ## About branches connected to an issue diff --git a/content/issues/tracking-your-work-with-issues/using-issues/creating-an-issue.md b/content/issues/tracking-your-work-with-issues/using-issues/creating-an-issue.md index f76ffcd08feb..69a493ff7a7d 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/creating-an-issue.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/creating-an-issue.md @@ -148,11 +148,8 @@ Within an issue, you can use task lists to break work into smaller tasks and tra You can use query parameters to open issues. Query parameters are optional parts of a URL you can customize to share a specific web page view, such as search filter results or an issue template on {% data variables.product.prodname_dotcom %}. To create your own query parameters, you must match the key and value pair. -{% tip %} - -**Tip:** You can also create issue templates that open with default labels, assignees, and an issue title. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests)." - -{% endtip %} +> [!TIP] +> You can also create issue templates that open with default labels, assignees, and an issue title. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests)." You must have the proper permissions for any action to use the equivalent query parameter. For example, you must have permission to add a label to an issue to use the `labels` query parameter. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." diff --git a/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md b/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md index 6927c66b1e16..36a11bc96885 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md @@ -135,11 +135,8 @@ Once you've [applied labels to an issue or pull request](/issues/using-labels-an {% data reusables.project-management.labels %} 1. In the list of labels, click a label. -{% tip %} - -**Tip:** To clear your filter selection, click **Clear current search query, filters, and sorts**. - -{% endtip %} +> [!TIP] +> To clear your filter selection, click **Clear current search query, filters, and sorts**. {% ifversion issue-types %} @@ -192,11 +189,8 @@ The issues and pull requests search bar allows you to define your own custom fil ![Screenshot of the list of issues for a repository. Above the list, a search field, containing the query "is:issue is:open", is outlined in dark orange.](/assets/images/help/issues/issues-search-bar.png) -{% tip %} - -**Tip:** {% data reusables.search.search_issues_and_pull_requests_shortcut %} - -{% endtip %} +> [!TIP] +> {% data reusables.search.search_issues_and_pull_requests_shortcut %} {% endwebui %} @@ -230,13 +224,10 @@ With issue and pull request search terms, you can: * Filter issues and pull requests by label: `state:open type:issue label:"bug"` * Filter out search terms by using `-` before the term: `state:open type:issue -author:octocat` -{% tip %} - -**Tip:** You can filter issues and pull requests by label using logical OR or using logical AND. -* To filter issues using logical OR, use the comma syntax: `label:"bug","wip"`. -* To filter issues using logical AND, use separate label filters: `label:"bug" label:"wip"`. - -{% endtip %} +> [!TIP] +> You can filter issues and pull requests by label using logical OR or using logical AND. +> * To filter issues using logical OR, use the comma syntax: `label:"bug","wip"`. +> * To filter issues using logical AND, use separate label filters: `label:"bug" label:"wip"`. For issues, you can also use search to: diff --git a/content/issues/tracking-your-work-with-issues/using-issues/linking-a-pull-request-to-an-issue.md b/content/issues/tracking-your-work-with-issues/using-issues/linking-a-pull-request-to-an-issue.md index b852c70a0d58..48b3d236137f 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/linking-a-pull-request-to-an-issue.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/linking-a-pull-request-to-an-issue.md @@ -18,11 +18,9 @@ topics: - Pull requests shortTitle: Link PR to issue --- -{% note %} -**Note:** The special keywords in a pull request description are interpreted when the pull request targets the repository's _default_ branch. However, if the PR's base is _any other branch_, then these keywords are ignored, no links are created and merging the PR has no effect on the issues. **If you want to link a pull request to an issue using a keyword, the PR must be on the default branch.** - -{% endnote %} +> [!NOTE] +> The special keywords in a pull request description are interpreted when the pull request targets the repository's _default_ branch. However, if the PR's base is _any other branch_, then these keywords are ignored, no links are created and merging the PR has no effect on the issues. **If you want to link a pull request to an issue using a keyword, the PR must be on the default branch.** ## About linked issues and pull requests diff --git a/content/issues/using-labels-and-milestones-to-track-work/about-milestones.md b/content/issues/using-labels-and-milestones-to-track-work/about-milestones.md index 0f0c732fde02..2cb86f5a5222 100644 --- a/content/issues/using-labels-and-milestones-to-track-work/about-milestones.md +++ b/content/issues/using-labels-and-milestones-to-track-work/about-milestones.md @@ -28,8 +28,5 @@ Additionally, you can edit the milestone from the milestone page and create new You can prioritize open issues and pull requests in a milestone by clicking to the left of an issue or pull request's checkbox, dragging it to a new location, and dropping it. -{% note %} - -**Note:** If there are more than 500 open issues in a milestone, you won't be able to prioritize issues. - -{% endnote %} +> [!NOTE] +> If there are more than 500 open issues in a milestone, you won't be able to prioritize issues. diff --git a/content/issues/using-labels-and-milestones-to-track-work/filtering-issues-and-pull-requests-by-milestone.md b/content/issues/using-labels-and-milestones-to-track-work/filtering-issues-and-pull-requests-by-milestone.md index 48785a6160db..00cd18d4cdaf 100644 --- a/content/issues/using-labels-and-milestones-to-track-work/filtering-issues-and-pull-requests-by-milestone.md +++ b/content/issues/using-labels-and-milestones-to-track-work/filtering-issues-and-pull-requests-by-milestone.md @@ -13,15 +13,11 @@ topics: - Pull requests shortTitle: Filter by milestone --- -{% tip %} -**Tips:** - -* If you'd rather filter issues and pull requests using the Search bar, you can use the milestone search syntax. For a milestone called My Milestone, the search syntax would be: `milestone:"My Milestone"`. -* To clear your filter selection, click **Clear current search query, filters, and sorts**. -* You can also filter issues or pull requests using the {% data variables.product.prodname_cli %}. For more information, see "[`gh issue list`](https://cli.github.com/manual/gh_issue_list)" or "[`gh pr list`](https://cli.github.com/manual/gh_pr_list)" in the {% data variables.product.prodname_cli %} documentation. - -{% endtip %} +> [!TIP] +> * If you'd rather filter issues and pull requests using the Search bar, you can use the milestone search syntax. For a milestone called My Milestone, the search syntax would be: `milestone:"My Milestone"`. +> * To clear your filter selection, click **Clear current search query, filters, and sorts**. +> * You can also filter issues or pull requests using the {% data variables.product.prodname_cli %}. For more information, see "[`gh issue list`](https://cli.github.com/manual/gh_issue_list)" or "[`gh pr list`](https://cli.github.com/manual/gh_pr_list)" in the {% data variables.product.prodname_cli %} documentation. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-issue-pr %} diff --git a/content/migrations/importing-source-code/using-the-command-line-to-import-source-code/importing-a-team-foundation-version-control-repository.md b/content/migrations/importing-source-code/using-the-command-line-to-import-source-code/importing-a-team-foundation-version-control-repository.md index 3eff10d8d0ca..4301b6dcc625 100644 --- a/content/migrations/importing-source-code/using-the-command-line-to-import-source-code/importing-a-team-foundation-version-control-repository.md +++ b/content/migrations/importing-source-code/using-the-command-line-to-import-source-code/importing-a-team-foundation-version-control-repository.md @@ -14,11 +14,8 @@ We recommend using Azure Repos to convert your Team Foundation Version Control ( ## Migrating with Azure Repos (recommended) -{% note %} - -**Note:** Azure Repos only migrates up to 180 days of history. The state of your repository before the 180-day threshold will be migrated in a single initial commit. To retain more history, see "[Migrating with `git-tfs`](#migrating-with-git-tfs)." - -{% endnote %} +> [!NOTE] +> Azure Repos only migrates up to 180 days of history. The state of your repository before the 180-day threshold will be migrated in a single initial commit. To retain more history, see "[Migrating with `git-tfs`](#migrating-with-git-tfs)." To follow these steps, you must use a macOS or Linux system and have the following tools installed: diff --git a/content/migrations/overview/about-locked-repositories.md b/content/migrations/overview/about-locked-repositories.md index 21707489a3c0..ccc4c198fa7a 100644 --- a/content/migrations/overview/about-locked-repositories.md +++ b/content/migrations/overview/about-locked-repositories.md @@ -28,11 +28,8 @@ While a migration is in progress, access to the destination repository is locked {% data variables.product.prodname_importer_proper_name %} does not lock source repositories by default. Source repositories will only be locked if you specify the `--lock-source-repo` option in the {% data variables.product.prodname_cli %}, or the `lockSource` attribute in the `startRepositoryMigration` GraphQL mutation. -{% note %} - -**Note:** We do not recommend locking source repositories unless you are certain you will not want to unlock them later. Consider archiving the repositories instead. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/archiving-repositories)." - -{% endnote %} +> [!NOTE] +> We do not recommend locking source repositories unless you are certain you will not want to unlock them later. Consider archiving the repositories instead. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/archiving-repositories)." For information about how to unlock repositories that were locked by {% data variables.product.prodname_importer_proper_name %}, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer#locked-repositories)." diff --git a/content/migrations/using-ghe-migrator/about-ghe-migrator.md b/content/migrations/using-ghe-migrator/about-ghe-migrator.md index 83de17af9bfe..cba4766d302a 100644 --- a/content/migrations/using-ghe-migrator/about-ghe-migrator.md +++ b/content/migrations/using-ghe-migrator/about-ghe-migrator.md @@ -24,11 +24,8 @@ There are three types of migrations you can perform: * A migration from a {% data variables.product.prodname_dotcom_the_website %} organization to a {% data variables.product.prodname_ghe_server %} instance. You can migrate any number of repositories owned by the organization. Before performing a migration, you must have [administrative access](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization) to the {% data variables.product.prodname_dotcom_the_website %} organization as well as site administrator access to the target instance. * _Trial runs_ are migrations that import data to a [staging instance]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance). These can be useful to see what _would_ happen if a migration were applied to {% data variables.location.product_location %}. **We strongly recommend that you perform a trial run on a staging instance before importing data to your production instance.** -{% note %} - -**Note:** The use of ghe-migrator is **not recommended** for transferring a {% data variables.product.prodname_ghe_server %} instance between hypervisors. Instead, we suggest either backing up and restoring to the new location with {% data variables.product.prodname_enterprise_backup_utilities %}, or creating a replica in the new location and then failing over to the replica appliance. For more information, see "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)", "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)" and "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/enterprise-management/configuring-high-availability/initiating-a-failover-to-your-replica-appliance)." - -{% endnote %} +> [!NOTE] +> The use of ghe-migrator is **not recommended** for transferring a {% data variables.product.prodname_ghe_server %} instance between hypervisors. Instead, we suggest either backing up and restoring to the new location with {% data variables.product.prodname_enterprise_backup_utilities %}, or creating a replica in the new location and then failing over to the replica appliance. For more information, see "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)", "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)" and "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/enterprise-management/configuring-high-availability/initiating-a-failover-to-your-replica-appliance)." ## Migrated data diff --git a/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md b/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md index eaac1efe00e8..eacdbe8db06d 100644 --- a/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md +++ b/content/migrations/using-ghe-migrator/migrating-data-to-github-enterprise-server.md @@ -262,11 +262,8 @@ After your migration is applied to your target instance and you have reviewed th {% data reusables.enterprise_installation.ssh-into-instance %} {% data reusables.enterprise_migrations.unlocking-on-instances %} -{% warning %} - -**Warning:** If your repository contains {% data variables.product.prodname_actions %} workflows using the `schedule` trigger, the workflows will not run automatically after an import. To start the scheduled workflows once again, push a commit to the repository. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#schedule)." - -{% endwarning %} +> [!WARNING] +> If your repository contains {% data variables.product.prodname_actions %} workflows using the `schedule` trigger, the workflows will not run automatically after an import. To start the scheduled workflows once again, push a commit to the repository. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#schedule)." ## Unlocking repositories on the source diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md index 48a7c192af70..f15c582b8ab1 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md @@ -88,11 +88,8 @@ gh gei download-logs --github-target-org DESTINATION --target-repo REPOSITORY -- To ensure you have access to migration logs for all your migrated repositories, you can use the `--download-migration-logs` flag when generating a migration script for repository migrations. When you use this flag, the script will include the `download-logs` command for each repository migrated in the script. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-repositories-with-github-enterprise-importer)." -{% note %} - -**Note:** You can only use the `--download-migration-logs` flag with repository migrations, not with organization migrations. - -{% endnote %} +> [!NOTE] +> You can only use the `--download-migration-logs` flag with repository migrations, not with organization migrations. ## Accessing an organization migration log @@ -106,8 +103,5 @@ The `README.md` file in the root of the repository includes the following inform The`/success` and `/failure` directories contain one file for each repository that was successfully migrated or that failed to migrate, respectively. These files follow the naming convention `REPO_NAME.md`. -{% note %} - -**Note:** The `gei-migration-results` repository is created at the beginning of the migration process but is only updated with your migration logs after the migration finishes. - -{% endnote %} +> [!NOTE] +> The `gei-migration-results` repository is created at the beginning of the migration process but is only updated with your migration logs after the migration finishes. diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md index 4c147de9a6b0..40e22483fa2e 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md @@ -39,13 +39,9 @@ The target user can choose to accept or reject the invitation. After a user acce If your organization uses {% data variables.product.prodname_emus %} and you choose to reclaim mannequins with the {% data variables.product.prodname_cli %}, you can optionally skip the invitation process, immediately reclaiming the mannequin without the user's approval. -{% note %} - -**Notes:** -* You cannot reclaim mannequins after you have transferred a repository to another organization. If you wish to transfer a repository to another organization after your migration, you must reclaim the mannequins before the transfer. -* When reclaiming mannequins, you can only target existing organization members. Before attempting to reclaim a mannequin, verify that the {% data variables.product.prodname_dotcom %} user you want to invite is already added to the organization. - -{% endnote %} +> [!NOTE] +> * You cannot reclaim mannequins after you have transferred a repository to another organization. If you wish to transfer a repository to another organization after your migration, you must reclaim the mannequins before the transfer. +> * When reclaiming mannequins, you can only target existing organization members. Before attempting to reclaim a mannequin, verify that the {% data variables.product.prodname_dotcom %} user you want to invite is already added to the organization. {% data variables.product.prodname_importer_proper_name %} does not migrate user access to repositories. After reclaiming mannequins, if any of the users do not already have appropriate access to the repository via team membership, you must separately give the users access to the repository. For more information, see "[Managing an individual's access to an organization repository](/organizations/managing-access-to-your-organizations-repositories/managing-an-individuals-access-to-an-organization-repository)." @@ -134,11 +130,9 @@ If your migration source is Azure DevOps, you can reclaim mannequins with the {% 1. To the right of the mannequin you want to reclaim, click **Reattribute**. 1. In the search field, type the username of the organization member you want to attribute the mannequin's contributions to, then click the member. - {% note %} - - **Note:** You can only send attribution invitations to user accounts that are already members of the organization. + > [!NOTE] + > You can only send attribution invitations to user accounts that are already members of the organization. - {% endnote %} 1. Click **Invite**. {% data reusables.enterprise-migration-tool.mannequin-reclaim-must-accept %} diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md index c6486ddff0f7..672fd734c5ca 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md @@ -53,11 +53,9 @@ The log contains a record of each command you issued and all of the API requests ### Unable to run migrations If you see an error like `No access to createMigrationMutation` or `Missing permissions`, your personal account does not have the required access to run the migration. Make sure you're either an organization owner or have been granted the migrator role. For more information about granting the migrator role, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-repositories-with-github-enterprise-importer)." -{% note %} -**Note:** If you're migrating between {% data variables.product.company_short %} products, make sure you're an organization owner or have been granted the migrator role for both the source and target organizations. - -{% endnote %} +> [!NOTE] +> If you're migrating between {% data variables.product.company_short %} products, make sure you're an organization owner or have been granted the migrator role for both the source and target organizations. ### Resource is protected by organization SAML enforcement @@ -153,11 +151,8 @@ If you see "Repository metadata too big to migrate" in the "Migration Log" issue If you're migrating from Azure DevOps, pull request comments on lines that were never changed in the pull request cannot be migrated to {% data variables.product.prodname_dotcom %}. You'll see this warning for every comment that cannot be migrated for this reason. -{% note %} - -**Note:** Only comments on lines that weren't changed in a pull request are affected by this limitation. Comments on lines that were changed in a pull request are migrated. - -{% endnote %} +> [!NOTE] +> Only comments on lines that weren't changed in a pull request are affected by this limitation. Comments on lines that were changed in a pull request are migrated. Be aware that the affected comments will not be in the migrated repository, but these warnings do not require further action from you. @@ -186,11 +181,8 @@ The process for unlocking a repository depends on the {% data variables.product. * If the locked repository is on {% data variables.product.prodname_ghe_server %}, a site administrator can unlock the repository using the site admin dashboard. For more information, see "[AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/user-management/managing-repositories-in-your-enterprise/locking-a-repository){% ifversion ghes %}."{% else %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% endif %} * If the locked repository is on {% data variables.product.prodname_dotcom_the_website %}, you can contact {% data variables.contact.contact_support %} to unlock the repository. -{% note %} - -**Note:** If your migration failed, not all of your data was migrated. If you choose to unlock and use the repository, there will be data loss. Deleting the locked repository and retrying the migration may be a better option. - -{% endnote %} +> [!NOTE] +> If your migration failed, not all of your data was migrated. If you choose to unlock and use the repository, there will be data loss. Deleting the locked repository and retrying the migration may be a better option. ## Contacting {% data variables.contact.github_support %} diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md index efcd3a5d289f..434e7cfdac44 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md @@ -107,11 +107,8 @@ All repositories are migrated with private visibility. If you want to set a repo Team membership is **not** migrated. After the migration, you'll need to add members to migrated teams. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/overview-of-a-migration-between-github-products#recreating-teams)." -{% note %} - -**Note:** {% data reusables.enterprise-migration-tool.team-references %} For more information about how to prevent and resolve these issues, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer#team-references-are-broken-after-an-organization-migration)." - -{% endnote %} +> [!NOTE] +> {% data reusables.enterprise-migration-tool.team-references %} For more information about how to prevent and resolve these issues, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer#team-references-are-broken-after-an-organization-migration)." ### Migrated data for a repository diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md index 19ca1f68cd37..75dea9ea41ee 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md @@ -45,15 +45,10 @@ If you're migrating from {% data variables.product.prodname_ghe_server %} 3.8 or {% data reusables.enterprise-migration-tool.about-the-migrator-role %} -{% note %} - -**Notes:** - -* If you're migrating a repository between two organizations, you can grant the migrator role to the same person or team for both organizations, but you must grant each separately. -* You cannot grant the migrator role for enterprise accounts. Therefore, you can only run an organization migration if you're an owner of the destination enterprise. However, you can grant the migrator role to that enterprise owner for the source organization. -* The {% data variables.product.prodname_cli %} does not support granting the migrator role for organizations on {% data variables.product.prodname_ghe_server %}, so you must be an organization owner of the source organization to migrate repositories from {% data variables.product.prodname_ghe_server %}. - -{% endnote %} +> [!NOTE] +> * If you're migrating a repository between two organizations, you can grant the migrator role to the same person or team for both organizations, but you must grant each separately. +> * You cannot grant the migrator role for enterprise accounts. Therefore, you can only run an organization migration if you're an owner of the destination enterprise. However, you can grant the migrator role to that enterprise owner for the source organization. +> * The {% data variables.product.prodname_cli %} does not support granting the migrator role for organizations on {% data variables.product.prodname_ghe_server %}, so you must be an organization owner of the source organization to migrate repositories from {% data variables.product.prodname_ghe_server %}. ## Required roles @@ -88,11 +83,8 @@ For other tasks, such as downloading a migration log, you only need one {% data The scopes that are required for your {% data variables.product.prodname_dotcom %} {% data variables.product.pat_v1 %} depend on your role and the task you want to complete. -{% note %} - -**Note**: {% data reusables.user-settings.generic-classic-pat-only %} This means that you cannot use {% data variables.product.prodname_importer_proper_name %} if your organization uses the "Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations" policy. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#restricting-access-by-personal-access-tokens)." - -{% endnote %} +> [!NOTE] +> {% data reusables.user-settings.generic-classic-pat-only %} This means that you cannot use {% data variables.product.prodname_importer_proper_name %} if your organization uses the "Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations" policy. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#restricting-access-by-personal-access-tokens)." Task | Enterprise owner | Organization owner | Migrator ---- | ------------------ | -------- | ----- | diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md index 0bb29a920843..085aaa4be5bf 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md @@ -211,13 +211,10 @@ Content-Type: application/json For more information, see "[Get an organization migration status](/rest/migrations/orgs#get-an-organization-migration-status)". -{% note %} - -**Note:** If your migration moves to the `failed` state rather than the `exported` state, try starting the migration again. If the migration fails repeatedly, we recommend generating the archives using `ghe-migrator` instead of the API. - -Follow the steps in "[Exporting migration data from your enterprise]({% ifversion not ghes%}/enterprise-server@latest{% endif %}/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-your-enterprise)," adding only one repository to the migration. At the end of the process, you will have a single migration archive with your Git source and metadata, and you can move to step 6 in this article. - -{% endnote %} +> [!NOTE] +> If your migration moves to the `failed` state rather than the `exported` state, try starting the migration again. If the migration fails repeatedly, we recommend generating the archives using `ghe-migrator` instead of the API. +> +>Follow the steps in "[Exporting migration data from your enterprise]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-your-enterprise)," adding only one repository to the migration. At the end of the process, you will have a single migration archive with your Git source and metadata, and you can move to step 6 in this article. After the `state` of a migration moves to `exported`, you can fetch the migration's URL using the "Download an organization migration archive" API. @@ -361,23 +358,17 @@ After you set up blob storage with a supported cloud provider, you must configur #### Configuring blob storage in the {% data variables.enterprise.management_console %} of {% data variables.location.product_location_enterprise %} -{% note %} - -**Note:** You only need to configure blob storage in the {% data variables.enterprise.management_console %} if you use {% data variables.product.prodname_ghe_server %} 3.8 or higher. If you use 3.7 or lower, configure your credentials in the {% data variables.product.prodname_cli %} instead. - -{% endnote %} +> [!NOTE] +> You only need to configure blob storage in the {% data variables.enterprise.management_console %} if you use {% data variables.product.prodname_ghe_server %} 3.8 or higher. If you use 3.7 or lower, configure your credentials in the {% data variables.product.prodname_cli %} instead. {% data reusables.enterprise-migration-tool.blob-storage-management-console %} ### Configuring your blob storage credentials in the {% data variables.product.prodname_cli %} -{% note %} - -**Note:** You only need to configure your blob storage credentials in the {% data variables.product.prodname_cli %} if you use {% data variables.product.prodname_ghe_server %} 3.7 or lower. If you use 3.8 or higher, configure blob storage in the {% data variables.enterprise.management_console %} instead. - -If you configure your blob storage credentials in the {% data variables.product.prodname_cli %}, you will not be able to perform migrations where your Git source or metadata exports exceed 2GB. To perform these migrations, upgrade to {% data variables.product.prodname_ghe_server %} 3.8 or higher. - -{% endnote %} +> [!NOTE] +> You only need to configure your blob storage credentials in the {% data variables.product.prodname_cli %} if you use {% data variables.product.prodname_ghe_server %} 3.7 or lower. If you use 3.8 or higher, configure blob storage in the {% data variables.enterprise.management_console %} instead. +> +> If you configure your blob storage credentials in the {% data variables.product.prodname_cli %}, you will not be able to perform migrations where your Git source or metadata exports exceed 2GB. To perform these migrations, upgrade to {% data variables.product.prodname_ghe_server %} 3.8 or higher. #### Configuring AWS S3 credentials in the {% data variables.product.prodname_cli %} diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/overview-of-a-migration-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/overview-of-a-migration-between-github-products.md index 3a60489640b1..5d3e912d4db3 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/overview-of-a-migration-between-github-products.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/overview-of-a-migration-between-github-products.md @@ -32,11 +32,8 @@ If you're migrating between {% data variables.product.company_short %} products, First, if your migration source is {% data variables.product.prodname_dotcom_the_website %}, decide whether you want to migrate on an organization-by-organization basis or on a repository-by-repository basis. -{% note %} - -**Note:** If you're migrating from {% data variables.product.prodname_ghe_server %}, you can only migrate repositories. - -{% endnote %} +> [!NOTE] +> If you're migrating from {% data variables.product.prodname_ghe_server %}, you can only migrate repositories. If you choose repository-by-repository migrations, only repository-level data is migrated. If you pick the organization-by-organization migration strategy, selected organization-level data is also migrated, including teams and their access to repositories. @@ -88,11 +85,9 @@ To migrate a repository, you must be an organization owner for both the source o 1. Decide whether you want an organization owner to perform your migrations, or whether you need to grant the migrator role to someone else. {% data reusables.enterprise-migration-tool.grant-migrator-tasks %} For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#about-the-migrator-role)." - {% note %} + > [!NOTE] + > Remember to grant the migrator role for both the source organization and the destination organization. - **Note:** Remember to grant the migrator role for both the source organization and the destination organization. - - {% endnote %} {% data reusables.enterprise-migration-tool.confirm-migrator-has-correct-pats %} For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#required-scopes-for-personal-access-tokens)." ### Do we want to maintain a similar organization structure after migrating? @@ -103,11 +98,8 @@ If you intend to change your organizational structure, consider other batching f Even if you change your organizational structure, you can still prepare a script for your migration. Use the {% data variables.product.prodname_cli %} command, then move the lines for each repository into different scripts as needed. -{% note %} - -**Note:** You can run multiple batches simultaneously. For example, if you're batching by teams, you could run the migrations for multiple teams in the same time window. - -{% endnote %} +> [!NOTE] +> You can run multiple batches simultaneously. For example, if you're batching by teams, you could run the migrations for multiple teams in the same time window. {% data reusables.enterprise-migration-tool.organization-structure-tasks %} @@ -165,11 +157,8 @@ During the migration process, {% data variables.product.prodname_actions %} is d If you were using {% data variables.actions.hosted_runner %}s, self-hosted runners, or encrypted secrets, you must reconfigure them. -{% note %} - -**Note:** Workflow run history for {% data variables.product.prodname_actions %} is not included in migrations. - -{% endnote %} +> [!NOTE] +> Workflow run history for {% data variables.product.prodname_actions %} is not included in migrations. 1. If you use self-hosted runners, reconfigure your runners. diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/overview-of-a-migration-from-azure-devops-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/overview-of-a-migration-from-azure-devops-to-github-enterprise-cloud.md index 2f5423183630..e9b46dc4177e 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/overview-of-a-migration-from-azure-devops-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/overview-of-a-migration-from-azure-devops-to-github-enterprise-cloud.md @@ -74,11 +74,8 @@ Next, plan the organizational structure you'll create in {% data variables.produ * ADO: Organization > team project > repositories * {% data variables.product.prodname_dotcom %}: Enterprise > organization > repositories -{% note %} - -**Note:** The concept of a team project, which is used to group repositories in ADO, does not exist in {% data variables.product.prodname_dotcom %}. We do not recommend treating organizations in {% data variables.product.product_name %} as the equivalent of team projects in ADO. - -{% endnote %} +> [!NOTE] +> The concept of a team project, which is used to group repositories in ADO, does not exist in {% data variables.product.prodname_dotcom %}. We do not recommend treating organizations in {% data variables.product.product_name %} as the equivalent of team projects in ADO. After migrating to {% data variables.product.prodname_dotcom %}, you should have only one enterprise account and a small number of organizations owned by that enterprise. Each organization from ADO should correspond to a single organization on {% data variables.product.prodname_dotcom %}. We do not recommend creating an organization on {% data variables.product.prodname_dotcom %} for each team project on ADO. diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md index 636180171020..b5b598f50262 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md @@ -162,11 +162,8 @@ gh bbs2gh migrate-repo --bbs-server-url BBS-SERVER-URL \ {% data reusables.enterprise-migration-tool.aws-bucket-name-placeholder %} {% data reusables.enterprise-migration-tool.archive-download-host-placeholder %} -{% note %} - -**Note:** If you get an error mentioning `Renci.SshNet`, then the CLI is having issues making an SFTP connection to your server to download your migration archive. For information about how to troubleshoot these issues, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer#cipher-name-is-not-supported)." - -{% endnote %} +> [!NOTE] +> If you get an error mentioning `Renci.SshNet`, then the CLI is having issues making an SFTP connection to your server to download your migration archive. For information about how to troubleshoot these issues, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer#cipher-name-is-not-supported)." ### Downloading the migration archive manually diff --git a/content/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization.md b/content/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization.md index 652ee50b4981..a127f93d05b8 100644 --- a/content/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization.md +++ b/content/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization.md @@ -20,4 +20,4 @@ shortTitle: Configure retention period {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} {% data reusables.organizations.settings-sidebar-actions-general %} -{% data reusables.actions.change-retention-period-for-artifacts-logs %} +{% data reusables.actions.change-retention-period-for-artifacts-logs %} diff --git a/content/organizations/managing-organization-settings/deleting-an-organization-account.md b/content/organizations/managing-organization-settings/deleting-an-organization-account.md index c46f739e579f..cd60fb2a31a9 100644 --- a/content/organizations/managing-organization-settings/deleting-an-organization-account.md +++ b/content/organizations/managing-organization-settings/deleting-an-organization-account.md @@ -27,12 +27,6 @@ shortTitle: Delete organization {% endif %} Deleting your organization account removes all repositories, forks of private repositories, wikis, issues, pull requests, and project or organization pages. {% ifversion fpt or ghec %}Your billing will end and, after 90 days, the organization name becomes available for use on a new user or organization account. -{% tip %} - -**Tip**: If you rename an organization, you can create a new organization with the same name immediately. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/renaming-an-organization)." - -{% endtip %} - {% endif %} {% ifversion fpt or ghec %} diff --git a/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md b/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md index 896ae5b6cf53..2313ffac546c 100644 --- a/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md +++ b/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md @@ -220,6 +220,6 @@ You can configure the size limit for {% data variables.product.prodname_actions {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.settings-sidebar-actions-general %} -{% data reusables.actions.change-cache-size-limit %} +{% data reusables.actions.change-cache-size-limit %} {% endif %} diff --git a/content/organizations/managing-organization-settings/managing-base-permissions-for-projects.md b/content/organizations/managing-organization-settings/managing-base-permissions-for-projects.md index 09dc81962d83..cd6b3838836b 100644 --- a/content/organizations/managing-organization-settings/managing-base-permissions-for-projects.md +++ b/content/organizations/managing-organization-settings/managing-base-permissions-for-projects.md @@ -21,7 +21,7 @@ When you set the base permission for projects in your organization's settings, t {% endnote %} -## Setting a base permission for {% data variables.projects.projects_v2 %} in your organization +## Setting a base permission for {% data variables.projects.projects_v2 %} in your organization {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} diff --git a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md index c20b9f13033c..30c2873756eb 100644 --- a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md +++ b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md @@ -13,7 +13,7 @@ shortTitle: Custom properties Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository. -{% ifversion ghec or ghes %} +{% ifversion ghec or ghes %} You can use repository properties to determine which repositories to target with a ruleset. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#targeting-repositories-by-properties-in-your-organization)." {% endif %} @@ -64,7 +64,7 @@ People with read permissions to a repository can view the values of custom prope {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} -1. In the "Code and automation" section of the sidebar, click **{% octicon "tools" aria-hidden="true"%} Custom properties**. +1. In the "Code and automation" section of the sidebar, click **{% octicon "tools" aria-hidden="true" %} Custom properties**. ## Searching and filtering repositories by custom properties values diff --git a/content/organizations/managing-organization-settings/renaming-an-organization.md b/content/organizations/managing-organization-settings/renaming-an-organization.md index dc0ad799f0b0..3c720b4d3965 100644 --- a/content/organizations/managing-organization-settings/renaming-an-organization.md +++ b/content/organizations/managing-organization-settings/renaming-an-organization.md @@ -22,7 +22,7 @@ topics: ## What happens when I change my organization's name? -After changing your organization's name, your old organization name becomes available for someone else to claim. When you change your organization's name, most references to your repositories under the old organization name automatically change to the new name. However, some links to your profile won't automatically redirect. +After changing your organization's name, your previous organization name will be unavailable for anyone to claim for 90 days. When you change your organization's name, most references to your repositories under the previous organization name automatically change to the new name. However, some links to your profile won't automatically redirect. ### Changes that occur automatically diff --git a/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md b/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md index d0f360cfcd4a..8d0244c2645b 100644 --- a/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md +++ b/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md @@ -20,7 +20,7 @@ versions: ## {% data variables.product.prodname_github_apps %} -Organization owners can install {% data variables.product.prodname_github_apps %} on their organization. Repository admins can also install a {% data variables.product.prodname_github_app %} on the organization if the app does not request organization resources and if they only grant the app access to repositories where they are an admin. Organization members can submit a request for their organization owner to install a {% data variables.product.prodname_github_app %} on the organization. For more information, see {% ifversion fpt or ghec%}"[AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-organization)."{% else %}"[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps)."{% endif %} +Organization owners can install {% data variables.product.prodname_github_apps %} on their organization. Repository admins can also install a {% data variables.product.prodname_github_app %} on the organization if the app does not request organization resources and if they only grant the app access to repositories where they are an admin. Organization members can submit a request for their organization owner to install a {% data variables.product.prodname_github_app %} on the organization. For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-organization)."{% else %}"[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps)."{% endif %} {% ifversion limit-app-access-requests %}Organization owners can prevent outside collaborators from requesting {% data variables.product.prodname_github_apps %} or from installing a {% data variables.product.prodname_github_app %} even if the collaborator is a repository admin. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests)."{% endif %} diff --git a/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md b/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md index 2887ef6f5aa6..eb0378653eeb 100644 --- a/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md +++ b/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md @@ -42,7 +42,7 @@ This registry supports granular permissions. {% data reusables.package_registry. Use the following command to authenticate to {% data variables.product.prodname_registry %} in a {% data variables.product.prodname_actions %} workflow using the `GITHUB_TOKEN` instead of hardcoding a {% data variables.product.pat_generic %} in a nuget.config file in the repository: ```shell -dotnet nuget add source --username USERNAME --password {%raw%}${{ secrets.GITHUB_TOKEN }}{% endraw %} --store-password-in-clear-text --name github "https://{% ifversion fpt or ghec %}nuget.pkg.github.com{% else %}nuget.HOSTNAME{% endif %}/NAMESPACE/index.json" +dotnet nuget add source --username USERNAME --password {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %} --store-password-in-clear-text --name github "https://{% ifversion fpt or ghec %}nuget.pkg.github.com{% else %}nuget.HOSTNAME{% endif %}/NAMESPACE/index.json" ``` Replace `NAMESPACE` with the name of the personal account or organization {% ifversion packages-nuget-v2 %}to which your packages are scoped{% else %}that owns the repository where your packages are hosted{% endif %}. @@ -118,7 +118,7 @@ You can publish a package to {% data variables.product.prodname_registry %} by a Replace `OWNER` with your username or company name, and `YOUR_GITHUB_PAT` with your {% data variables.product.pat_generic %}. ```shell -dotnet nuget add source --username OWNER --password {%raw%}YOUR_GITHUB_PAT{% endraw %} --store-password-in-clear-text --name github "https://{% ifversion fpt or ghec %}nuget.pkg.github.com{% else %}nuget.HOSTNAME{% endif %}/OWNER/index.json" +dotnet nuget add source --username OWNER --password {% raw %}YOUR_GITHUB_PAT{% endraw %} --store-password-in-clear-text --name github "https://{% ifversion fpt or ghec %}nuget.pkg.github.com{% else %}nuget.HOSTNAME{% endif %}/OWNER/index.json" ``` {% ifversion packages-nuget-v2 %} diff --git a/content/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md b/content/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md index 18a79134730c..9ba19aad8296 100644 --- a/content/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md +++ b/content/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md @@ -82,7 +82,7 @@ Before you can use Jekyll to create a {% data variables.product.prodname_pages % # Removes the contents from your default branch from the working directory ``` -1. To create a new Jekyll site, use the `jekyll new` command: +1. To create a new Jekyll site, use the `jekyll new` command in your repository's root directory: ```shell $ jekyll new --skip-bundle . diff --git a/content/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md b/content/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md index c88c1c8e4a57..888f16fc74d1 100644 --- a/content/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md +++ b/content/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md @@ -65,7 +65,7 @@ To troubleshoot, make sure that your `_config.yml` file follows these rules: This error means that one of the pages on your site includes an invalid datetime. -To troubleshoot, search the file in the error message and the file's layouts for calls to any date-related Liquid filters. Make sure that any variables passed into date-related Liquid filters have values in all cases and never pass `nil` or `""`. For more information, see "[Liquid filters](https://help.shopify.com/en/themes/liquid/filters)" in the Liquid documentation. +To troubleshoot, search the file in the error message and the file's layouts for calls to any date-related Liquid filters. Make sure that any variables passed into date-related Liquid filters have values in all cases and never pass `nil` or `""`. For more information, see [Filters](https://shopify.dev/docs/api/liquid/filters) in the Liquid documentation. ## File does not exist in includes directory @@ -121,7 +121,7 @@ To troubleshoot, make sure the YAML files in your __data_ folder follow these ru {% data reusables.pages.yaml-linter %} -For more information about Jekyll data files, see "[Data Files](https://jekyllrb.com/docs/datafiles/)" in the Jekyll documentation. +For more information about Jekyll data files, see [Data Files](https://jekyllrb.com/docs/datafiles/) in the Jekyll documentation. ## Markdown errors @@ -129,14 +129,14 @@ This error means that your repository contains Markdown errors. To troubleshoot, make sure you are using a supported Markdown processor. For more information, see "[AUTOTITLE](/pages/setting-up-a-github-pages-site-with-jekyll/setting-a-markdown-processor-for-your-github-pages-site-using-jekyll)." -Then, make sure the file in the error message uses valid Markdown syntax. For more information, see "[Markdown: Syntax](https://daringfireball.net/projects/markdown/syntax)" on Daring Fireball. +Then, make sure the file in the error message uses valid Markdown syntax. For more information, see [Markdown: Syntax](https://daringfireball.net/projects/markdown/syntax) on Daring Fireball. ## Missing docs folder This error means that you have chosen the `docs` folder on a branch as your publishing source, but there is no `docs` folder in the root of your repository on that branch. To troubleshoot, if your `docs` folder was accidentally moved, try moving the `docs` folder back to the root of your repository on the branch you chose for your publishing source. If the `docs` folder was accidentally deleted, you can either: -* Use Git to revert or undo the deletion. For more information, see "[git-revert](https://git-scm.com/docs/git-revert.html)" in the Git documentation. +* Use Git to revert or undo the deletion. For more information, see [git-revert](https://git-scm.com/docs/git-revert.html) in the Git documentation. * Create a new `docs` folder in the root of your repository on the branch you chose for your publishing source and add your site's source files to the folder. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-files/creating-new-files)." * Change your publishing source. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)." @@ -146,13 +146,13 @@ This error means that your repository includes a submodule that doesn't exist or {% data reusables.pages.remove-submodule %} -If you do want to use a submodule, initialize the submodule. For more information, see "[Git Tools - Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules)" in the _Pro Git_ book. +If you do want to use a submodule, initialize the submodule. For more information, see [Git Tools - Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) in the _Pro Git_ book. ## Relative permalinks configured This errors means that you have relative permalinks, which are not supported by {% data variables.product.prodname_pages %}, in your `_config.yml` file. -Permalinks are permanent URLs that reference a particular page on your site. Absolute permalinks begin with the root of the site, while relative permalinks begin with the folder containing the referenced page. {% data variables.product.prodname_pages %} and Jekyll no longer support relative permalinks. For more information about permalinks, see "[Permalinks](https://jekyllrb.com/docs/permalinks/)" in the Jekyll documentation. +Permalinks are permanent URLs that reference a particular page on your site. Absolute permalinks begin with the root of the site, while relative permalinks begin with the folder containing the referenced page. {% data variables.product.prodname_pages %} and Jekyll no longer support relative permalinks. For more information about permalinks, see [Permalinks](https://jekyllrb.com/docs/permalinks/) in the Jekyll documentation. To troubleshoot, remove the `relative_permalinks` line from your `_config.yml` file and reformat any relative permalinks in your site with absolute permalinks. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-files/editing-files)." @@ -160,24 +160,24 @@ To troubleshoot, remove the `relative_permalinks` line from your `_config.yml` f This error means that your code includes invalid syntax in a Liquid `for` loop declaration. -To troubleshoot, make sure all `for` loops in the file in the error message have proper syntax. For more information about proper syntax for `for` loops, see "[Iteration tags](https://help.shopify.com/en/themes/liquid/tags/iteration-tags#for)" in the Liquid documentation. +To troubleshoot, make sure all `for` loops in the file in the error message have proper syntax. For more information about proper syntax for `for` loops, see [Tags](https://shopify.dev/docs/api/liquid/tags/for) in the Liquid documentation. ## Tag not properly closed This error message means that your code includes a logic tag that is not properly closed. For example, {% raw %}`{% capture example_variable %}` must be closed by `{% endcapture %}`{% endraw %}. -To troubleshoot, make sure all logic tags in the file in the error message are properly closed. For more information, see "[Liquid tags](https://help.shopify.com/en/themes/liquid/tags)" in the Liquid documentation. +To troubleshoot, make sure all logic tags in the file in the error message are properly closed. For more information, see [Tags](https://shopify.dev/docs/api/liquid/tags) in the Liquid documentation. ## Tag not properly terminated This error means that your code includes an output tag that is not properly terminated. For example, {% raw %}`{{ page.title }` instead of `{{ page.title }}`{% endraw %}. -To troubleshoot, make sure all output tags in the file in the error message are terminated with `}}`. For more information, see "[Liquid objects](https://help.shopify.com/en/themes/liquid/objects)" in the Liquid documentation. +To troubleshoot, make sure all output tags in the file in the error message are terminated with `}}`. For more information, see [Objects](https://shopify.dev/docs/api/liquid/objects) in the Liquid documentation. ## Unknown tag error This error means that your code contains an unrecognized Liquid tag. -To troubleshoot, make sure all Liquid tags in the file in the error message match Jekyll's default variables and there are no typos in the tag names. For a list of default variables, see "[Variables](https://jekyllrb.com/docs/variables/)" in the Jekyll documentation. +To troubleshoot, make sure all Liquid tags in the file in the error message match Jekyll's default variables and there are no typos in the tag names. For a list of default variables, see [Variables](https://jekyllrb.com/docs/variables/) in the Jekyll documentation. Unsupported plugins are a common source of unrecognized tags. If you use an unsupported plugin in your site by generating your site locally and pushing your static files to {% data variables.product.product_name %}, make sure the plugin is not introducing tags that are not in Jekyll's default variables. For a list of supported plugins, see "[AUTOTITLE](/pages/setting-up-a-github-pages-site-with-jekyll/about-github-pages-and-jekyll#plugins)." diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md index 5c94556db651..28c3467fede1 100644 --- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md +++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md @@ -31,7 +31,7 @@ You can enforce certain workflows or requirements before a collaborator can push By default, each branch protection rule disables force pushes to the matching branches and prevents the matching branches from being deleted. You can optionally disable these restrictions and enable additional branch protection settings. -By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission. You can optionally apply the restrictions to administrators and roles with the "bypass branch protections" permission, too. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization)". +By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission. You can optionally apply the restrictions to administrators and roles with the "bypass branch protections" permission, too. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization)." {% data reusables.repositories.branch-rules-example %} For more information about branch name patterns, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule)." @@ -176,13 +176,13 @@ You can require that changes are successfully deployed to specific environments Locking a branch will make the branch read-only and ensures that no commits can be made to the branch. Locked branches can also not be deleted. By default, a forked repository does not support syncing from its upstream repository. You can enable **Allow fork syncing** to pull changes from the upstream repository while preventing other contributions to the fork's branch. -{% endif %} +{% endif %} ### Do not allow bypassing the above settings By default, the restrictions of a branch protection rule do not apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission in a repository. -You can enable this setting to apply the restrictions to admins and roles with the "bypass branch protections" permission, too. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization)". +You can enable this setting to apply the restrictions to admins and roles with the "bypass branch protections" permission, too. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization)." ### Restrict who can push to matching branches diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md index fa39dd8c0a47..7f8ab81adb1b 100644 --- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md +++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository.md @@ -24,7 +24,7 @@ You can use the REST and GraphQL APIs to manage rulesets. For more information, ## Viewing rulesets for a repository -On the "Rulesets" page, anyone with read access to the repository can view the active rulesets targeting a certain {% ifversion push-rulesets%}branch, tag, or push restriction.{% else %}branch or tag.{% endif %} {% ifversion repo-rules-enterprise %}You will also see rulesets running in "Evaluate" mode, which are not enforced.{% endif %} +On the "Rulesets" page, anyone with read access to the repository can view the active rulesets targeting a certain {% ifversion push-rulesets %}branch, tag, or push restriction.{% else %}branch or tag.{% endif %} {% ifversion repo-rules-enterprise %}You will also see rulesets running in "Evaluate" mode, which are not enforced.{% endif %} {% ifversion push-rulesets %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md index d20368c31219..6bcaf12bdfcf 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md @@ -68,7 +68,7 @@ A CODEOWNERS file uses a pattern that follows most of the same rules used in [gi If you want to match two or more code owners with the same pattern, all the code owners must be on the same line. If the code owners are not on the same line, the pattern matches only the last mentioned code owner. -{% ifversion fpt or ghec%}In most cases, you{% else %}You{% endif %} can also refer to a user by an email address that has been added to their account, for example `user@example.com`. {% ifversion fpt or ghec %} You cannot use an email address to refer to a {% data variables.enterprise.prodname_managed_user %}. For more information about {% data variables.enterprise.prodname_managed_users %}, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %} +{% ifversion fpt or ghec %}In most cases, you{% else %}You{% endif %} can also refer to a user by an email address that has been added to their account, for example `user@example.com`. {% ifversion fpt or ghec %} You cannot use an email address to refer to a {% data variables.enterprise.prodname_managed_user %}. For more information about {% data variables.enterprise.prodname_managed_users %}, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %} CODEOWNERS paths are case sensitive, because {% data variables.product.prodname_dotcom %} uses a case sensitive file system. Since CODEOWNERS are evaluated by {% data variables.product.prodname_dotcom %}, even systems that are case insensitive (for example, macOS) must use paths and files that are cased correctly in the CODEOWNERS file. diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md index 74c4145f962b..c100ecbf2534 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md @@ -124,7 +124,7 @@ By default, when you create a new repository in your personal account, workflows {% ifversion internal-actions %}Actions and reusable workflows in your internal repositories can be shared with internal and private repositories in the same organization or enterprise.{% else %}Members of your enterprise can use internal repositories to work on projects without sharing information publicly.{% endif %} For information about internal repositories, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories)." -You can use the steps below to configure whether {% ifversion internal-actions%}actions and {% endif %}reusable workflows in an internal repository can be accessed from outside the repository.{% ifversion internal-actions %} For more information, see "[AUTOTITLE](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)." Alternatively, you can use the REST API to set, or get details of the level of access. For more information, see "[AUTOTITLE](/rest/actions/permissions#get-the-level-of-access-for-workflows-outside-of-the-repository)" and "[AUTOTITLE](/rest/actions/permissions#set-the-level-of-access-for-workflows-outside-of-the-repository)."{% endif %} +You can use the steps below to configure whether {% ifversion internal-actions %}actions and {% endif %}reusable workflows in an internal repository can be accessed from outside the repository.{% ifversion internal-actions %} For more information, see "[AUTOTITLE](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)." Alternatively, you can use the REST API to set, or get details of the level of access. For more information, see "[AUTOTITLE](/rest/actions/permissions#get-the-level-of-access-for-workflows-outside-of-the-repository)" and "[AUTOTITLE](/rest/actions/permissions#set-the-level-of-access-for-workflows-outside-of-the-repository)."{% endif %} 1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of the internal repository. 1. Under your repository name, click {% octicon "gear" aria-hidden="true" %} **Settings**. @@ -201,7 +201,7 @@ You can also define a custom retention period for a specific artifact created by {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.settings-sidebar-actions-general %} -{% data reusables.actions.change-retention-period-for-artifacts-logs %} +{% data reusables.actions.change-retention-period-for-artifacts-logs %} {% ifversion actions-cache-policy-apis %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-pull-request-reviews-in-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-pull-request-reviews-in-your-repository.md index 9dd4babb6c42..328e4d746c15 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-pull-request-reviews-in-your-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-pull-request-reviews-in-your-repository.md @@ -16,7 +16,7 @@ By default, in public repositories, any user can submit reviews that approve or You can limit which users are able to submit reviews that approve or request changes to pull requests in your public repository. When you enable code review limits, anyone can comment on pull requests in your public repository, but only people with read access or higher can approve pull requests or request changes. -You can also enable code review limits for an organization. If you enable limits for an organization, you will override any limits for individual repositories owned by the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)" +You can also enable code review limits for an organization. If you enable limits for an organization, you will override any limits for individual repositories owned by the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)." ## Enabling code review limits diff --git a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility.md b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility.md index 89821ee8c98f..64cdf01b30d3 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility.md @@ -77,7 +77,7 @@ We recommend reviewing the following caveats before you change the visibility of * {% data variables.product.product_name %} will detach private forks and turn them into a standalone private repository. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility#changing-a-private-repository-to-a-public-repository)"{% ifversion fpt or ghec %} * If you're converting your private repository to a public repository as part of a move toward creating an open source project, see the [Open Source Guides](http://opensource.guide) for helpful tips and guidelines. You can also take a free course on managing an open source project with [{% data variables.product.prodname_learning %}]({% data variables.product.prodname_learning_link %}). Once your repository is public, you can also view your repository's community profile to see whether your project meets best practices for supporting contributors. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/about-community-profiles-for-public-repositories)." * The repository will automatically gain access to {% data variables.product.prodname_GH_advanced_security %} features. -* Actions history and logs will be visible to everyone. If your repository had reusable or required workflows that were shared from a different repository in your organization, the workflow file path including the repository name will be visible in the logs. For more information on how to remove workflow runs and artifacts see "[AUTOTITLE](/actions/managing-workflow-runs#deleting-logs)" and "[AUTOTITLE](/rest/actions/workflow-runs)". +* Actions history and logs will be visible to everyone. If your repository had reusable or required workflows that were shared from a different repository in your organization, the workflow file path including the repository name will be visible in the logs. For more information on how to remove workflow runs and artifacts see "[AUTOTITLE](/actions/managing-workflow-runs#deleting-logs)" and "[AUTOTITLE](/rest/actions/workflow-runs)." For information about improving repository security, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)."{% endif %} diff --git a/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md b/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md index 3c7e81695c39..4d2636ea28fd 100644 --- a/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md +++ b/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md @@ -62,7 +62,7 @@ If you get a `404 Not Found` response when you know that the resource that you a * If you are using an {% data variables.product.prodname_oauth_app %} user access token, you should ensure that: * The token has the scopes that are required to use the endpoint. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)." * The user that authorized the token has any permissions that are required to use the endpoint. For example, if an endpoint can only be used by organization owners, only users that are owners of the affected organization can use the endpoint. - * The organization has not blocked OAuth app access, if you are using an endpoint that will affect resources owned by an organization. App owners cannot see whether their app is blocked, but they can instruct users of the app to check this. For more information, see {% ifversion fpt or ghec%}"[AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions)."{% else %}"[AUTOTITLE](/free-pro-team@latest/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions)" in the {% data variables.product.prodname_free_team %} documentation.{% endif %} + * The organization has not blocked OAuth app access, if you are using an endpoint that will affect resources owned by an organization. App owners cannot see whether their app is blocked, but they can instruct users of the app to check this. For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions)."{% else %}"[AUTOTITLE](/free-pro-team@latest/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions)" in the {% data variables.product.prodname_free_team %} documentation.{% endif %} * The token has not been expired or revoked. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation)." * If you are using `GITHUB_TOKEN` in a {% data variables.product.prodname_actions %} workflow, you should ensure that: * The endpoint is only affecting resources owned by the repository where the workflow is running. If you need to access resources outside of that repository, such as resources owned by an organization or resources owned by another repository, you should use a {% data variables.product.pat_generic %} or an access token for a {% data variables.product.prodname_github_app %}. diff --git a/content/search-github/github-code-search/about-github-code-search.md b/content/search-github/github-code-search/about-github-code-search.md index dbe3dcc75bd9..944728f789be 100644 --- a/content/search-github/github-code-search/about-github-code-search.md +++ b/content/search-github/github-code-search/about-github-code-search.md @@ -28,7 +28,7 @@ Supported languages for code navigation include: ## Limitations -We have indexed many public repositories for code search, and continue to index more. Additionally, the private repositories of {% data variables.product.prodname_dotcom%} users are indexed and searchable by those that already have access to those private repositories on {% data variables.product.prodname_dotcom %}. However, very large repositories may not be indexed at this time, and not all code is indexed. +We have indexed many public repositories for code search, and continue to index more. Additionally, the private repositories of {% data variables.product.prodname_dotcom %} users are indexed and searchable by those that already have access to those private repositories on {% data variables.product.prodname_dotcom %}. However, very large repositories may not be indexed at this time, and not all code is indexed. The current limitations on indexed code are: diff --git a/content/search-github/github-code-search/using-github-code-search.md b/content/search-github/github-code-search/using-github-code-search.md index e19bdda5349d..a0c31e0ef00a 100644 --- a/content/search-github/github-code-search/using-github-code-search.md +++ b/content/search-github/github-code-search/using-github-code-search.md @@ -8,7 +8,7 @@ topics: - GitHub search --- -## About using {% data variables.product.prodname_dotcom%} code search +## About using {% data variables.product.prodname_dotcom %} code search {% data variables.product.prodname_dotcom %} indexes repositories you own and repositories in organizations you are a member of, whether public, private, or internal. This means that you can search across all of your repositories, in addition to the public repositories on {% data variables.product.prodname_dotcom %} that have already been indexed. Only users with permission to view your code will be able to see your code in search results. Forks are indexed and searchable in the same way as other repositories. diff --git a/content/search-github/searching-on-github/searching-issues-and-pull-requests.md b/content/search-github/searching-on-github/searching-issues-and-pull-requests.md index 4293627692a3..49ef1029d60a 100644 --- a/content/search-github/searching-on-github/searching-issues-and-pull-requests.md +++ b/content/search-github/searching-on-github/searching-issues-and-pull-requests.md @@ -72,7 +72,7 @@ You can filter issues and pull requests based on whether they're open or closed | `is:open` | [**performance is:open is:issue**](https://github.com/search?q=performance+is%3Aopen+is%3Aissue&type=Issues) matches open issues with the word "performance." | `is:closed` | [**android is:closed**](https://github.com/search?utf8=%E2%9C%93&q=android+is%3Aclosed&type=) matches closed issues and pull requests with the word "android." -{% ifversion merge-queue %} +{% ifversion merge-queue %} ## Search for pull requests in the merge queue diff --git a/content/support/contacting-github-support/creating-a-support-ticket.md b/content/support/contacting-github-support/creating-a-support-ticket.md index 078803108b7e..f4ba01cec5a1 100644 --- a/content/support/contacting-github-support/creating-a-support-ticket.md +++ b/content/support/contacting-github-support/creating-a-support-ticket.md @@ -48,7 +48,7 @@ After you create your ticket, you can view your ticket and the responses from {% ## Prerequisites {% ifversion ghec %}If you use an enterprise account, there{% else %}There{% endif %} are some steps you should follow before you start using the {% data variables.contact.enterprise_portal %}. For more information, see "[Getting started with the {% data variables.contact.enterprise_portal %}](/support/contacting-github-support/getting-started-with-the-github-support-portal)." -{% endif%} +{% endif %} ## What to include in your support ticket diff --git a/content/support/learning-about-github-support/about-github-premium-support.md b/content/support/learning-about-github-support/about-github-premium-support.md index e9e1b9f08519..09e6c31ce034 100644 --- a/content/support/learning-about-github-support/about-github-premium-support.md +++ b/content/support/learning-about-github-support/about-github-premium-support.md @@ -68,6 +68,24 @@ Incident management | None | For urgent priority tickets, as needed {% endnote %} +## Billing for {% data variables.contact.premium_support %} + +How you are charged for {% data variables.contact.premium_support %} will depend on your {% data variables.product.github %} products and how you are charged for them. + +* If you are a **licensed billing** customer, the support fee percentage is applied to the cost of licenses for the current year. + +* If you are a **metered billing** customer, the support fee percentage for **{% data variables.product.premium_support_plan %}**, **Premium Plus plan**, and **{% data variables.product.microsoft_premium_plus_support_plan %}** is calculated as either a percentage of your estimated metered spending or a set minimum annual fee—whichever amount is higher. For {% data variables.product.microsoft_premium_plus_support_plan %} customers, this is in addition to the Unified Support contract fee. + + The support fee for metered billing is estimated from the previous 12 months' spending. If you have less than 12 months of spending history, {% data variables.product.github %} will take a 12-month run rate based on your spending history. If your last 3 to 6 months spending is vastly different to the last 6 to 9 months, the last 3 to 6 month period will be used. + + If you are switching from **licensed billing to metered billing**, your support fee at contract renewal is estimated based on the previous year's purchased licenses. Minimum thresholds remain in place. + +* If you are both a licensed and metered billing customer (hybrid), your charge will be calculated from the support fee percentage applied to the current year's license purchases **plus** the support fee percentage applied to your estimated metered billing spend. + +New {% data variables.product.github %} customers who are only planning to use metered products will be required to pay the annual minimum for {% data variables.product.premium_support_plan %} or {% data variables.product.premium_plus_support_plan %}. + +If you would like a quote for {% data variables.contact.premium_support %}, contact [{% data variables.product.github %}'s Sales team](https://github.com/enterprise/contact?scid=&utm_campaign=2023q3-site-ww-PremiumSupport&utm_content=Premium+Support&utm_medium=referral&utm_source=github). + ## Signing up for {% data variables.contact.premium_support %} To sign up for {% data variables.contact.premium_support %} or upgrade your plan, [contact our account management team](https://enterprise.github.com/contact). diff --git a/content/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md b/content/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md index 134cc588005c..f6747fbb08a3 100644 --- a/content/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md +++ b/content/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md @@ -3,7 +3,7 @@ title: Transcript - "Billing GitHub consumption through an Azure subscription" intro: Audio and visual transcript. shortTitle: Billing through Azure allowTitleToDifferFromFilename: true -product_video: 'https://www.youtube.com/watch?v=DAiIhJKCt8s' +product_video: 'https://www.youtube.com/watch?v=Y-f7JKJ4_8Y' topics: - Transcripts versions: @@ -27,7 +27,9 @@ And finally, if a Microsoft customer has an Azure discount, it will automaticall If a Microsoft customer also has a Microsoft Azure Consumption Commitment, or MACC, all future GitHub consumption will decrement their MACC as well. -So what GitHub products are eligible for Azure billing? Any GitHub consumption products are eligible today, meaning products that customers pay for based on actual usage, including Copilot for Business, GitHub-hosted actions, larger hosted runners, GitHub Packages and storage, and GitHub Codespaces. Please note that GitHub Enterprise and GitHub Advanced Security are currently not able to be billed through Azure, but are instead invoiced on an annual basis. +So what GitHub products are eligible for Azure billing? Any GitHub consumption products are eligible today, meaning products that customers pay for based on actual usage, including things like GitHub Copilot, GitHub-hosted actions, larger hosted runners, GitHub Packages and storage, and GitHub Codespaces. + +Historically, GitHub Enterprise and Advanced Security were only available through an annual license. However, as of August 1, 2024, they are now also available for metered billing through Azure, for additional flexibility and pay-as-you-go pricing. For existing licensed customers, be sure to connect with your GitHub seller to learn more, as certain restrictions may apply. [A table shows eligibility for Azure billing and MACCs for the products mentioned. In the table, all products eligible for Azure billing are also eligible for MACCs.] diff --git a/data/features/app-key-limit.yml b/data/features/app-key-limit.yml new file mode 100644 index 000000000000..f9bcc852ac7c --- /dev/null +++ b/data/features/app-key-limit.yml @@ -0,0 +1,6 @@ +# Reference: #https://github.com/github/docs-content/issues/15738 + +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.15' diff --git a/data/release-notes/enterprise-server/3-10/17.yml b/data/release-notes/enterprise-server/3-10/17.yml index 056014b7fb71..f790b376b3ea 100644 --- a/data/release-notes/enterprise-server/3-10/17.yml +++ b/data/release-notes/enterprise-server/3-10/17.yml @@ -5,6 +5,8 @@ sections: **MEDIUM:** An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID [CVE-2024-8770](https://www.cve.org/cverecord?id=CVE-2024-8770) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | **MEDIUM:** An attacker could push a commit with changes to a workflow using a PAT or OAuth app that lacks the appropriate `workflow` scope by pushing a triple-nested tag pointing at the associated commit. GitHub has requested CVE ID [CVE-2024-8263](https://www.cve.org/cverecord?id=CVE-2024-8263) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. GitHub has requested [CVE ID CVE-2024-8810](https://www.cve.org/cverecord?id=CVE-2024-8810) for this vulnerability, which was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). [Updated: 2024-11-07] bugs: - | For instances deployed on AWS with IMDSv2 enforced, fallback to private IPs was not successful. diff --git a/data/release-notes/enterprise-server/3-10/19.yml b/data/release-notes/enterprise-server/3-10/19.yml new file mode 100644 index 000000000000..7ac6e1e21477 --- /dev/null +++ b/data/release-notes/enterprise-server/3-10/19.yml @@ -0,0 +1,34 @@ +date: '2024-11-07' +sections: + security_fixes: + - | + **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.2023-11-aws-system-time %} + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} + - | + The `reply.[HOSTNAME]` subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-11/15.yml b/data/release-notes/enterprise-server/3-11/15.yml index 1466ca937782..6432ca7dda9d 100644 --- a/data/release-notes/enterprise-server/3-11/15.yml +++ b/data/release-notes/enterprise-server/3-11/15.yml @@ -5,6 +5,8 @@ sections: **MEDIUM:** An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID [CVE-2024-8770](https://www.cve.org/cverecord?id=CVE-2024-8770) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | **MEDIUM:** An attacker could push a commit with changes to a workflow using a PAT or OAuth app that lacks the appropriate `workflow` scope by pushing a triple-nested tag pointing at the associated commit. GitHub has requested CVE ID [CVE-2024-8263](https://www.cve.org/cverecord?id=CVE-2024-8263) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. GitHub has requested [CVE ID CVE-2024-8810](https://www.cve.org/cverecord?id=CVE-2024-8810) for this vulnerability, which was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). [Updated: 2024-11-07] bugs: - | For instances deployed on AWS with IMDSv2 enforced, fallback to private IPs was not successful. diff --git a/data/release-notes/enterprise-server/3-11/17.yml b/data/release-notes/enterprise-server/3-11/17.yml new file mode 100644 index 000000000000..304a930f4f96 --- /dev/null +++ b/data/release-notes/enterprise-server/3-11/17.yml @@ -0,0 +1,60 @@ +date: '2024-11-07' +sections: + security_fixes: + - | + **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. + - | + **HIGH**: An attacker with Enterprise Administrator access to the GitHub Enterprise Server instance could escalate privileges to SSH root access. This is achieved by exploiting the pre-receive hook environment to bypass symlink checks in the `ghe-firejail` path and execute malicious scripts. GitHub has requested CVE ID [CVE-2024-10007](https://www.cve.org/cverecord?id=CVE-2024-10007) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2024-11-07] + bugs: + - | + This error message `mbind: Operation not permitted` was repeatedly showing in the `/var/log/mysql/mysql.err` MySQL logs. + - | + When saving settings in the Management Console, the configuration run would stop if the `enterprise-manage` process was restarted. + - | + A missing configuration value prevented Dependabot from creating group update pull requests. + - | + On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server. + - | + The initial setup certificate generation in AWS took longer than expected due to fallback to private IPs. The time for this fallback has been reduced. + - | + If the primary instance was unreachable, running `ghe-repl-stop --force` on a replica would fail during the config apply run. + - | + When restoring from a backup, repositories that had been deleted in the last 90 days were not completely restored. + - | + Restoring Git repositories using `backup-utils` occasionally failed. + - | + Some customers upgrading from 3.11 to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/enterprise-server@3.13/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + changes: + - | + For instances deployed on AWS, the default settings for Chrony NTP synchronization have been aligned with AWS's suggested default configurations. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.2023-11-aws-system-time %} + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} + - | + Repositories originally imported using `ghe-migrator` will not correctly track GitHub Advanced Security contributions. + - | + The `reply.[HOSTNAME]` subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-12/11.yml b/data/release-notes/enterprise-server/3-12/11.yml new file mode 100644 index 000000000000..42a26a1a93f0 --- /dev/null +++ b/data/release-notes/enterprise-server/3-12/11.yml @@ -0,0 +1,58 @@ +date: '2024-11-07' +sections: + security_fixes: + - | + **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. + - | + **HIGH**: An attacker with Enterprise Administrator access to the GitHub Enterprise Server instance could escalate privileges to SSH root access. This is achieved by exploiting the pre-receive hook environment to bypass symlink checks in the `ghe-firejail` path and execute malicious scripts. GitHub has requested CVE ID [CVE-2024-10007](https://www.cve.org/cverecord?id=CVE-2024-10007) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2024-11-07] + bugs: + - | + This error message `mbind: Operation not permitted` was repeatedly showing in the `/var/log/mysql/mysql.err` MySQL logs. + - | + When saving settings in the Management Console, the configuration run would stop if the `enterprise-manage` process was restarted. + - | + A missing configuration value prevented Dependabot from creating group update pull requests. + - | + On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server. + - | + The initial setup certificate generation in AWS took longer than expected due to fallback to private IPs. The time for this fallback has been reduced. + - | + If the primary instance was unreachable, running `ghe-repl-stop --force` on a replica would fail during the config apply run. + - | + When restoring from a backup, repositories that had been deleted in the last 90 days were not completely restored. + - | + Restoring Git repositories using backup-utils occasionally failed. + - | + Organizations were limited to using 100 Actions organization variables instead of 1,000. + - | + Some customers upgrading from 3.12 to 3.13 or to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/enterprise-server@3.14/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + changes: + - | + For instances deployed on AWS, the default settings for Chrony NTP synchronization have been aligned with AWS's suggested default configurations. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.2023-11-aws-system-time %} + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Repositories originally imported using `ghe-migrator` will not correctly track GitHub Advanced Security contributions. + - | + The `reply.[HOSTNAME]` subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-12/9.yml b/data/release-notes/enterprise-server/3-12/9.yml index 5dcd8e37d9e6..c06549c0c159 100644 --- a/data/release-notes/enterprise-server/3-12/9.yml +++ b/data/release-notes/enterprise-server/3-12/9.yml @@ -5,6 +5,8 @@ sections: **MEDIUM:** An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID [CVE-2024-8770](https://www.cve.org/cverecord?id=CVE-2024-8770) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | **MEDIUM:** An attacker could push a commit with changes to a workflow using a PAT or OAuth app that lacks the appropriate `workflow` scope by pushing a triple-nested tag pointing at the associated commit. GitHub has requested CVE ID [CVE-2024-8263](https://www.cve.org/cverecord?id=CVE-2024-8263) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. GitHub has requested [CVE ID CVE-2024-8810](https://www.cve.org/cverecord?id=CVE-2024-8810) for this vulnerability, which was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). [Updated: 2024-11-07] bugs: - | For instances deployed on AWS with IMDSv2 enforced, fallback to private IPs was not successful. diff --git a/data/release-notes/enterprise-server/3-13/2.yml b/data/release-notes/enterprise-server/3-13/2.yml index 2709cd53e56b..1e91efe3f296 100644 --- a/data/release-notes/enterprise-server/3-13/2.yml +++ b/data/release-notes/enterprise-server/3-13/2.yml @@ -23,9 +23,9 @@ sections: - | **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | - An attacker could access previously executed private required workflows by changing the repository visibility from private to public. This occurred despite the repositories with the required workflows remaining private. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + **MEDIUM**: An attacker could gain unauthorized access to secret scanning alert data because the [REST API secret scanning endpoint](/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28) did not properly verify whether the user account has the business owner role. Only organization members can exploit this vulnerability, requiring a {% data variables.product.pat_generic %} (PAT) with `repo` or `security_events` scopes, limiting exposure to internal actors. Exploitation also required secret scanning to be enabled on user-owned repositories. GitHub has requested CVE ID [CVE-2024-10824](https://www.cve.org/CVERecord?id=CVE-2024-10824) for this vulnerability. [Updated: 2024-11-07] - | - A user without the enterprise owner role could view all secret scanning alerts for user-owned repositories using the REST API. Alerts in user-owned repositories are now properly restricted to only be visible to enterprise owners. + An attacker could access previously executed private required workflows by changing the repository visibility from private to public. This occurred despite the repositories with the required workflows remaining private. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | Packages have been updated to the latest security versions. bugs: diff --git a/data/release-notes/enterprise-server/3-13/4.yml b/data/release-notes/enterprise-server/3-13/4.yml index 5b87c637d477..de07283f7eb1 100644 --- a/data/release-notes/enterprise-server/3-13/4.yml +++ b/data/release-notes/enterprise-server/3-13/4.yml @@ -5,6 +5,8 @@ sections: **MEDIUM:** An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID [CVE-2024-8770](https://www.cve.org/cverecord?id=CVE-2024-8770) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | **MEDIUM:** An attacker could push a commit with changes to a workflow using a PAT or OAuth app that lacks the appropriate `workflow` scope by pushing a triple-nested tag pointing at the associated commit. GitHub has requested CVE ID [CVE-2024-8263](https://www.cve.org/cverecord?id=CVE-2024-8263) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. GitHub has requested [CVE ID CVE-2024-8810](https://www.cve.org/cverecord?id=CVE-2024-8810) for this vulnerability, which was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). [Updated: 2024-11-07] bugs: - | For instances deployed on AWS with IMDSv2 enforced, fallback to private IPs was not successful. diff --git a/data/release-notes/enterprise-server/3-13/6.yml b/data/release-notes/enterprise-server/3-13/6.yml new file mode 100644 index 000000000000..19c975ef2206 --- /dev/null +++ b/data/release-notes/enterprise-server/3-13/6.yml @@ -0,0 +1,62 @@ +date: '2024-11-07' +sections: + security_fixes: + - | + Elasticsearch packages have been updated to the latest security versions. + - | + **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. + - | + **HIGH**: An attacker with Enterprise Administrator access to the GitHub Enterprise Server instance could escalate privileges to SSH root access. This is achieved by exploiting the pre-receive hook environment to bypass symlink checks in the `ghe-firejail` path and execute malicious scripts. GitHub has requested CVE ID [CVE-2024-10007](https://www.cve.org/cverecord?id=CVE-2024-10007) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2024-11-07] + bugs: + - | + A missing configuration value prevented Dependabot from creating group update pull requests. + - | + When saving settings in the Management Console, the configuration run would stop if the `enterprise-manage` process was restarted. + - | + On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server. + - | + The initial setup certificate generation in AWS took longer than expected due to fallback to private IPs. The time for this fallback has been reduced. + - | + The `ghe-support-bundle` generation would fail when the `aqueduct-lite` service is down. + - | + If the primary instance was unreachable, running `ghe-repl-stop --force` on a replica would fail during the config apply run. + - | + For instances that use the mandatory message feature logging in to certain URLs may have caused a 500 error. + - | + When restoring from a backup, repositories that had been deleted in the last 90 days were not completely restored. + - | + Restoring Git repositories using backup-utils occasionally failed. + - | + Enterprise installations experienced unpredictable repository search results due to the default 4,000 repository limit. A relaxed repository filter mode, which includes all single-tenant organization repositories and bypasses the limit, has been introduced. Administrators can enable this mode using `ghe-config app.github.enterprise-repo-search-filter-enabled true && ghe-config-apply`. + - | + Organizations were limited to using 100 Actions organization variables instead of 1,000. + - | + Running `config-apply` became stuck under certain circumstances due to a misconfiguration with Packages and Elasticsearch. + - | + Some customers upgrading to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + changes: + - | + When connecting to an appliance via SSH, a notification about upcoming root disk changes displays. + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + Repositories originally imported using `ghe-migrator` will not correctly track GitHub Advanced Security contributions. + - | + For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a `config apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 appliance onto a 3.13 appliance, the elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-14/1.yml b/data/release-notes/enterprise-server/3-14/1.yml index 70c5bda5781a..37c23240f47b 100644 --- a/data/release-notes/enterprise-server/3-14/1.yml +++ b/data/release-notes/enterprise-server/3-14/1.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | **MEDIUM:** An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID [CVE-2024-8770](https://www.cve.org/cverecord?id=CVE-2024-8770) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. GitHub has requested [CVE ID CVE-2024-8810](https://www.cve.org/cverecord?id=CVE-2024-8810) for this vulnerability, which was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). [Updated: 2024-11-07] bugs: - | On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`. diff --git a/data/release-notes/enterprise-server/3-14/3.yml b/data/release-notes/enterprise-server/3-14/3.yml new file mode 100644 index 000000000000..b1073c592c0a --- /dev/null +++ b/data/release-notes/enterprise-server/3-14/3.yml @@ -0,0 +1,76 @@ +date: '2024-11-07' +sections: + security_fixes: + - | + Elasticsearch packages have been updated to the latest security versions. + - | + Packages have been updated to the latest security version. + - | + **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. + - | + **HIGH**: An attacker with Enterprise Administrator access to the GitHub Enterprise Server instance could escalate privileges to SSH root access. This is achieved by exploiting the pre-receive hook environment to bypass symlink checks in the `ghe-firejail` path and execute malicious scripts. GitHub has requested CVE ID [CVE-2024-10007](https://www.cve.org/cverecord?id=CVE-2024-10007) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2024-11-07] + bugs: + - | + When saving settings in the Management Console, the configuration run would stop if the `enterprise-manage` process was restarted. + - | + On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server. + - | + A repeated error message concerning connectivity to port 6002 was emitted to the system logs when GitHub Actions was enabled. + - | + The initial setup certificate generation in AWS took longer than expected due to fallback to private IPs. The time for this fallback has been reduced. + - | + The `ghe-support-bundle` generation would fail when the `aqueduct-lite` service is down. + - | + If the primary instance was unreachable, running `ghe-repl-stop --force` on a replica would fail during the config apply run. + - | + Administrators in the SCIM private beta (versions < 3.14) that decided to upgrade their private beta appliance see an incorrectly checked box in the "SCIM Configuration" section of the Enterprise settings authentication security page in 3.14. + - | + Certain URLs may have caused a 500 error on instances that use the mandatory message feature logging. + - | + When restoring from a backup, repositories that had been deleted in the last 90 days were not completely restored. + - | + For instances that use secret scanning, custom messages for push protection set by the enterprise did not display to users. + - | + Restoring Git repositories using `backup-utils` occasionally failed. + - | + Enterprise installations experienced unpredictable repository search results due to the default 4,000 repository limit. A relaxed repository filter mode, which includes all single-tenant organization repositories and bypasses the limit, has been introduced. Administrators can enable this mode using `ghe-config app.github.enterprise-repo-search-filter-enabled true && ghe-config-apply`. + - | + Running `config-apply` became stuck under certain circumstances due to a misconfiguration with Packages and Elasticsearch. + - | + Audit log events for secret scanning alerts incorrectly displayed a blank secret type when generated for a custom pattern. + - | + Some customers upgrading to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + changes: + - | + When connecting to an appliance via SSH, a notification about upcoming root disk changes displays. + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Repositories originally imported using `ghe-migrator` will not correctly track GitHub Advanced Security contributions. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a `config apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 appliance onto a 3.13 appliance, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/reusables/actions/action-labeler.md b/data/reusables/actions/action-labeler.md deleted file mode 100644 index 70949f797ca8..000000000000 --- a/data/reusables/actions/action-labeler.md +++ /dev/null @@ -1 +0,0 @@ -actions/labeler@v4 diff --git a/data/reusables/actions/actions-audit-events-for-enterprise.md b/data/reusables/actions/actions-audit-events-for-enterprise.md deleted file mode 100644 index d9b1df933f1f..000000000000 --- a/data/reusables/actions/actions-audit-events-for-enterprise.md +++ /dev/null @@ -1,15 +0,0 @@ -| Action | Description | -|------------------|-------------------| -| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. | -| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." | -| `runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-self-hosted-runner-groups)." | -| `runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)." | -| `runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group. | -| `runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)." | -| `runner_group_runners_updated` | Triggered when a runner group's list of members is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)." | -| `runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." | -| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)." | -| {% ifversion fpt or ghec %} | -| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." | -| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." | -| {% endif %} | diff --git a/data/reusables/actions/actions-audit-events-workflow.md b/data/reusables/actions/actions-audit-events-workflow.md deleted file mode 100644 index 672e28f096e9..000000000000 --- a/data/reusables/actions/actions-audit-events-workflow.md +++ /dev/null @@ -1,12 +0,0 @@ -| Action | Description -|------------------|------------------- -| `cancel_workflow_run` | Triggered when a workflow run has been cancelled. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/canceling-a-workflow)." -| `completed_workflow_run` | Triggered when a workflow status changes to `completed`. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." -| `created_workflow_run` | Triggered when a workflow run is created. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow)." -| `delete_workflow_run` | Triggered when a workflow run is deleted. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/deleting-a-workflow-run)." -| `disable_workflow` | Triggered when a workflow is disabled. -| `enable_workflow` | Triggered when a workflow is enabled, after previously being disabled by `disable_workflow`. -| `rerun_workflow_run` | Triggered when a workflow run is re-run. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs)." -| `prepared_workflow_job` | Triggered when a workflow job is started. Includes the list of secrets that were provided to the job. Can only be viewed using the REST API. It is not visible in the {% data variables.product.prodname_dotcom %} web interface or included in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows)." -| `approve_workflow_job` | Triggered when a workflow job has been approved. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)." -| `reject_workflow_job` | Triggered when a workflow job has been rejected. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)." diff --git a/data/reusables/actions/azure-vnet-creating-network-configuration-prereqs.md b/data/reusables/actions/azure-vnet-creating-network-configuration-prereqs.md index 1219ce3cebdd..c46bb0dee1af 100644 --- a/data/reusables/actions/azure-vnet-creating-network-configuration-prereqs.md +++ b/data/reusables/actions/azure-vnet-creating-network-configuration-prereqs.md @@ -1,4 +1,4 @@ -After configuring your Azure resources, you can use an Azure Virtual Network (VNET) for private networking by creating a network configuration{% ifversion ghec%} at the enterprise or organization level{% else %} at the organization level{% endif %}. Then, you can associate that network configuration to runner groups. For more information about runner groups, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners)." +After configuring your Azure resources, you can use an Azure Virtual Network (VNET) for private networking by creating a network configuration{% ifversion ghec %} at the enterprise or organization level{% else %} at the organization level{% endif %}. Then, you can associate that network configuration to runner groups. For more information about runner groups, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners)." Once the network configuration is associated with a runner group, all runners in that group will have access to the Azure VNET that has been connected to the underlying configuration. diff --git a/data/reusables/actions/azure-vnet-procedures-prereqs.md b/data/reusables/actions/azure-vnet-procedures-prereqs.md index 7e28bf968dca..dab8e707744c 100644 --- a/data/reusables/actions/azure-vnet-procedures-prereqs.md +++ b/data/reusables/actions/azure-vnet-procedures-prereqs.md @@ -135,9 +135,18 @@ You will use a script to automate configuring your Azure resources. direction: 'Outbound' destinationAddressPrefixes: [ '140.82.112.0/20' + '140.82.112.33/32' + '140.82.112.34/32' + '140.82.113.33/32' + '140.82.113.34/32' + '140.82.114.33/32' + '140.82.114.34/32' + '140.82.121.33/32' + '140.82.121.34/32' '143.55.64.0/20' '185.199.108.0/22' '192.30.252.0/22' + '192.30.255.164/31' '20.175.192.146/32' '20.175.192.147/32' '20.175.192.149/32' @@ -166,6 +175,7 @@ You will use a script to automate configuring your Azure resources. '20.207.73.85/32' '20.207.73.86/32' '20.207.73.88/32' + '20.217.135.1/32' '20.233.83.145/32' '20.233.83.146/32' '20.233.83.147/32' @@ -178,6 +188,7 @@ You will use a script to automate configuring your Azure resources. '20.248.137.55/32' '20.26.156.215/32' '20.26.156.216/32' + '20.26.156.211/32' '20.27.177.113/32' '20.27.177.114/32' '20.27.177.116/32' @@ -198,6 +209,8 @@ You will use a script to automate configuring your Azure resources. '4.208.26.198/32' '4.208.26.199/32' '4.208.26.200/32' + '4.225.11.196/32' + '4.237.22.32/32' ] } } diff --git a/data/reusables/actions/cache-no-org-policy.md b/data/reusables/actions/cache-no-org-policy.md deleted file mode 100644 index b1d6e1882389..000000000000 --- a/data/reusables/actions/cache-no-org-policy.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** Unlike other {% data variables.product.prodname_actions %} policy settings, there is no organization-level policy for setting the {% data variables.product.prodname_actions %} cache size. The enterprise policy is applied directly to repositories. - -{% endnote %} diff --git a/data/reusables/actions/caching-availability.md b/data/reusables/actions/caching-availability.md deleted file mode 100644 index 01505ee350e9..000000000000 --- a/data/reusables/actions/caching-availability.md +++ /dev/null @@ -1,5 +0,0 @@ -{% ifversion ghes %} - -{% data variables.product.prodname_actions %} caching is only available for repositories hosted on {% data variables.product.prodname_ghe_server %} 3.5 and later. For more information, see "[Caching dependencies to speed up workflows](/actions/guides/caching-dependencies-to-speed-up-workflows)." - -{% endif %} diff --git a/data/reusables/actions/checkout-action-table-entry.md b/data/reusables/actions/checkout-action-table-entry.md deleted file mode 100644 index c0174916b058..000000000000 --- a/data/reusables/actions/checkout-action-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Cloning your repository to the runner | [`actions/checkout`](https://github.com/actions/checkout)| diff --git a/data/reusables/actions/concurrency-table-entry.md b/data/reusables/actions/concurrency-table-entry.md deleted file mode 100644 index 87a692b30caf..000000000000 --- a/data/reusables/actions/concurrency-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Controlling how many workflow runs or jobs can run at the same time | [`concurrency`](/actions/using-jobs/using-concurrency)| diff --git a/data/reusables/actions/configure-runner-group-access.md b/data/reusables/actions/configure-runner-group-access.md deleted file mode 100644 index 378fbb5edffd..000000000000 --- a/data/reusables/actions/configure-runner-group-access.md +++ /dev/null @@ -1,9 +0,0 @@ - {% warning %} - - **Warning** - - {% data reusables.actions.self-hosted-runner-security %} - - For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - - {% endwarning %} diff --git a/data/reusables/actions/cron-table-entry.md b/data/reusables/actions/cron-table-entry.md deleted file mode 100644 index e005e4489f39..000000000000 --- a/data/reusables/actions/cron-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Running a workflow at regular intervals | [`schedule`](/actions/using-workflows/events-that-trigger-workflows#schedule) | diff --git a/data/reusables/actions/deployment-history-beta-note.md b/data/reusables/actions/deployment-history-beta-note.md deleted file mode 100644 index 3e0c96320f7e..000000000000 --- a/data/reusables/actions/deployment-history-beta-note.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** Deployment history is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} diff --git a/data/reusables/actions/example-diagram-intro.md b/data/reusables/actions/example-diagram-intro.md deleted file mode 100644 index d184565bd995..000000000000 --- a/data/reusables/actions/example-diagram-intro.md +++ /dev/null @@ -1 +0,0 @@ -The following diagram shows a high level view of the workflow's steps and how they run within the job: diff --git a/data/reusables/actions/example-docs-engineering-intro.md b/data/reusables/actions/example-docs-engineering-intro.md deleted file mode 100644 index 2002e31cdc90..000000000000 --- a/data/reusables/actions/example-docs-engineering-intro.md +++ /dev/null @@ -1 +0,0 @@ -The following workflow was created by the {% data variables.product.prodname_dotcom %} Docs Engineering team. To review the latest version of this file in the [`github/docs`](https://github.com/github/docs) repository, see diff --git a/data/reusables/actions/example-explanation-table-intro.md b/data/reusables/actions/example-explanation-table-intro.md deleted file mode 100644 index f9020476a6a2..000000000000 --- a/data/reusables/actions/example-explanation-table-intro.md +++ /dev/null @@ -1 +0,0 @@ -The following table explains how each of these features are used when creating a {% data variables.product.prodname_actions %} workflow. diff --git a/data/reusables/actions/example-github-runner-comment.md b/data/reusables/actions/example-github-runner-comment.md deleted file mode 100644 index f70760340e5f..000000000000 --- a/data/reusables/actions/example-github-runner-comment.md +++ /dev/null @@ -1,8 +0,0 @@ -# -# You can run this workflow using a different operating systems. -# -# The workflow template configures jobs to run on Linux, using the {% data variables.product.prodname_dotcom %}-hosted `ubuntu-latest` runners. You can change the `runs-on` key to run your jobs on a different operating system. -# -# For example, you can use the {% data variables.product.prodname_dotcom %}-hosted Windows runners by specifying `runs-on: windows-latest`. Or, you can run on the {% data variables.product.prodname_dotcom %}-hosted macOS runners using `runs-on: macos-latest`. -# -# You can also run jobs in Docker containers, or you can provide a self-hosted runner that runs on your own infrastructure. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on)." diff --git a/data/reusables/actions/example-table-intro.md b/data/reusables/actions/example-table-intro.md deleted file mode 100644 index daec53fdb231..000000000000 --- a/data/reusables/actions/example-table-intro.md +++ /dev/null @@ -1 +0,0 @@ -The example workflow demonstrates the following capabilities of {% data variables.product.prodname_actions %}. diff --git a/data/reusables/actions/example-workflow-intro-ci.md b/data/reusables/actions/example-workflow-intro-ci.md deleted file mode 100644 index 32acc9841f9b..000000000000 --- a/data/reusables/actions/example-workflow-intro-ci.md +++ /dev/null @@ -1 +0,0 @@ -This article uses an example workflow to demonstrate some of the main CI features of {% data variables.product.prodname_actions %}. diff --git a/data/reusables/actions/explanation-name-key.md b/data/reusables/actions/explanation-name-key.md deleted file mode 100644 index dd0bc7ebd852..000000000000 --- a/data/reusables/actions/explanation-name-key.md +++ /dev/null @@ -1 +0,0 @@ -This defines the name of the workflow as it will appear in the "Actions" tab of the {% data variables.product.prodname_dotcom %} repository. diff --git a/data/reusables/actions/hardware-requirements-3.4.md b/data/reusables/actions/hardware-requirements-3.4.md deleted file mode 100644 index 6039bac74104..000000000000 --- a/data/reusables/actions/hardware-requirements-3.4.md +++ /dev/null @@ -1,8 +0,0 @@ -| vCPUs | Memory | Maximum Concurrency | -| :---| :--- | :--- | -| 8 | 64 GB | 300 jobs | -| 16 | 128 GB | 700 jobs | -| 32 | 160 GB | 1500 jobs | -| 64 | 256 GB | 2500 jobs | -| 96 | 384 GB | 4500 jobs | -| 128 | 550 GB | 5000 jobs | diff --git a/data/reusables/actions/hardware-requirements-3.5.md b/data/reusables/actions/hardware-requirements-3.5.md deleted file mode 100644 index a9089041569b..000000000000 --- a/data/reusables/actions/hardware-requirements-3.5.md +++ /dev/null @@ -1,7 +0,0 @@ -| vCPUs | Memory | Maximum Concurrency | -| :---| :--- | :--- | -| 8 | 64 GB | 740 jobs | -| 16 | 128 GB | 1250 jobs | -| 32 | 160 GB | 2700 jobs | -| 64 | 256 GB | 4500 jobs | -| 96 | 384 GB | 7000 jobs | diff --git a/data/reusables/actions/if-conditions-table-entry.md b/data/reusables/actions/if-conditions-table-entry.md deleted file mode 100644 index 695597b48f18..000000000000 --- a/data/reusables/actions/if-conditions-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Preventing a job from running unless specific conditions are met | [`if`](/actions/using-jobs/using-conditions-to-control-job-execution)| diff --git a/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md b/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md deleted file mode 100644 index 4144e65915e5..000000000000 --- a/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md +++ /dev/null @@ -1,154 +0,0 @@ -Use `jobs..runs-on` to define the type of machine to run the job on. - -{% ifversion fpt or ghec %}- The destination machine can be either a [{% data variables.product.prodname_dotcom %}-hosted runner](#choosing-github-hosted-runners), [{% data variables.actions.hosted_runner %}](#choosing-runners-in-a-group), or a [self-hosted runner](#choosing-self-hosted-runners).{% else %} -* The destination machine can be a [self-hosted runner](#choosing-self-hosted-runners).{% endif %} -{% ifversion target-runner-groups %}- You can target runners based on the labels assigned to them, or their group membership, or a combination of these.{% else %} -* You can target runners based on the labels assigned to them.{% endif %} -* You can provide `runs-on` as: - * A single string - * A single variable containing a string - * An array of strings, variables containing strings, or a combination of both - * A `key: value` pair using the `group` or `labels` keys -* If you specify an array of strings or variables, your workflow will execute on any runner that matches all of the specified `runs-on` values. For example, here the job will only run on a self-hosted runner that has the labels `linux`, `x64`, and `gpu`: - - ```yaml - runs-on: [self-hosted, linux, x64, gpu] - ``` - - For more information, see "[Choosing self-hosted runners](#choosing-self-hosted-runners)." -* You can mix strings and variables in an array. For example: - - {% raw %} - - ```yaml - on: - workflow_dispatch: - inputs: - chosen-os: - required: true - type: choice - options: - - Ubuntu - - macOS - - jobs: - test: - runs-on: [self-hosted, "${{ inputs.chosen-os }}"] - steps: - - run: echo Hello world! - ``` - - {% endraw %} - -* If you would like to run your workflow on multiple machines, use [`jobs..strategy`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategy). - -{% note %} - -**Note:** Quotation marks are not required around simple strings like `self-hosted`, but they are required for expressions like {% raw %} `"${{ inputs.chosen-os }}"`{% endraw %}. - -{% endnote %} - -{% data reusables.actions.enterprise-github-hosted-runners %} - -### Choosing {% data variables.product.prodname_dotcom %}-hosted runners - -If you use a {% data variables.product.prodname_dotcom %}-hosted runner, each job runs in a fresh instance of a runner image specified by `runs-on`. - -Available {% data variables.product.prodname_dotcom %}-hosted runner labels are: - -
    - - - - - - - - - - - - - - - - - - - - -
    OS (YAML workflow label)Notes
    -ubuntu-latest,ubuntu-24.04, ubuntu-22.04, ubuntu-20.04 - -The ubuntu-latest label currently uses the Ubuntu 24.04 runner image. -
    -windows-latest, windows-2022, windows-2019 - -The windows-latest label currently uses the Windows 2022 runner image. -
    -macos-latest, macos-15 [{% data variables.release-phases.public_preview_caps %}], macos-14, macos-13, macos-12 - -The macos-latest workflow label currently uses the macOS 14 runner image. -
    - -For more information about {% data variables.product.prodname_dotcom %}-hosted runner specifications, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)." - -{% note %} - -**Note:** The `-latest` runner images are the latest stable images that {% data variables.product.prodname_dotcom %} provides, and might not be the most recent version of the operating system available from the operating system vendor. - -{% endnote %} - -{% warning %} - -**Warning:** Beta and Deprecated Images are provided "as-is", "with all faults" and "as available" and are excluded from the service level agreement and warranty. Beta Images may not be covered by customer support. - -{% endwarning %} - -#### Example: Specifying an operating system - -```yaml -runs-on: ubuntu-latest -``` - -For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners)." - -### Choosing self-hosted runners - -{% data reusables.actions.self-hosted-runner-labels-runs-on %} - -#### Example: Using labels for runner selection - -```yaml -runs-on: [self-hosted, linux] -``` - -For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-self-hosted-runners-in-a-workflow)." - -{% ifversion target-runner-groups %} - -### Choosing runners in a group - -You can use `runs-on` to target runner groups, so that the job will execute on any runner that is a member of that group. For more granular control, you can also combine runner groups with labels. - -{% ifversion fpt or ghec %} -Runner groups can only have [{% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners) or [self-hosted runners](/actions/hosting-your-own-runners) as members. -{% endif %} - -#### Example: Using groups to control where jobs are run - -{% data reusables.actions.jobs.example-runs-on-groups %} - -#### Example: Combining groups and labels - -{% data reusables.actions.jobs.example-runs-on-labels-and-groups %} - -{% ifversion ghec or ghes %} - -#### Example: using prefixes to differentiate runner groups - -{% data reusables.actions.using-prefixes-to-differentiate-runner-groups %} - -{% endif %} - -{% endif %} diff --git a/data/reusables/actions/learning-actions.md b/data/reusables/actions/learning-actions.md deleted file mode 100644 index 634553d97b59..000000000000 --- a/data/reusables/actions/learning-actions.md +++ /dev/null @@ -1,4 +0,0 @@ - -* To learn about {% data variables.product.prodname_actions %} concepts, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)." -* For more step-by-step guide for creating a basic workflow, see "[AUTOTITLE](/actions/quickstart)." -* If you're comfortable with the basics of {% data variables.product.prodname_actions %}, you can learn about workflows and their features at "[AUTOTITLE](/actions/using-workflows/about-workflows)." diff --git a/data/reusables/actions/pass-inputs-to-reusable-workflows.md b/data/reusables/actions/pass-inputs-to-reusable-workflows.md index 24f46a35ae89..d862981d9168 100644 --- a/data/reusables/actions/pass-inputs-to-reusable-workflows.md +++ b/data/reusables/actions/pass-inputs-to-reusable-workflows.md @@ -30,4 +30,4 @@ jobs: {% endraw %} -{%endif%} +{% endif %} diff --git a/data/reusables/actions/permissions-table-entry.md b/data/reusables/actions/permissions-table-entry.md deleted file mode 100644 index 44630f5c4f1d..000000000000 --- a/data/reusables/actions/permissions-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Setting permissions for the token | [`permissions`](/actions/using-jobs/assigning-permissions-to-jobs)| diff --git a/data/reusables/actions/pull-request-table-entry.md b/data/reusables/actions/pull-request-table-entry.md deleted file mode 100644 index 795a76af1a1d..000000000000 --- a/data/reusables/actions/pull-request-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Triggering a workflow to run automatically | [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request) | diff --git a/data/reusables/actions/push-table-entry.md b/data/reusables/actions/push-table-entry.md deleted file mode 100644 index a352f1d711e3..000000000000 --- a/data/reusables/actions/push-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Triggering a workflow to run automatically | [`push`](/actions/using-workflows/events-that-trigger-workflows#push) | diff --git a/data/reusables/actions/secrets-table-entry.md b/data/reusables/actions/secrets-table-entry.md deleted file mode 100644 index 43f78ea5dff5..000000000000 --- a/data/reusables/actions/secrets-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Referencing secrets in a workflow | [Secrets](/actions/security-guides/using-secrets-in-github-actions)| diff --git a/data/reusables/actions/self-hosted-runner-navigate-to-org-enterprise.md b/data/reusables/actions/self-hosted-runner-navigate-to-org-enterprise.md deleted file mode 100644 index 1fcca8d7fffa..000000000000 --- a/data/reusables/actions/self-hosted-runner-navigate-to-org-enterprise.md +++ /dev/null @@ -1,20 +0,0 @@ -{% ifversion fpt %} -1. Navigate to the main page of the organization where your self-hosted runner is registered. -1. Click {% octicon "gear" aria-label="The Settings gear" %} **Settings**. -{% data reusables.organizations.settings-sidebar-actions-runners %} -{% elsif ghec or ghes %} -1. Navigate to where your runner is registered: - * **In an organization**: navigate to the main page and click {% octicon "gear" aria-label="The Settings gear" %} **Settings**. - * **If using an enterprise-level runner**: - -{% indented_data_reference reusables.enterprise-accounts.access-enterprise spaces=5 %} -1. Navigate to the {% data variables.product.prodname_actions %} settings: - * **In an organization**: - -{% indented_data_reference reusables.actions.settings-ui.settings-actions-runners spaces=5 %} - * **If using an enterprise-level runner**: - -{% indented_data_reference reusables.enterprise-accounts.policies-tab spaces=5 %} -{% indented_data_reference reusables.enterprise-accounts.actions-tab spaces=5 %} -{% indented_data_reference reusables.enterprise-accounts.actions-runners-tab spaces=5 %} -{% endif %} diff --git a/data/reusables/actions/self-hosted-runners-software.md b/data/reusables/actions/self-hosted-runners-software.md deleted file mode 100644 index c52d49aca7aa..000000000000 --- a/data/reusables/actions/self-hosted-runners-software.md +++ /dev/null @@ -1 +0,0 @@ -You must install the required software on your self-hosted runners. For more information about self-hosted runners, see "[AUTOTITLE](/actions/hosting-your-own-runners)." diff --git a/data/reusables/actions/setup-node-table-entry.md b/data/reusables/actions/setup-node-table-entry.md deleted file mode 100644 index 39341c802272..000000000000 --- a/data/reusables/actions/setup-node-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Installing `node` on the runner | [`actions/setup-node`](https://github.com/actions/setup-node) | diff --git a/data/reusables/actions/viewing-actions-metrics.md b/data/reusables/actions/viewing-actions-metrics.md index a1e13fd9fad2..a54bf32f5018 100644 --- a/data/reusables/actions/viewing-actions-metrics.md +++ b/data/reusables/actions/viewing-actions-metrics.md @@ -2,10 +2,10 @@ 1. Optionally, to select a time period to view usage metrics for, choose an option from the **Period** drop down menu at the top right of the page. For more information, see "[Understanding {% data variables.product.prodname_actions %} metrics aggregation](#understanding-github-actions-metrics-aggregation)." 1. Click on the tab that contains the metrics you would like to view. For more information, see "[About {% data variables.product.prodname_actions %} usage metrics](#about-github-actions-usage-metrics) or "[About {% data variables.product.prodname_actions %} performance metrics](#about-github-actions-performance-metrics)." 1. Optionally, to filter the data displayed in a tab, create a filter. - 1. Click on the **{% octicon "filter" aria-hidden="true" %} Filter** button. - 1. Click **{% octicon "plus" aria-hidden="true" %} Add a filter**. + 1. Click on the **{% octicon "filter" aria-hidden="true" %} Filter** button. + 1. Click **{% octicon "plus" aria-hidden="true" %} Add a filter**. 1. Choose a metric you would like to filter results by. 1. Depending on the metric you chose, fill out information in the "Qualifier," "Operator," and "Value" columns. - 1. Optionally, click **{% octicon "plus" aria-hidden="true" %} Add a filter** to add another filter. + 1. Optionally, click **{% octicon "plus" aria-hidden="true" %} Add a filter** to add another filter. 1. Click **Apply**. 1. Optionally, to download usage metrics to a CSV file, click {% octicon "download" aria-label="Download report" %}. diff --git a/data/reusables/actions/workflow-dispatch-table-entry.md b/data/reusables/actions/workflow-dispatch-table-entry.md deleted file mode 100644 index 66566718583e..000000000000 --- a/data/reusables/actions/workflow-dispatch-table-entry.md +++ /dev/null @@ -1 +0,0 @@ -| Manually running a workflow from the UI | [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)| diff --git a/data/reusables/actions/workflow-run-approve-public-fork.md b/data/reusables/actions/workflow-run-approve-public-fork.md index 543e1d2e1948..cbf9a90fef85 100644 --- a/data/reusables/actions/workflow-run-approve-public-fork.md +++ b/data/reusables/actions/workflow-run-approve-public-fork.md @@ -1,9 +1,12 @@ Anyone can fork a public repository, and then submit a pull request that proposes changes to the repository's {% data variables.product.prodname_actions %} workflows. Although workflows from forks do not have access to sensitive data such as secrets, they can be an annoyance for maintainers if they are modified for abusive purposes. -To help prevent this, workflows on pull requests to public repositories from some outside contributors will not run automatically, and might need to be approved first. By default, all first-time contributors require approval to run workflows. +To help prevent this, workflows on pull requests to public repositories from some outside contributors will not run automatically, and might need to be approved first. Depending on the "Approval for running fork pull request workflows from contributors" setting, workflows on pull requests to public repositories will not run automatically and may need approval if: -{% note %} +* The pull request is **created by** a user that requires approvals based on the selected policy. +* The pull request event is **triggered by** a user that requires approvals based on the selected policy. -**Note:** Workflows triggered by `pull_request_target` events are run in the context of the base branch. Since the base branch is considered trusted, workflows triggered by these events will always run, regardless of approval settings. For more information about the `pull_request_target` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)." +By default, all first-time contributors require approval to run workflows. -{% endnote %} +Workflows triggered by `pull_request_target` events are run in the context of the base branch. Since the base branch is considered trusted, workflows triggered by these events will always run, regardless of approval settings. For more information about the `pull_request_target` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)." + +>[!WARNING] These workflow approval policies are intended to restrict the set of users that can execute workflows in {% data variables.product.prodname_actions %} runners that could lead to unexpected resource and compute consumption when using {% data variables.product.prodname_dotcom %}-hosted runners. If you are using self-hosted runners, potentially malicious user-controlled workflow code will execute automatically if the user is allowed to bypass approval in the set approval policy or if the pull request is approved. You must consider the risk of executing this code in your infrastructure and should review and follow the self-hosted runner security recommendations regardless of the approval settings utilized. See "[AUTOTITLE](/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." diff --git a/data/reusables/actions/workflows-from-public-fork-setting.md b/data/reusables/actions/workflows-from-public-fork-setting.md index 6d8fea6f620f..c4fd50cbe560 100644 --- a/data/reusables/actions/workflows-from-public-fork-setting.md +++ b/data/reusables/actions/workflows-from-public-fork-setting.md @@ -1,7 +1,9 @@ -1. Under **Fork pull request workflows from outside collaborators**, choose one of the options. +1. Under **Approval for running fork pull request workflows from contributors**, choose which subset of users will require approval before running workflows on their pull requests. Both the pull request author and the actor of the pull request event triggering the workflow will be checked to determine if approval is required. If approval is required, a user with write access to the repository must approve the pull request workflow to be run. See "[AUTOTITLE](/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks)." - * **Require approval for first-time contributors who are new to {% data variables.product.prodname_dotcom %}**. This option requires approval to run workflows for users who have never committed to the repository and have new {% data variables.product.prodname_dotcom %} accounts. - * **Require approval for first-time contributors**. This option requires approval to run workflows for users who have never committed to the repository. - * **Require approval for all outside collaborators**. This option requires approval to run workflows for all users who are not repository collaborators. If the repository is owned by an organization, this option requires approval to run workflows for all repository collaborators who are not organization members. + >[!WARNING] When requiring approvals only for first-time contributors (the first two settings), a user that has had any commit or pull request merged into the repository will not require approval. A malicious user could meet this requirement by getting a simple typo or other innocuous change accepted by a maintainer, either as part of a pull request they have authored or as part of another user's pull request. + + * **Require approval for first-time contributors who are new to {% data variables.product.prodname_dotcom %}**. Only users who are both new on {% data variables.product.prodname_dotcom %} and who have never had a commit or pull request merged into this repository will require approval to run workflows. + * **Require approval for first-time contributors**. Only users who have never had a commit or pull request merged into this repository will require approval to run workflows. + * **Require approval for all external contributors** All users that are not a member or owner of this repository and not a member of the organization will require approval to run workflows. 1. Click **Save** to apply the settings. diff --git a/data/reusables/actions/workflows/setup-java-step-explainer.md b/data/reusables/actions/workflows/setup-java-step-explainer.md deleted file mode 100644 index 25aa3b588f23..000000000000 --- a/data/reusables/actions/workflows/setup-java-step-explainer.md +++ /dev/null @@ -1 +0,0 @@ -# This step uses the `actions/setup-java` action to configure the Eclipse Temurin (Java) 17 JDK by Eclipse Adoptium. diff --git a/data/reusables/actions/workflows/starter-workflows.md b/data/reusables/actions/workflows/starter-workflows.md deleted file mode 100644 index 4bbfe889d584..000000000000 --- a/data/reusables/actions/workflows/starter-workflows.md +++ /dev/null @@ -1 +0,0 @@ -The default workflow templates are excellent starting points when creating your build and test workflow, and you can customize the workflow template to suit your project’s needs. diff --git a/data/reusables/actions/workflows/workflow-checkout-step-explainer.md b/data/reusables/actions/workflows/workflow-checkout-step-explainer.md deleted file mode 100644 index e3bb696346a2..000000000000 --- a/data/reusables/actions/workflows/workflow-checkout-step-explainer.md +++ /dev/null @@ -1 +0,0 @@ -# This step uses the `actions/checkout` action to download a copy of your repository on the runner. diff --git a/data/reusables/advanced-security/more-info-ghas-secret-scanning.md b/data/reusables/advanced-security/more-info-ghas-secret-scanning.md deleted file mode 100644 index 4b9b230a89ac..000000000000 --- a/data/reusables/advanced-security/more-info-ghas-secret-scanning.md +++ /dev/null @@ -1 +0,0 @@ -For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts)"{% elsif ghes %}"[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-secret-scanning-alerts)"{% endif %} and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." diff --git a/data/reusables/advanced-security/more-information-about-enforcement-policy.md b/data/reusables/advanced-security/more-information-about-enforcement-policy.md deleted file mode 100644 index d830fa020542..000000000000 --- a/data/reusables/advanced-security/more-information-about-enforcement-policy.md +++ /dev/null @@ -1 +0,0 @@ -For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)." diff --git a/data/reusables/advanced-security/secret-scanning-push-protection-enterprise.md b/data/reusables/advanced-security/secret-scanning-push-protection-enterprise.md deleted file mode 100644 index f6dd3e3c1f58..000000000000 --- a/data/reusables/advanced-security/secret-scanning-push-protection-enterprise.md +++ /dev/null @@ -1,8 +0,0 @@ -1. Under "{% data variables.product.prodname_secret_scanning_caps %}", under "Push protection", click **Enable all**. - - ![Screenshot of the "Push protection" section of the "Code security and analysis" page. Two buttons, labeled "Enable all" and "Disable all", are highlighted with a dark orange outline.](/assets/images/enterprise/security/secret-scanning-enable-push-protection-enterprise.png) - -1. Optionally, click **Automatically enable for repositories added to {% data variables.product.prodname_secret_scanning %}**.{% ifversion secret-scanning-custom-link-on-block %} -1. Optionally, to include a custom link in the message that members will see when they attempt to push a secret, click **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**. - - ![Screenshot of the "Push protection" section of the "Code security and analysis" page. The "Add a resource link in the CLI and web UI when a commit is blocked" checkbox and the custom link text field are highlighted with a dark orange outline.](/assets/images/help/organizations/secret-scanning-custom-link.png){% endif %} diff --git a/data/reusables/advanced-security/secret-scanning-push-protection-org.md b/data/reusables/advanced-security/secret-scanning-push-protection-org.md deleted file mode 100644 index 4f0cfee98d10..000000000000 --- a/data/reusables/advanced-security/secret-scanning-push-protection-org.md +++ /dev/null @@ -1,5 +0,0 @@ -1. Under "{% data variables.product.prodname_secret_scanning_caps %}", under "Push protection", click **Enable all**. -1. Optionally, click **Automatically enable for repositories added to {% data variables.product.prodname_secret_scanning %}**.{% ifversion push-protection-custom-link-orgs %} -1. Optionally, to include a custom link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**. - - ![Screenshot of the "Push protection" section of the "Code security and analysis" page. The "Add a resource link in the CLI and web UI when a commit is blocked" checkbox and the custom link text field are highlighted with a dark orange outline.](/assets/images/help/organizations/secret-scanning-custom-link.png){% endif %} diff --git a/data/reusables/advisory-database/beta-malware-advisories.md b/data/reusables/advisory-database/beta-malware-advisories.md deleted file mode 100644 index 404bf9496001..000000000000 --- a/data/reusables/advisory-database/beta-malware-advisories.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** Advisories for malware are currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} diff --git a/data/reusables/apps/user-to-server-rate-limits.md b/data/reusables/apps/user-to-server-rate-limits.md deleted file mode 100644 index bc8f15d606d1..000000000000 --- a/data/reusables/apps/user-to-server-rate-limits.md +++ /dev/null @@ -1 +0,0 @@ -{% ifversion ghes %}By default, user access token{% else %}User access token{% endif %} requests are limited to 5,000 requests per hour and per authenticated user. All requests from {% data variables.product.prodname_oauth_apps %} authorized by a user or a {% data variables.product.pat_generic %} owned by the user, and requests authenticated with any of the user's authentication credentials, share the same quota of 5,000 requests per hour for that user. diff --git a/data/reusables/audit_log/audit-log-events-workflows.md b/data/reusables/audit_log/audit-log-events-workflows.md deleted file mode 100644 index ab6f25c660e8..000000000000 --- a/data/reusables/audit_log/audit-log-events-workflows.md +++ /dev/null @@ -1,12 +0,0 @@ -| Action | Description -|--------|------------ -| `workflows.approve_workflow_job` | A workflow job was approved. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)." -| `workflows.cancel_workflow_run` | A workflow run was cancelled. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/canceling-a-workflow)." -| `workflows.delete_workflow_run` | A workflow run was deleted. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/deleting-a-workflow-run)." -| `workflows.disable_workflow` | A workflow was disabled. -| `workflows.enable_workflow` | A workflow was enabled, after previously being disabled by `disable_workflow`. -| `workflows.reject_workflow_job` | A workflow job was rejected. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)." -| `workflows.rerun_workflow_run` | A workflow run was re-run. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs)." -| `workflows.completed_workflow_run` | A workflow status changed to `completed`. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." -| `workflows.created_workflow_run` | A workflow run was created. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow)." -| `workflows.prepared_workflow_job` | A workflow job was started. Includes the list of secrets that were provided to the job. Can only be viewed using the REST API. It is not visible in the {% data variables.product.prodname_dotcom %} web interface or included in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows)." diff --git a/data/reusables/billing/us-sales-tax-note.md b/data/reusables/billing/us-sales-tax-note.md deleted file mode 100644 index 72d316c11c3f..000000000000 --- a/data/reusables/billing/us-sales-tax-note.md +++ /dev/null @@ -1,3 +0,0 @@ ->[!IMPORTANT] Starting August 19th, 2024, {% data variables.product.company_short %} will begin collecting state-mandated sales tax, where and when applicable, from paying customers in the United States to align with industry standard regulatory practices. All United States customers are required to update payment information (specifically your address) to ensure the correct sales tax amount is assessed. If you are a paying customer, there will be a tax line on your receipt that provides a breakdown of the applicable taxes for the {% data variables.product.company_short %} products and services you have purchased. -> ->You will need to ensure that all required address fields are filled out in your billing information to calculate the correct sales tax. diff --git a/data/reusables/billing/us-sales-tax.md b/data/reusables/billing/us-sales-tax.md new file mode 100644 index 000000000000..c433a548d9ab --- /dev/null +++ b/data/reusables/billing/us-sales-tax.md @@ -0,0 +1 @@ +If you're a customer in the United States and you're exempt from sales tax, you will need to upload a sales tax exemption certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)." diff --git a/data/reusables/code-scanning/autobuild-compiled-languages.md b/data/reusables/code-scanning/autobuild-compiled-languages.md deleted file mode 100644 index efd028d5e909..000000000000 --- a/data/reusables/code-scanning/autobuild-compiled-languages.md +++ /dev/null @@ -1 +0,0 @@ -If you enable default setup, the `autobuild` build mode will be used to build compiled languages, as part of your automatically configured {% data variables.code-scanning.codeql_workflow %}. If you enable advanced setup, the basic {% data variables.code-scanning.codeql_workflow %} uses the `autobuild` build mode. Alternatively, you can change the build mode for your compiled languages to `manual` and instead specify explicit build commands to analyze only the files that are built by these custom commands. diff --git a/data/reusables/code-scanning/codeql-context-for-actions-and-third-party-tools.md b/data/reusables/code-scanning/codeql-context-for-actions-and-third-party-tools.md deleted file mode 100644 index 1c3462d0426a..000000000000 --- a/data/reusables/code-scanning/codeql-context-for-actions-and-third-party-tools.md +++ /dev/null @@ -1 +0,0 @@ -You can run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %} using {% data variables.product.prodname_actions %}. Alternatively, if you use a third-party continuous integration or continuous delivery/deployment (CI/CD) system, you can run {% data variables.product.prodname_codeql %} analysis in your existing system and upload the results to {% data variables.product.github %}. diff --git a/data/reusables/code-scanning/codeql-query-tables/ruby.md b/data/reusables/code-scanning/codeql-query-tables/ruby.md index 02485583481a..df4a039d0234 100644 --- a/data/reusables/code-scanning/codeql-query-tables/ruby.md +++ b/data/reusables/code-scanning/codeql-query-tables/ruby.md @@ -35,7 +35,7 @@ | [Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input](https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/ruby/rb-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | +| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/ruby/rb-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/ruby/rb-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Weak cookie configuration](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cookie-configuration/) | 732, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [XML external entity expansion](https://codeql.github.com/codeql-query-help/ruby/rb-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | diff --git a/data/reusables/code-scanning/default-setup-info-link.md b/data/reusables/code-scanning/default-setup-info-link.md deleted file mode 100644 index 4cd14e34df07..000000000000 --- a/data/reusables/code-scanning/default-setup-info-link.md +++ /dev/null @@ -1 +0,0 @@ -For information about eligible repositories, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#eligible-repositories-default-setup)." diff --git a/data/reusables/code-scanning/edit-workflow.md b/data/reusables/code-scanning/edit-workflow.md deleted file mode 100644 index 38cbedd483c2..000000000000 --- a/data/reusables/code-scanning/edit-workflow.md +++ /dev/null @@ -1 +0,0 @@ -Typically, you don't need to edit the generated workflow file for {% data variables.product.prodname_code_scanning %}. However, if required, you can edit the workflow to customize some of the settings. For example, you can edit {% data variables.product.prodname_dotcom %}'s {% data variables.code-scanning.codeql_workflow %} to specify the frequency of scans, the languages or directories to scan, and what {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} looks for in your code. You might also need to edit the {% data variables.code-scanning.codeql_workflow %} if you use a specific set of commands to compile your code. diff --git a/data/reusables/code-scanning/sarif-category.md b/data/reusables/code-scanning/sarif-category.md deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/data/reusables/codeql-cli/download-info-macos-catalina-or-newer.md b/data/reusables/codeql-cli/download-info-macos-catalina-or-newer.md deleted file mode 100644 index d6c446cdfb25..000000000000 --- a/data/reusables/codeql-cli/download-info-macos-catalina-or-newer.md +++ /dev/null @@ -1,6 +0,0 @@ -From macOS version 10.15 ("Catalina") onwards you need to ensure that your web browser does not automatically extract zip files. If you use Safari, complete the following steps before downloading the {% data variables.product.prodname_codeql_cli %} zip archive: - -1. Open Safari. -1. From the Safari menu, select **Preferences...** or **Settings...** (version 13 "Ventura" onwards). -1. Click the **General** Tab. -1. Ensure the check-box labeled **Open "safe" files after downloading** is unchecked. diff --git a/data/reusables/codeql-cli/extraction-info-macos-catalina-or-newer.md b/data/reusables/codeql-cli/extraction-info-macos-catalina-or-newer.md deleted file mode 100644 index 6b589e2c01dc..000000000000 --- a/data/reusables/codeql-cli/extraction-info-macos-catalina-or-newer.md +++ /dev/null @@ -1,6 +0,0 @@ -macOS "Catalina", "Big Sur", "Monterey", or "Ventura" users should run the following commands in the Terminal, where `${extraction-root}` is the path to the directory where you will extract the {% data variables.product.prodname_codeql_cli %} zip archive: - -1. `mv ~/Downloads/codeql\*.zip ${extraction-root}` -1. `cd ${extraction-root}` -1. `/usr/bin/xattr -c codeql\*.zip` -1. `unzip codeql\*.zip` diff --git a/data/reusables/command_line/provide-an-access-token.md b/data/reusables/command_line/provide-an-access-token.md index 0315932132a5..4090a883cb9c 100644 --- a/data/reusables/command_line/provide-an-access-token.md +++ b/data/reusables/command_line/provide-an-access-token.md @@ -1 +1 @@ -{% ifversion fpt or ghec %}If you are accessing an organization that uses SAML SSO{% ifversion pat-v2%} and you are using a {% data variables.product.pat_v1 %}{% endif %}, you must also authorize your {% data variables.product.pat_generic %} to access the organization before you authenticate. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)."{% endif %} +{% ifversion fpt or ghec %}If you are accessing an organization that uses SAML SSO{% ifversion pat-v2 %} and you are using a {% data variables.product.pat_v1 %}{% endif %}, you must also authorize your {% data variables.product.pat_generic %} to access the organization before you authenticate. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)."{% endif %} diff --git a/data/reusables/contributing/content-linter-rules.md b/data/reusables/contributing/content-linter-rules.md index 8733117230b9..82d8de234160 100644 --- a/data/reusables/contributing/content-linter-rules.md +++ b/data/reusables/contributing/content-linter-rules.md @@ -64,4 +64,5 @@ | GHD038 | expired-content | Expired content must be remediated. | error | expired | | GHD039 | expiring-soon | Content that expires soon should be proactively addressed. | warning | expired | | [GHD040](https://github.com/github/docs/blob/main/src/content-linter/README.md) | table-liquid-versioning | Tables must use the correct liquid versioning format | error | tables | -| GHD041 | third-party-action-pinning | Code examples that use third-party actions must always pin to a full length commit SHA | error | feature, actions | \ No newline at end of file +| GHD041 | third-party-action-pinning | Code examples that use third-party actions must always pin to a full length commit SHA | error | feature, actions | +| GHD042 | liquid-tag-whitespace | Liquid tags should start and end with one whitespace. Liquid tag arguments should be separated by only one whitespace. | error | liquid, format | \ No newline at end of file diff --git a/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md b/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md index 71e35bd53779..ae5c5ed57853 100644 --- a/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md +++ b/data/reusables/copilot-business-for-non-ghe/link-azure-subscription.md @@ -2,3 +2,5 @@ To pay for licenses, you must connect your enterprise to an Azure subscription. * "[Prerequisites](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#prerequisites)" * "[Connecting your Azure subscription to an enterprise account](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-enterprise-account)" + +If you prefer a visual overview of the process, watch [Billing {% data variables.product.company_short %} consumption through an Azure subscription](https://www.youtube.com/watch?v=Y-f7JKJ4_8Y) on our YouTube channel. diff --git a/data/reusables/copilot/about-copilot.md b/data/reusables/copilot/about-copilot.md deleted file mode 100644 index 196901be2b02..000000000000 --- a/data/reusables/copilot/about-copilot.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot %} is an AI-powered coding assistant that helps developers write code faster. diff --git a/data/reusables/copilot/chat-asking-questions.md b/data/reusables/copilot/chat-asking-questions.md deleted file mode 100644 index b9d650ae74f7..000000000000 --- a/data/reusables/copilot/chat-asking-questions.md +++ /dev/null @@ -1,20 +0,0 @@ -1. To ask a question about the code that's currently visible in the editor, type `#editor` followed by your question. - - For example, you could type `#editor what does this code do?` to ask {% data variables.product.prodname_copilot_chat_short %} for a description of the code's purpose. - - Use the `#editor` command, anywhere in your question, to tell {% data variables.product.prodname_copilot_chat_short %} to focus on the code that's currently visible in the editor. - -1. If a single method is visible in full in the editor, you could ask {% data variables.product.prodname_copilot_chat_short %} to generate a unit test for the method by typing `Write a unit test for the method in the #editor`. - - Alternatively, select the code you want to generate a unit test for, then ask {% data variables.product.prodname_copilot_short %}: `#selection write a unit test for this code`. - - The `#selection` command ensure that {% data variables.product.prodname_copilot_short %} focuses on the selected code when responding to a question. - -1. To fix a bug in some code, select the code in the editor, then ask {% data variables.product.prodname_copilot_short %}: `#selection fix the bug in this code`. - -1. To focus {% data variables.product.prodname_copilot_short %} on one or more specific files when you ask a question, use the `#file` command. - 1. In the {% data variables.product.prodname_copilot_chat_short %} window, type `#file` and press Enter. This opens the Quick Open palette at the top of the editor. - 1. Select from the list of recently opened files, or search for the file you want to focus on and select it. - 1. Type your question. For example, `#file:app.js What does this file do?`. - - You can use the `#file` command multiple times in your question to focus {% data variables.product.prodname_copilot_short %} on more than one file. diff --git a/data/reusables/copilot/chat-beta-indexing.md b/data/reusables/copilot/chat-beta-indexing.md deleted file mode 100644 index 477484f286b8..000000000000 --- a/data/reusables/copilot/chat-beta-indexing.md +++ /dev/null @@ -1 +0,0 @@ -Only selected repositories have been semantically indexed for this {% data variables.release-phases.public_preview %}. The ability for you to index your own repositories will be added soon. diff --git a/data/reusables/copilot/chat-open-visualstudio.md b/data/reusables/copilot/chat-open-visualstudio.md deleted file mode 100644 index 3c7c34a21968..000000000000 --- a/data/reusables/copilot/chat-open-visualstudio.md +++ /dev/null @@ -1 +0,0 @@ -1. In the {% data variables.product.prodname_vs %} menu bar, to launch {% data variables.product.prodname_copilot_chat_short %}, click **View**, then click **{% data variables.product.prodname_copilot_chat %}**. diff --git a/data/reusables/copilot/chat-procedural-intro.md b/data/reusables/copilot/chat-procedural-intro.md deleted file mode 100644 index 0e5fa97f9d63..000000000000 --- a/data/reusables/copilot/chat-procedural-intro.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you ask and receive answers to coding-related questions directly within a supported IDE. {% data variables.product.prodname_copilot_chat_short %} can help you with a variety of coding-related tasks, like offering you code suggestions, providing natural language descriptions of a piece of code's functionality and purpose, generating unit tests for your code, and proposing fixes for bugs in your code. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide) and "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)." diff --git a/data/reusables/copilot/chat-subscription-prerequisite.md b/data/reusables/copilot/chat-subscription-prerequisite.md deleted file mode 100644 index 59027a58ec6e..000000000000 --- a/data/reusables/copilot/chat-subscription-prerequisite.md +++ /dev/null @@ -1 +0,0 @@ -* To use {% data variables.product.prodname_copilot_chat %} you must have an active {% data variables.product.prodname_copilot %} subscription. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)." diff --git a/data/reusables/copilot/click-copilot-icon.md b/data/reusables/copilot/click-copilot-icon.md deleted file mode 100644 index 5f399f670a06..000000000000 --- a/data/reusables/copilot/click-copilot-icon.md +++ /dev/null @@ -1 +0,0 @@ -1. On any page on {% data variables.product.github %}, click the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon at the top right of the page. diff --git a/data/reusables/copilot/code-examples-limitations.md b/data/reusables/copilot/code-examples-limitations.md deleted file mode 100644 index 8b32865a0324..000000000000 --- a/data/reusables/copilot/code-examples-limitations.md +++ /dev/null @@ -1 +0,0 @@ -> [!NOTE] If you have duplication detection enabled for {% data variables.product.prodname_copilot %}, you may receive limited suggestions, or no suggestions, when using the code examples provided. As an alternative, you can start by typing your own code to see suggestions from {% data variables.product.prodname_copilot %}. For more information on duplication detection, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-your-personal-github-copilot-settings-on-githubcom#enabling-or-disabling-suggestions-matching-public-code)." diff --git a/data/reusables/copilot/copilot-business-features.md b/data/reusables/copilot/copilot-business-features.md deleted file mode 100644 index 035fb587fe45..000000000000 --- a/data/reusables/copilot/copilot-business-features.md +++ /dev/null @@ -1,19 +0,0 @@ -## Administrative features for {% data variables.product.prodname_copilot_short %} - -These features are available to organization owners and administrators to manage {% data variables.product.prodname_copilot %} in their organization. - -### Content exclusion - -Content exclusions allow you to configure {% data variables.product.prodname_copilot %} to ignore certain files in your repository. This can be useful if you have files that you don't want to be available to {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot)." - -### Managing access to {% data variables.product.prodname_copilot %} - -Organization owners can manage access to {% data variables.product.prodname_copilot %} for their organization, and review usage data to inform their decision. For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-access-for-copilot-business-in-your-organization)." - -### Managing policies for {% data variables.product.prodname_copilot %} - -Organization owners can manage policies for {% data variables.product.prodname_copilot %} in their organization. For more information, see "[AUTOTITLE](/copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-business-in-your-organization)." - -### Audit logs - -Organization owners can review audit logs for {% data variables.product.prodname_copilot %} in their organization, to understand what actions have been taken and by which users. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-github-copilot-activity-in-your-organization/reviewing-audit-logs-for-copilot-business)." diff --git a/data/reusables/copilot/copilot-chat-exclusively-code-questions.md b/data/reusables/copilot/copilot-chat-exclusively-code-questions.md deleted file mode 100644 index eb637c23929e..000000000000 --- a/data/reusables/copilot/copilot-chat-exclusively-code-questions.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot_chat %} is intended to answer exclusively coding related questions that you ask in natural language. For example, you can ask {% data variables.product.prodname_copilot_chat %} to help you write a function that returns the sum of two numbers. diff --git a/data/reusables/copilot/copilot-chat-mobile-enable.md b/data/reusables/copilot/copilot-chat-mobile-enable.md deleted file mode 100644 index 941bd5ed4d50..000000000000 --- a/data/reusables/copilot/copilot-chat-mobile-enable.md +++ /dev/null @@ -1,4 +0,0 @@ -{% data reusables.enterprise-accounts.policies-tab %} -{% data reusables.enterprise-accounts.copilot-tab %} -1. Click the **Policies** tab. -1. To the right of "{% data variables.product.prodname_copilot_mobile_short %}", select the dropdown menu, then choose the appropriate option. By default, {% data variables.product.prodname_copilot_mobile_short %} is disabled at the organization level. diff --git a/data/reusables/copilot/copilot-cli-about.md b/data/reusables/copilot/copilot-cli-about.md deleted file mode 100644 index 4757d1d3e642..000000000000 --- a/data/reusables/copilot/copilot-cli-about.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot_cli %} is an extension for {% data variables.product.prodname_cli %} which provides a chat-like interface in the terminal that allows you to ask questions about commands you run from the command line. diff --git a/data/reusables/copilot/copilot-cli-enable.md b/data/reusables/copilot/copilot-cli-enable.md deleted file mode 100644 index 23e0a86369ef..000000000000 --- a/data/reusables/copilot/copilot-cli-enable.md +++ /dev/null @@ -1,8 +0,0 @@ -{% data reusables.enterprise-accounts.policies-tab %} -{% data reusables.enterprise-accounts.copilot-tab %} -1. Click the **Policies** tab. -1. To the right of "{% data variables.product.prodname_copilot_cli %}", select the dropdown menu, then choose the appropriate option. - - * To allow each of your organizations to set their own policy, select **No policy**. - * To enable {% data variables.product.prodname_copilot_cli_short %} for all organizations under your enterprise, select **Enabled**. - * To disable {% data variables.product.prodname_copilot_cli_short %} for all organizations under your enterprise, select **Disabled**. diff --git a/data/reusables/copilot/copilot-enterprise-enable.md b/data/reusables/copilot/copilot-enterprise-enable.md deleted file mode 100644 index e33cf512d346..000000000000 --- a/data/reusables/copilot/copilot-enterprise-enable.md +++ /dev/null @@ -1,15 +0,0 @@ -{% data reusables.enterprise-accounts.policies-tab %} -{% data reusables.enterprise-accounts.copilot-tab %} -{% data reusables.enterprise-accounts.copilot-policies-tab %} -1. Next to "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," click the dropdown menu and select the policy you want to enforce. By default, {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} is disabled at the organization level. -1. Optionally, if you select **Enabled** for the "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" policy, you can also choose to allow or disallow feedback on pull request summaries. - * To allow feedback after {% data variables.product.prodname_copilot_short %} generates a pull request summary, select **Opt in to user feedback collection**. Developers will be able to provide feedback after {% data variables.product.prodname_copilot_short %} generates a pull request summary, and the summary will be sent to {% data variables.product.prodname_dotcom %} for context. - * To disallow feedback after {% data variables.product.prodname_copilot_short %} generates a pull request summary, deselect **Opt in to user feedback collection**. Developers will still be able to provide feedback on {% data variables.product.prodname_copilot_short %} with the feedback icons attached to each {% data variables.product.prodname_copilot_chat_short %} response, and via the "Give feedback" link in conversations. - - For more information about user feedback collection for {% data variables.product.prodname_copilot_short %}, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#sharing-feedback-about-github-copilot-chat-in-githubcom)." - - > [!NOTE] If you choose **No policy** for the "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" option, and an organization owner enables "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" in their organization, user feedback collection is enabled by default, and can be managed at the organization level. - -1. Next to "Give {% data variables.product.prodname_copilot_short %} access to Bing," click the dropdown menu and select the policy you want to enforce. By default, Bing is disabled at the organization level. - - > [!NOTE] Bing search integration into {% data variables.product.prodname_copilot_chat_dotcom_short %} is currently in {% data variables.release-phases.public_preview %} and is subject to change. diff --git a/data/reusables/copilot/copilot-enterprise-features.md b/data/reusables/copilot/copilot-enterprise-features.md deleted file mode 100644 index 21227a289e7a..000000000000 --- a/data/reusables/copilot/copilot-enterprise-features.md +++ /dev/null @@ -1,15 +0,0 @@ -### {% data variables.product.prodname_copilot_chat_dotcom %} - -{% data variables.product.prodname_copilot_chat_dotcom %} is a chat interface that lets you ask and receive answers to coding-related questions within {% data variables.product.github %}. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github/about-github-copilot-chat-in-githubcom)." - -### {% data variables.product.prodname_copilot_for_prs %} - -{% data variables.product.prodname_copilot_for_prs %} is an AI-powered feature that allows you to create a summary of the changes that were made in a pull request, which files they impact, and what a reviewer should focus on when they conduct their review. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries)." - -### {% data variables.product.prodname_copilot_autocomplete_pr %} (beta) - -{% data variables.product.prodname_copilot_autocomplete_pr %} is a feature that provides AI-generated autocompletions to help you write pull request descriptions quickly and accurately. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/using-copilot-pull-request-autocomplete)." - -### {% data variables.product.prodname_copilot_short %} knowledge bases - -Knowledge bases are collections of Markdown documentation from one or more repositories. When you ask {% data variables.product.prodname_copilot_chat_short %} a question in the {% data variables.product.github %} website, {% data variables.product.prodname_vscode_shortname %}, or {% data variables.product.prodname_vs %}, you can specify a knowledge base as the context for your question. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-copilot-knowledge-bases)." diff --git a/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md b/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md deleted file mode 100644 index 687f19fed285..000000000000 --- a/data/reusables/copilot/copilot-extensions/compatible-chat-interfaces.md +++ /dev/null @@ -1,3 +0,0 @@ -* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vs %} -* {% data variables.product.prodname_copilot_chat_short %} in {% data variables.product.prodname_vscode %} -* {% data variables.product.prodname_copilot_chat_dotcom_short %} diff --git a/data/reusables/copilot/copilot-individual-emus.md b/data/reusables/copilot/copilot-individual-emus.md deleted file mode 100644 index 7affec83d243..000000000000 --- a/data/reusables/copilot/copilot-individual-emus.md +++ /dev/null @@ -1,5 +0,0 @@ -{% ifversion ghec %} - -To sign up for {% data variables.product.prodname_copilot_for_individuals %}, you need a personal account on {% data variables.product.prodname_dotcom_the_website %}. To use {% data variables.product.prodname_copilot_short %} with a {% data variables.enterprise.prodname_managed_user %}, you must be granted access to a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription. For more information, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot#getting-access-to-copilot)." - -{% endif %} diff --git a/data/reusables/copilot/copilot-individual-features.md b/data/reusables/copilot/copilot-individual-features.md deleted file mode 100644 index c7ebc6cbf488..000000000000 --- a/data/reusables/copilot/copilot-individual-features.md +++ /dev/null @@ -1,15 +0,0 @@ -### {% data variables.product.prodname_copilot %} in your IDE - -{% data variables.product.prodname_copilot %} is an AI tool that offers autocomplete-style suggestions in your IDE. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot)." - -### {% data variables.product.prodname_copilot_mobile %} - -{% data variables.product.prodname_copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-github-mobile/using-github-copilot-chat-in-github-mobile)." - -### {% data variables.product.prodname_copilot_chat %} in your IDE - -{% data variables.product.prodname_copilot_chat %} in your IDE is a chat interface that lets you ask and receive answers to coding-related questions within supported IDEs. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/copilot-chat-in-ides/using-github-copilot-chat-in-your-ide)." - -### {% data variables.product.prodname_copilot_cli %} - -{% data variables.product.prodname_copilot_cli %} provides a chat-like interface in the terminal that allows you to ask questions about the command line. You can ask {% data variables.product.prodname_copilot %} to provide either command suggestions or explanations of given commands. For more information, see "[AUTOTITLE](/copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli)." diff --git a/data/reusables/copilot/create-c-file.md b/data/reusables/copilot/create-c-file.md deleted file mode 100644 index 9a40edc6ce37..000000000000 --- a/data/reusables/copilot/create-c-file.md +++ /dev/null @@ -1 +0,0 @@ -1. In {% data variables.product.prodname_vs %}, create a new C# (_*.cs_) file. diff --git a/data/reusables/copilot/create-java-file.md b/data/reusables/copilot/create-java-file.md deleted file mode 100644 index d38696a1ddf9..000000000000 --- a/data/reusables/copilot/create-java-file.md +++ /dev/null @@ -1 +0,0 @@ -1. In your JetBrains IDE, create a new Java (_*.java_) file. diff --git a/data/reusables/copilot/create-sql-file.md b/data/reusables/copilot/create-sql-file.md deleted file mode 100644 index 33437529f6a9..000000000000 --- a/data/reusables/copilot/create-sql-file.md +++ /dev/null @@ -1 +0,0 @@ -1. In Azure Data Studio, create a new SQL file. diff --git a/data/reusables/copilot/duplication-setting-org.md b/data/reusables/copilot/duplication-setting-org.md deleted file mode 100644 index aea3e881731d..000000000000 --- a/data/reusables/copilot/duplication-setting-org.md +++ /dev/null @@ -1 +0,0 @@ -> [!NOTE] If you are a member of an organization on {% data variables.product.prodname_ghe_cloud %} who has been assigned a {% data variables.product.prodname_copilot %} seat through your organization, you will not be able to configure duplication detection in your personal account settings. Your duplication detection setting will be inherited from your organization or enterprise. diff --git a/data/reusables/copilot/enabling-chat-enterprise.md b/data/reusables/copilot/enabling-chat-enterprise.md deleted file mode 100644 index 7d5adcc447d4..000000000000 --- a/data/reusables/copilot/enabling-chat-enterprise.md +++ /dev/null @@ -1,6 +0,0 @@ -{% data reusables.enterprise-accounts.policies-tab %} -{% data reusables.enterprise-accounts.copilot-tab %} -1. To the right of **{% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview_caps %}**, select the dropdown menu, and then choose the appropriate option. - * Click **Allowed** to enable the {% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview %} for all organizations under your enterprise. - * Click **Blocked** to disable the {% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview %} for all organizations under your enterprise. - * Click **No policy** to allow each organization under your enterprise to set their own policy. diff --git a/data/reusables/copilot/enabling-chat-organization.md b/data/reusables/copilot/enabling-chat-organization.md deleted file mode 100644 index 6ca5dc3769f8..000000000000 --- a/data/reusables/copilot/enabling-chat-organization.md +++ /dev/null @@ -1,4 +0,0 @@ -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, and then click **Policies**. -1. To the right of **{% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview_caps %}**, select the dropdown menu, and then click **Enabled** or **Disabled**. diff --git a/data/reusables/copilot/enabling-copilot-chat-beta.md b/data/reusables/copilot/enabling-copilot-chat-beta.md deleted file mode 100644 index eb54a7f4de22..000000000000 --- a/data/reusables/copilot/enabling-copilot-chat-beta.md +++ /dev/null @@ -1,23 +0,0 @@ -## Enabling or disabling {% data variables.product.prodname_copilot_chat %} - -> [!NOTE] If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to {% data variables.product.prodname_copilot_chat %}. - -{% data variables.product.prodname_copilot_chat %} is available to all organizations and enterprises that have an active {% data variables.product.prodname_copilot_for_business %} license. You can enable or disable {% data variables.product.prodname_copilot_chat %} for your organization or enterprise in the {% data variables.product.prodname_copilot_for_business %} settings page. - -If {% data variables.product.prodname_copilot_chat_short %} is enabled or disabled at the enterprise level, organizations within the enterprise cannot override the setting. - -### Enabling or disabling {% data variables.product.prodname_copilot_chat %} at the organization level - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, and then click **Policies**. -1. To the right of **{% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview_caps %}**, select the dropdown menu, and then click **Enabled** or **Disabled**. - -### Enabling or disabling {% data variables.product.prodname_copilot_chat %} at the enterprise level - -{% data reusables.enterprise-accounts.policies-tab %} -{% data reusables.enterprise-accounts.copilot-tab %} -1. To the right of **{% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview_caps %}**, select the dropdown menu, and then choose the appropriate option. - * Click **Allowed** to enable the {% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview %} for all organizations under your enterprise. - * Click **Blocked** to disable the {% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview %} for all organizations under your enterprise. - * Click **No policy** to allow each organization under your enterprise to set their own policy. diff --git a/data/reusables/copilot/enabling-github-copilot-for-business.md b/data/reusables/copilot/enabling-github-copilot-for-business.md deleted file mode 100644 index ca249d725841..000000000000 --- a/data/reusables/copilot/enabling-github-copilot-for-business.md +++ /dev/null @@ -1 +0,0 @@ -If you want to use {% data variables.product.prodname_copilot_for_business %} in your organization{% ifversion ghec %} or enterprise{% endif %}, you must first establish a policy for the use of {% data variables.product.prodname_copilot %}. Once {% data variables.product.prodname_copilot %} is enabled at the enterprise-level, you can configure {% data variables.product.prodname_copilot %} settings for each organization in your enterprise. diff --git a/data/reusables/copilot/enabling-or-disabling-copilot.md b/data/reusables/copilot/enabling-or-disabling-copilot.md deleted file mode 100644 index 0065c4d989bf..000000000000 --- a/data/reusables/copilot/enabling-or-disabling-copilot.md +++ /dev/null @@ -1,29 +0,0 @@ -> [!NOTE] If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to {% data variables.product.prodname_copilot_chat %}. - -{% data variables.product.prodname_copilot_chat %} is available to all organizations {% ifversion ghec %}and enterprises{% endif %} that have an active {% data variables.product.prodname_copilot_for_business %} {% ifversion ghec %}or {% data variables.product.prodname_copilot_enterprise %}{% endif %} subscription. You can enable or disable {% data variables.product.prodname_copilot_chat %} for your organization {% ifversion ghec %}or enterprise{% endif %} in the settings page for {% data variables.product.prodname_copilot_short %}. - -{% ifversion ghec %} - -If {% data variables.product.prodname_copilot_chat_short %} is enabled or disabled at the enterprise level, organizations within the enterprise cannot override the setting. - -{% endif %} - -### Enabling or disabling {% data variables.product.prodname_copilot_chat %} {% ifversion ghec %}at the organization level{% endif %} - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, and then click **Policies**. -1. To the right of **{% data variables.product.prodname_copilot_chat_short %} in the IDE**, select the dropdown menu, and then click **Enabled** or **Disabled**. - -{% ifversion ghec %} - -### Enabling or disabling {% data variables.product.prodname_copilot_chat %} at the enterprise level - -{% data reusables.enterprise-accounts.policies-tab %} -{% data reusables.enterprise-accounts.copilot-tab %} -1. To the right of **{% data variables.product.prodname_copilot_chat_short %} in the IDE**, select the dropdown menu, and then choose the appropriate option. - * Click **Allowed** to enable {% data variables.product.prodname_copilot_chat %} for all organizations under your enterprise. - * Click **Blocked** to disable {% data variables.product.prodname_copilot_chat %} for all organizations under your enterprise. - * Click **No policy** to allow each organization under your enterprise to set their own policy. - -{% endif %} diff --git a/data/reusables/copilot/enabling-or-disabling-in-ads.md b/data/reusables/copilot/enabling-or-disabling-in-ads.md deleted file mode 100644 index 9e5aaa8783ba..000000000000 --- a/data/reusables/copilot/enabling-or-disabling-in-ads.md +++ /dev/null @@ -1,13 +0,0 @@ -## Enabling or disabling {% data variables.product.prodname_copilot %} - -You can enable or disable {% data variables.product.prodname_copilot %} from within Azure Data Studio. The {% data variables.product.prodname_copilot %} status icon in the bottom panel of the Azure Data Studio window indicates whether {% data variables.product.prodname_copilot %} is enabled or disabled. When enabled, the background color of the icon will match the color of the status bar. When disabled, the background color of the icon will contrast with the color of the status bar. - -1. To enable or disable {% data variables.product.prodname_copilot %}, click the status icon in the bottom panel of the Azure Data Studio window. - - ![Screenshot of the bottom panel in Azure Data Studio. The {% data variables.product.prodname_copilot %} icon is outlined in dark orange.](/assets/images/help/copilot/status-icon-azure-data-studio.png) - -1. If you are disabling {% data variables.product.prodname_copilot %}, you will be asked whether you want to disable suggestions globally, or for the language of the file you are currently editing. - - * To disable suggestions from {% data variables.product.prodname_copilot %} globally, click **Disable Globally**. - * To disable suggestions from {% data variables.product.prodname_copilot %} for the specified language, click **Disable for LANGUAGE**. - ![Screenshot of option to disable {% data variables.product.prodname_copilot %} globally or for the current language.](/assets/images/help/copilot/disable-copilot-global-or-language-ads.png) diff --git a/data/reusables/copilot/enterprise-fpt-link.md b/data/reusables/copilot/enterprise-fpt-link.md deleted file mode 100644 index c1eed7af89fd..000000000000 --- a/data/reusables/copilot/enterprise-fpt-link.md +++ /dev/null @@ -1 +0,0 @@ -> [!NOTE] You are currently viewing the documentation for Free, Pro, and Team plans. {% data variables.product.prodname_copilot_enterprise %} is only available to customers on the {% data variables.product.prodname_ghe_cloud %} plan. For full documentation of {% data variables.product.prodname_copilot_enterprise_short %}, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise)." in the {% data variables.product.prodname_ghe_cloud %} documentation. diff --git a/data/reusables/copilot/generating-suggestions-from-comments.md b/data/reusables/copilot/generating-suggestions-from-comments.md deleted file mode 100644 index ad62637674dc..000000000000 --- a/data/reusables/copilot/generating-suggestions-from-comments.md +++ /dev/null @@ -1 +0,0 @@ -You can describe something you want to do using natural language within a comment, and {% data variables.product.prodname_copilot %} will suggest the code to accomplish your goal. diff --git a/data/reusables/copilot/indexing-note.md b/data/reusables/copilot/indexing-note.md deleted file mode 100644 index 10e5f25e9f21..000000000000 --- a/data/reusables/copilot/indexing-note.md +++ /dev/null @@ -1 +0,0 @@ -> [!NOTE] Initial indexing can take up to 30 minutes for large repositories. Once a repository has been indexed for the first time, updates should be indexed much more quickly (typically within 5 minutes). diff --git a/data/reusables/copilot/install-copilot-and-chat-combo-vs-procedure.md b/data/reusables/copilot/install-copilot-and-chat-combo-vs-procedure.md deleted file mode 100644 index f8bf0ef1dbea..000000000000 --- a/data/reusables/copilot/install-copilot-and-chat-combo-vs-procedure.md +++ /dev/null @@ -1,12 +0,0 @@ -### Installing the combined {% data variables.product.prodname_copilot_short %} and {% data variables.product.prodname_copilot_chat_short %} extension in {% data variables.product.prodname_vs %} for versions 17.10 Preview 3 and later - -1. Download the latest preview version of {% data variables.product.prodname_vs %} 2022 17.10 from [Visual Studio Release Notes](https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-preview) in the Microsoft documentation. -1. Follow the on-screen instructions to install {% data variables.product.prodname_vs %}. -1. When {% data variables.product.prodname_vs %} Installer launches, select the workloads you require, and then under "Installation details", expand the **Individual components** details and select **GitHub Copilot**. - - ![Screenshot of the {% data variables.product.prodname_vs %} Installer. The {% data variables.product.prodname_copilot %} component is highlighted with an orange outline.](/assets/images/help/copilot/install-copilot-extension-visual-studio-17-10.png) -1. In the bottom-right corner of {% data variables.product.prodname_vs %} Installer, click **Modify**. -1. When the modification is complete, close the {% data variables.product.prodname_vs %} Installer and launch {% data variables.product.prodname_vs %}. -1. Optionally, to modify the installation or add more components, launch {% data variables.product.prodname_vs %} Installer from the Windows Start menu. - * To the right of your installed version of {% data variables.product.prodname_vs %}, click **Modify**. - * Make your desired changes, and in the bottom right corner click **Modify** again to apply them. diff --git a/data/reusables/copilot/install-copilot-vs-intro.md b/data/reusables/copilot/install-copilot-vs-intro.md deleted file mode 100644 index 2d953706f1c0..000000000000 --- a/data/reusables/copilot/install-copilot-vs-intro.md +++ /dev/null @@ -1 +0,0 @@ -With {% data variables.product.prodname_vs %} version 17.10 Preview 3 or later, you can install a single extension that combines {% data variables.product.prodname_copilot %} and {% data variables.product.prodname_copilot_chat %}. If you use {% data variables.product.prodname_vs %} 17.8 or 17.9, you must install the {% data variables.product.prodname_copilot %} and {% data variables.product.prodname_copilot_chat %} extensions separately. The {% data variables.product.prodname_copilot %} extension is a prerequisite for using {% data variables.product.prodname_copilot_chat %}. For more information about the {% data variables.product.prodname_vs %} 17.10 Preview 3 release, see the [Visual Studio Release Notes](https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-preview#17100-pre30--visual-studio-2022-version-1710-preview-3) in the Microsoft documentation. diff --git a/data/reusables/copilot/installing-copilot-in-jetbrains-ide.md b/data/reusables/copilot/installing-copilot-in-jetbrains-ide.md deleted file mode 100644 index 8652f990f2df..000000000000 --- a/data/reusables/copilot/installing-copilot-in-jetbrains-ide.md +++ /dev/null @@ -1,18 +0,0 @@ -To use {% data variables.product.prodname_copilot %} in a JetBrains IDE, you must install the {% data variables.product.prodname_copilot %} plugin. - -{% data reusables.copilot.jetbrains-settings-preferences %} -1. In the left-side menu of the **Settings/Preferences** dialog box, click **Plugins**. -1. At the top of the **Settings/Preferences** dialog box, click **Marketplace**. In the search bar, search for **{% data variables.product.prodname_copilot %}**, then click **Install**. - - ![Screenshot of the "Preferences" window. A tab labeled "Marketplace" is highlighted with an orange outline. In a list of search results, the installed "GitHub Copilot" plugin is marked by a selected checkbox.](/assets/images/help/copilot/jetbrains-marketplace.png) -1. After {% data variables.product.prodname_copilot %} is installed, click **Restart IDE**. -1. After your JetBrains IDE has restarted, click the **Tools** menu. Click **{% data variables.product.prodname_copilot %}**, then click **Login to {% data variables.product.prodname_dotcom %}**. - - ![Screenshot of the expanded "Tools" menu and "{% data variables.product.prodname_copilot %}" sub-menu. The "Login to {% data variables.product.prodname_dotcom %}" option is highlighted in blue.](/assets/images/help/copilot/jetbrains-tools-menu.png) - -1. In the "Sign in to {% data variables.product.prodname_dotcom %}" dialog box, to copy the device code and open the device activation window, click **Copy and Open**. - - ![Screenshot of the "Sign in to {% data variables.product.prodname_dotcom %}" dialog. A device code is displayed above a button labeled "Copy and Open".](/assets/images/help/copilot/device-code-copy-and-open.png) -1. A device activation window will open in your browser. Paste the device code, then click **Continue**. -1. {% data variables.product.prodname_dotcom %} will request the necessary permissions for {% data variables.product.prodname_copilot %}. To approve these permissions, click **Authorize {% data variables.product.prodname_copilot %} Plugin**. -1. After the permissions have been approved, your JetBrains IDE will show a confirmation. To begin using {% data variables.product.prodname_copilot %}, click **OK**. diff --git a/data/reusables/copilot/link-to-vs-docs.md b/data/reusables/copilot/link-to-vs-docs.md deleted file mode 100644 index e3626401f089..000000000000 --- a/data/reusables/copilot/link-to-vs-docs.md +++ /dev/null @@ -1 +0,0 @@ -For an alternative installation method, you can also use the Microsoft instructions to install the {% data variables.product.prodname_copilot %} extension. For more information, see [Installation instructions](https://learn.microsoft.com/en-gb/visualstudio/ide/visual-studio-github-copilot-install-and-states?view=vs-2022) in the Microsoft documentation. diff --git a/data/reusables/copilot/model-picker-enable-preview-features.md b/data/reusables/copilot/model-picker-enable-preview-features.md deleted file mode 100644 index 6fc0877884df..000000000000 --- a/data/reusables/copilot/model-picker-enable-preview-features.md +++ /dev/null @@ -1 +0,0 @@ -1. If you access {% data variables.product.prodname_copilot_chat_short %} through a {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}{% endif %} subscription, your organization{% ifversion ghec %} or enterprise{% endif %} must enable preview features for {% data variables.product.prodname_copilot_short %}. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization){% ifversion ghec %}" or "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise){% endif %}." diff --git a/data/reusables/copilot/procedural-intro.md b/data/reusables/copilot/procedural-intro.md deleted file mode 100644 index 0a6eb494f95a..000000000000 --- a/data/reusables/copilot/procedural-intro.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot %} offers coding suggestions as you type in your coding environment. For more information about other things that {% data variables.product.prodname_copilot_short %} can do, see "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot)." diff --git a/data/reusables/copilot/save-settings.md b/data/reusables/copilot/save-settings.md deleted file mode 100644 index 9bfed3a0d8a0..000000000000 --- a/data/reusables/copilot/save-settings.md +++ /dev/null @@ -1 +0,0 @@ -1. To confirm your new settings, click **Save**. diff --git a/data/reusables/copilot/see-alternative-suggestions.md b/data/reusables/copilot/see-alternative-suggestions.md deleted file mode 100644 index 4e39f7b40b63..000000000000 --- a/data/reusables/copilot/see-alternative-suggestions.md +++ /dev/null @@ -1 +0,0 @@ -1. Optionally, you can see alternative suggestions, if any are available. diff --git a/data/reusables/copilot/signup-procedure-enterprise.md b/data/reusables/copilot/signup-procedure-enterprise.md deleted file mode 100644 index 1f211c545506..000000000000 --- a/data/reusables/copilot/signup-procedure-enterprise.md +++ /dev/null @@ -1,6 +0,0 @@ -1. Go to the [{% data variables.product.prodname_copilot_for_business %} sign up page](https://github.com/github-copilot/business_signup/choose_business_type). -1. To purchase {% data variables.product.prodname_copilot %} for your enterprise, select **Enable {% data variables.product.prodname_copilot %} at an enterprise level** and click **Continue**. -1. Select the enterprise for which you want to purchase {% data variables.product.prodname_copilot %} and click **Continue**. -1. Follow the steps to confirm your payment details, then click **Save**. - - If you don't have a payment method on file, you'll be prompted to add one. diff --git a/data/reusables/copilot/sku-isolation.md b/data/reusables/copilot/sku-isolation.md index 6de1597a815f..37885cbc765d 100644 --- a/data/reusables/copilot/sku-isolation.md +++ b/data/reusables/copilot/sku-isolation.md @@ -1,5 +1,3 @@ -> [!NOTE] {% data variables.product.prodname_copilot_sku_isolation %} is currently in {% data variables.release-phases.public_preview %} and subject to change. This feature will be enabled for all users on November 4, 2024. - ## About {% data variables.product.prodname_copilot_sku_isolation %} As an {% ifversion ghec %}enterprise or {% endif %}organization owner, you can use your network firewall to explicitly allow access to {% data variables.product.prodname_copilot_for_business %}{% ifversion ghec %} or {% data variables.product.prodname_copilot_enterprise %}, or both{% endif %}, and/or block access to {% data variables.product.prodname_copilot_for_individuals %}. This allows you to control which {% data variables.product.prodname_copilot %} plans your members can use within your network. @@ -12,21 +10,18 @@ Configuring {% data variables.product.prodname_copilot_sku_isolation %} will aff * {% data variables.product.prodname_mobile %} Apps * {% data variables.product.prodname_copilot_cli_short %} - -On November 4, 2024, we will enable {% data variables.product.prodname_copilot_sku_isolation %} for all users. This will ensure that users are accessing {% data variables.product.prodname_copilot %} through an endpoint that is specific to their {% data variables.product.prodname_copilot_short %} subscription. Only {% data variables.product.prodname_copilot_business_short %} users will be able to connect to the {% data variables.product.prodname_copilot_business_short %} endpoint and only {% data variables.product.prodname_copilot_enterprise_short %} users will be able to connect to the {% data variables.product.prodname_copilot_enterprise_short %} endpoint. - -Optionally, if you are a customer with a {% data variables.product.prodname_dotcom %} account representative and you want to block access to {% data variables.product.prodname_copilot_individuals_short %} on your network before November 4, ask your representative about enabling {% data variables.product.prodname_copilot_sku_isolation %} ahead of this date. +{% data variables.product.prodname_copilot_sku_isolation %} is enabled for all users. This ensures that users access {% data variables.product.prodname_copilot %} through an endpoint that is specific to their {% data variables.product.prodname_copilot_short %} subscription. Only {% data variables.product.prodname_copilot_business_short %} users will be able to connect to the {% data variables.product.prodname_copilot_business_short %} endpoint and only {% data variables.product.prodname_copilot_enterprise_short %} users will be able to connect to the {% data variables.product.prodname_copilot_enterprise_short %} endpoint. ## Important steps to ensure continued access to {% data variables.product.prodname_copilot %} -Between now and November 4, you should ensure that your firewall allows access to all of the hostnames listed in "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)." - +You should ensure that your firewall allows access to all of the hostnames listed in "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot)." + +## Configuring {% data variables.product.prodname_copilot_sku_isolation %} for your {% ifversion ghec %}enterprise or {% endif %}organization -## Configuring {% data variables.product.prodname_copilot_sku_isolation %} for your enterprise +{% ifversion ghec %}Enterprise or organization {% else %}Organization{% endif %} owners can add the endpoints for {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}{% ifversion ghec %}, or both,{% endif %} to their allow-list. This will ensure that members can only access {% data variables.product.prodname_copilot %} through the allowed endpoint. - -Before November 4, 2024, you should perform the following steps to ensure users can continue to access {% data variables.product.prodname_copilot %}. - +{% ifversion ghec %} +> [!NOTE] For enterprise accounts with both {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %} subscriptions, both endpoints should be added to your allow-list.{% endif %} 1. Ensure your members have updated to at least the minimum version of their {% data variables.product.prodname_copilot_short %} client listed below. * For {% data variables.product.prodname_vscode %}, use Copilot Chat version 0.17 or later. diff --git a/data/reusables/copilot/supported-tools.md b/data/reusables/copilot/supported-tools.md deleted file mode 100644 index 16d49b8045fe..000000000000 --- a/data/reusables/copilot/supported-tools.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot %} is available as an extension in {% data variables.product.prodname_vscode %}, Visual Studio, Vim, Neovim, the JetBrains suite of IDEs, and Azure Data Studio. For more information on using {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vscode %}, Visual Studio, Vim, Neovim, and JetBrains, see "[AUTOTITLE](/copilot/using-github-copilot/getting-started-with-github-copilot)." For more information on using {% data variables.product.prodname_copilot %} in Azure Data Studio, see [GitHub Copilot extension](https://learn.microsoft.com/en-us/sql/azure-data-studio/extensions/github-copilot-extension?view=sql-server-ver16) in Microsoft Learn. diff --git a/data/reusables/copilot/test-content-exclusions-chat.md b/data/reusables/copilot/test-content-exclusions-chat.md deleted file mode 100644 index a238165721ee..000000000000 --- a/data/reusables/copilot/test-content-exclusions-chat.md +++ /dev/null @@ -1 +0,0 @@ -1. Ask {% data variables.product.prodname_copilot_chat_short %} a question about the excluded file. If your content is excluded successfully, {% data variables.product.prodname_copilot_short %} will be unable to answer your question, and will explain that some files were excluded from the conversation due to content exclusion rules. diff --git a/data/reusables/copilot/vs-exit-and-relaunch.md b/data/reusables/copilot/vs-exit-and-relaunch.md deleted file mode 100644 index 836fcc936385..000000000000 --- a/data/reusables/copilot/vs-exit-and-relaunch.md +++ /dev/null @@ -1 +0,0 @@ -1. Close the "Manage Extensions" window, then exit and relaunch {% data variables.product.prodname_vs %}. diff --git a/data/reusables/copilot/vs-extensions.md b/data/reusables/copilot/vs-extensions.md deleted file mode 100644 index 777cb42200ee..000000000000 --- a/data/reusables/copilot/vs-extensions.md +++ /dev/null @@ -1,3 +0,0 @@ -1. In the {% data variables.product.prodname_vs %} menu bar, click **Extensions**, then click **Manage Extensions**. - - ![Screenshot of the menu bar in {% data variables.product.prodname_vs %}. The "Extensions" menu is open, and the "Manage Extensions" option is highlighted with an orange outline.](/assets/images/help/copilot/visual-studio-toolbar.png) diff --git a/data/reusables/data-residency/about-enterprise-owners.md b/data/reusables/data-residency/about-enterprise-owners.md deleted file mode 100644 index 6684a6d19c3f..000000000000 --- a/data/reusables/data-residency/about-enterprise-owners.md +++ /dev/null @@ -1 +0,0 @@ -Enterprise owners are administrators who have complete control over your enterprise on {% data variables.enterprise.data_residency_site %}. diff --git a/data/reusables/data-residency/data-resident-enterprise-prerequisite-access.md b/data/reusables/data-residency/data-resident-enterprise-prerequisite-access.md deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/data/reusables/data-residency/data-resident-enterprise-prerequisite-setup-user.md b/data/reusables/data-residency/data-resident-enterprise-prerequisite-setup-user.md deleted file mode 100644 index 49817e4f90e8..000000000000 --- a/data/reusables/data-residency/data-resident-enterprise-prerequisite-setup-user.md +++ /dev/null @@ -1 +0,0 @@ -You must have the credentials for your enterprise's setup user. diff --git a/data/reusables/data-residency/data-resident-enterprise-sign-in-as-setup-user.md b/data/reusables/data-residency/data-resident-enterprise-sign-in-as-setup-user.md deleted file mode 100644 index bf13fa24d2dd..000000000000 --- a/data/reusables/data-residency/data-resident-enterprise-sign-in-as-setup-user.md +++ /dev/null @@ -1 +0,0 @@ -1. Sign in to your enterprise on {% data variables.enterprise.data_residency_site %} as the setup user. diff --git a/data/reusables/data-residency/sign-in-to-okta.md b/data/reusables/data-residency/sign-in-to-okta.md deleted file mode 100644 index f836b327f0c3..000000000000 --- a/data/reusables/data-residency/sign-in-to-okta.md +++ /dev/null @@ -1 +0,0 @@ -1. Sign in to the Okta Admin Console. diff --git a/data/reusables/data-residency/sso-recovery-codes-warning.md b/data/reusables/data-residency/sso-recovery-codes-warning.md deleted file mode 100644 index 2882343baad4..000000000000 --- a/data/reusables/data-residency/sso-recovery-codes-warning.md +++ /dev/null @@ -1,5 +0,0 @@ -{% warning %} - -**Warning**: Ensure you have downloaded and stored the SSO recovery codes for your enterprise's setup user. See "[Prerequisites](#prerequisites)." - -{% endwarning %} diff --git a/data/reusables/data-residency/test-sign-in.md b/data/reusables/data-residency/test-sign-in.md deleted file mode 100644 index 00301b4a0fa9..000000000000 --- a/data/reusables/data-residency/test-sign-in.md +++ /dev/null @@ -1,2 +0,0 @@ -1. If you are already signed in to {% data variables.enterprise.data_residency_site %} as the setup user, sign out. -1. Sign in using the account you assigned as the first enterprise owner. diff --git a/data/reusables/dependabot/dependabot-grouped-security-updates-beta-note.md b/data/reusables/dependabot/dependabot-grouped-security-updates-beta-note.md deleted file mode 100644 index d9b92289a210..000000000000 --- a/data/reusables/dependabot/dependabot-grouped-security-updates-beta-note.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** Grouped pull requests for {% data variables.product.prodname_dependabot_security_updates %} are in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} diff --git a/data/reusables/dependabot/dependabot-version-updates-groups-beta.md b/data/reusables/dependabot/dependabot-version-updates-groups-beta.md deleted file mode 100644 index 4fd237c4673f..000000000000 --- a/data/reusables/dependabot/dependabot-version-updates-groups-beta.md +++ /dev/null @@ -1,9 +0,0 @@ -{% ifversion dependabot-version-updates-groups %} - -{% note %} - -**Note:** {% data variables.product.prodname_dependabot %} grouped updates are currently in {% data variables.release-phases.public_preview %} and is subject to change. - -{% endnote %} - -{% endif %} diff --git a/data/reusables/dependabot/navigate-to-dependabot-alerts.md b/data/reusables/dependabot/navigate-to-dependabot-alerts.md deleted file mode 100644 index 2b2a1c70936f..000000000000 --- a/data/reusables/dependabot/navigate-to-dependabot-alerts.md +++ /dev/null @@ -1,3 +0,0 @@ -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -{% data reusables.repositories.sidebar-dependabot-alerts %} diff --git a/data/reusables/dependabot/private-dependencies.md b/data/reusables/dependabot/private-dependencies.md deleted file mode 100644 index 717f1dbb9746..000000000000 --- a/data/reusables/dependabot/private-dependencies.md +++ /dev/null @@ -1 +0,0 @@ -Currently, {% data variables.product.prodname_dependabot_version_updates %} doesn't support manifest or lock files that contain any private git dependencies or private git registries. This is because, when running version updates, {% data variables.product.prodname_dependabot %} must be able to resolve all dependencies from their source to verify that version updates have been successful. diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md index 347f682cb5d8..d1376d1d8be5 100644 --- a/data/reusables/dependabot/supported-package-managers.md +++ b/data/reusables/dependabot/supported-package-managers.md @@ -21,7 +21,7 @@ npm | `npm` | v6, v7, v8, v9 | {% octicon "check" aria-l pipenv | `pip` | <= 2021-05-29 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% ifversion dependabot-PEP621-support %}[pip-compile](#pip-and-pip-compile){% else %}pip-compile{% endif %} | `pip` | 6.1.0 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% ifversion dependabot-updates-pnpm-support %} | -| {% ifversion dependabot-updates-pnpmv9-support %}pnpm{%else %}[pnpm](#pnpm){% endif %} | `npm` | v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} {% ifversion dependabot-updates-pnpmv9-support %}{% else %}(v7 and v8 only){% endif %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% ifversion dependabot-updates-pnpmv9-support %}pnpm{% else %}[pnpm](#pnpm){% endif %} | `npm` | v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} {% ifversion dependabot-updates-pnpmv9-support %}{% else %}(v7 and v8 only){% endif %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% endif %} | poetry | `pip` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | [pub](#pub) | `pub` | v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} | @@ -93,6 +93,8 @@ For more information about using {% data variables.product.prodname_dependabot_v * `gradle/libs.versions.toml` (for projects using a standard Gradle version catalog){% endif %} * Files included via the `apply` declaration that have `dependencies` in the filename. Note that `apply` does not support `apply to`, recursion, or advanced syntaxes (for example, Kotlin's `apply` with `mapOf`, filenames defined by property). +{% data variables.product.prodname_dependabot %} uses information from the `pom.xml` file of dependencies to add links to release information in update pull requests. If the information is omitted from the `pom.xml` file, then it cannot be included in {% data variables.product.prodname_dependabot %} pull requests, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot)". + {% ifversion dependabot-security-updates-gradle-support %} For {% data variables.product.prodname_dependabot_security_updates %}, Gradle support is limited to manual uploads of the dependency graph data using the {% data variables.dependency-submission-api.name %}. For more information about the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)." @@ -110,6 +112,8 @@ For {% data variables.product.prodname_dependabot_security_updates %}, Gradle su {% data variables.product.prodname_dependabot %} doesn't run Maven but supports updates to `pom.xml` files. +{% data variables.product.prodname_dependabot %} uses information from the `pom.xml` file of dependencies to add links to release information in update pull requests. If the information is omitted from the `pom.xml` file, then it cannot be included in {% data variables.product.prodname_dependabot %} pull requests, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot)". + #### NuGet CLI {% data variables.product.prodname_dependabot %} doesn't run the NuGet CLI but does support most features up until version {% ifversion dependabot-updates-v680-nuget-support %}6.8.0{% elsif ghes = 3.12 %}6.7.0{% else %}4.8{% endif %}. diff --git a/data/reusables/desktop/retrieve-2fa.md b/data/reusables/desktop/retrieve-2fa.md deleted file mode 100644 index 4361ffe5e65a..000000000000 --- a/data/reusables/desktop/retrieve-2fa.md +++ /dev/null @@ -1,3 +0,0 @@ -1. If you have configured two-factor authentication for {% data variables.product.prodname_enterprise %}, do one of the following: - * If you set up 2FA via SMS, retrieve your 2FA code from an SMS message. - * If you set up 2FA with a TOTP application, generate a 2FA code. diff --git a/data/reusables/education/octernships-availability.md b/data/reusables/education/octernships-availability.md deleted file mode 100644 index de5c8226c5e0..000000000000 --- a/data/reusables/education/octernships-availability.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note**: {% data variables.product.prodname_octernships %} are currently available for students in Colombia, India, Indonesia, Malaysia, Mexico, Nigeria, Philippines, Singapore, Thailand, and Vietnam. - -{% endnote %} diff --git a/data/reusables/emus/giving-access-to-guest-collaborators.md b/data/reusables/emus/giving-access-to-guest-collaborators.md deleted file mode 100644 index 7553efa66361..000000000000 --- a/data/reusables/emus/giving-access-to-guest-collaborators.md +++ /dev/null @@ -1,3 +0,0 @@ -When you have added a guest collaborator to your enterprise, to give the user access to repositories in the enterprise, you can do either of the following things. -* To give the user access to repositories in an organization, add the user as a member of the organization. The base permission policy for the organization determines whether the guest collaborator has access to internal and private repositories. If the base permission is set to "No permission", the guest collaborator will not have access to internal and private repositories unless added directly to one of the repositories as a collaborator, or through an authorized team. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization)." -* To give the user access to specific repositories, add the guest collaborator to the repositories as a repository collaborator. This gives the user access to the repository without giving them access to other internal or private repositories in the same organization. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators-or-repository-collaborators)." diff --git a/data/reusables/enterprise-accounts/azure-emu-support-oidc.md b/data/reusables/enterprise-accounts/azure-emu-support-oidc.md index baa146adc1ea..91d460b17a73 100644 --- a/data/reusables/enterprise-accounts/azure-emu-support-oidc.md +++ b/data/reusables/enterprise-accounts/azure-emu-support-oidc.md @@ -1,5 +1 @@ -{% note %} - -**Note:** OpenID Connect (OIDC) and Conditional Access Policy (CAP) support for {% data variables.product.prodname_emus %} is only available for Microsoft Entra ID (previously known as Azure AD). - -{% endnote %} +>[!NOTE] OpenID Connect (OIDC) and Conditional Access Policy (CAP) support for {% data variables.product.prodname_emus %} is only available for Microsoft Entra ID (previously known as Azure AD). diff --git a/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md b/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md index 534d9c25e0db..c118e6d5e0db 100644 --- a/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md +++ b/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md @@ -1 +1 @@ -{% ifversion not ghec%}By default, a{% else %}A{% endif %} user account is considered to be dormant if it has not been active for 90 days. {% ifversion not ghec %}You can configure the length of time a user must be inactive to be considered dormant{% ifversion ghes%} and choose to suspend dormant users to release user licenses{% endif %}.{% endif %} +{% ifversion not ghec %}By default, a{% else %}A{% endif %} user account is considered to be dormant if it has not been active for 90 days. {% ifversion not ghec %}You can configure the length of time a user must be inactive to be considered dormant{% ifversion ghes %} and choose to suspend dormant users to release user licenses{% endif %}.{% endif %} diff --git a/data/reusables/enterprise-accounts/dormant-user-activity.md b/data/reusables/enterprise-accounts/dormant-user-activity.md index 585134a42ca6..9567fb3748b0 100644 --- a/data/reusables/enterprise-accounts/dormant-user-activity.md +++ b/data/reusables/enterprise-accounts/dormant-user-activity.md @@ -1,6 +1,6 @@ A user is considered active if the user has performed any of the following activities on {% ifversion fpt or ghes %}{% data variables.location.product_location %}{% elsif ghec %}your enterprise{% endif %}. -* {% ifversion ghec%}Authenticating to access your enterprise's resources via SAML SSO{% else %}Signing into {% data variables.location.product_location %} {% endif %} +* {% ifversion ghec %}Authenticating to access your enterprise's resources via SAML SSO{% else %}Signing into {% data variables.location.product_location %} {% endif %} * Creating a repository * Pushing to a repository via HTTPS{% ifversion ghes %} * Pushing to a repository via SSH{% endif %} diff --git a/data/reusables/enterprise-accounts/emu-cap-public-preview.md b/data/reusables/enterprise-accounts/emu-cap-public-preview.md new file mode 100644 index 000000000000..7ab1d460b663 --- /dev/null +++ b/data/reusables/enterprise-accounts/emu-cap-public-preview.md @@ -0,0 +1,5 @@ +>[!NOTE] CAP protection for web sessions is currently in {% data variables.release-phases.public_preview %} and may change. +> +> New enterprises that enable IdP CAP support after November 5th, 2024, will have protection for web sessions enabled by default. +> +> Existing enterprises that already enabled IdP CAP support can opt into extended protection for web sessions from their enterprise's "Authentication security" settings. diff --git a/data/reusables/enterprise-accounts/emu-cap-validates.md b/data/reusables/enterprise-accounts/emu-cap-validates.md index 36ddb549cf68..3e778ec339f7 100644 --- a/data/reusables/enterprise-accounts/emu-cap-validates.md +++ b/data/reusables/enterprise-accounts/emu-cap-validates.md @@ -1 +1 @@ -When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate interactions with {% data variables.product.prodname_dotcom %} when members change IP addresses, and for each authentication with a {% data variables.product.pat_generic %} or SSH key associated with a user account. +When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate interactions with {% data variables.product.prodname_dotcom %} when members use the web UI or change IP addresses, and for each authentication with a {% data variables.product.pat_generic %} or SSH key associated with a user account. diff --git a/data/reusables/enterprise-accounts/emu-saml-note.md b/data/reusables/enterprise-accounts/emu-saml-note.md index df0bcbd2ff24..3d80739fcce9 100644 --- a/data/reusables/enterprise-accounts/emu-saml-note.md +++ b/data/reusables/enterprise-accounts/emu-saml-note.md @@ -1,4 +1,4 @@ -{% ifversion ghec%} +{% ifversion ghec %} {% note %} **Note**: If your enterprise uses {% data variables.product.prodname_emus %}, you must follow a different process to configure SAML single sign-on. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)." diff --git a/data/reusables/enterprise-accounts/emu-scim-note.md b/data/reusables/enterprise-accounts/emu-scim-note.md index a9ec31f4babf..b9518e7e026f 100644 --- a/data/reusables/enterprise-accounts/emu-scim-note.md +++ b/data/reusables/enterprise-accounts/emu-scim-note.md @@ -1,4 +1,4 @@ -{% ifversion ghec%} +{% ifversion ghec %} {% note %} **Note**: If your enterprise uses {% data variables.product.prodname_emus %}, you do not need to use team synchronization. Instead, you can manage team membership via the SCIM configuration you created while setting up your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)." diff --git a/data/reusables/enterprise-accounts/emu-shortcode.md b/data/reusables/enterprise-accounts/emu-shortcode.md deleted file mode 100644 index d96d739cf503..000000000000 --- a/data/reusables/enterprise-accounts/emu-shortcode.md +++ /dev/null @@ -1,3 +0,0 @@ -The short code must be unique to your enterprise, a three-to-eight character alphanumeric string, and contain no special characters. - -> [!WARNING] The short code will be appended to the end of all usernames in your enterprise account. It is not possible to modify the short code after your {% data variables.enterprise.prodname_emu_enterprise %} has been created. Please make sure to select an appropriate short code when requesting your new enterprise account. diff --git a/data/reusables/enterprise-accounts/enterprise-accounts-billing.md b/data/reusables/enterprise-accounts/enterprise-accounts-billing.md deleted file mode 100644 index 1644a4007eaa..000000000000 --- a/data/reusables/enterprise-accounts/enterprise-accounts-billing.md +++ /dev/null @@ -1 +0,0 @@ -Enterprise accounts are currently available to {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %} customers paying by invoice. Billing for all of the organizations and {% data variables.product.prodname_ghe_server %} instances connected to your enterprise account is aggregated into a single bill. diff --git a/data/reusables/enterprise-accounts/messages-tab.md b/data/reusables/enterprise-accounts/messages-tab.md index 351fbf17de8f..6d3cb5b9dc8b 100644 --- a/data/reusables/enterprise-accounts/messages-tab.md +++ b/data/reusables/enterprise-accounts/messages-tab.md @@ -1 +1 @@ -1. Under **{% octicon "gear" aria-label="The Settings gear" %} Settings**, click **{%ifversion ghes %}Messages{% elsif ghec %}Announcement{% endif %}**. +1. Under **{% octicon "gear" aria-label="The Settings gear" %} Settings**, click **{% ifversion ghes %}Messages{% elsif ghec %}Announcement{% endif %}**. diff --git a/data/reusables/enterprise-accounts/pages-policies-save.md b/data/reusables/enterprise-accounts/pages-policies-save.md deleted file mode 100644 index 995ce6212501..000000000000 --- a/data/reusables/enterprise-accounts/pages-policies-save.md +++ /dev/null @@ -1 +0,0 @@ - 1. Click **Save**. diff --git a/data/reusables/enterprise-accounts/pages-tab.md b/data/reusables/enterprise-accounts/pages-tab.md deleted file mode 100644 index 1511308e9e4a..000000000000 --- a/data/reusables/enterprise-accounts/pages-tab.md +++ /dev/null @@ -1 +0,0 @@ -1. Under "{% octicon "law" aria-hidden="true" %} Policies", click **Pages**. diff --git a/data/reusables/enterprise-migration-tool/migration-prerequisites.md b/data/reusables/enterprise-migration-tool/migration-prerequisites.md deleted file mode 100644 index d49aa0fe5f9f..000000000000 --- a/data/reusables/enterprise-migration-tool/migration-prerequisites.md +++ /dev/null @@ -1,2 +0,0 @@ -* {% data reusables.enterprise-migration-tool.link-to-support-limitations %} -* {% data reusables.enterprise-migration-tool.delta-migrations-not-supported %} diff --git a/data/reusables/enterprise-migration-tool/target-repository-visibility-placeholder.md b/data/reusables/enterprise-migration-tool/target-repository-visibility-placeholder.md deleted file mode 100644 index c4af52f277d1..000000000000 --- a/data/reusables/enterprise-migration-tool/target-repository-visibility-placeholder.md +++ /dev/null @@ -1 +0,0 @@ -TARGETREPOVISIBILITY | The visibility of the new repository. Must be `private`, `public`, or `internal`. If not set, your repository is migrated as private. diff --git a/data/reusables/enterprise/about-enterprise-accounts.md b/data/reusables/enterprise/about-enterprise-accounts.md deleted file mode 100644 index a83c07d4739a..000000000000 --- a/data/reusables/enterprise/about-enterprise-accounts.md +++ /dev/null @@ -1 +0,0 @@ -Your enterprise account on {% data variables.product.prodname_dotcom %} allows you to manage multiple organizations. Your enterprise account must have a handle, like an organization or user account on {% data variables.product.prodname_dotcom %}. diff --git a/data/reusables/enterprise/about-github-for-enterprises.md b/data/reusables/enterprise/about-github-for-enterprises.md deleted file mode 100644 index a5198e3afeb4..000000000000 --- a/data/reusables/enterprise/about-github-for-enterprises.md +++ /dev/null @@ -1 +0,0 @@ -For more information about how businesses can use {% data variables.product.company_short %}'s products to support their software development lifecycle, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises)." diff --git a/data/reusables/enterprise/enterprise-types.md b/data/reusables/enterprise/enterprise-types.md index 794f9364e245..00471010324f 100644 --- a/data/reusables/enterprise/enterprise-types.md +++ b/data/reusables/enterprise/enterprise-types.md @@ -5,4 +5,4 @@ While setting up your trial of {% data variables.product.prodname_ghe_cloud %}, * Enterprise with personal accounts * Enterprise with managed users -To help you decide which choice is best for your enterprise, see "[AUTOTITLE]({% ifversion not ghec%}/enterprise-cloud@latest{% endif %}/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} +To help you decide which choice is best for your enterprise, see "[AUTOTITLE]({% ifversion not ghec %}/enterprise-cloud@latest{% endif %}/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} diff --git a/data/reusables/enterprise/ghec-trial-azure.md b/data/reusables/enterprise/ghec-trial-azure.md deleted file mode 100644 index 4283ae5cdebb..000000000000 --- a/data/reusables/enterprise/ghec-trial-azure.md +++ /dev/null @@ -1 +0,0 @@ -If your enterprise account on {% data variables.location.product_location %} is on a free trial of {% data variables.product.prodname_ghe_cloud %}, you cannot connect an Azure subscription. diff --git a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md b/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md deleted file mode 100644 index 5d8b19019b1b..000000000000 --- a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md +++ /dev/null @@ -1 +0,0 @@ -After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)." diff --git a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-update-repo.md b/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-update-repo.md deleted file mode 100644 index f99a0321c630..000000000000 --- a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-update-repo.md +++ /dev/null @@ -1,11 +0,0 @@ -1. To update to the latest project release version, use the `stable` branch by running the `git checkout stable` command. - - ```shell - git checkout stable - ``` - - Alternatively, to use a specific project version, run the following command, replacing `X.Y.Z` with the desired release version. - - ```shell - git checkout vX.Y.Z - ``` diff --git a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-verify-upgrade.md b/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-verify-upgrade.md deleted file mode 100644 index be7411860778..000000000000 --- a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-verify-upgrade.md +++ /dev/null @@ -1,11 +0,0 @@ -1. To verify you have successfully upgraded, run the following command. - - ```shell - ./bin/ghe-backup --version - ``` - -1. To verify SSH connectivity between your configured {% data variables.product.prodname_ghe_server %}, run the following command. - - ```shell - ./bin/ghe-host-check - ``` diff --git a/data/reusables/enterprise_clustering/block-ips-manually.md b/data/reusables/enterprise_clustering/block-ips-manually.md deleted file mode 100644 index 3319981b929f..000000000000 --- a/data/reusables/enterprise_clustering/block-ips-manually.md +++ /dev/null @@ -1,3 +0,0 @@ -Performing a failover blocks the old cluster from accessing the promoted cluster. The command identifies IPs to block from the old primary cluster and writes them to `/data/user/common/cluster-ip-blocklist`. After the failover completes, the command runs `ghe-cluster-block-ips` to block the IPs on the new active cluster. - -You can also run the `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip` commands manually. With these commands, you can manually control which IPs can access your newly promoted cluster, and avoid the potentially lengthy configuration run associated with running the `ghe-cluster-failover` command. diff --git a/data/reusables/enterprise_site_admin_settings/about-the-site-admin-dashboard.md b/data/reusables/enterprise_site_admin_settings/about-the-site-admin-dashboard.md deleted file mode 100644 index 59bb88e770b7..000000000000 --- a/data/reusables/enterprise_site_admin_settings/about-the-site-admin-dashboard.md +++ /dev/null @@ -1 +0,0 @@ -You can use the site admin dashboard to manage users, organizations, and repositories on {% data variables.location.product_location %}. diff --git a/data/reusables/files/preview_change.md b/data/reusables/files/preview_change.md index 1cafeacac38d..1dbf7815405c 100644 --- a/data/reusables/files/preview_change.md +++ b/data/reusables/files/preview_change.md @@ -1,4 +1,4 @@ -{% ifversion code-view-ui %} +{% ifversion code-view-ui %} 1. Above the new content, click **Preview**. ![Screenshot of a file in edit mode. Above the file's contents, a tab labeled "Preview" is outlined in dark orange.](/assets/images/help/repository/edit-readme-preview-changes.png) diff --git a/data/reusables/gated-features/copilot-business-and-enterprise.md b/data/reusables/gated-features/copilot-business-and-enterprise.md index c98b41ddd478..38d5ef78f436 100644 --- a/data/reusables/gated-features/copilot-business-and-enterprise.md +++ b/data/reusables/gated-features/copilot-business-and-enterprise.md @@ -1 +1 @@ -Organizations{% ifversion ghec%} and enterprises{% endif %} with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}. +Organizations{% ifversion ghec %} and enterprises{% endif %} with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}. diff --git a/data/reusables/gated-features/copilot-business.md b/data/reusables/gated-features/copilot-business.md deleted file mode 100644 index 9ea10e003809..000000000000 --- a/data/reusables/gated-features/copilot-business.md +++ /dev/null @@ -1,4 +0,0 @@ -{% data variables.product.prodname_copilot_for_business %} is available for the following types of accounts: - -* Organizations with a {% data variables.product.prodname_free_team %} or {% data variables.product.prodname_team %} plan -* Enterprises and organizations on {% data variables.product.prodname_ghe_cloud %} diff --git a/data/reusables/gated-features/copilot-chat-availability.md b/data/reusables/gated-features/copilot-chat-availability.md deleted file mode 100644 index f01d654f90e1..000000000000 --- a/data/reusables/gated-features/copilot-chat-availability.md +++ /dev/null @@ -1,3 +0,0 @@ -All users with a {% data variables.product.prodname_copilot_for_individuals %} subscription can access the {% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview %} in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}. - -Owners of organizations {% ifversion ghec %}or enterprises {% endif %}with a {% data variables.product.prodname_copilot_business_short %} subscription can decide whether to grant access to the {% data variables.product.prodname_copilot_chat %} {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_vs %}{% ifversion ghec %}, {% data variables.product.prodname_vscode_shortname %}, and - with a {% data variables.product.prodname_copilot_enterprise_short %} subscription - {% data variables.product.prodname_dotcom_the_website %}{% else %} and {% data variables.product.prodname_vscode_shortname %}{% endif %}. diff --git a/data/reusables/gated-features/copilot-chat-callout-dotcom.md b/data/reusables/gated-features/copilot-chat-callout-dotcom.md deleted file mode 100644 index b655223f8b1b..000000000000 --- a/data/reusables/gated-features/copilot-chat-callout-dotcom.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot_chat_dotcom %} is available to all users with a {% data variables.product.prodname_copilot_individuals_short %} subscription, as well as those assigned a seat in {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %}. diff --git a/data/reusables/gated-features/copilot-chat-callout-with-jetbrains.md b/data/reusables/gated-features/copilot-chat-callout-with-jetbrains.md deleted file mode 100644 index 6210343dd673..000000000000 --- a/data/reusables/gated-features/copilot-chat-callout-with-jetbrains.md +++ /dev/null @@ -1,5 +0,0 @@ -{% data reusables.gated-features.copilot-chat-jetbrains-beta %} - -{% data reusables.gated-features.copilot-chat-callout %} - -{% data reusables.gated-features.copilot-chat-callout-jetbrains-only %} diff --git a/data/reusables/gated-features/copilot-chat.md b/data/reusables/gated-features/copilot-chat.md deleted file mode 100644 index 5a3274d61dea..000000000000 --- a/data/reusables/gated-features/copilot-chat.md +++ /dev/null @@ -1 +0,0 @@ -All users with a {% data variables.product.prodname_copilot_for_individuals %} subscription can access {% data variables.product.prodname_copilot_chat %} in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and JetBrains IDEs. Owners of organizations {% ifversion ghec %}or enterprises {% endif %}with a {% data variables.product.prodname_copilot_business_short %} subscription can decide whether to grant access to {% data variables.product.prodname_copilot_chat %} for {% data variables.product.prodname_vs %}, {% ifversion ghec %} {% data variables.product.prodname_vscode_shortname %}, JetBrains IDEs, and - with a {% data variables.product.prodname_copilot_enterprise_short %} subscription - {% data variables.product.prodname_dotcom_the_website %}{% else %}, {% data variables.product.prodname_vscode_shortname %}, and JetBrains IDEs{% endif %}. diff --git a/data/reusables/gated-features/copilot-enterprise.md b/data/reusables/gated-features/copilot-enterprise.md deleted file mode 100644 index 0ca5fedda892..000000000000 --- a/data/reusables/gated-features/copilot-enterprise.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot_enterprise %} is available for enterprise accounts on {% data variables.product.prodname_ghe_cloud %}. diff --git a/data/reusables/gated-features/copilot-for-business.md b/data/reusables/gated-features/copilot-for-business.md deleted file mode 100644 index 6e2f6aaf5a5e..000000000000 --- a/data/reusables/gated-features/copilot-for-business.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_copilot_for_business %} can be managed through organization accounts{% ifversion ghec %} and enterprise accounts{% endif %}. diff --git a/data/reusables/gated-features/copilot-secret-scanning.md b/data/reusables/gated-features/copilot-secret-scanning.md new file mode 100644 index 000000000000..36d26952b804 --- /dev/null +++ b/data/reusables/gated-features/copilot-secret-scanning.md @@ -0,0 +1,3 @@ +{% data variables.secret-scanning.copilot-secret-scanning %} is available for the following repositories: + +* Public, private, and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled diff --git a/data/reusables/gated-features/dependabot-alerts.md b/data/reusables/gated-features/dependabot-alerts.md index f045661c37a6..1d3401eb0e99 100644 --- a/data/reusables/gated-features/dependabot-alerts.md +++ b/data/reusables/gated-features/dependabot-alerts.md @@ -1,5 +1,5 @@ {%- ifversion fpt or ghec %} -{% data variables.product.prodname_dependabot_alerts %} are free to use for all repositories on {% data variables.product.prodname_dotcom %}. {% ifversion fpt%}Advanced capabilities, like the ability to create {% data variables.dependabot.custom_rules %} for {% data variables.product.prodname_dependabot_alerts %}, are available (for free) on public repositories only.{% elsif ghec %} Advanced capabilities, like reachability analysis and the ability to create {% data variables.dependabot.custom_rules %}, are available on any organization-owned repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} +{% data variables.product.prodname_dependabot_alerts %} are free to use for all repositories on {% data variables.product.prodname_dotcom %}. {% ifversion fpt %}Advanced capabilities, like the ability to create {% data variables.dependabot.custom_rules %} for {% data variables.product.prodname_dependabot_alerts %}, are available (for free) on public repositories only.{% elsif ghec %} Advanced capabilities, like reachability analysis and the ability to create {% data variables.dependabot.custom_rules %}, are available on any organization-owned repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} {%- elsif ghes %} {% data variables.product.prodname_dependabot_alerts %} are free to use for repositories (user-owned and organization-owned) on {% data variables.product.prodname_ghe_server %}, provided enterprise administrators enable the feature for your enterprise.{% ifversion dependabot-auto-triage-rules %} Advanced capabilities, like the ability to create {% data variables.dependabot.custom_rules %}, are available to all organization-owned repositories, when you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} diff --git a/data/reusables/gated-features/dependency-review-action.md b/data/reusables/gated-features/dependency-review-action.md index 1daebd5626b0..27a9ea80b915 100644 --- a/data/reusables/gated-features/dependency-review-action.md +++ b/data/reusables/gated-features/dependency-review-action.md @@ -1,10 +1,10 @@ -{%- ifversion fpt %} -The {% data variables.dependency-review.action_name %} is available for public repositories. The {% data variables.dependency-review.action_name %} is also available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. +{% ifversion fpt or ghec %} +The {% data variables.dependency-review.action_name %} is available for the following repository types: -{%- elsif ghec %} -The {% data variables.dependency-review.action_name %} is available for public repositories. To configure the {% data variables.dependency-review.action_name %} in private repositories owned by organizations, you must have a license for {% data variables.product.prodname_GH_advanced_security %}. +* Public repositories on {% data variables.product.prodname_dotcom_the_website %} +* Organization-owned repositories on {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled -{%- elsif ghes %} -The {% data variables.dependency-review.action_name %} is available for organization-owned repositories in {% data variables.product.product_name %}. This feature requires a license for {% data variables.product.prodname_GH_advanced_security %}. +{% elsif ghes %} +Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled -{%- endif %} {% data reusables.advanced-security.more-info-ghas %} +{% endif %} diff --git a/data/reusables/gated-features/dependency-review.md b/data/reusables/gated-features/dependency-review.md index 03c8abceefc0..f133d37eb4b6 100644 --- a/data/reusables/gated-features/dependency-review.md +++ b/data/reusables/gated-features/dependency-review.md @@ -1,10 +1,10 @@ -{%- ifversion fpt %} -Dependency review is enabled on public repositories. Dependency review is also available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. +{% ifversion fpt or ghec %} +Dependency review is available for the following repository types: -{%- elsif ghec %} -Dependency review is included in {% data variables.product.product_name %} for public repositories. To use dependency review in private repositories owned by organizations, you must have a license for {% data variables.product.prodname_GH_advanced_security %}. +* Public repositories on {% data variables.product.prodname_dotcom_the_website %} +* Organization-owned repositories on {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled -{%- elsif ghes %} -Dependency review is available for organization-owned repositories in {% data variables.product.product_name %}. This feature requires a license for {% data variables.product.prodname_GH_advanced_security %}. +{% elsif ghes %} +Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled -{%- endif %} {% data reusables.advanced-security.more-info-ghas %} +{% endif %} diff --git a/data/reusables/gated-features/enterprise_account_webhooks.md b/data/reusables/gated-features/enterprise_account_webhooks.md deleted file mode 100644 index add5e44665a8..000000000000 --- a/data/reusables/gated-features/enterprise_account_webhooks.md +++ /dev/null @@ -1,4 +0,0 @@ - -{% data reusables.gated-features.enterprise-accounts %} - -Webhooks configured on enterprise accounts or organizations that are part of an enterprise account will include an `enterprise` account object. diff --git a/data/reusables/gated-features/push-protection-users-and-repos.md b/data/reusables/gated-features/push-protection-users-and-repos.md deleted file mode 100644 index d3cb5795c740..000000000000 --- a/data/reusables/gated-features/push-protection-users-and-repos.md +++ /dev/null @@ -1,13 +0,0 @@ -{%- ifversion fpt or ghec %} - -{%- ifversion secret-scanning-push-protection-for-users %} -Push protection for users is on by default and can be disabled in your personal account settings. - -{%- endif %} - -Push protection for repositories and organizations is available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories. - -{%- elsif ghes %} -Push protection is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} - -For more information, see {% ifversion secret-scanning-push-protection-for-users %}"[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)" and {% endif %}"[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)." diff --git a/data/reusables/gated-features/secret-scanning-custom-patterns.md b/data/reusables/gated-features/secret-scanning-custom-patterns.md new file mode 100644 index 000000000000..5efb79071f5c --- /dev/null +++ b/data/reusables/gated-features/secret-scanning-custom-patterns.md @@ -0,0 +1,3 @@ +Custom patterns for {% data variables.product.prodname_secret_scanning %} is available for the following repositories: + +* Public, private, and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled diff --git a/data/reusables/gated-features/secret-scanning-non-provider-patterns.md b/data/reusables/gated-features/secret-scanning-non-provider-patterns.md new file mode 100644 index 000000000000..1c25ae8e090a --- /dev/null +++ b/data/reusables/gated-features/secret-scanning-non-provider-patterns.md @@ -0,0 +1,3 @@ +Scanning for non-provider patterns is available for the following repositories: + +* Public, private, and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled diff --git a/data/reusables/gated-features/tag-protection-rules.md b/data/reusables/gated-features/tag-protection-rules.md deleted file mode 100644 index 3c54fea67030..000000000000 --- a/data/reusables/gated-features/tag-protection-rules.md +++ /dev/null @@ -1 +0,0 @@ -Tag protection rules are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}. {% ifversion fpt or ghec %}{% data reusables.gated-features.more-info %}{% endif %} diff --git a/data/reusables/getting-started/contributing-to-projects.md b/data/reusables/getting-started/contributing-to-projects.md deleted file mode 100644 index b7f1ffc278a2..000000000000 --- a/data/reusables/getting-started/contributing-to-projects.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_dotcom %} connects users and allows you to interact with other projects. To learn more about contributing to someone else's project, see "[AUTOTITLE](/get-started/exploring-projects-on-github/contributing-to-a-project)." diff --git a/data/reusables/getting-started/set-up-git.md b/data/reusables/getting-started/set-up-git.md deleted file mode 100644 index 0d593bd574fe..000000000000 --- a/data/reusables/getting-started/set-up-git.md +++ /dev/null @@ -1 +0,0 @@ -Synchronizing {% data variables.product.prodname_dotcom %} repositories with your computer allows you to work locally and push your changes to {% data variables.product.prodname_dotcom %}. For more information, see “[Set up Git](/get-started/getting-started-with-git/set-up-git).” diff --git a/data/reusables/github-connect/authorize-connection.md b/data/reusables/github-connect/authorize-connection.md deleted file mode 100644 index 50a4ed71f2d1..000000000000 --- a/data/reusables/github-connect/authorize-connection.md +++ /dev/null @@ -1 +0,0 @@ -1. Review the resources that {% data variables.product.product_name %} will access from your {% data variables.product.prodname_dotcom %} account, then click **Authorize**. diff --git a/data/reusables/organizations/block_users.md b/data/reusables/organizations/block_users.md index ba3f48fa044c..63b5020a6e62 100644 --- a/data/reusables/organizations/block_users.md +++ b/data/reusables/organizations/block_users.md @@ -1 +1 @@ -1. In the sidebar, select **{% octicon "report" aria-hidden="true"%} Moderation**, then click **Blocked users**. +1. In the sidebar, select **{% octicon "report" aria-hidden="true" %} Moderation**, then click **Blocked users**. diff --git a/data/reusables/organizations/filter-security-overview.md b/data/reusables/organizations/filter-security-overview.md deleted file mode 100644 index 8864f1d401d8..000000000000 --- a/data/reusables/organizations/filter-security-overview.md +++ /dev/null @@ -1,3 +0,0 @@ -1. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the **Search repositories** field. For more information about the available qualifiers, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." - - ![Screenshot showing the dropdown filter menus and "Search repositories" field in security overview.](/assets/images/help/security-overview/security-overview-filter-alerts.png) diff --git a/data/reusables/organizations/team-security-overview.md b/data/reusables/organizations/team-security-overview.md deleted file mode 100644 index bb6715eb4cbf..000000000000 --- a/data/reusables/organizations/team-security-overview.md +++ /dev/null @@ -1 +0,0 @@ -1. At the top of the team's page, click {% octicon "shield" aria-hidden="true" %} **Security**. diff --git a/data/reusables/organizations/team-synchronization.md b/data/reusables/organizations/team-synchronization.md index 4579230ca769..72677402e717 100644 --- a/data/reusables/organizations/team-synchronization.md +++ b/data/reusables/organizations/team-synchronization.md @@ -1,3 +1,3 @@ {% ifversion fpt or ghec %} -{% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud%}{% else %}You{% endif %} can use team synchronization to automatically add and remove organization members to teams through an identity provider. For more information, see "[Synchronizing a team with an identity provider group]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} +{% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% else %}You{% endif %} can use team synchronization to automatically add and remove organization members to teams through an identity provider. For more information, see "[Synchronizing a team with an identity provider group]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} {% endif %} diff --git a/data/reusables/pages/choose-visibility.md b/data/reusables/pages/choose-visibility.md index f69be333de2f..537d397a06e0 100644 --- a/data/reusables/pages/choose-visibility.md +++ b/data/reusables/pages/choose-visibility.md @@ -1,5 +1,5 @@ {%- ifversion ghec %} 1. Optionally, if you're publishing a project site from a private or internal repository, choose the visibility for your site. Under "{% data variables.product.prodname_pages %}", select the visibility dropdown menu, then select public or private. ![Screenshot of Pages settings in a {% data variables.product.prodname_dotcom %} repository. A menu to select private or public visibility of the Pages site, labeled "Private," is outlined in dark orange.](/assets/images/help/pages/public-or-private-visibility.png) - {% indented_data_reference reusables.pages.privately-publish-ghec-only spaces=3%} + {% indented_data_reference reusables.pages.privately-publish-ghec-only spaces=3 %} {%- endif %} diff --git a/data/reusables/pages/update_your_dns_settings.md b/data/reusables/pages/update_your_dns_settings.md deleted file mode 100644 index 9227b13b4346..000000000000 --- a/data/reusables/pages/update_your_dns_settings.md +++ /dev/null @@ -1 +0,0 @@ -{% ifversion fpt or ghec %}1. If there's a custom domain enabled for your site, to avoid a domain takeover, update your DNS settings. For more information, see "[AUTOTITLE](/pages/configuring-a-custom-domain-for-your-github-pages-site)."{% endif %} diff --git a/data/reusables/permissions/push-protection-resolve-block.md b/data/reusables/permissions/push-protection-resolve-block.md new file mode 100644 index 000000000000..01ff2356a439 --- /dev/null +++ b/data/reusables/permissions/push-protection-resolve-block.md @@ -0,0 +1 @@ +Users with **write** access diff --git a/data/reusables/permissions/security-enterprise-enable.md b/data/reusables/permissions/security-enterprise-enable.md new file mode 100644 index 000000000000..9335e5c41a2d --- /dev/null +++ b/data/reusables/permissions/security-enterprise-enable.md @@ -0,0 +1 @@ +Repository owners, organization owners, security managers, enterprise administrators, and users with the **admin** role diff --git a/data/reusables/projects/enable-basic-workflow.md b/data/reusables/projects/enable-basic-workflow.md deleted file mode 100644 index 4b7fc7260b22..000000000000 --- a/data/reusables/projects/enable-basic-workflow.md +++ /dev/null @@ -1,21 +0,0 @@ -{% ifversion projects-v2-workflows-ui-refresh %} - -{% data reusables.projects.access-workflows %} -1. Under "Default workflows", click on the workflow that you want to edit. -1. In the top right, click **Edit**. - - ![Screenshot showing a project's menu bar. The "Edit" button is highlighted with an orange rectangle.](/assets/images/help/projects-v2/workflow-start-editing.png) - -1. Select whether the workflow should apply to issues, pull requests, or both. -1. Under "Set value", choose the value that you want to set the status to. -1. To save your changes and enable the workflow, click **Save and turn on workflow**. - -{% else %} - -{% data reusables.projects.access-workflows %} -1. Under "Default workflows", click on the workflow that you want to edit. -1. Select whether the workflow should apply to issues, pull requests, or both. -1. Next to "Set", choose the value that you want to set the status to. -1. If the workflow is disabled, click the toggle next to "Off" to enable the workflow. - -{% endif %} diff --git a/data/reusables/projects/enable-migration.md b/data/reusables/projects/enable-migration.md deleted file mode 100644 index 11d5a87726d9..000000000000 --- a/data/reusables/projects/enable-migration.md +++ /dev/null @@ -1 +0,0 @@ -{% ifversion projects-v2-migration-behind-feature-preview %}1. Enable "Project migration" in feature preview. For more information, see "[AUTOTITLE](/get-started/using-github/exploring-early-access-releases-with-feature-preview)."{% endif %} diff --git a/data/reusables/projects/tasklists-release-stage.md b/data/reusables/projects/tasklists-release-stage.md deleted file mode 100644 index a2d8e784cb2f..000000000000 --- a/data/reusables/projects/tasklists-release-stage.md +++ /dev/null @@ -1,7 +0,0 @@ -{% note %} - -**Note:** Tasklists are in {% data variables.release-phases.private_preview %} and subject to change. We have currently paused onboarding to the {% data variables.release-phases.public_preview %}. - -{% endnote %} - - diff --git a/data/reusables/rai/code-scanning/autofix-note.md b/data/reusables/rai/code-scanning/autofix-note.md deleted file mode 100644 index f97fe439c02a..000000000000 --- a/data/reusables/rai/code-scanning/autofix-note.md +++ /dev/null @@ -1,6 +0,0 @@ -{% ifversion code-scanning-autofix or fpt %} - -> [!NOTE] -> {% data variables.product.prodname_copilot_autofix %} is restricted to alerts identified by {% data variables.product.prodname_code_scanning %} for private and internal repositories, including {% data variables.product.prodname_codeql %} alerts. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to {% data variables.product.prodname_copilot_autofix_short %}. - -{% endif %} diff --git a/data/reusables/rai/secret-scanning/generic-secret-detection-ai.md b/data/reusables/rai/secret-scanning/generic-secret-detection-ai.md deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/data/reusables/release-notes/2022-09-hotpatch-issue.md b/data/reusables/release-notes/2022-09-hotpatch-issue.md deleted file mode 100644 index 1b73245c5475..000000000000 --- a/data/reusables/release-notes/2022-09-hotpatch-issue.md +++ /dev/null @@ -1,7 +0,0 @@ -Hotpatch upgrades to GitHub Enterprise Server may fail. Upgrades with the full `.pkg` are unaffected. If the upgrade fails for your instance, workaround this issue by connecting to the administrative shell (ssh) and running the following non-interactive command: - -```shell -echo "grub-pc grub-pc/install_devices_empty boolean true" | sudo debconf-set-selections -``` - -If you're unable to upgrade, or if you need further assistance, contact GitHub Support. For more information, see "[AUTOTITLE](/support/contacting-github-support/creating-a-support-ticket)." diff --git a/data/reusables/release-notes/2023-01-git-vulnerabilities.md b/data/reusables/release-notes/2023-01-git-vulnerabilities.md deleted file mode 100644 index ce87d3222da1..000000000000 --- a/data/reusables/release-notes/2023-01-git-vulnerabilities.md +++ /dev/null @@ -1,3 +0,0 @@ - - -**HIGH**: Updated Git to include fixes from 2.39.1, which address [CVE-2022-41903](https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq) and [CVE-2022-23521](https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89). diff --git a/data/reusables/release-notes/2023-09-ephemeral-self-hosted-runners-not-auto-upgrading.md b/data/reusables/release-notes/2023-09-ephemeral-self-hosted-runners-not-auto-upgrading.md deleted file mode 100644 index 884321b794c8..000000000000 --- a/data/reusables/release-notes/2023-09-ephemeral-self-hosted-runners-not-auto-upgrading.md +++ /dev/null @@ -1 +0,0 @@ -On an instance with GitHub Actions enabled, ephemeral self-hosted runners do not automatically update to the latest version. Users will need to manually update the runners to the latest version. diff --git a/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md b/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md index 4c4e63915e5c..1deff098f8ba 100644 --- a/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md +++ b/data/reusables/release-notes/2023-10-git-push-made-but-not-registered.md @@ -5,6 +5,6 @@ CA certificate key too weak ``` To resolve this issue, confirm that your certificate complies -with level 2 of the OpenSSL security specification. For more information, see [SSL_CTX_set_security_level](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR) in the OpenSSL docs. For more information about reviewing your instance's logs, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs#system-logs-in-the-systemd-journal)". +with level 2 of the OpenSSL security specification. For more information, see [SSL_CTX_set_security_level](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR) in the OpenSSL docs. For more information about reviewing your instance's logs, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs#system-logs-in-the-systemd-journal)." If the error appears in `babeld` logs because your TLS certificate does not comply with level 2 of the specification, you must create and upload a new certificate with stronger security before you upgrade to GitHub Enterprise Server 3.10 or later. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/configuring-tls)." diff --git a/data/reusables/release-notes/2024-06-possible-frontend-2-minute-outage-during-hotpatch-upgrade.md b/data/reusables/release-notes/2024-06-possible-frontend-2-minute-outage-during-hotpatch-upgrade.md deleted file mode 100644 index 82591756c47c..000000000000 --- a/data/reusables/release-notes/2024-06-possible-frontend-2-minute-outage-during-hotpatch-upgrade.md +++ /dev/null @@ -1 +0,0 @@ -If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 2 minutes. Any existing unfinished connections at this time will be disconnected. diff --git a/data/reusables/release-notes/babeld-max-threads-performance-issue.md b/data/reusables/release-notes/babeld-max-threads-performance-issue.md deleted file mode 100644 index ad198c6bf81a..000000000000 --- a/data/reusables/release-notes/babeld-max-threads-performance-issue.md +++ /dev/null @@ -1 +0,0 @@ -Instances experiencing a high sustained number of concurrent Git requests may experience performance issues. If you suspect that this issue is affecting your instance, contact {% data variables.contact.github_support %}. For more information, see "[AUTOTITLE](/support/contacting-github-support/creating-a-support-ticket)." diff --git a/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md b/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md deleted file mode 100644 index 0f0bb540a84d..000000000000 --- a/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md +++ /dev/null @@ -1 +0,0 @@ -After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)." diff --git a/data/reusables/release-notes/ghe-cluster-config-apply-error.md b/data/reusables/release-notes/ghe-cluster-config-apply-error.md deleted file mode 100644 index 2516e1f7f5b9..000000000000 --- a/data/reusables/release-notes/ghe-cluster-config-apply-error.md +++ /dev/null @@ -1,7 +0,0 @@ -During an upgrade to GitHub Enterprise Server 3.8.0 on a cluster, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following error may appear multiple times after you run `ghe-config-apply`. - -```text -Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID -``` - -You can safely ignore this message. diff --git a/data/reusables/release-notes/git-push-known-issue.md b/data/reusables/release-notes/git-push-known-issue.md deleted file mode 100644 index 8f3c6a50faf6..000000000000 --- a/data/reusables/release-notes/git-push-known-issue.md +++ /dev/null @@ -1,4 +0,0 @@ -On instances in a high availability configuration, `git push` operations may fail in the following situations. - -* During creation of the repository on a replica node -* After failure to create the repository on a replica node, before automatic repair of the repository diff --git a/data/reusables/release-notes/github-actions-secrets-encryption-docs.md b/data/reusables/release-notes/github-actions-secrets-encryption-docs.md deleted file mode 100644 index c1028dcb5d4b..000000000000 --- a/data/reusables/release-notes/github-actions-secrets-encryption-docs.md +++ /dev/null @@ -1 +0,0 @@ -"[AUTOTITLE](/actions/security-guides/encrypted-secrets)" incorrectly indicated that secrets for GitHub Actions are encrypted in the instance's database. The article has been updated to reflect that secrets are not encrypted on the instance. To encrypt secrets at rest, you must encrypt your instance's block storage device. For more information, refer to the documentation for your hypervisor or cloud service. diff --git a/data/reusables/release-notes/manage-api-unreachable.md b/data/reusables/release-notes/manage-api-unreachable.md deleted file mode 100644 index c359afd7a634..000000000000 --- a/data/reusables/release-notes/manage-api-unreachable.md +++ /dev/null @@ -1,9 +0,0 @@ -After upgrading an existing instance to GitHub Enterprise Server 3.9, the Manage GitHub Enterprise Server API is unavailable. To enable the API, SSH into the instance and run the following commands. - -```shell copy -sudo mkdir -p /data/ghes-manage-gateway/current -sudo chown -R ghes-manage-gateway:ghes-manage-gateway /data/ghes-manage-gateway/current -sudo systemctl restart ghes-manage-gateway ghes-manage-gateway-consul -``` - -For more information about the Manage GitHub Enterprise Server API, see "[Manage GitHub Enterprise Server](/rest/enterprise-admin/manage-ghes?apiVersion=2022-11-28)." diff --git a/data/reusables/release-notes/mermaid-rendering-known-issue.md b/data/reusables/release-notes/mermaid-rendering-known-issue.md deleted file mode 100644 index c34eb5d7167f..000000000000 --- a/data/reusables/release-notes/mermaid-rendering-known-issue.md +++ /dev/null @@ -1 +0,0 @@ -On an instance with subdomain isolation disabled, Mermaid diagrams in the web UI display an "Unable to render rich display" error and fail to render. diff --git a/data/reusables/release-notes/migrations-blob-storage-unconfigurable-known-issue.md b/data/reusables/release-notes/migrations-blob-storage-unconfigurable-known-issue.md deleted file mode 100644 index fa8f6b7cd39c..000000000000 --- a/data/reusables/release-notes/migrations-blob-storage-unconfigurable-known-issue.md +++ /dev/null @@ -1 +0,0 @@ -Administrators cannot set or update the instance's blob storage settings in the Management Console using the "Migrations" settings tab. No matter what values an administrator provides, the following error message will appear: `Unable to connect to migrations provider. Please check the form and try again.` diff --git a/data/reusables/release-notes/migrations-missing-section-known-issue.md b/data/reusables/release-notes/migrations-missing-section-known-issue.md deleted file mode 100644 index f054dc1f9c00..000000000000 --- a/data/reusables/release-notes/migrations-missing-section-known-issue.md +++ /dev/null @@ -1 +0,0 @@ -The "Migrations" section is missing from the Management Console, so it isn't possible to enable, disable, or reconfigure blob storage credentials for migrations. diff --git a/data/reusables/release-notes/new-subdomains-missing-from-management-console.md b/data/reusables/release-notes/new-subdomains-missing-from-management-console.md deleted file mode 100644 index 4421e2c0e9fa..000000000000 --- a/data/reusables/release-notes/new-subdomains-missing-from-management-console.md +++ /dev/null @@ -1 +0,0 @@ -When validating domain settings on an instance with TLS and subdomain isolation enabled, the Management Console does not display GitHub Enterprise Server 3.7's two new subdomains, `http(s)://notebooks.HOSTNAME` and `http(s)://viewscreen.HOSTNAME`, in the list of domains. diff --git a/data/reusables/release-notes/replication-commands-in-maintenance-mode-known-issue.md b/data/reusables/release-notes/replication-commands-in-maintenance-mode-known-issue.md deleted file mode 100644 index 5fda83c85804..000000000000 --- a/data/reusables/release-notes/replication-commands-in-maintenance-mode-known-issue.md +++ /dev/null @@ -1 +0,0 @@ -On instances in a high availability configuration, site administrators should only run the `ghe-repl-start` and `ghe-repl-stop` commands while the instance is in maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)" and "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration#utilities-for-replication-management)." diff --git a/data/reusables/release-notes/repository-inconsistencies-errors.md b/data/reusables/release-notes/repository-inconsistencies-errors.md deleted file mode 100644 index a714b57e66c5..000000000000 --- a/data/reusables/release-notes/repository-inconsistencies-errors.md +++ /dev/null @@ -1,3 +0,0 @@ -Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project. - -If you suspect a problem like this exists in one of your repositories, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance. diff --git a/data/reusables/release-notes/scim-custom-mappings-supported-change.md b/data/reusables/release-notes/scim-custom-mappings-supported-change.md deleted file mode 100644 index aa6ca2c81320..000000000000 --- a/data/reusables/release-notes/scim-custom-mappings-supported-change.md +++ /dev/null @@ -1 +0,0 @@ -For participants in the {% data variables.release-phases.private_preview %} of SCIM for GitHub Enterprise Server, custom mappings for SAML user attributes are now supported. Custom mappings allow the use of a value other than `NameID` as the unique identifying claim during SAML authentication. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise#about-identities-and-claims)." diff --git a/data/reusables/release-notes/scim-in-3-6-series.md b/data/reusables/release-notes/scim-in-3-6-series.md deleted file mode 100644 index 5f7fb7dbd974..000000000000 --- a/data/reusables/release-notes/scim-in-3-6-series.md +++ /dev/null @@ -1 +0,0 @@ -Releases in the 3.6 series of GitHub Enterprise Server are no longer suitable for testing SCIM. To continue using the {% data variables.release-phases.private_preview %} of SCIM, upgrade your instance to version 3.7.3 or later. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." diff --git a/data/reusables/release-notes/scim-saml-tokens-known-issue.md b/data/reusables/release-notes/scim-saml-tokens-known-issue.md deleted file mode 100644 index 7d355f61a8bc..000000000000 --- a/data/reusables/release-notes/scim-saml-tokens-known-issue.md +++ /dev/null @@ -1 +0,0 @@ -For participants in the {% data variables.release-phases.private_preview %} of SCIM for GitHub Enterprise Server, authentication for requests to resources other than the REST API using a {% data variables.product.pat_generic %} or SSH key may not succeed. A fix will be available in a forthcoming release of GitHub Enterprise Server. diff --git a/data/reusables/release-notes/slow-deleted-repos-migration-known-issue-updated.md b/data/reusables/release-notes/slow-deleted-repos-migration-known-issue-updated.md deleted file mode 100644 index fc8153871037..000000000000 --- a/data/reusables/release-notes/slow-deleted-repos-migration-known-issue-updated.md +++ /dev/null @@ -1 +0,0 @@ -An upgrade to {% data variables.product.prodname_ghe_server %} 3.6 or 3.7 from 3.5 or earlier may be long running if a large number of deleted repositories exist. The performance of this upgrade has been improved in 3.6.14 and 3.7.11, however if you have tens of thousands of recently deleted repositories the upgrade could still take multiple hours. Deleted repositories are purged automatically after 90 days, but for a faster upgrade they can be purged manually. If you suspect you have tens of thousands of recently deleted repositories, and you are concerned about a long running upgrade, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance purging deleted repositories. diff --git a/data/reusables/release-notes/slow-deleted-repos-migration-known-issue.md b/data/reusables/release-notes/slow-deleted-repos-migration-known-issue.md deleted file mode 100644 index 9a3128c2f2fd..000000000000 --- a/data/reusables/release-notes/slow-deleted-repos-migration-known-issue.md +++ /dev/null @@ -1 +0,0 @@ -An upgrade to {% data variables.product.prodname_ghe_server %} 3.6 or 3.7 from 3.5 or earlier may be long running if a large number of deleted repositories exist. Deleted repositories are purged automatically after 90 days, but for a faster upgrade they can be purged manually. If you suspect you have thousands of recently deleted repositories, and you are concerned about a long running upgrade, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance purging deleted repositories. diff --git a/data/reusables/release-notes/stuck-discussion-conversion-issue.md b/data/reusables/release-notes/stuck-discussion-conversion-issue.md deleted file mode 100644 index bcd1f62c7e1a..000000000000 --- a/data/reusables/release-notes/stuck-discussion-conversion-issue.md +++ /dev/null @@ -1,11 +0,0 @@ -In some cases, while converting an issue to a discussion, the conversion process may hang. In this situation, an enterprise owner can try the following troubleshooting steps to resolve the issue. - -1. At the end of the stuck discussion's URL, note the discussion's number. -1. In the web UI, browse to the repository where the conversion is stuck. -1. In the top-right corner of the web UI, click {% octicon "rocket" aria-label="The rocket ship" %}. -1. Under "Collaboration", click **NUMBER discussions**. -1. In the list, click the number from step 1. -1. Under "Conversion", click **Enqueue conversion job**. -1. Wait a few minutes, then check the issue's status. - -If the conversion still hasn't completed, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance. diff --git a/data/reusables/release-notes/user-already-taken.md b/data/reusables/release-notes/user-already-taken.md deleted file mode 100644 index 4c01b044fbed..000000000000 --- a/data/reusables/release-notes/user-already-taken.md +++ /dev/null @@ -1 +0,0 @@ -On an instance configured for SAML authentication, when signing in, users may erroneously see an error indicating "User has already been taken." diff --git a/data/reusables/repositories/edit-file-button.md b/data/reusables/repositories/edit-file-button.md index bcb9ac836ce3..ddd2fb6e9dc3 100644 --- a/data/reusables/repositories/edit-file-button.md +++ b/data/reusables/repositories/edit-file-button.md @@ -3,4 +3,4 @@ ![Screenshot of a file. In the header, a button, labeled with a pencil icon, is outlined in dark orange.](/assets/images/help/repository/edit-file-edit-button.png) {% else %} ![Screenshot of a file. In the header, a button, labeled with a pencil icon, is outlined in dark orange.](/assets/images/enterprise/repository/edit-file-edit-button.png) -{% endif%} +{% endif %} diff --git a/data/reusables/repositories/navigate-to-manage-access.md b/data/reusables/repositories/navigate-to-manage-access.md deleted file mode 100644 index 433ffd8349ad..000000000000 --- a/data/reusables/repositories/navigate-to-manage-access.md +++ /dev/null @@ -1 +0,0 @@ -1. In the left sidebar, click **Manage access**. diff --git a/data/reusables/repositories/navigate-to-tags.md b/data/reusables/repositories/navigate-to-tags.md index 957248c22ca1..3c89c6559504 100644 --- a/data/reusables/repositories/navigate-to-tags.md +++ b/data/reusables/repositories/navigate-to-tags.md @@ -1 +1 @@ -1. In the "Code and automation" section of the sidebar, click **{% octicon "tag" aria-hidden="true"%} Tags**. +1. In the "Code and automation" section of the sidebar, click **{% octicon "tag" aria-hidden="true" %} Tags**. diff --git a/data/reusables/repositories/repo-size-limit.md b/data/reusables/repositories/repo-size-limit.md deleted file mode 100644 index fd40068a2147..000000000000 --- a/data/reusables/repositories/repo-size-limit.md +++ /dev/null @@ -1,3 +0,0 @@ -{% ifversion fpt or ghec %} -Repositories and individual files are subject to size limits. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github)" -{% endif %} diff --git a/data/reusables/rest-api/always-check-your-limit.md b/data/reusables/rest-api/always-check-your-limit.md deleted file mode 100644 index 0a9e50418dc8..000000000000 --- a/data/reusables/rest-api/always-check-your-limit.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -You can confirm your current rate limit status at any time using the REST API. For more information, see "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)." - -{% endnote %} diff --git a/data/reusables/saml/ae-enable-saml-sso-during-bootstrapping.md b/data/reusables/saml/ae-enable-saml-sso-during-bootstrapping.md deleted file mode 100644 index edc59e33eb53..000000000000 --- a/data/reusables/saml/ae-enable-saml-sso-during-bootstrapping.md +++ /dev/null @@ -1 +0,0 @@ -You'll configure identity and access management for {% data variables.product.product_name %} by entering the details for your SAML IdP during initialization. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/initializing-github-ae#connecting-your-idp-to-your-enterprise)." diff --git a/data/reusables/saml/contact-support-if-your-idp-is-unavailable.md b/data/reusables/saml/contact-support-if-your-idp-is-unavailable.md deleted file mode 100644 index c3f7c0335aed..000000000000 --- a/data/reusables/saml/contact-support-if-your-idp-is-unavailable.md +++ /dev/null @@ -1 +0,0 @@ -If you can't sign into your enterprise because {% data variables.product.product_name %} can't communicate with your SAML IdP, you can contact {% data variables.contact.github_support %}, who can help you access {% data variables.product.product_name %} to update the SAML SSO configuration. For more information, see "[AUTOTITLE](/support/contacting-github-support)." diff --git a/data/reusables/saml/okta-ae-provisioning-tab.md b/data/reusables/saml/okta-ae-provisioning-tab.md deleted file mode 100644 index 24c37275a478..000000000000 --- a/data/reusables/saml/okta-ae-provisioning-tab.md +++ /dev/null @@ -1 +0,0 @@ -1. Click **Provisioning**. diff --git a/data/reusables/saml/okta-click-on-the-app.md b/data/reusables/saml/okta-click-on-the-app.md deleted file mode 100644 index f32306515581..000000000000 --- a/data/reusables/saml/okta-click-on-the-app.md +++ /dev/null @@ -1 +0,0 @@ -1. Click the {% data variables.product.product_name %} app. diff --git a/data/reusables/scim/emu-understand-types-and-support.md b/data/reusables/scim/emu-understand-types-and-support.md deleted file mode 100644 index debc5dc03c04..000000000000 --- a/data/reusables/scim/emu-understand-types-and-support.md +++ /dev/null @@ -1 +0,0 @@ -Before you configure provisioning, ensure that you understand the integration requirements and level of support for your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)." diff --git a/data/reusables/scim/ghec-open-scim-release-phase.md b/data/reusables/scim/ghec-open-scim-release-phase.md deleted file mode 100644 index ea719aa51fa7..000000000000 --- a/data/reusables/scim/ghec-open-scim-release-phase.md +++ /dev/null @@ -1 +0,0 @@ -Provisioning users with {% data variables.product.company_short %}'s public SCIM schema is in {% data variables.release-phases.public_preview %} and subject to change. diff --git a/data/reusables/scim/scim-test-in-isolation.md b/data/reusables/scim/scim-test-in-isolation.md deleted file mode 100644 index ae6daa4a7838..000000000000 --- a/data/reusables/scim/scim-test-in-isolation.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.company_short %} recommends that you test provisioning in an environment that's isolated from the production data on your IdP and {% data variables.product.github %}. diff --git a/data/reusables/scim/use-pat-from-setup-user.md b/data/reusables/scim/use-pat-from-setup-user.md deleted file mode 100644 index 4e94311a7957..000000000000 --- a/data/reusables/scim/use-pat-from-setup-user.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.company_short %} recommends that you only authenticate requests with Okta's SCIM application using a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **scim:enterprise** scope. For more information, see "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users#create-a-personal-access-token)." diff --git a/data/reusables/search/classic-search-code-search-note.md b/data/reusables/search/classic-search-code-search-note.md deleted file mode 100644 index 13a834fa6390..000000000000 --- a/data/reusables/search/classic-search-code-search-note.md +++ /dev/null @@ -1 +0,0 @@ -This article refers to the classic {% data variables.product.prodname_dotcom %} search experience. If you are participating in the new code search and code view {% data variables.release-phases.public_preview %} and have enabled the new functionality, the syntax for searching code and the search interface will differ. However, the search syntax for non-code search types will stay the same. diff --git a/data/reusables/search/code-search-link.md b/data/reusables/search/code-search-link.md deleted file mode 100644 index 6ea9e373fc37..000000000000 --- a/data/reusables/search/code-search-link.md +++ /dev/null @@ -1 +0,0 @@ -For more information on the new code search, see "[AUTOTITLE](/search-github/github-code-search/about-github-code-search)." diff --git a/data/reusables/search/code-view-link.md b/data/reusables/search/code-view-link.md deleted file mode 100644 index 459c14840ec6..000000000000 --- a/data/reusables/search/code-view-link.md +++ /dev/null @@ -1 +0,0 @@ -For more information on the new code view, see "[AUTOTITLE](/repositories/working-with-files/managing-files/navigating-files-with-the-new-code-view)." diff --git a/data/reusables/secret-scanning/beta-dry-runs.md b/data/reusables/secret-scanning/beta-dry-runs.md deleted file mode 100644 index 7945ceb2eeda..000000000000 --- a/data/reusables/secret-scanning/beta-dry-runs.md +++ /dev/null @@ -1,6 +0,0 @@ - -{% note %} - -**Note:** The dry run feature is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} diff --git a/data/reusables/secret-scanning/pre-push-protection.md b/data/reusables/secret-scanning/pre-push-protection.md deleted file mode 100644 index 7cffc917c5a9..000000000000 --- a/data/reusables/secret-scanning/pre-push-protection.md +++ /dev/null @@ -1 +0,0 @@ -So far, {% data variables.product.prodname_secret_scanning %} checks for secrets _after_ a push and alerts users to exposed secrets. diff --git a/data/reusables/secret-scanning/push-protection-beta.md b/data/reusables/secret-scanning/push-protection-beta.md deleted file mode 100644 index 2e82dcd39bdf..000000000000 --- a/data/reusables/secret-scanning/push-protection-beta.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** {% data variables.product.prodname_secret_scanning_caps %} as a protection push is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} diff --git a/data/reusables/secret-scanning/push-protection-command-line-choice.md b/data/reusables/secret-scanning/push-protection-command-line-choice.md deleted file mode 100644 index d4a3d287e2d7..000000000000 --- a/data/reusables/secret-scanning/push-protection-command-line-choice.md +++ /dev/null @@ -1 +0,0 @@ -When you attempt to push a supported secret to a repository secured by push protection, {% data variables.product.prodname_dotcom %} will block the push. You can remove the secret from your branch or follow a provided URL {% ifversion push-protection-delegated-bypass %}to see what options are available to you{% endif %} to allow the push. diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md deleted file mode 100644 index 19cfc8e94bda..000000000000 --- a/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md +++ /dev/null @@ -1 +0,0 @@ -Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. diff --git a/data/reusables/secret-scanning/push-protection-for-users.md b/data/reusables/secret-scanning/push-protection-for-users.md deleted file mode 100644 index 24e1b6ec94ac..000000000000 --- a/data/reusables/secret-scanning/push-protection-for-users.md +++ /dev/null @@ -1 +0,0 @@ -Additionally, push protection _for users_ automatically protects you from accidentally committing secrets to public repositories, regardless of whether the repository has {% data variables.product.prodname_secret_scanning %} enabled. Push protection for users is on by default, but you can disable the feature at any time through your personal account settings. For more information, see "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users)." diff --git a/data/reusables/secret-scanning/push-protection-optional-enable.md b/data/reusables/secret-scanning/push-protection-optional-enable.md deleted file mode 100644 index 5c7771999c86..000000000000 --- a/data/reusables/secret-scanning/push-protection-optional-enable.md +++ /dev/null @@ -1,3 +0,0 @@ -1. Optionally, if you want to enable push protection, click **Enable** to the right of "Push protection." {% data reusables.secret-scanning.push-protection-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." - - ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section. The "Enable" button is highlighted in a dark orange outline in the "Push protection" section.](/assets/images/help/repository/secret-scanning-enable-push-protection.png) diff --git a/data/reusables/secret-scanning/push-protection-remove-secret.md b/data/reusables/secret-scanning/push-protection-remove-secret.md deleted file mode 100644 index 20ebe8eaef37..000000000000 --- a/data/reusables/secret-scanning/push-protection-remove-secret.md +++ /dev/null @@ -1 +0,0 @@ -If you confirm a secret is real, you need to remove the secret from your branch, _from all the commits it appears in_, before pushing again. diff --git a/data/reusables/secret-scanning/push-protection-repo-notes.md b/data/reusables/secret-scanning/push-protection-repo-notes.md deleted file mode 100644 index 7d2844f6a2c9..000000000000 --- a/data/reusables/secret-scanning/push-protection-repo-notes.md +++ /dev/null @@ -1,8 +0,0 @@ -{% note %} - -**Notes:** - -* Push protection for custom patterns will only apply to repositories that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-a-repository)." -* Enabling push protection for commonly found custom patterns can be disruptive to contributors. - -{% endnote %} diff --git a/data/reusables/secret-scanning/scan-issue-description-and-comments.md b/data/reusables/secret-scanning/scan-issue-description-and-comments.md deleted file mode 100644 index 8127f5d1db23..000000000000 --- a/data/reusables/secret-scanning/scan-issue-description-and-comments.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_secret_scanning_caps %} also searches issue descriptions and comments for secrets. diff --git a/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md b/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md deleted file mode 100644 index 30528001d260..000000000000 --- a/data/reusables/secret-scanning/secret-scanning-user-owned-enablement.md +++ /dev/null @@ -1 +0,0 @@ -{% ifversion secret-scanning-user-owned-repos %}{% ifversion ghes %}Enterprise owners{% else %}Owners of an enterprise with {% data variables.product.prodname_emus %}{% endif %} can manage the automatic enablement of {% data variables.product.prodname_GH_advanced_security %} features such as {% data variables.product.prodname_secret_scanning %} for new user-owned repositories with an enterprise level setting. See "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."{% endif %} diff --git a/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md b/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md deleted file mode 100644 index 229a0e3fc2b3..000000000000 --- a/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md +++ /dev/null @@ -1 +0,0 @@ -To be able to filter by validity status, you need to have validity checks for partner patterns enabled at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository)," "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)," and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)." diff --git a/data/reusables/secret-scanning/validity-checks-intro.md b/data/reusables/secret-scanning/validity-checks-intro.md deleted file mode 100644 index f20b254d5e96..000000000000 --- a/data/reusables/secret-scanning/validity-checks-intro.md +++ /dev/null @@ -1,3 +0,0 @@ -Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. An `active` secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority. - -By default, {% data variables.product.company_short %} checks the validity of {% data variables.product.company_short %} tokens and displays the validation status of the token in the alert view. diff --git a/data/reusables/security-configurations/security-configurations-permissions.md b/data/reusables/security-configurations/security-configurations-permissions.md deleted file mode 100644 index de1d447551dc..000000000000 --- a/data/reusables/security-configurations/security-configurations-permissions.md +++ /dev/null @@ -1 +0,0 @@ -Organization owners and security managers can manage {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} for an organization. diff --git a/data/reusables/security-overview/filter-and-toggle.md b/data/reusables/security-overview/filter-and-toggle.md index a74a61027b7f..72a4d3991c2e 100644 --- a/data/reusables/security-overview/filter-and-toggle.md +++ b/data/reusables/security-overview/filter-and-toggle.md @@ -7,5 +7,5 @@ {% endif %} {% ifversion security-overview-3-tab-dashboard %}{% else %} -1. For the alert trends graph at the top of the page, you can click **{% octicon "shield" aria-hidden="true" %} Open alerts** or **{% octicon "shield-x" aria-hidden="true" %} Closed alerts** to toggle between showing the trends for open or closed alerts. The toggle will only affect the alert trends graph. For more information, see "[Alert trends graph](#alert-trends-graph)." +1. For the alert trends graph at the top of the page, you can click **{% octicon "shield" aria-hidden="true" %} Open alerts** or **{% octicon "shield-x" aria-hidden="true" %} Closed alerts** to toggle between showing the trends for open or closed alerts. The toggle will only affect the alert trends graph. For more information, see "[Alert trends graph](#alert-trends-graph)." {% endif %} diff --git a/data/reusables/security-overview/permissions.md b/data/reusables/security-overview/permissions.md deleted file mode 100644 index f486a007fe0c..000000000000 --- a/data/reusables/security-overview/permissions.md +++ /dev/null @@ -1,9 +0,0 @@ -{% ifversion not fpt %} - -Security overview for an organization is available to all members of the organization. The views and data displayed are determined by your role in the organization, and by your permissions for individual repositories within the organization. {% ifversion security-overview-org-risk-coverage %}For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."{% endif %} - -{% ifversion ghec or ghes %} -Security overview for an enterprise shows organization owners and security managers data for the organizations they have access to. Enterprise owners can only view data for organizations where they are added as an organization owner or security manager. {% ifversion enterprise-owner-join-org %}For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."{% endif %} -{% endif %} - -{% endif %} diff --git a/data/reusables/security-overview/security-overview-coverage-view.md b/data/reusables/security-overview/security-overview-coverage-view.md index 8f0e6e039abc..ad020050e4b0 100644 --- a/data/reusables/security-overview/security-overview-coverage-view.md +++ b/data/reusables/security-overview/security-overview-coverage-view.md @@ -1,3 +1,3 @@ -1. In the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage** to display the "Security coverage" view. +1. In the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage** to display the "Security coverage" view. ![Screenshot of the "Security coverage" view.](/assets/images/help/security-overview/security-coverage-view-multi-repo.png) diff --git a/data/reusables/shortdesc/suspending_a_github_app.md b/data/reusables/shortdesc/suspending_a_github_app.md deleted file mode 100644 index 4f8e97721730..000000000000 --- a/data/reusables/shortdesc/suspending_a_github_app.md +++ /dev/null @@ -1 +0,0 @@ -You can temporarily block a {% data variables.product.prodname_github_app %}'s access to your account's resources by suspending the app. diff --git a/data/reusables/shortdesc/troubleshooting_access_token_reques_errors_oauth_apps.md b/data/reusables/shortdesc/troubleshooting_access_token_reques_errors_oauth_apps.md deleted file mode 100644 index ab1aaac67eef..000000000000 --- a/data/reusables/shortdesc/troubleshooting_access_token_reques_errors_oauth_apps.md +++ /dev/null @@ -1 +0,0 @@ -When exchanging a code for an access token, there are an additional set of errors that can occur. The format of these responses is determined by the accept header you pass. diff --git a/data/reusables/sponsors/add-active-triggers.md b/data/reusables/sponsors/add-active-triggers.md deleted file mode 100644 index b0f6ad614491..000000000000 --- a/data/reusables/sponsors/add-active-triggers.md +++ /dev/null @@ -1 +0,0 @@ -1. To receive updates for the SponsorshipEvent, select **Active**. diff --git a/data/reusables/sponsors/add-payload-url.md b/data/reusables/sponsors/add-payload-url.md deleted file mode 100644 index 026bd467c926..000000000000 --- a/data/reusables/sponsors/add-payload-url.md +++ /dev/null @@ -1 +0,0 @@ -1. Type a payload URL, then optionally customize the configuration. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/creating-webhooks#creating-webhooks)." diff --git a/data/reusables/sponsors/add-webhook.md b/data/reusables/sponsors/add-webhook.md deleted file mode 100644 index 55e2e3fcada2..000000000000 --- a/data/reusables/sponsors/add-webhook.md +++ /dev/null @@ -1 +0,0 @@ -1. Click **Add webhook**. diff --git a/data/reusables/sponsors/confirm-add-webhook.md b/data/reusables/sponsors/confirm-add-webhook.md deleted file mode 100644 index 76dd7bfd4c27..000000000000 --- a/data/reusables/sponsors/confirm-add-webhook.md +++ /dev/null @@ -1 +0,0 @@ -1. Click **Create webhook**. diff --git a/data/reusables/sponsors/manage-existing-webhooks.md b/data/reusables/sponsors/manage-existing-webhooks.md deleted file mode 100644 index c51fd59c0172..000000000000 --- a/data/reusables/sponsors/manage-existing-webhooks.md +++ /dev/null @@ -1 +0,0 @@ -1. To edit an existing webhook, click **Edit**. To remove an existing webhook, click **Delete**. diff --git a/data/reusables/sponsors/navigate-to-webhooks-tab.md b/data/reusables/sponsors/navigate-to-webhooks-tab.md deleted file mode 100644 index f6b3b2a951a0..000000000000 --- a/data/reusables/sponsors/navigate-to-webhooks-tab.md +++ /dev/null @@ -1,3 +0,0 @@ -1. In the left sidebar, click **Webhooks**. - - ![Screenshot of the sidebar on the {% data variables.product.prodname_sponsors %} dashboard. A tab in the "Manage" section, labeled "Webhooks", is outlined in dark orange.](/assets/images/help/sponsors/webhooks-tab.png) diff --git a/data/reusables/sponsors/webhook-content-formatting.md b/data/reusables/sponsors/webhook-content-formatting.md deleted file mode 100644 index ad87e5f331ac..000000000000 --- a/data/reusables/sponsors/webhook-content-formatting.md +++ /dev/null @@ -1 +0,0 @@ -1. Under "Content type", use the dropdown menu to select which data format you’d like to receive. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/creating-webhooks#content-type)." diff --git a/data/reusables/sponsors/webhook-secret-token.md b/data/reusables/sponsors/webhook-secret-token.md deleted file mode 100644 index d1c5adeda4bc..000000000000 --- a/data/reusables/sponsors/webhook-secret-token.md +++ /dev/null @@ -1 +0,0 @@ -1. Type a secret token. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/securing-your-webhooks#securing-your-secret-token)." diff --git a/data/reusables/two_fa/test_2fa_immediately.md b/data/reusables/two_fa/test_2fa_immediately.md deleted file mode 100644 index 8055c56999f0..000000000000 --- a/data/reusables/two_fa/test_2fa_immediately.md +++ /dev/null @@ -1 +0,0 @@ -1. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem. diff --git a/data/reusables/user-settings/generate_new_token.md b/data/reusables/user-settings/generate_new_token.md deleted file mode 100644 index 06d6af0d5036..000000000000 --- a/data/reusables/user-settings/generate_new_token.md +++ /dev/null @@ -1 +0,0 @@ -1. Click **Generate new token**. diff --git a/data/reusables/user-settings/security-analysis.md b/data/reusables/user-settings/security-analysis.md index 3cf9141113fe..28ee4bdd3c8e 100644 --- a/data/reusables/user-settings/security-analysis.md +++ b/data/reusables/user-settings/security-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true"%} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} Code security and analysis**. diff --git a/data/reusables/user-settings/user-api.md b/data/reusables/user-settings/user-api.md index 053cf19f5b90..a3826508906d 100644 --- a/data/reusables/user-settings/user-api.md +++ b/data/reusables/user-settings/user-api.md @@ -1 +1 @@ -If a request URL does not include a `{username}` parameter then the response will be for the signed-in user (and you must pass [authentication information](/rest/overview/authenticating-to-the-rest-api) with your request). Additional private information, such as whether a user has two-factor authentication enabled, is included when authenticated through{% ifversion ghes%} Basic Authentication or{% endif %} OAuth with the `user` scope. +If a request URL does not include a `{username}` parameter then the response will be for the signed-in user (and you must pass [authentication information](/rest/overview/authenticating-to-the-rest-api) with your request). Additional private information, such as whether a user has two-factor authentication enabled, is included when authenticated through{% ifversion ghes %} Basic Authentication or{% endif %} OAuth with the `user` scope. diff --git a/data/reusables/webhooks/ping_short_desc.md b/data/reusables/webhooks/ping_short_desc.md deleted file mode 100644 index d8271931d768..000000000000 --- a/data/reusables/webhooks/ping_short_desc.md +++ /dev/null @@ -1 +0,0 @@ -When you create a new webhook, we'll send you a simple `ping` event to let you know you've set up the webhook correctly. This event isn't stored so it isn't retrievable via the [Events API](/rest/activity#ping-a-repository-webhook) endpoint. diff --git a/data/reusables/webhooks/webhooks-rest-api-links.md b/data/reusables/webhooks/webhooks-rest-api-links.md deleted file mode 100644 index c093b4398682..000000000000 --- a/data/reusables/webhooks/webhooks-rest-api-links.md +++ /dev/null @@ -1,5 +0,0 @@ -You can use the REST API to manage repository, organization, and app webhooks. You can list webhook deliveries for a webhook, or get and redeliver an individual delivery for a webhook, which can be integrated into an external app or service. You can also use the REST API to change the configuration of the webhook. For example, you can modify the payload URL, content type, SSL verification, and secret. For more information, see: - -* [Repository Webhooks](/rest/webhooks#repository-webhooks) -* [Organization Webhooks](/rest/orgs/webhooks) -* [{% data variables.product.prodname_github_app %} Webhooks](/rest/apps/webhooks) diff --git a/data/reusables/webhooks/webhooks_ssl.md b/data/reusables/webhooks/webhooks_ssl.md deleted file mode 100644 index c0d40e639296..000000000000 --- a/data/reusables/webhooks/webhooks_ssl.md +++ /dev/null @@ -1 +0,0 @@ -If your "Payload URL" is a secure site (HTTPS), you will have the option to configure the SSL verification settings. If your "Payload URL" is not secure (HTTP), GitHub will not display this option. By default, GitHub verifies the SSL certificate of your website when delivering webhook payloads. SSL verification helps ensure that hook payloads are delivered to your URL endpoint securely. You have the option to disable SSL, but we recommend keeping **Enable SSL verification** selected. diff --git a/package-lock.json b/package-lock.json index ccebe9df887f..44c695262210 100644 --- a/package-lock.json +++ b/package-lock.json @@ -109,10 +109,13 @@ "@octokit/rest": "21.0.2", "@playwright/test": "^1.48.1", "@types/accept-language-parser": "1.5.6", + "@types/cheerio": "^0.22.35", "@types/connect-datadog": "0.0.10", "@types/connect-timeout": "0.0.39", "@types/cookie": "0.6.0", "@types/cookie-parser": "1.4.7", + "@types/elasticsearch": "^5.0.43", + "@types/event-to-promise": "^0.7.5", "@types/express": "4.17.21", "@types/imurmurhash": "^0.1.4", "@types/js-cookie": "^3.0.6", @@ -3165,6 +3168,15 @@ "integrity": "sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==", "dev": true }, + "node_modules/@types/cheerio": { + "version": "0.22.35", + "resolved": "https://registry.npmjs.org/@types/cheerio/-/cheerio-0.22.35.tgz", + "integrity": "sha512-yD57BchKRvTV+JD53UZ6PD8KWY5g5rvvMLRnZR3EQBCZXiDT/HR+pKpMzFGlWNhFrXlo7VPZXtKvIEwZkAWOIA==", + "dev": true, + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/connect": { "version": "3.4.38", "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", @@ -3228,12 +3240,27 @@ "@types/ms": "*" } }, + "node_modules/@types/elasticsearch": { + "version": "5.0.43", + "resolved": "https://registry.npmjs.org/@types/elasticsearch/-/elasticsearch-5.0.43.tgz", + "integrity": "sha512-N+MpzURpDCWd7zaJ7CE1aU+nBSeAABLhDE0lGodQ0LLftx7ku6hjTXLr9OAFZLSXiWL3Xxx8jts485ynrcm5NA==", + "dev": true + }, "node_modules/@types/estree": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz", "integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==", "dev": true }, + "node_modules/@types/event-to-promise": { + "version": "0.7.5", + "resolved": "https://registry.npmjs.org/@types/event-to-promise/-/event-to-promise-0.7.5.tgz", + "integrity": "sha512-h10M3ybTySQFVP4N1uiEgPwbpHExNS8UMpCqRUJFkMhlpgSlWsyYsGMmkrJIKRnhGfYDOb4LD3U+SSPujoMHNA==", + "dev": true, + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/express": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", diff --git a/package.json b/package.json index 17ae073dc21c..569dfee80c0b 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "exports": "./src/frame/server.ts", "scripts": { "all-documents": "tsx src/content-render/scripts/all-documents/cli.ts", - "analyze-text": "node src/search/scripts/analyze-text.js", + "analyze-text": "tsx src/search/scripts/analyze-text.ts", "analyze-comment": "tsx src/events/scripts/analyze-comment-cli.ts", "archive-version": "tsx --max-old-space-size=16384 src/ghes-releases/scripts/archive-version.ts", "audit-log-sync": "tsx src/audit-logs/scripts/sync.ts", @@ -39,8 +39,14 @@ "find-unused-variables": "tsx src/content-linter/scripts/find-unsed-variables.ts", "fixture-dev": "cross-env ROOT=src/fixtures/fixtures npm start", "fixture-test": "cross-env ROOT=src/fixtures/fixtures npm test -- src/fixtures/tests", - "index": "tsx src/search/scripts/index/index.ts", - "index-elasticsearch": "node src/search/scripts/index-elasticsearch.js", + "general-search-scrape": "tsx src/search/scripts/scrape/scrape-cli.ts", + "general-search-scrape-server": "cross-env NODE_ENV=production PORT=4002 MINIMAL_RENDER=true CHANGELOG_DISABLED=true tsx src/frame/server.ts", + "ghes-release-scrape-with-server": "cross-env GHES_RELEASE=1 start-server-and-test general-search-scrape-server 4002 general-search-scrape", + "general-search-scrape-with-server": "cross-env NODE_OPTIONS='--max_old_space_size=8192' start-server-and-test general-search-scrape-server 4002 general-search-scrape", + "index": "tsx src/search/scripts/index/index-cli autocomplete docs-internal-data", + "index-ai-search-autocomplete": "tsx src/search/scripts/index/index-cli ai-search-autocomplete", + "index-general-autocomplete": "tsx src/search/scripts/index/index-cli general-autocomplete", + "index-general-search": "tsx src/search/scripts/index/index-cli general-search", "index-test-fixtures": "./src/search/scripts/index-test-fixtures.sh", "lint": "eslint '**/*.{js,mjs,ts,tsx}'", "lint-content": "node src/content-linter/scripts/lint-content.js", @@ -70,10 +76,6 @@ "start-for-playwright": "cross-env ROOT=src/fixtures/fixtures TRANSLATIONS_FIXTURE_ROOT=src/fixtures/fixtures/translations ENABLED_LANGUAGES=en,ja NODE_ENV=test tsx src/frame/server.ts", "symlink-from-local-repo": "node src/early-access/scripts/symlink-from-local-repo.js", "sync-rest": "tsx src/rest/scripts/update-files.ts", - "sync-search": "cross-env NODE_OPTIONS='--max_old_space_size=8192' start-server-and-test sync-search-server 4002 sync-search-indices", - "sync-search-ghes-release": "cross-env GHES_RELEASE=1 start-server-and-test sync-search-server 4002 sync-search-indices", - "sync-search-indices": "node src/search/scripts/sync-search-indices.js", - "sync-search-server": "cross-env NODE_ENV=production PORT=4002 MINIMAL_RENDER=true CHANGELOG_DISABLED=true tsx src/frame/server.ts", "sync-secret-scanning": "tsx src/secret-scanning/scripts/sync.ts", "sync-webhooks": "npx tsx src/rest/scripts/update-files.ts -o webhooks", "test": "vitest", @@ -222,6 +224,7 @@ "src/open-source/scripts/add-pr-links.js", "src/open-source/scripts/pr-link-source.js", "rest-api-description/", + "docs-internal-data/", "src/code-scanning/scripts/generate-code-scanning-query-list.ts" ] }, @@ -327,10 +330,13 @@ "@octokit/rest": "21.0.2", "@playwright/test": "^1.48.1", "@types/accept-language-parser": "1.5.6", + "@types/cheerio": "^0.22.35", "@types/connect-datadog": "0.0.10", "@types/connect-timeout": "0.0.39", "@types/cookie": "0.6.0", "@types/cookie-parser": "1.4.7", + "@types/elasticsearch": "^5.0.43", + "@types/event-to-promise": "^0.7.5", "@types/express": "4.17.21", "@types/imurmurhash": "^0.1.4", "@types/js-cookie": "^3.0.6", diff --git a/src/archives/middleware/archived-enterprise-versions-assets.ts b/src/archives/middleware/archived-enterprise-versions-assets.ts index b3ec8908ddcb..5d7799777ee6 100644 --- a/src/archives/middleware/archived-enterprise-versions-assets.ts +++ b/src/archives/middleware/archived-enterprise-versions-assets.ts @@ -1,5 +1,3 @@ -import path from 'path' - import got from 'got' import type { Response, NextFunction } from 'express' @@ -14,13 +12,7 @@ import type { ExtendedRequest } from '@/types' // This module handles requests for the CSS and JS assets for // deprecated GitHub Enterprise versions by routing them to static content in -// help-docs-archived-enterprise-versions -// -// Note that as of GHES 3.2, we no longer store assets for deprecated versions -// in help-docs-archived-enterprise-versions. Instead, we store them in the -// Azure blob storage `githubdocs` in the `enterprise` container. All HTML files -// have been updated to use references to this blob storage for all assets. -// +// one of the docs-ghes- repos. // See also ./archived-enterprise-versions.js for non-CSS/JS paths export default async function archivedEnterpriseVersionsAssets( @@ -33,12 +25,13 @@ export default async function archivedEnterpriseVersionsAssets( // or /_next/static/foo.css if (!patterns.assetPaths.test(req.path)) return next() - // We now know the URL is either /enterprise/2.22/_next/static/foo.css - // or the regular /_next/static/foo.css. But we're only going to - // bother looking it up on https://github.github.com/help-docs-archived-enterprise-versions - // if the URL has the enterprise bit in it, or if the path was - // /_next/static/foo.css *and* its Referrer had the enterprise - // bit in it. + // The URL is either in the format + // /enterprise/2.22/_next/static/foo.css, + // /enterprise-server@, + // or /_next/static/foo.css. + // If the URL is prefixed with the enterprise version and release number + // or if the Referrer contains the enterprise version and release number, + // then we'll fetch it from the docs-ghes- repo. if ( !( patterns.getEnterpriseVersionNumber.test(req.path) || @@ -59,12 +52,17 @@ export default async function archivedEnterpriseVersionsAssets( const { isArchived, requestedVersion } = isArchivedVersion(req) if (!isArchived || !requestedVersion) return next() - const assetPath = req.path.replace(`/enterprise/${requestedVersion}`, '') + // In all of the `docs-ghes- repos. export default async function archivedEnterpriseVersions( req: ExtendedRequest, @@ -108,6 +104,7 @@ export default async function archivedEnterpriseVersions( const redirectCode = pathLanguagePrefixed(req.path) ? 301 : 302 + // Redirects for releases 3.0+ if (deprecatedWithFunctionalRedirects.includes(requestedVersion)) { const redirectTo = getRedirect(req.path, req.context) if (redirectTo) { @@ -138,8 +135,7 @@ export default async function archivedEnterpriseVersions( return res.redirect(redirectCode, `/${language}${newRedirectTo}`) } } - // redirect language-prefixed URLs like /en/enterprise/2.10 -> /enterprise/2.10 - // (this only applies to versions <2.13) + // For releases 2.13 and lower, redirect language-prefixed URLs like /en/enterprise/2.10 -> /enterprise/2.10 if ( req.path.startsWith('/en/') && versionSatisfiesRange(requestedVersion, `<${firstVersionDeprecatedOnNewSite}`) @@ -148,8 +144,7 @@ export default async function archivedEnterpriseVersions( return res.redirect(redirectCode, req.baseUrl + req.path.replace(/^\/en/, '')) } - // find redirects for versions between 2.13 and 2.17 - // starting with 2.18, we updated the archival script to create a redirects.json file + // Redirects for releases 2.13 - 2.17 if ( versionSatisfiesRange(requestedVersion, `>=${firstVersionDeprecatedOnNewSite}`) && versionSatisfiesRange(requestedVersion, `<=${lastVersionWithoutArchivedRedirectsFile}`) @@ -173,7 +168,8 @@ export default async function archivedEnterpriseVersions( return res.redirect(redirectCode, redirect) } } - + // Redirects for 2.18 - 3.0. Starting with 2.18, we updated the archival + // script to create a redirects.json file if ( versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutArchivedRedirectsFile}`) && !deprecatedWithFunctionalRedirects.includes(requestedVersion) @@ -195,19 +191,25 @@ export default async function archivedEnterpriseVersions( return res.redirect(redirectCode, redirectJson[req.path]) } } - - const statsdTags = [`version:${requestedVersion}`] + // Retrieve the page from the archived repo const doGet = () => got(getProxyPath(req.path, requestedVersion), { throwHttpErrors: false, retry: retryConfiguration, timeout: timeoutConfiguration, }) + + const statsdTags = [`version:${requestedVersion}`] const r = await statsd.asyncTimer(doGet, 'archive_enterprise_proxy', [ ...statsdTags, `path:${req.path}`, ])() + if (r.statusCode === 200) { + const [, withoutLanguagePath] = splitByLanguage(req.path) + const isDeveloperPage = withoutLanguagePath?.startsWith( + `/enterprise/${requestedVersion}/developer`, + ) res.set('x-robots-tag', 'noindex') // make stubbed redirect files (which exist in versions <2.13) redirect with a 301 @@ -221,11 +223,74 @@ export default async function archivedEnterpriseVersions( cacheAggressively(res) + // Releases 3.2 and higher contain image asset paths with the + // old Azure Blob Storage URL. These need to be rewritten to + // the new archived enterprise repo URL. + if (versionSatisfiesRange(requestedVersion, `>=${firstReleaseStoredInBlobStorage}`)) { + r.body = r.body + .replaceAll( + `${OLD_AZURE_BLOB_ENTERPRISE_DIR}/${requestedVersion}/assets/cb-`, + `${ENTERPRISE_GH_PAGES_URL_PREFIX}${requestedVersion}/assets/cb-`, + ) + .replaceAll( + `${OLD_AZURE_BLOB_ENTERPRISE_DIR}/${requestedVersion}/`, + `${req.protocol}://${req.get('x-forwarded-host') || req.get('host')}/enterprise-server@${requestedVersion}/`, + ) + } + + // Releases 3.1 and lower were previously hosted in the + // help-docs-archived-enterprise-versions repo. Only the images + // were stored in the old Azure Blob Storage `github-images` container. + // The image paths all need to be updated to reference the images in the + // new archived enterprise repo's root assets directory. + if (versionSatisfiesRange(requestedVersion, `<${firstReleaseStoredInBlobStorage}`)) { + r.body = r.body.replaceAll( + `${OLD_GITHUB_IMAGES_ENTERPRISE_DIR}/${requestedVersion}`, + `${ENTERPRISE_GH_PAGES_URL_PREFIX}${requestedVersion}`, + ) + if (versionSatisfiesRange(requestedVersion, '<=2.18') && isDeveloperPage) { + r.body = r.body.replaceAll( + `${OLD_DEVELOPER_SITE_CONTAINER}/${requestedVersion}`, + `${ENTERPRISE_GH_PAGES_URL_PREFIX}${requestedVersion}/developer`, + ) + // Update all hrefs to add /developer to the path + r.body = r.body.replaceAll( + `="/enterprise/${requestedVersion}`, + `="/enterprise/${requestedVersion}/developer`, + ) + // The changelog is the only thing remaining on developer.github.com + r.body = r.body.replaceAll('href="/changes', 'href="https://developer.github.com/changes') + } + } + + // In all releases, some assets were incorrectly scraped and contain + // deep relative paths. For example, releases 3.4+ use the webp format + // for images. The URLs for those images were never rewritten to pull + // from the Azure Blob Storage container. This may be due to not + // updating our scraping tool to handle the new image types. There + // are additional images in older versions that also have a relative path. + // We want to update the URLs in the format + // "../../../../../../assets/" to prefix the assets directory with the + // new archived enterprise repo URL. + r.body = r.body.replaceAll( + /="(\.\.\/)*assets/g, + `="${ENTERPRISE_GH_PAGES_URL_PREFIX}${requestedVersion}/assets`, + ) + + // Fix broken hrefs on the 2.16 landing page + if (requestedVersion === '2.16' && req.path === '/en/enterprise/2.16') { + r.body = r.body.replaceAll('ref="/en/enterprise', 'ref="/en/enterprise/2.16') + } + + // Remove the search results container from the page, which removes a white + // box that prevents clicking on page links + r.body = r.body.replaceAll('
    ', '') + return res.send(r.body) } - - // from 2.13 to 2.17, we lost access to frontmatter redirects during the archival process - // this workaround finds potentially relevant frontmatter redirects in currently supported pages + // In releases 2.13 - 2.17, we lost access to frontmatter redirects + // during the archival process. This workaround finds potentially + // relevant frontmatter redirects in currently supported pages if ( versionSatisfiesRange(requestedVersion, `>=${firstVersionDeprecatedOnNewSite}`) && versionSatisfiesRange(requestedVersion, `<=${lastVersionWithoutArchivedRedirectsFile}`) @@ -244,18 +309,35 @@ export default async function archivedEnterpriseVersions( return next() } -// paths are slightly different depending on the version -// for >=2.13: /2.13/en/enterprise/2.13/user/articles/viewing-contributions-on-your-profile -// for <2.13: /2.12/user/articles/viewing-contributions-on-your-profile function getProxyPath(reqPath: string, requestedVersion: string) { - if (versionSatisfiesRange(requestedVersion, `>=${firstReleaseStoredInBlobStorage}`)) { + const [, withoutLanguagePath] = splitByLanguage(reqPath) + const isDeveloperPage = withoutLanguagePath?.startsWith( + `/enterprise/${requestedVersion}/developer`, + ) + + // This was the last release supported on developer.github.com + if (isDeveloperPage) { + const enterprisePath = `/enterprise/${requestedVersion}` + const newReqPath = reqPath.replace(enterprisePath, '') + return ENTERPRISE_GH_PAGES_URL_PREFIX + requestedVersion + newReqPath + } + + // Releases 2.18 and higher + if (versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutArchivedRedirectsFile}`)) { const newReqPath = reqPath.includes('redirects.json') ? `/${reqPath}` : reqPath + '/index.html' - return `${REMOTE_ENTERPRISE_STORAGE_URL}/${requestedVersion}${newReqPath}` + return ENTERPRISE_GH_PAGES_URL_PREFIX + requestedVersion + newReqPath } - const proxyPath = versionSatisfiesRange(requestedVersion, `>=${firstVersionDeprecatedOnNewSite}`) - ? slash(path.join('/', requestedVersion, reqPath)) - : reqPath.replace(/^\/enterprise/, '') - return `https://github.github.com/help-docs-archived-enterprise-versions${proxyPath}` + + // Releases 2.13 - 2.17 + // redirect.json files don't exist for these versions + if (versionSatisfiesRange(requestedVersion, `>=2.13`)) { + return ENTERPRISE_GH_PAGES_URL_PREFIX + requestedVersion + reqPath + '/index.html' + } + + // Releases 2.12 and lower + const enterprisePath = `/enterprise/${requestedVersion}` + const newReqPath = reqPath.replace(enterprisePath, '') + return ENTERPRISE_GH_PAGES_URL_PREFIX + requestedVersion + newReqPath } // Module-level global cache object. @@ -276,7 +358,7 @@ function getFallbackRedirect(req: ExtendedRequest) { // // The keys are valid URLs that it can redirect to. I.e. these are // URLs that we definitely know are valid and will be found - // in https://github.com/github/help-docs-archived-enterprise-versions + // in one of the docs-ghes- repos. // The array values are possible URLs we deem acceptable redirect // sources. // But to avoid an unnecessary, O(n), loop every time, we turn this @@ -311,3 +393,14 @@ function getFallbackRedirect(req: ExtendedRequest) { return `/${language}${fallback}` } } + +function splitByLanguage(uri: string) { + let language = null + let withoutLanguage = uri + const match = uri.match(languagePrefixPathRegex) + if (match) { + language = match[1] + withoutLanguage = uri.replace(languagePrefixPathRegex, '/') + } + return [language, withoutLanguage] +} diff --git a/src/archives/scripts/warmup-remotejson.js b/src/archives/scripts/warmup-remotejson.js index 6cc031746eef..7a2d431d9958 100755 --- a/src/archives/scripts/warmup-remotejson.js +++ b/src/archives/scripts/warmup-remotejson.js @@ -41,9 +41,7 @@ function version2url(version) { semver.coerce(version).raw, semver.coerce(firstReleaseStoredInBlobStorage).raw, ) - return inBlobStorage - ? `https://githubdocs.azureedge.net/enterprise/${version}/redirects.json` - : `https://github.github.com/help-docs-archived-enterprise-versions/${version}/redirects.json` + return `https://github.github.com/docs-ghes-${version}/redirects.json` } function withArchivedRedirectsFile(version) { diff --git a/src/archives/tests/deprecated-enterprise-versions.js b/src/archives/tests/deprecated-enterprise-versions.js index 466364422cae..8dc3b7a3d461 100644 --- a/src/archives/tests/deprecated-enterprise-versions.js +++ b/src/archives/tests/deprecated-enterprise-versions.js @@ -122,7 +122,7 @@ describe('recently deprecated redirects', () => { expect(res.headers.vary).toContain('accept-language') expect(res.headers.vary).toContain('x-user-language') // This is based on - // https://github.com/github/help-docs-archived-enterprise-versions/blob/master/3.0/redirects.json + // https://github.com/github/docs-ghes-3.0/blob/main/redirects.json expect(res.headers.location).toBe( '/en/enterprise-server@3.0/get-started/learning-about-github/githubs-products', ) @@ -309,8 +309,8 @@ describe('JS and CSS assets', () => { expect(result.headers['x-is-archived']).toBeUndefined() }) - test('404 if the pathname contains URL characters (..)', async () => { - const result = await get('/enterprise/2.18/dist/index..css', { + test('404 if the pathname contains URL characters (../)', async () => { + const result = await get('/enterprise/2.18/dist/index../css', { headers: { Referrer: '/en/enterprise/2.18', }, diff --git a/src/assets/tests/static-assets-1.ts b/src/assets/tests/static-assets-1.ts index f948a94679b2..e0718a084709 100644 --- a/src/assets/tests/static-assets-1.ts +++ b/src/assets/tests/static-assets-1.ts @@ -83,30 +83,30 @@ describe('archived enterprise static assets', () => { const sampleCSS = '/* nice CSS */' nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.21/_next/static/foo.css') + .get('/docs-ghes-2.21/_next/static/foo.css') .reply(200, sampleCSS, { 'content-type': 'text/css', 'content-length': `${sampleCSS.length}`, }) nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.21/_next/static/only-on-proxy.css') + .get('/docs-ghes-2.21/_next/static/only-on-proxy.css') .reply(200, sampleCSS, { 'content-type': 'text/css', 'content-length': `${sampleCSS.length}`, }) nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.3/_next/static/only-on-2.3.css') + .get('/docs-ghes-2.3/_next/static/only-on-2.3.css') .reply(200, sampleCSS, { 'content-type': 'text/css', 'content-length': `${sampleCSS.length}`, }) nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.3/_next/static/fourofour.css') + .get('/docs-ghes-2.3/_next/static/fourofour.css') .reply(404, 'Not found', { 'content-type': 'text/plain', }) nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.3/assets/images/site/logo.png') + .get('/docs-ghes-2.3/assets/images/site/logo.png') .reply(404, 'Not found', { 'content-type': 'text/plain', }) diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 05faaa1a1e02..7f6968e1c8af 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "f24d2c82d0610b6a63737094391ec356dcc54c09" + "sha": "5cdd5d7d8ef0e34ebff6addc8d04b7d3da813589" } \ No newline at end of file diff --git a/src/content-linter/lib/linting-rules/index.js b/src/content-linter/lib/linting-rules/index.js index b361473375d4..6c37c8f6016a 100644 --- a/src/content-linter/lib/linting-rules/index.js +++ b/src/content-linter/lib/linting-rules/index.js @@ -31,6 +31,7 @@ import { imageNoGif } from './image-no-gif.js' import { expiredContent, expiringSoon } from './expired-content.js' import { tableLiquidVersioning } from './table-liquid-versioning.js' import { thirdPartyActionPinning } from './third-party-action-pinning.js' +import { liquidTagWhitespace } from './liquid-tag-whitespace.js' const noDefaultAltText = markdownlintGitHub.find((elem) => elem.names.includes('no-default-alt-text'), @@ -77,5 +78,6 @@ export const gitHubDocsMarkdownlint = { expiringSoon, tableLiquidVersioning, thirdPartyActionPinning, + liquidTagWhitespace, ], } diff --git a/src/content-linter/lib/linting-rules/liquid-tag-whitespace.js b/src/content-linter/lib/linting-rules/liquid-tag-whitespace.js new file mode 100644 index 000000000000..9abaa94913c7 --- /dev/null +++ b/src/content-linter/lib/linting-rules/liquid-tag-whitespace.js @@ -0,0 +1,64 @@ +import { TokenKind } from 'liquidjs' + +import { getLiquidTokens, getPositionData } from '../helpers/liquid-utils.js' +import { addFixErrorDetail } from '../helpers/utils.js' + +/* +Liquid tags should start and end with one whitespace. For example: + + DO use a single whitespace character + {% data %} + + DON'T use 0 or more than 1 whitespace + {%data %} + + DON'T use more than 1 whitespace between args + {%data arg1 arg2 %} +*/ + +export const liquidTagWhitespace = { + names: ['GHD042', 'liquid-tag-whitespace'], + description: + 'Liquid tags should start and end with one whitespace. Liquid tag arguments should be separated by only one whitespace.', + tags: ['liquid', 'format'], + function: (params, onError) => { + const content = params.lines.join('\n') + const tokens = getLiquidTokens(content).filter((token) => token.kind === TokenKind.Tag) + for (const token of tokens) { + const { lineNumber, column, length } = getPositionData(token, params.lines) + + const range = [column, length] + const tag = params.lines[lineNumber - 1].slice(column - 1, column - 1 + length) + + // Get just the opening and closing tags, which includes any whitespace + // added before the tag name or any arguments + const openTag = tag.slice(0, token.contentRange[0] - token.begin) + const closeTag = tag.slice(-(token.end - token.contentRange[1])) + + const isOpenTagOneSpace = openTag !== openTag.trim() + ' ' + const isCloseTagOneSpace = closeTag !== ' ' + closeTag.trim() + + const moreThanOneSpace = /\s{2,}/ + const isArgOneSpace = moreThanOneSpace.test(tag) + + const fixedContent = + openTag.trim() + ' ' + token.content.replace(moreThanOneSpace, ' ') + ' ' + closeTag.trim() + + if (isOpenTagOneSpace || isCloseTagOneSpace || isArgOneSpace) { + addFixErrorDetail( + onError, + lineNumber, + fixedContent, + params.lines[lineNumber - 1].slice(column - 1, column - 1 + length), + range, + { + lineNumber, + editColumn: column, + deleteCount: length, + insertText: fixedContent, + }, + ) + } + } + }, +} diff --git a/src/content-linter/style/github-docs.js b/src/content-linter/style/github-docs.js index d2db8d18d50c..ca9119db3510 100644 --- a/src/content-linter/style/github-docs.js +++ b/src/content-linter/style/github-docs.js @@ -161,6 +161,12 @@ const githubDocsConfig = { 'partial-markdown-files': true, 'yml-files': true, }, + 'liquid-tag-whitespace': { + // GHD042 + severity: 'error', + 'partial-markdown-files': true, + 'yml-files': true, + }, } export const githubDocsFrontmatterConfig = { diff --git a/src/content-linter/tests/unit/liquid-tag-whitespace.js b/src/content-linter/tests/unit/liquid-tag-whitespace.js new file mode 100644 index 000000000000..b942c1573253 --- /dev/null +++ b/src/content-linter/tests/unit/liquid-tag-whitespace.js @@ -0,0 +1,71 @@ +import { describe, expect, test } from 'vitest' + +import { runRule } from '../../lib/init-test.js' +import { liquidTagWhitespace } from '../../lib/linting-rules/liquid-tag-whitespace.js' + +describe(liquidTagWhitespace.names.join(' - '), () => { + test('liquid tags with correct whitespace pass', async () => { + const markdown = [ + '{% data variables.location.product_location %}', + '{% assign my_variable = "value" %}', + '{% if user %}Hello, {{ user.name }}{% endif %}', + ].join('\n') + + const result = await runRule(liquidTagWhitespace, { strings: { markdown } }) + const errors = result.markdown + expect(errors.length).toBe(0) + }) + + test('liquid tags with incorrect whitespace fail', async () => { + const markdown = [ + '{%data variables.location.product_location %}', + '{% assign my_variable = "value"%}', + '{% if user %}Hello, {{ user.name }} {%endif %}', + '{% data variables.location.product_location %}', + '{%-data variables.location.product_location -%}', + '{%- assign my_variable = "value"-%}', + '{%- if user -%}Hello, {{ user.name }} {%endif %}', + '{%- data variables.location.product_location -%}', + ].join('\n') + + const result = await runRule(liquidTagWhitespace, { strings: { markdown } }) + const errors = result.markdown + expect(errors.length).toBe(8) + expect(errors[2].lineNumber).toBe(3) + expect(errors[2].fixInfo).toEqual({ + deleteCount: 10, + editColumn: 37, + lineNumber: 3, + insertText: '{% endif %}', + }) + }) + + test('liquid tags with multiple spaces between arguments fail', async () => { + const markdown = [ + '{% assign my_variable = "value" %}', + '{% if user %}Hello, {{ user.name }}{% endif %}', + ].join('\n') + + const result = await runRule(liquidTagWhitespace, { strings: { markdown } }) + const errors = result.markdown + expect(errors.length).toBe(2) + expect(errors[1].lineNumber).toBe(2) + expect(errors[0].fixInfo).toEqual({ + deleteCount: 35, + editColumn: 1, + lineNumber: 1, + insertText: '{% assign my_variable = "value" %}', + }) + }) + + test('liquid tags with single spaces between arguments pass', async () => { + const markdown = [ + '{% assign my_variable = "value" %}', + '{% if user %}Hello, {{ user.name }}{% endif %}', + ].join('\n') + + const result = await runRule(liquidTagWhitespace, { strings: { markdown } }) + const errors = result.markdown + expect(errors.length).toBe(0) + }) +}) diff --git a/src/fixtures/tests/breadcrumbs.ts b/src/fixtures/tests/breadcrumbs.ts index e51a7d678dfb..41bc836ea1d5 100644 --- a/src/fixtures/tests/breadcrumbs.ts +++ b/src/fixtures/tests/breadcrumbs.ts @@ -68,7 +68,7 @@ describe('breadcrumbs', () => { expect($breadcrumbTitles.length).toBe(0) expect($breadcrumbLinks.length).toBe(2) - expect($breadcrumbLinks[0].attribs.title).toBe('Deeper secrets') - expect($breadcrumbLinks[1].attribs.title).toBe('Mariana Trench') + expect(($breadcrumbLinks[0] as cheerio.TagElement).attribs.title).toBe('Deeper secrets') + expect(($breadcrumbLinks[1] as cheerio.TagElement).attribs.title).toBe('Mariana Trench') }) }) diff --git a/src/frame/components/context/CategoryLandingContext.tsx b/src/frame/components/context/CategoryLandingContext.tsx new file mode 100644 index 000000000000..fa33b2fff1f5 --- /dev/null +++ b/src/frame/components/context/CategoryLandingContext.tsx @@ -0,0 +1,62 @@ +import pick from 'lodash/pick' +import { createContext, useContext } from 'react' +import { LearningTrack } from './ArticleContext' +import { + FeaturedLink, + getFeaturedLinksFromReq, +} from 'src/landings/components/ProductLandingContext' + +export type TocItem = { + fullPath: string + title: string + intro?: string + childTocItems?: Array<{ + fullPath: string + title: string + intro: string + }> +} + +export type CategoryLandingContextT = { + title: string + intro: string + productCallout: string + permissions: string + tocItems: Array + variant?: 'compact' | 'expanded' + featuredLinks: Record> + renderedPage: string + currentLearningTrack?: LearningTrack + currentLayout: string +} + +export const CategoryLandingContext = createContext(null) + +export const useCategoryLandingContext = (): CategoryLandingContextT => { + const context = useContext(CategoryLandingContext) + + if (!context) { + throw new Error( + '"useCategoryLandingContext" may only be used inside "CategoryLandingContext.Provider"', + ) + } + + return context +} + +export const getCategoryLandingContextFromRequest = (req: any): CategoryLandingContextT => { + return { + title: req.context.page.title, + productCallout: req.context.page.product || '', + permissions: req.context.page.permissions || '', + intro: req.context.page.intro, + tocItems: (req.context.genericTocFlat || req.context.genericTocNested || []).map((obj: any) => + pick(obj, ['fullPath', 'title', 'intro', 'childTocItems']), + ), + variant: req.context.genericTocFlat ? 'expanded' : 'compact', + featuredLinks: getFeaturedLinksFromReq(req), + renderedPage: req.context.renderedPage, + currentLearningTrack: req.context.currentLearningTrack, + currentLayout: req.context.currentLayoutName, + } +} diff --git a/src/frame/lib/frontmatter.js b/src/frame/lib/frontmatter.js index 49d409b857df..7fb0dfb2d35d 100644 --- a/src/frame/lib/frontmatter.js +++ b/src/frame/lib/frontmatter.js @@ -10,6 +10,7 @@ const layoutNames = [ 'product-guides', 'release-notes', 'inline', + 'category-landing', false, ] diff --git a/src/frame/lib/get-remote-json.js b/src/frame/lib/get-remote-json.js index ddaeb04476d4..237255fc3d5a 100644 --- a/src/frame/lib/get-remote-json.js +++ b/src/frame/lib/get-remote-json.js @@ -13,8 +13,8 @@ const inProd = process.env.NODE_ENV === 'production' // Wrapper on `got()` that is able to both cache in memory and on disk. // The on-disk caching is in `.remotejson/`. -// We use this for downloading `redirects.json` files from the -// help-docs-archived-enterprise-versions repo as a proxy. A lot of those +// We use this for downloading `redirects.json` files from one of the +// docs-ghes- repos as a proxy. A lot of those // .json files are large and they're also static which makes them // ideal for caching. // Note that there's 2 layers of caching here: diff --git a/src/frame/middleware/api.ts b/src/frame/middleware/api.ts index 1770a0b742ef..62d77ef61916 100644 --- a/src/frame/middleware/api.ts +++ b/src/frame/middleware/api.ts @@ -3,7 +3,7 @@ import { createProxyMiddleware } from 'http-proxy-middleware' import events from '@/events/middleware.js' import anchorRedirect from '@/rest/api/anchor-redirect.js' -import search from '@/search/middleware/search.js' +import search from '@/search/middleware/search-routes.js' import pageInfo from '@/pageinfo/middleware' import pageList from '@/pagelist/middleware' import webhooks from '@/webhooks/middleware/webhooks.js' diff --git a/src/frame/middleware/context/generic-toc.ts b/src/frame/middleware/context/generic-toc.ts index 34053247c264..ed036cc53816 100644 --- a/src/frame/middleware/context/generic-toc.ts +++ b/src/frame/middleware/context/generic-toc.ts @@ -9,7 +9,11 @@ import findPageInSiteTree from '@/frame/lib/find-page-in-site-tree.js' export default async function genericToc(req: ExtendedRequest, res: Response, next: NextFunction) { if (!req.context) throw new Error('request not contextualized') if (!req.context.page) return next() - if (req.context.currentLayoutName !== 'default') return next() + if ( + req.context.currentLayoutName !== 'default' && + req.context.currentLayoutName !== 'category-landing' + ) + return next() // This middleware can only run on product, category, and map topics. if ( req.context.page.documentType === 'homepage' || @@ -92,7 +96,7 @@ export default async function genericToc(req: ExtendedRequest, res: Response, ne renderIntros = false req.context.genericTocNested = await getTocItems(treePage, req.context, { recurse: isRecursive, - renderIntros, + renderIntros: req.context.currentLayoutName === 'category-landing' ? true : false, includeHidden, }) } @@ -127,7 +131,11 @@ async function getTocItems(node: Tree, context: Context, opts: Options): Promise // Deliberately don't use `textOnly:true` here because we intend // to display the intro, in a table of contents component, // with the HTML (dangerouslySetInnerHTML). - intro = await page.renderProp('rawIntro', context) + intro = await page.renderProp( + 'rawIntro', + context, + context.currentLayoutName === 'category-landing' ? { textOnly: true } : {}, + ) } } diff --git a/src/frame/middleware/helmet.ts b/src/frame/middleware/helmet.ts index 93b62205c334..d5e3e8487575 100644 --- a/src/frame/middleware/helmet.ts +++ b/src/frame/middleware/helmet.ts @@ -2,9 +2,9 @@ import type { NextFunction, Request, Response } from 'express' import helmet from 'helmet' import { isArchivedVersion } from '@/archives/lib/is-archived-version.js' import versionSatisfiesRange from '@/versions/lib/version-satisfies-range.js' +import { languagePrefixPathRegex } from '@/languages/lib/languages.js' const isDev = process.env.NODE_ENV === 'development' -const AZURE_STORAGE_URL = 'githubdocs.azureedge.net' const GITHUB_DOMAINS = [ "'self'", 'github.com', @@ -30,15 +30,14 @@ const DEFAULT_OPTIONS = { // When doing local dev, especially in Safari, you need to add `ws:` // which NextJS uses for the hot module reloading. connectSrc: ["'self'", isDev && 'ws:'].filter(Boolean) as string[], - fontSrc: ["'self'", 'data:', AZURE_STORAGE_URL], - imgSrc: [...GITHUB_DOMAINS, 'data:', AZURE_STORAGE_URL, 'placehold.it'], + fontSrc: ["'self'", 'data:'], + imgSrc: [...GITHUB_DOMAINS, 'data:', 'placehold.it'], objectSrc: ["'self'"], // For use during development only! // `unsafe-eval` allows us to use a performant webpack devtool setting (eval) // https://webpack.js.org/configuration/devtool/#devtool - scriptSrc: ["'self'", 'data:', AZURE_STORAGE_URL, isDev && "'unsafe-eval'"].filter( - Boolean, - ) as string[], + scriptSrc: ["'self'", 'data:', isDev && "'unsafe-eval'"].filter(Boolean) as string[], + scriptSrcAttr: ["'self'"], frameSrc: [ ...GITHUB_DOMAINS, isDev && 'http://localhost:3000', @@ -50,7 +49,7 @@ const DEFAULT_OPTIONS = { 'https://www.youtube-nocookie.com', ].filter(Boolean) as string[], frameAncestors: isDev ? ['*'] : [...GITHUB_DOMAINS], - styleSrc: ["'self'", "'unsafe-inline'", 'data:', AZURE_STORAGE_URL], + styleSrc: ["'self'", "'unsafe-inline'", 'data:'], childSrc: ["'self'"], // exception for search in deprecated GHE versions manifestSrc: ["'self'"], upgradeInsecureRequests: isDev ? null : [], @@ -59,7 +58,7 @@ const DEFAULT_OPTIONS = { } const NODE_DEPRECATED_OPTIONS = structuredClone(DEFAULT_OPTIONS) -const { directives: ndDirs } = NODE_DEPRECATED_OPTIONS.contentSecurityPolicy +const ndDirs = NODE_DEPRECATED_OPTIONS.contentSecurityPolicy.directives ndDirs.scriptSrc.push( "'unsafe-eval'", "'unsafe-inline'", @@ -69,12 +68,20 @@ ndDirs.scriptSrc.push( ndDirs.connectSrc.push('https://www.google-analytics.com') ndDirs.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com') +const DEVELOPER_DEPRECATED_OPTIONS = structuredClone(DEFAULT_OPTIONS) +const devDirs = DEVELOPER_DEPRECATED_OPTIONS.contentSecurityPolicy.directives +devDirs.styleSrc.push('*.googleapis.com') +devDirs.scriptSrc.push("'unsafe-inline'", '*.googleapis.com', 'http://www.google-analytics.com') +devDirs.fontSrc.push('*.gstatic.com') +devDirs.scriptSrcAttr.push("'unsafe-inline'") + const STATIC_DEPRECATED_OPTIONS = structuredClone(DEFAULT_OPTIONS) STATIC_DEPRECATED_OPTIONS.contentSecurityPolicy.directives.scriptSrc.push("'unsafe-inline'") const defaultHelmet = helmet(DEFAULT_OPTIONS) const nodeDeprecatedHelmet = helmet(NODE_DEPRECATED_OPTIONS) const staticDeprecatedHelmet = helmet(STATIC_DEPRECATED_OPTIONS) +const developerDeprecatedHelmet = helmet(DEVELOPER_DEPRECATED_OPTIONS) export default function helmetMiddleware(req: Request, res: Response, next: NextFunction) { // Enable CORS @@ -85,6 +92,14 @@ export default function helmetMiddleware(req: Request, res: Response, next: Next // Determine version for exceptions const { requestedVersion } = isArchivedVersion(req) + // Check if this is a legacy developer.github.com path + const isDeveloper = req.path + .replace(languagePrefixPathRegex, '/') + .startsWith(`/enterprise/${requestedVersion}/developer`) + if (versionSatisfiesRange(requestedVersion, '<=2.18') && isDeveloper) { + return developerDeprecatedHelmet(req, res, next) + } + // Exception for deprecated Enterprise docs (Node.js era) if ( versionSatisfiesRange(requestedVersion, '<=2.19') && diff --git a/src/frame/middleware/index.ts b/src/frame/middleware/index.ts index fe11bf133f59..d93377e09ed4 100644 --- a/src/frame/middleware/index.ts +++ b/src/frame/middleware/index.ts @@ -61,7 +61,7 @@ import fastlyCacheTest from './fastly-cache-test' import trailingSlashes from './trailing-slashes' import mockVaPortal from './mock-va-portal' import dynamicAssets from '@/assets/middleware/dynamic-assets' -import contextualizeSearch from '@/search/middleware/contextualize.js' +import generalSearchMiddleware from '@/search/middleware/general-search-middleware' import shielding from '@/shielding/middleware' import tracking from '@/tracking/middleware' import { MAX_REQUEST_TIMEOUT } from '@/frame/lib/constants.js' @@ -275,7 +275,7 @@ export default function (app: Express) { app.use(asyncMiddleware(productExamples)) app.use(asyncMiddleware(productGroups)) app.use(asyncMiddleware(glossaries)) - app.use(asyncMiddleware(contextualizeSearch)) + app.use(asyncMiddleware(generalSearchMiddleware)) app.use(asyncMiddleware(featuredLinks)) app.use(asyncMiddleware(learningTrack)) diff --git a/src/frame/middleware/remote-ip.ts b/src/frame/middleware/remote-ip.ts index 0eec056d52ae..b0072409e207 100644 --- a/src/frame/middleware/remote-ip.ts +++ b/src/frame/middleware/remote-ip.ts @@ -7,6 +7,8 @@ export default function remoteIp(req: Request, res: Response) { res.json({ ip: req.ip, 'x-forwarded-for': req.headers['x-forwarded-for'] || null, + 'x-forwarded-host': req.headers['x-forwarded-host'] || null, + host: req.headers['host'] || null, 'fastly-client-ip': req.headers['fastly-client-ip'] || null, }) } diff --git a/src/frame/tests/favicons.ts b/src/frame/tests/favicons.ts index 030b35fdd19f..28b873047233 100644 --- a/src/frame/tests/favicons.ts +++ b/src/frame/tests/favicons.ts @@ -15,7 +15,10 @@ describe('favicon assets', () => { expect(res.headers['cache-control']).toContain('public') expect(res.headers['cache-control']).toContain('immutable') expect(res.headers['cache-control']).toMatch(/max-age=\d+/) - const maxAgeSeconds = parseInt(res.headers['cache-control'].match(/max-age=(\d+)/)[1], 10) + const maxAgeSeconds = parseInt( + (res.headers['cache-control'] || '').match(/max-age=(\d+)/)?.[1] || '', + 10, + ) // Let's not be too specific in the tests, just as long as it's testing // that it's a reasonably large number of seconds. expect(maxAgeSeconds).toBeGreaterThanOrEqual(60 * 60) @@ -25,13 +28,16 @@ describe('favicon assets', () => { test('should serve a valid and aggressively caching /apple-touch-icon.png', async () => { const res = await get('/apple-touch-icon.png') expect(res.statusCode).toBe(200) - expect(parseInt(res.headers['content-length'], 10)).toBeGreaterThan(0) + expect(parseInt(res.headers['content-length'] || '', 10)).toBeGreaterThan(0) expect(res.headers['content-type']).toBe('image/png') expect(res.headers['set-cookie']).toBeUndefined() expect(res.headers['cache-control']).toContain('public') expect(res.headers['cache-control']).toContain('immutable') expect(res.headers['cache-control']).toMatch(/max-age=\d+/) - const maxAgeSeconds = parseInt(res.headers['cache-control'].match(/max-age=(\d+)/)[1], 10) + const maxAgeSeconds = parseInt( + (res.headers['cache-control'] || '').match(/max-age=(\d+)/)?.[1] || '', + 10, + ) // Let's not be too specific in the tests, just as long as it's testing // that it's a reasonably large number of seconds. expect(maxAgeSeconds).toBeGreaterThanOrEqual(60 * 60) diff --git a/src/frame/tests/manifest.ts b/src/frame/tests/manifest.ts index dcdc74eb5c2c..c1ba9e00fc58 100644 --- a/src/frame/tests/manifest.ts +++ b/src/frame/tests/manifest.ts @@ -20,6 +20,9 @@ describe('manifest', () => { test('download manifest from HTML and check content', async () => { const $ = await getDOM('/') const url = $('link[rel="manifest"]').attr('href') + if (!url) { + throw new Error('No manifest URL found') + } const res = await get(url) expect(res.statusCode).toBe(200) diff --git a/src/frame/tests/server.js b/src/frame/tests/server.js index c45d7d34b97a..91c1a8617383 100644 --- a/src/frame/tests/server.js +++ b/src/frame/tests/server.js @@ -10,8 +10,6 @@ import { makeLanguageSurrogateKey, } from '#src/frame/middleware/set-fastly-surrogate-key.js' -const AZURE_STORAGE_URL = 'githubdocs.azureedge.net' - describe('server', () => { vi.setConfig({ testTimeout: 60 * 1000 }) @@ -49,12 +47,10 @@ describe('server', () => { expect(csp.get('default-src')).toBe("'none'") expect(csp.get('font-src').includes("'self'")).toBe(true) - expect(csp.get('font-src').includes(AZURE_STORAGE_URL)).toBe(true) expect(csp.get('connect-src').includes("'self'")).toBe(true) expect(csp.get('img-src').includes("'self'")).toBe(true) - expect(csp.get('img-src').includes(AZURE_STORAGE_URL)).toBe(true) expect(csp.get('script-src').includes("'self'")).toBe(true) diff --git a/src/ghes-releases/lib/release-templates/release-steps-1.md b/src/ghes-releases/lib/release-templates/release-steps-1.md index 33ebc7b82fb7..4f01a44dc099 100644 --- a/src/ghes-releases/lib/release-templates/release-steps-1.md +++ b/src/ghes-releases/lib/release-templates/release-steps-1.md @@ -17,7 +17,7 @@ labels: - [Prerequisites](#prerequisites) - [Create publication branch for a new version of GHES](#creation) - [Resolve check failures](#check-failures) -- [Sync the search indices](#sync-search-indices) +- [Scrape the search indices](#scrape-search-indices) - [Maintain the publication branch](#maintenance) - [Complete preparation for the RC and publish the docset](#publication) @@ -110,11 +110,11 @@ For content from the OpenAPI schema, note the affected content with broken links
    - + -### [🔎](#sync-search-indices) Sync the search indices +### [🔎](#scrape-search-indices) Scrape the search indices -1. Go to the [`sync-search-elasticsearch` workflow](https://github.com/github/docs-internal/actions/workflows/sync-search-elasticsearch.yml) ([permalink](https://github.com/github/docs-internal/blob/f8ca45703c48c7d1976a278337bc3391fb14fe9e/.github/workflows/sync-search-elasticsearch.yml) in case it moves) +1. Go to the [`index-general-search.yml` workflow](https://github.com/github/docs-internal/actions/workflows/index-general-search.yml) 1. Click on the **Run workflow** drop down and set the following parameters: - `Branch:` set to the name of the publication branch - `Version` set to the version you're publishing (e.g., `ghes-3.12` if you're publishing GHES 3.12) diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json index d3ebed957015..7063c38178c0 100644 --- a/src/github-apps/lib/config.json +++ b/src/github-apps/lib/config.json @@ -60,5 +60,5 @@ "2022-11-28" ] }, - "sha": "10e2f151b45a960f135417e71bd6f0ac5ce0aa97" + "sha": "f9de54ab72eff1bc9855fd0940816350912ae5b7" } \ No newline at end of file diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json index 7f3133801c9f..da32f5c7f8e1 100644 --- a/src/graphql/data/fpt/changelog.json +++ b/src/graphql/data/fpt/changelog.json @@ -1,4 +1,19 @@ [ + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type UpdateEnterpriseDeployKeySettingInput was added

    ", + "

    Type UpdateEnterpriseDeployKeySettingPayload was added

    ", + "

    Field updateEnterpriseDeployKeySetting was added to object type Mutation

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2024-11-07" + }, { "schemaChanges": [ { diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql index b0081145a816..5fa000d7562e 100644 --- a/src/graphql/data/fpt/schema.docs.graphql +++ b/src/graphql/data/fpt/schema.docs.graphql @@ -24830,6 +24830,16 @@ type Mutation { input: UpdateEnterpriseDefaultRepositoryPermissionSettingInput! ): UpdateEnterpriseDefaultRepositoryPermissionSettingPayload + """ + Sets whether deploy keys are allowed to be created and used for an enterprise. + """ + updateEnterpriseDeployKeySetting( + """ + Parameters for UpdateEnterpriseDeployKeySetting + """ + input: UpdateEnterpriseDeployKeySettingInput! + ): UpdateEnterpriseDeployKeySettingPayload + """ Sets whether organization members with admin permissions on a repository can change repository visibility. """ @@ -58729,6 +58739,46 @@ type UpdateEnterpriseDefaultRepositoryPermissionSettingPayload { message: String } +""" +Autogenerated input type of UpdateEnterpriseDeployKeySetting +""" +input UpdateEnterpriseDeployKeySettingInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the enterprise on which to set the deploy key setting. + """ + enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"]) + + """ + The value for the deploy key setting on the enterprise. + """ + settingValue: EnterpriseEnabledDisabledSettingValue! +} + +""" +Autogenerated return type of UpdateEnterpriseDeployKeySetting. +""" +type UpdateEnterpriseDeployKeySettingPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The enterprise with the updated deploy key setting. + """ + enterprise: Enterprise + + """ + A message confirming the result of updating the deploy key setting. + """ + message: String +} + """ Autogenerated input type of UpdateEnterpriseMembersCanChangeRepositoryVisibilitySetting """ diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json index 997ae01b844b..242bbb5e21c6 100644 --- a/src/graphql/data/fpt/schema.json +++ b/src/graphql/data/fpt/schema.json @@ -7681,6 +7681,48 @@ } ] }, + { + "name": "updateEnterpriseDeployKeySetting", + "kind": "mutations", + "id": "updateenterprisedeploykeysetting", + "href": "/graphql/reference/mutations#updateenterprisedeploykeysetting", + "description": "

    Sets whether deploy keys are allowed to be created and used for an enterprise.

    ", + "inputFields": [ + { + "name": "input", + "type": "UpdateEnterpriseDeployKeySettingInput!", + "id": "updateenterprisedeploykeysettinginput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updateenterprisedeploykeysettinginput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "enterprise", + "type": "Enterprise", + "id": "enterprise", + "kind": "objects", + "href": "/graphql/reference/objects#enterprise", + "description": "

    The enterprise with the updated deploy key setting.

    " + }, + { + "name": "message", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A message confirming the result of updating the deploy key setting.

    " + } + ] + }, { "name": "updateEnterpriseMembersCanChangeRepositoryVisibilitySetting", "kind": "mutations", @@ -103270,6 +103312,40 @@ } ] }, + { + "name": "UpdateEnterpriseDeployKeySettingInput", + "kind": "inputObjects", + "id": "updateenterprisedeploykeysettinginput", + "href": "/graphql/reference/input-objects#updateenterprisedeploykeysettinginput", + "description": "

    Autogenerated input type of UpdateEnterpriseDeployKeySetting.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "enterpriseId", + "description": "

    The ID of the enterprise on which to set the deploy key setting.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "settingValue", + "description": "

    The value for the deploy key setting on the enterprise.

    ", + "type": "EnterpriseEnabledDisabledSettingValue!", + "id": "enterpriseenableddisabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" + } + ] + }, { "name": "UpdateEnterpriseMembersCanChangeRepositoryVisibilitySettingInput", "kind": "inputObjects", diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql index b0081145a816..5fa000d7562e 100644 --- a/src/graphql/data/ghec/schema.docs.graphql +++ b/src/graphql/data/ghec/schema.docs.graphql @@ -24830,6 +24830,16 @@ type Mutation { input: UpdateEnterpriseDefaultRepositoryPermissionSettingInput! ): UpdateEnterpriseDefaultRepositoryPermissionSettingPayload + """ + Sets whether deploy keys are allowed to be created and used for an enterprise. + """ + updateEnterpriseDeployKeySetting( + """ + Parameters for UpdateEnterpriseDeployKeySetting + """ + input: UpdateEnterpriseDeployKeySettingInput! + ): UpdateEnterpriseDeployKeySettingPayload + """ Sets whether organization members with admin permissions on a repository can change repository visibility. """ @@ -58729,6 +58739,46 @@ type UpdateEnterpriseDefaultRepositoryPermissionSettingPayload { message: String } +""" +Autogenerated input type of UpdateEnterpriseDeployKeySetting +""" +input UpdateEnterpriseDeployKeySettingInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the enterprise on which to set the deploy key setting. + """ + enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"]) + + """ + The value for the deploy key setting on the enterprise. + """ + settingValue: EnterpriseEnabledDisabledSettingValue! +} + +""" +Autogenerated return type of UpdateEnterpriseDeployKeySetting. +""" +type UpdateEnterpriseDeployKeySettingPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The enterprise with the updated deploy key setting. + """ + enterprise: Enterprise + + """ + A message confirming the result of updating the deploy key setting. + """ + message: String +} + """ Autogenerated input type of UpdateEnterpriseMembersCanChangeRepositoryVisibilitySetting """ diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json index 997ae01b844b..242bbb5e21c6 100644 --- a/src/graphql/data/ghec/schema.json +++ b/src/graphql/data/ghec/schema.json @@ -7681,6 +7681,48 @@ } ] }, + { + "name": "updateEnterpriseDeployKeySetting", + "kind": "mutations", + "id": "updateenterprisedeploykeysetting", + "href": "/graphql/reference/mutations#updateenterprisedeploykeysetting", + "description": "

    Sets whether deploy keys are allowed to be created and used for an enterprise.

    ", + "inputFields": [ + { + "name": "input", + "type": "UpdateEnterpriseDeployKeySettingInput!", + "id": "updateenterprisedeploykeysettinginput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updateenterprisedeploykeysettinginput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "enterprise", + "type": "Enterprise", + "id": "enterprise", + "kind": "objects", + "href": "/graphql/reference/objects#enterprise", + "description": "

    The enterprise with the updated deploy key setting.

    " + }, + { + "name": "message", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A message confirming the result of updating the deploy key setting.

    " + } + ] + }, { "name": "updateEnterpriseMembersCanChangeRepositoryVisibilitySetting", "kind": "mutations", @@ -103270,6 +103312,40 @@ } ] }, + { + "name": "UpdateEnterpriseDeployKeySettingInput", + "kind": "inputObjects", + "id": "updateenterprisedeploykeysettinginput", + "href": "/graphql/reference/input-objects#updateenterprisedeploykeysettinginput", + "description": "

    Autogenerated input type of UpdateEnterpriseDeployKeySetting.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "enterpriseId", + "description": "

    The ID of the enterprise on which to set the deploy key setting.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "settingValue", + "description": "

    The value for the deploy key setting on the enterprise.

    ", + "type": "EnterpriseEnabledDisabledSettingValue!", + "id": "enterpriseenableddisabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" + } + ] + }, { "name": "UpdateEnterpriseMembersCanChangeRepositoryVisibilitySettingInput", "kind": "inputObjects", diff --git a/src/landings/components/CategoryLanding.tsx b/src/landings/components/CategoryLanding.tsx new file mode 100644 index 000000000000..206aba4933b3 --- /dev/null +++ b/src/landings/components/CategoryLanding.tsx @@ -0,0 +1,67 @@ +import { useRouter } from 'next/router' +import cx from 'classnames' + +import { useCategoryLandingContext } from 'src/frame/components/context/CategoryLandingContext' +import { DefaultLayout } from 'src/frame/components/DefaultLayout' +import { ArticleTitle } from 'src/frame/components/article/ArticleTitle' +import { Lead } from 'src/frame/components/ui/Lead' +import { ClientSideRedirects } from 'src/rest/components/ClientSideRedirects' +import { RestRedirect } from 'src/rest/components/RestRedirect' +import { Breadcrumbs } from 'src/frame/components/page-header/Breadcrumbs' + +export const CategoryLanding = () => { + const router = useRouter() + const { title, intro, tocItems } = useCategoryLandingContext() + + // tocItems contains directories and its children, we only want the child articles + const onlyFlatItems = tocItems.flatMap((item) => item.childTocItems || []) + + return ( + + {router.route === '/[versionId]/rest/[category]' && } + {/* Doesn't matter *where* this is included because it will + never render anything. It always just return null. */} + + +
    +
    + +
    + {title} + + {intro && {intro}} + +

    Spotlight

    +
    +
    Spotlight 1
    +
    Spotlight 2
    +
    Spotlight 3
    +
    + +
    +
    +
    +

    Explore {onlyFlatItems.length} prompt articles

    +
    +
    Searchbar
    +
    Category
    +
    Complexity
    +
    Industry
    +
    Reset
    +
    +
    + {/* TODO: replace with card components */} + {onlyFlatItems.map((item, index) => ( +
    +
    +
    {item.title}
    +
    {item.intro}
    +
    +
    + ))} +
    +
    +
    +     + ) +} diff --git a/src/landings/pages/product.tsx b/src/landings/pages/product.tsx index 5f19a7e69760..d40871964167 100644 --- a/src/landings/pages/product.tsx +++ b/src/landings/pages/product.tsx @@ -35,11 +35,17 @@ import { ArticlePage } from 'src/frame/components/article/ArticlePage' import { ProductLanding } from 'src/landings/components/ProductLanding' import { ProductGuides } from 'src/landings/components/ProductGuides' import { TocLanding } from 'src/landings/components/TocLanding' +import { CategoryLanding } from 'src/landings/components/CategoryLanding' import { getTocLandingContextFromRequest, TocLandingContext, TocLandingContextT, } from 'src/frame/components/context/TocLandingContext' +import { + getCategoryLandingContextFromRequest, + CategoryLandingContext, + CategoryLandingContextT, +} from 'src/frame/components/context/CategoryLandingContext' import { useEffect } from 'react' function initiateArticleScripts() { @@ -54,6 +60,7 @@ type Props = { productGuidesContext?: ProductGuidesContextT tocLandingContext?: TocLandingContextT articleContext?: ArticleContextT + categoryLandingContext?: CategoryLandingContextT } const GlobalPage = ({ mainContext, @@ -61,6 +68,7 @@ const GlobalPage = ({ productGuidesContext, tocLandingContext, articleContext, + categoryLandingContext, }: Props) => { const router = useRouter() @@ -86,6 +94,12 @@ const GlobalPage = ({ ) + } else if (categoryLandingContext) { + content = ( + + + + ) } else if (tocLandingContext) { content = ( @@ -133,9 +147,13 @@ export const getServerSideProps: GetServerSideProps = async (context) => props.productGuidesContext = getProductGuidesContextFromRequest(req) additionalUINamespaces.push('product_guides') } else if (relativePath?.endsWith('index.md')) { - props.tocLandingContext = getTocLandingContextFromRequest(req) - if (props.tocLandingContext.currentLearningTrack?.trackName) { - additionalUINamespaces.push('learning_track_nav') + if (currentLayoutName === 'category-landing') { + props.categoryLandingContext = getCategoryLandingContextFromRequest(req) + } else { + props.tocLandingContext = getTocLandingContextFromRequest(req) + if (props.tocLandingContext.currentLearningTrack?.trackName) { + additionalUINamespaces.push('learning_track_nav') + } } } else if (props.mainContext.page) { // All articles that might have hover cards needs this diff --git a/src/languages/tests/frame.ts b/src/languages/tests/frame.ts index d75ee9a484f1..e00c61fffd0b 100644 --- a/src/languages/tests/frame.ts +++ b/src/languages/tests/frame.ts @@ -17,15 +17,15 @@ describe('frame', () => { test.each(langs)('breadcrumbs link to %s pages', async (lang) => { const $ = await getDOM(`/${lang}/get-started/learning-about-github`) const $breadcrumbs = $('[data-testid=breadcrumbs-in-article] a') - expect($breadcrumbs[0].attribs.href).toBe(`/${lang}/get-started`) + expect(($breadcrumbs[0] as cheerio.TagElement).attribs.href).toBe(`/${lang}/get-started`) }) test.each(langs)('homepage links go to %s pages', async (lang) => { const $ = await getDOM(`/${lang}`) const $links = $('[data-testid=bump-link]') - $links.each((i: number, el: Element) => { + $links.each((i: number, el: cheerio.Element) => { const linkUrl = $(el).attr('href') - expect(linkUrl.startsWith(`/${lang}/`)).toBe(true) + expect((linkUrl || '').startsWith(`/${lang}/`)).toBe(true) }) }) diff --git a/src/links/lib/excluded-links.yml b/src/links/lib/excluded-links.yml index 48e65d267794..285d1211f089 100644 --- a/src/links/lib/excluded-links.yml +++ b/src/links/lib/excluded-links.yml @@ -76,3 +76,6 @@ - is: https://jsonformatter.org/ - is: https://mvnrepository.com/artifact/org.xwiki.platform/xwiki-platform-oldcore - is: https://mvnrepository.com/artifact/com.google.guava/guava +- startsWith: https://platform.openai.com/docs/models +- startsWith: https://openai.com/index +- is: https://github.com/github-linguist/linguist/compare/master...octocat:master diff --git a/src/links/scripts/rendered-content-link-checker.ts b/src/links/scripts/rendered-content-link-checker.ts index ba87dbd28a31..db4aef1c5964 100755 --- a/src/links/scripts/rendered-content-link-checker.ts +++ b/src/links/scripts/rendered-content-link-checker.ts @@ -3,7 +3,7 @@ import fs from 'fs' import path from 'path' -import cheerio, { type CheerioAPI, type Element } from 'cheerio' +import cheerio from 'cheerio' import coreLib from '@actions/core' import got, { RequestError } from 'got' import chalk from 'chalk' @@ -339,7 +339,15 @@ async function main( const t0 = new Date().getTime() const flawsGroups = await Promise.all( pages.map((page: Page) => - processPage(core, page, pageMap, redirects, opts, externalLinkCheckerDB, versions), + processPage( + core, + page, + pageMap, + redirects, + opts, + externalLinkCheckerDB, + versions as string[], + ), ), ) const t1 = new Date().getTime() @@ -695,13 +703,13 @@ async function processPermalink( } const $ = cheerio.load(html, { xmlMode: true }) const flaws: LinkFlaw[] = [] - const links: Element[] = [] + const links: cheerio.Element[] = [] $('a[href]').each((i, link) => { links.push(link) }) const newFlaws: LinkFlaw[] = await Promise.all( links.map(async (link) => { - const { href } = link.attribs + const { href } = (link as cheerio.TagElement).attribs // The global cache can't be used for anchor links because they // depend on each page it renders @@ -752,7 +760,7 @@ async function processPermalink( if (checkImages) { $('img[src]').each((i, img) => { - let { src } = img.attribs + let { src } = (img as cheerio.TagElement).attribs // Images get a cache-busting prefix injected in the image // E.g. @@ -874,7 +882,7 @@ let globalCacheMissCount = 0 async function checkHrefLink( core: any, href: string, - $: CheerioAPI, + $: cheerio.Root, redirects: Redirects, pageMap: PageMap, checkAnchors = false, diff --git a/src/redirects/README.md b/src/redirects/README.md index 0494b4b80564..d5577ddef1a6 100644 --- a/src/redirects/README.md +++ b/src/redirects/README.md @@ -58,12 +58,11 @@ As a workaround for these lost redirects, we have two files in `lib/redirects/st which had a record of each possible redirect candidate that we should bother redirecting too. Now, this new file has been created by accurately comparing it to the actual - content inside the `github/help-docs-archived-enterprise-versions` repo for the + content inside one of the `github/docs-ghes-` repos for the version range of 2.13 to 2.17. So every key in `archived-frontmatter-valid-urls.json` corresponds to a file that would work. -Here's how the `src/archives/middleware/archived-enterprise-versions.js` fallback works: if someone tries to access an article that was updated via a now-lost frontmatter redirect (for example, an article at the path `/en/enterprise/2.15/user/articles/viewing-contributions-on-your-profile-page`), the middleware will first look for a redirect in `archived-redirects-from-213-to-217.json`. If it does not find one, it will look for it in `archived-frontmatter-valid-urls.json` that contains the requested path. If it finds it, it will redirect to it to because that file knows exactly which URLs are valid in -`help-docs-archived-enterprise-versions`. +Here's how the `src/archives/middleware/archived-enterprise-versions.js` fallback works: if someone tries to access an article that was updated via a now-lost frontmatter redirect (for example, an article at the path `/en/enterprise/2.15/user/articles/viewing-contributions-on-your-profile-page`), the middleware will first look for a redirect in `archived-redirects-from-213-to-217.json`. If it does not find one, it will look for it in `archived-frontmatter-valid-urls.json` that contains the requested path. If it finds it, it will redirect to it to because that file knows exactly which URLs are valid in the `docs-ghes-` repos. ## Tests diff --git a/src/release-notes/tests/release-notes-1.ts b/src/release-notes/tests/release-notes-1.ts index 85f7f43661c4..87255b3b456c 100644 --- a/src/release-notes/tests/release-notes-1.ts +++ b/src/release-notes/tests/release-notes-1.ts @@ -14,15 +14,11 @@ describe('release notes', () => { await get('/') nock('https://github.github.com') - .get( - '/help-docs-archived-enterprise-versions/2.19/en/enterprise-server@2.19/admin/release-notes', - ) + .get('/docs-ghes-2.19/en/enterprise-server@2.19/admin/release-notes') .reply(404) - nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.19/redirects.json') - .reply(200, { - emp: 'ty', - }) + nock('https://github.github.com').get('/docs-ghes-2.19/redirects.json').reply(200, { + emp: 'ty', + }) }) afterAll(() => nock.cleanAll()) diff --git a/src/rest/data/fpt-2022-11-28/schema.json b/src/rest/data/fpt-2022-11-28/schema.json index 1f7200e5e6bf..950d7d5f4fd2 100644 --- a/src/rest/data/fpt-2022-11-28/schema.json +++ b/src/rest/data/fpt-2022-11-28/schema.json @@ -225382,7 +225382,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    You can use this endpoint to see a daily breakdown of aggregated usage metrics for Copilot completions and Copilot Chat in the IDE\nfor all users across organizations with access to Copilot within your enterprise, with a further breakdown of suggestions, acceptances,\nand number of active users by editor and language for each day. See the response schema tab for detailed metrics definitions.

    \n

    The response contains metrics for up to 28 days prior. Usage metrics are processed once per day for the previous day,\nand the response will only include data up until yesterday. In order for an end user to be counted towards these metrics,\nthey must have telemetry enabled in their IDE.

    \n

    Only owners and billing managers can view Copilot usage metrics for the enterprise.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    You can use this endpoint to see a daily breakdown of aggregated usage metrics for Copilot completions and Copilot Chat in the IDE\nfor all users across organizations with access to Copilot within your enterprise, with a further breakdown of suggestions, acceptances,\nand number of active users by editor and language for each day. See the response schema tab for detailed metrics definitions.

    \n

    The response contains metrics for up to 28 days prior. Usage metrics are processed once per day for the previous day,\nand the response will only include data up until yesterday. In order for an end user to be counted towards these metrics,\nthey must have telemetry enabled in their IDE.

    \n

    The time zone in the response is in UTC time, that means that the cutoff time for the \"day\" is UTC time.

    \n

    Only owners and billing managers can view Copilot usage metrics for the enterprise.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -227047,7 +227047,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all active Copilot seats across organizations or enterprise teams for an enterprise with a Copilot Business or Copilot Enterprise subscription.

    \n

    Users with access through multiple organizations or enterprise teams will only be counted toward total_seats once.

    \n

    For each organization or enterprise team which grants Copilot access to a user, a seat detail object will appear in the seats array.

    \n

    Only enterprise owners and billing managers can view assigned Copilot seats across their child organizations or enterprise teams.

    \n

    Personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all Copilot seats currently being billed for across organizations or enterprise teams for an enterprise with a Copilot Business or Copilot Enterprise subscription.

    \n

    Users with access through multiple organizations or enterprise teams will only be counted toward total_seats once.

    \n

    For each organization or enterprise team which grants Copilot access to a user, a seat detail object will appear in the seats array.\nEach seat object contains information about the assigned user's most recent Copilot activity. Users must have\ntelemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at. For more information about activity data,\nsee \"Reviewing user activity data for Copilot in your organization.\"

    \n

    Only enterprise owners and billing managers can view assigned Copilot seats across their child organizations or enterprise teams.

    \n

    Personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -227237,7 +227237,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets information about an organization's Copilot subscription, including seat breakdown\nand feature policies. To configure these settings, go to your organization's settings on GitHub.com.\nFor more information, see \"Managing policies for Copilot in your organization\".

    \n

    Only organization owners can view details about the organization's Copilot Business or Copilot Enterprise subscription.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets information about an organization's Copilot subscription, including seat breakdown\nand feature policies. To configure these settings, go to your organization's settings on GitHub.com.\nFor more information, see \"Managing policies for Copilot in your organization.\"

    \n

    Only organization owners can view details about the organization's Copilot Business or Copilot Enterprise subscription.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -228032,7 +228032,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all active Copilot seats for an organization with a Copilot Business or Copilot Enterprise subscription.\nOnly organization owners can view assigned seats.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all Copilot seats for which an organization with a Copilot Business or Copilot Enterprise subscription is currently being billed.\nOnly organization owners can view assigned seats.

    \n

    Each seat object contains information about the assigned user's most recent Copilot activity. Users must have telemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at.\nFor more information about activity data, see \"Reviewing user activity data for Copilot in your organization.\"

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -228123,7 +228123,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments created.", + "description": "The total number of seats created for members of the specified team(s).", "properties": { "seats_created": { "type": "integer" @@ -228137,7 +228137,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for all users within each specified team.\nThe organization will be billed accordingly. For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Setting up a Copilot subscription for your organization\".\nFor more information about setting a suggestion matching policy, see \"Configuring suggestion matching policies for GitHub Copilot in your organization\".

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for all users within each specified team.\nThe organization will be billed for each seat based on the organization's Copilot plan. For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Subscribing to Copilot for your organization.\"\nFor more information about setting a suggestion matching policy, see \"Managing policies for Copilot in your organization.\"

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "201", @@ -228232,7 +228232,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments cancelled.", + "description": "The total number of seats set to \"pending cancellation\" for members of the specified team(s).", "properties": { "seats_cancelled": { "type": "integer" @@ -228246,7 +228246,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Cancels the Copilot seat assignment for all members of each team specified.\nThis will cause the members of the specified team(s) to lose access to GitHub Copilot at the end of the current billing cycle, and the organization will not be billed further for those users.

    \n

    For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to GitHub Copilot for specific users in your organization\".

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Sets seats for all members of each team specified to \"pending cancellation\".\nThis will cause the members of the specified team(s) to lose access to GitHub Copilot at the end of the current billing cycle unless they retain access through another team.

    \n

    For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to Copilot for members of your organization.\"

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    The response will contain the total number of seats set to \"pending cancellation\".

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -228341,7 +228341,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments created.", + "description": "The total number of seats created for the specified user(s).", "properties": { "seats_created": { "type": "integer" @@ -228355,7 +228355,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for each user specified.\nThe organization will be billed accordingly. For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Setting up a Copilot subscription for your organization\".\nFor more information about setting a suggestion matching policy, see \"Configuring suggestion matching policies for GitHub Copilot in your organization\".

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for each user specified.\nThe organization will be billed for each seat based on the organization's Copilot plan. For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Subscribing to Copilot for your organization.\"\nFor more information about setting a suggestion matching policy, see \"Managing policies for Copilot in your organization.\"

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "201", @@ -228450,7 +228450,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments cancelled.", + "description": "The total number of seats set to \"pending cancellation\" for the specified users.", "properties": { "seats_cancelled": { "type": "integer" @@ -228464,7 +228464,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Cancels the Copilot seat assignment for each user specified.\nThis will cause the specified users to lose access to GitHub Copilot at the end of the current billing cycle, and the organization will not be billed further for those users.

    \n

    For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to GitHub Copilot for specific users in your organization\".

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Sets seats for all users specified to \"pending cancellation\".\nThis will cause the specified users to lose access to GitHub Copilot at the end of the current billing cycle unless they retain access through team membership.

    \n

    For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to Copilot for members of your organization.\"

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    The response will contain the total number of seats set to \"pending cancellation\".

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -229207,7 +229207,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets the GitHub Copilot seat assignment details for a member of an organization who currently has access to GitHub Copilot.

    \n

    Only organization owners can view Copilot seat assignment details for members of their organization.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets the GitHub Copilot seat details for a member of an organization who currently has access to GitHub Copilot.

    \n

    The seat object contains information about the user's most recent Copilot activity. Users must have telemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at.\nFor more information about activity data, see \"Reviewing user activity data for Copilot in your organization.\"

    \n

    Only organization owners can view Copilot seat assignment details for members of their organization.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -239126,20 +239126,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } @@ -239166,6 +239196,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -239206,21 +239243,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -239239,7 +239266,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -239332,8 +239359,35 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -239343,7 +239397,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -239458,7 +239511,8 @@ "created_at": "2014-12-10T15:53:42Z", "read_only": true, "added_by": "octocat", - "last_used": "2022-01-10T15:53:42Z" + "last_used": "2022-01-10T15:53:42Z", + "enabled": true } ], "schema": { @@ -239500,6 +239554,9 @@ "string", "null" ] + }, + "enabled": { + "type": "boolean" } }, "required": [ @@ -239613,7 +239670,8 @@ "created_at": "2014-12-10T15:53:42Z", "read_only": true, "added_by": "octocat", - "last_used": "2022-01-10T15:53:42Z" + "last_used": "2022-01-10T15:53:42Z", + "enabled": true }, "schema": { "title": "Deploy Key", @@ -239652,6 +239710,9 @@ "string", "null" ] + }, + "enabled": { + "type": "boolean" } }, "required": [ @@ -239752,7 +239813,8 @@ "created_at": "2014-12-10T15:53:42Z", "read_only": true, "added_by": "octocat", - "last_used": "2022-01-10T15:53:42Z" + "last_used": "2022-01-10T15:53:42Z", + "enabled": true }, "schema": { "title": "Deploy Key", @@ -239791,6 +239853,9 @@ "string", "null" ] + }, + "enabled": { + "type": "boolean" } }, "required": [ @@ -250933,6 +250998,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -251448,7 +251518,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -252516,6 +252587,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -252909,6 +252985,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -253497,6 +253578,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -253981,7 +254067,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -255049,6 +255136,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -255378,7 +255470,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -256446,6 +256539,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -257746,6 +257844,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -259058,6 +259161,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -260799,6 +260907,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -261172,6 +261285,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -261864,7 +261982,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -262932,6 +263051,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -263333,6 +263457,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -356535,6 +356664,7 @@ "members_can_fork_private_repositories": false, "web_commit_signoff_required": false, "updated_at": "2014-03-03T18:58:10Z", + "deploy_keys_enabled_for_repositories": false, "dependency_graph_enabled_for_new_repositories": false, "dependabot_alerts_enabled_for_new_repositories": false, "dependabot_security_updates_enabled_for_new_repositories": false, @@ -356961,6 +357091,13 @@ "null" ], "format": "date-time" + }, + "deploy_keys_enabled_for_repositories": { + "type": "boolean", + "description": "Controls whether or not deploy keys may be added and used for repositories in the organization.", + "examples": [ + false + ] } }, "required": [ @@ -357215,6 +357352,12 @@ "name": "secret_scanning_push_protection_custom_link", "in": "body", "description": "

    If secret_scanning_push_protection_custom_link_enabled is true, the URL that will be displayed to contributors who are blocked from pushing a secret.

    " + }, + { + "type": "boolean", + "name": "deploy_keys_enabled_for_repositories", + "in": "body", + "description": "

    Controls whether or not deploy keys may be added and used for repositories in the organization.

    " } ], "progAccess": { @@ -357309,6 +357452,7 @@ "members_can_fork_private_repositories": false, "web_commit_signoff_required": false, "updated_at": "2014-03-03T18:58:10Z", + "deploy_keys_enabled_for_repositories": false, "dependency_graph_enabled_for_new_repositories": false, "dependabot_alerts_enabled_for_new_repositories": false, "dependabot_security_updates_enabled_for_new_repositories": false, @@ -357735,6 +357879,13 @@ "null" ], "format": "date-time" + }, + "deploy_keys_enabled_for_repositories": { + "type": "boolean", + "description": "Controls whether or not deploy keys may be added and used for repositories in the organization.", + "examples": [ + false + ] } }, "required": [ @@ -369927,6 +370078,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -370163,6 +370315,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -370191,6 +370347,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -371673,6 +371830,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -371902,6 +372060,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -371929,6 +372091,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/data/ghec-2022-11-28/schema.json b/src/rest/data/ghec-2022-11-28/schema.json index 9bf63d9f34ea..6a519a270788 100644 --- a/src/rest/data/ghec-2022-11-28/schema.json +++ b/src/rest/data/ghec-2022-11-28/schema.json @@ -234342,7 +234342,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    You can use this endpoint to see a daily breakdown of aggregated usage metrics for Copilot completions and Copilot Chat in the IDE\nfor all users across organizations with access to Copilot within your enterprise, with a further breakdown of suggestions, acceptances,\nand number of active users by editor and language for each day. See the response schema tab for detailed metrics definitions.

    \n

    The response contains metrics for up to 28 days prior. Usage metrics are processed once per day for the previous day,\nand the response will only include data up until yesterday. In order for an end user to be counted towards these metrics,\nthey must have telemetry enabled in their IDE.

    \n

    Only owners and billing managers can view Copilot usage metrics for the enterprise.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    You can use this endpoint to see a daily breakdown of aggregated usage metrics for Copilot completions and Copilot Chat in the IDE\nfor all users across organizations with access to Copilot within your enterprise, with a further breakdown of suggestions, acceptances,\nand number of active users by editor and language for each day. See the response schema tab for detailed metrics definitions.

    \n

    The response contains metrics for up to 28 days prior. Usage metrics are processed once per day for the previous day,\nand the response will only include data up until yesterday. In order for an end user to be counted towards these metrics,\nthey must have telemetry enabled in their IDE.

    \n

    The time zone in the response is in UTC time, that means that the cutoff time for the \"day\" is UTC time.

    \n

    Only owners and billing managers can view Copilot usage metrics for the enterprise.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -236007,7 +236007,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all active Copilot seats across organizations or enterprise teams for an enterprise with a Copilot Business or Copilot Enterprise subscription.

    \n

    Users with access through multiple organizations or enterprise teams will only be counted toward total_seats once.

    \n

    For each organization or enterprise team which grants Copilot access to a user, a seat detail object will appear in the seats array.

    \n

    Only enterprise owners and billing managers can view assigned Copilot seats across their child organizations or enterprise teams.

    \n

    Personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all Copilot seats currently being billed for across organizations or enterprise teams for an enterprise with a Copilot Business or Copilot Enterprise subscription.

    \n

    Users with access through multiple organizations or enterprise teams will only be counted toward total_seats once.

    \n

    For each organization or enterprise team which grants Copilot access to a user, a seat detail object will appear in the seats array.\nEach seat object contains information about the assigned user's most recent Copilot activity. Users must have\ntelemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at. For more information about activity data,\nsee \"Reviewing user activity data for Copilot in your organization.\"

    \n

    Only enterprise owners and billing managers can view assigned Copilot seats across their child organizations or enterprise teams.

    \n

    Personal access tokens (classic) need either the manage_billing:copilot or read:enterprise scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -236197,7 +236197,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets information about an organization's Copilot subscription, including seat breakdown\nand feature policies. To configure these settings, go to your organization's settings on GitHub.com.\nFor more information, see \"Managing policies for Copilot in your organization\".

    \n

    Only organization owners can view details about the organization's Copilot Business or Copilot Enterprise subscription.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets information about an organization's Copilot subscription, including seat breakdown\nand feature policies. To configure these settings, go to your organization's settings on GitHub.com.\nFor more information, see \"Managing policies for Copilot in your organization.\"

    \n

    Only organization owners can view details about the organization's Copilot Business or Copilot Enterprise subscription.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -236992,7 +236992,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all active Copilot seats for an organization with a Copilot Business or Copilot Enterprise subscription.\nOnly organization owners can view assigned seats.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Lists all Copilot seats for which an organization with a Copilot Business or Copilot Enterprise subscription is currently being billed.\nOnly organization owners can view assigned seats.

    \n

    Each seat object contains information about the assigned user's most recent Copilot activity. Users must have telemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at.\nFor more information about activity data, see \"Reviewing user activity data for Copilot in your organization.\"

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -237083,7 +237083,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments created.", + "description": "The total number of seats created for members of the specified team(s).", "properties": { "seats_created": { "type": "integer" @@ -237097,7 +237097,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for all users within each specified team.\nThe organization will be billed accordingly. For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Setting up a Copilot subscription for your organization\".\nFor more information about setting a suggestion matching policy, see \"Configuring suggestion matching policies for GitHub Copilot in your organization\".

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for all users within each specified team.\nThe organization will be billed for each seat based on the organization's Copilot plan. For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Subscribing to Copilot for your organization.\"\nFor more information about setting a suggestion matching policy, see \"Managing policies for Copilot in your organization.\"

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "201", @@ -237192,7 +237192,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments cancelled.", + "description": "The total number of seats set to \"pending cancellation\" for members of the specified team(s).", "properties": { "seats_cancelled": { "type": "integer" @@ -237206,7 +237206,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Cancels the Copilot seat assignment for all members of each team specified.\nThis will cause the members of the specified team(s) to lose access to GitHub Copilot at the end of the current billing cycle, and the organization will not be billed further for those users.

    \n

    For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to GitHub Copilot for specific users in your organization\".

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Sets seats for all members of each team specified to \"pending cancellation\".\nThis will cause the members of the specified team(s) to lose access to GitHub Copilot at the end of the current billing cycle unless they retain access through another team.

    \n

    For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to Copilot for members of your organization.\"

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    The response will contain the total number of seats set to \"pending cancellation\".

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -237301,7 +237301,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments created.", + "description": "The total number of seats created for the specified user(s).", "properties": { "seats_created": { "type": "integer" @@ -237315,7 +237315,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for each user specified.\nThe organization will be billed accordingly. For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Setting up a Copilot subscription for your organization\".\nFor more information about setting a suggestion matching policy, see \"Configuring suggestion matching policies for GitHub Copilot in your organization\".

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Purchases a GitHub Copilot seat for each user specified.\nThe organization will be billed for each seat based on the organization's Copilot plan. For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    Only organization owners can add Copilot seats for their organization members.

    \n

    In order for an admin to use this endpoint, the organization must have a Copilot Business or Enterprise subscription and a configured suggestion matching policy.\nFor more information about setting up a Copilot subscription, see \"Subscribing to Copilot for your organization.\"\nFor more information about setting a suggestion matching policy, see \"Managing policies for Copilot in your organization.\"

    \n

    The response will contain the total number of new seats that were created and existing seats that were refreshed.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "201", @@ -237410,7 +237410,7 @@ }, "schema": { "type": "object", - "description": "The total number of seat assignments cancelled.", + "description": "The total number of seats set to \"pending cancellation\" for the specified users.", "properties": { "seats_cancelled": { "type": "integer" @@ -237424,7 +237424,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Cancels the Copilot seat assignment for each user specified.\nThis will cause the specified users to lose access to GitHub Copilot at the end of the current billing cycle, and the organization will not be billed further for those users.

    \n

    For more information about Copilot pricing, see \"Pricing for GitHub Copilot\".

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to GitHub Copilot for specific users in your organization\".

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Sets seats for all users specified to \"pending cancellation\".\nThis will cause the specified users to lose access to GitHub Copilot at the end of the current billing cycle unless they retain access through team membership.

    \n

    For more information about Copilot pricing, see \"About billing for GitHub Copilot in your organization.\"

    \n

    For more information about disabling access to Copilot Business or Enterprise, see \"Revoking access to Copilot for members of your organization.\"

    \n

    Only organization owners can cancel Copilot seats for their organization members.

    \n

    The response will contain the total number of seats set to \"pending cancellation\".

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or admin:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -238167,7 +238167,7 @@ } ], "previews": [], - "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets the GitHub Copilot seat assignment details for a member of an organization who currently has access to GitHub Copilot.

    \n

    Only organization owners can view Copilot seat assignment details for members of their organization.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", + "descriptionHTML": "

    Note

    \n

    \nThis endpoint is in public preview and is subject to change.

    \n
    \n

    Gets the GitHub Copilot seat details for a member of an organization who currently has access to GitHub Copilot.

    \n

    The seat object contains information about the user's most recent Copilot activity. Users must have telemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at.\nFor more information about activity data, see \"Reviewing user activity data for Copilot in your organization.\"

    \n

    Only organization owners can view Copilot seat assignment details for members of their organization.

    \n

    OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot or read:org scopes to use this endpoint.

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -248098,20 +248098,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } @@ -248138,6 +248168,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -248178,21 +248215,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -248211,7 +248238,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -248304,8 +248331,35 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -248315,7 +248369,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -248430,7 +248483,8 @@ "created_at": "2014-12-10T15:53:42Z", "read_only": true, "added_by": "octocat", - "last_used": "2022-01-10T15:53:42Z" + "last_used": "2022-01-10T15:53:42Z", + "enabled": true } ], "schema": { @@ -248472,6 +248526,9 @@ "string", "null" ] + }, + "enabled": { + "type": "boolean" } }, "required": [ @@ -248585,7 +248642,8 @@ "created_at": "2014-12-10T15:53:42Z", "read_only": true, "added_by": "octocat", - "last_used": "2022-01-10T15:53:42Z" + "last_used": "2022-01-10T15:53:42Z", + "enabled": true }, "schema": { "title": "Deploy Key", @@ -248624,6 +248682,9 @@ "string", "null" ] + }, + "enabled": { + "type": "boolean" } }, "required": [ @@ -248724,7 +248785,8 @@ "created_at": "2014-12-10T15:53:42Z", "read_only": true, "added_by": "octocat", - "last_used": "2022-01-10T15:53:42Z" + "last_used": "2022-01-10T15:53:42Z", + "enabled": true }, "schema": { "title": "Deploy Key", @@ -248763,6 +248825,9 @@ "string", "null" ] + }, + "enabled": { + "type": "boolean" } }, "required": [ @@ -261412,7 +261477,7 @@ }, { "name": "year", - "description": "

    If specified, only return results for a single year. The value of year is an integer with four digits representing a year. For example, 2023.

    ", + "description": "

    If specified, only return results for a single year. The value of year is an integer with four digits representing a year. For example, 2024. Default value is the current year.

    ", "in": "query", "required": false, "schema": { @@ -261448,7 +261513,7 @@ }, { "name": "cost_center_id", - "description": "

    The ID corresponding to a cost center.

    ", + "description": "

    The ID corresponding to a cost center. The default value is no cost center.

    ", "in": "query", "required": false, "schema": { @@ -261571,7 +261636,7 @@ } ], "previews": [], - "descriptionHTML": "

    Gets a report of the total usage for an enterprise. To use this endpoint, you must be an administrator or billing manager of the enterprise.

    \n

    Note: This endpoint is only available to enterprises with access to the enhanced billing platform. For more information, see \"About the enhanced billing platform for enterprises.\"

    ", + "descriptionHTML": "

    Gets a report of usage by cost center for an enterprise. To use this endpoint, you must be an administrator or billing manager of the enterprise. By default this endpoint will return usage that does not have a cost center.

    \n

    Note: This endpoint is only available to enterprises with access to the enhanced billing platform. For more information, see \"About the enhanced billing platform for enterprises.\"

    ", "statusCodes": [ { "httpStatusCode": "200", @@ -267954,6 +268019,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -268469,7 +268539,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -269537,6 +269608,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -269930,6 +270006,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -270518,6 +270599,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -271002,7 +271088,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -272070,6 +272157,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -272399,7 +272491,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -273467,6 +273560,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -274767,6 +274865,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -276079,6 +276182,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -277820,6 +277928,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -278193,6 +278306,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -278885,7 +279003,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -279953,6 +280072,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -280354,6 +280478,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -373581,6 +373710,7 @@ "web_commit_signoff_required": false, "updated_at": "2014-03-03T18:58:10Z", "archived_at": null, + "deploy_keys_enabled_for_repositories": false, "dependency_graph_enabled_for_new_repositories": false, "dependabot_alerts_enabled_for_new_repositories": false, "dependabot_security_updates_enabled_for_new_repositories": false, @@ -373593,7 +373723,7 @@ }, "schema": { "title": "Organization Full", - "description": "Prevents users in the organization from using insecure methods of two-factor authentication to fulfill a two-factor requirement.\n\nGitHub currently defines SMS as an insecure method of two-factor authentication.\n\nIf your users are managed by the enterprise this policy will not affect them. The first admin account of the enterprise will still be affected.", + "description": "Prevents users in the organization from using insecure methods of two-factor authentication to fulfill a two-factor requirement.\nRemoves non-compliant outside collaborators from the organization and its repositories.\n\nGitHub currently defines SMS as an insecure method of two-factor authentication.\n\nIf your users are managed by the enterprise this policy will not affect them. The first admin account of the enterprise will still be affected.", "type": "object", "properties": { "login": { @@ -374016,6 +374146,13 @@ "null" ], "format": "date-time" + }, + "deploy_keys_enabled_for_repositories": { + "type": "boolean", + "description": "Controls whether or not deploy keys may be added and used for repositories in the organization.", + "examples": [ + false + ] } }, "required": [ @@ -374276,6 +374413,12 @@ "name": "secret_scanning_validity_checks_enabled", "in": "body", "description": "

    Endpoint closing down notice. Please use code security configurations instead.

    \n

    Whether secret scanning automatic validity checks on supported partner tokens is enabled for all repositories under this organization.

    " + }, + { + "type": "boolean", + "name": "deploy_keys_enabled_for_repositories", + "in": "body", + "description": "

    Controls whether or not deploy keys may be added and used for repositories in the organization.

    " } ], "progAccess": { @@ -374371,6 +374514,7 @@ "web_commit_signoff_required": false, "updated_at": "2014-03-03T18:58:10Z", "archived_at": null, + "deploy_keys_enabled_for_repositories": false, "dependency_graph_enabled_for_new_repositories": false, "dependabot_alerts_enabled_for_new_repositories": false, "dependabot_security_updates_enabled_for_new_repositories": false, @@ -374383,7 +374527,7 @@ }, "schema": { "title": "Organization Full", - "description": "Prevents users in the organization from using insecure methods of two-factor authentication to fulfill a two-factor requirement.\n\nGitHub currently defines SMS as an insecure method of two-factor authentication.\n\nIf your users are managed by the enterprise this policy will not affect them. The first admin account of the enterprise will still be affected.", + "description": "Prevents users in the organization from using insecure methods of two-factor authentication to fulfill a two-factor requirement.\nRemoves non-compliant outside collaborators from the organization and its repositories.\n\nGitHub currently defines SMS as an insecure method of two-factor authentication.\n\nIf your users are managed by the enterprise this policy will not affect them. The first admin account of the enterprise will still be affected.", "type": "object", "properties": { "login": { @@ -374806,6 +374950,13 @@ "null" ], "format": "date-time" + }, + "deploy_keys_enabled_for_repositories": { + "type": "boolean", + "description": "Controls whether or not deploy keys may be added and used for repositories in the organization.", + "examples": [ + false + ] } }, "required": [ @@ -391576,6 +391727,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -391812,6 +391964,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -391840,6 +391996,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -393334,6 +393491,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -393563,6 +393721,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -393590,6 +393752,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/data/ghes-3.10-2022-11-28/schema.json b/src/rest/data/ghes-3.10-2022-11-28/schema.json index f37fa0c3a993..d8699c5e0912 100644 --- a/src/rest/data/ghes-3.10-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.10-2022-11-28/schema.json @@ -182084,10 +182084,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -182098,6 +182095,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } }, @@ -182123,6 +182132,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -182163,21 +182179,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -182196,7 +182202,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -182294,6 +182300,34 @@ "licenseDeclared", "supplier" ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" + ] } }, "required": [ @@ -182302,7 +182336,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -211492,6 +211525,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -212007,7 +212045,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -213075,6 +213114,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -213468,6 +213512,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214056,6 +214105,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214540,7 +214594,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -215608,6 +215663,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -215937,7 +215997,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -217005,6 +217066,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -218305,6 +218371,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -219617,6 +219688,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -221358,6 +221434,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -221731,6 +221812,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -222423,7 +222509,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -223491,6 +223578,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -223892,6 +223984,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -328761,6 +328858,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -328997,6 +329095,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -329025,6 +329127,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -330480,6 +330583,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -330709,6 +330813,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -330736,6 +330844,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/data/ghes-3.11-2022-11-28/schema.json b/src/rest/data/ghes-3.11-2022-11-28/schema.json index 81da6ed5eafb..9758988eb6d8 100644 --- a/src/rest/data/ghes-3.11-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.11-2022-11-28/schema.json @@ -182120,10 +182120,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -182134,6 +182131,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } }, @@ -182159,6 +182168,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -182199,21 +182215,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -182232,7 +182238,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -182325,8 +182331,35 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -182336,7 +182369,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -211736,6 +211768,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -212251,7 +212288,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -213319,6 +213357,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -213712,6 +213755,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214300,6 +214348,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214784,7 +214837,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -215852,6 +215906,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -216181,7 +216240,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -217249,6 +217309,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -218549,6 +218614,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -219861,6 +219931,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -221602,6 +221677,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -221975,6 +222055,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -222667,7 +222752,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -223735,6 +223821,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224136,6 +224227,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -329032,6 +329128,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -329268,6 +329365,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -329296,6 +329397,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -330751,6 +330853,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -330980,6 +331083,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -331007,6 +331114,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/data/ghes-3.12-2022-11-28/schema.json b/src/rest/data/ghes-3.12-2022-11-28/schema.json index 3d0ab39fbe1b..0aa22aee79df 100644 --- a/src/rest/data/ghes-3.12-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.12-2022-11-28/schema.json @@ -182440,10 +182440,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -182454,6 +182451,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } }, @@ -182479,6 +182488,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -182519,21 +182535,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -182552,7 +182558,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -182645,8 +182651,35 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -182656,7 +182689,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -213973,6 +214005,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214488,7 +214525,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -215556,6 +215594,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -215949,6 +215992,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -216537,6 +216585,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -217021,7 +217074,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -218089,6 +218143,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -218418,7 +218477,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -219486,6 +219546,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -220786,6 +220851,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -222098,6 +222168,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -223839,6 +223914,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224212,6 +224292,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224904,7 +224989,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -225972,6 +226058,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -226373,6 +226464,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -331422,6 +331518,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -331658,6 +331755,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -331686,6 +331787,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -333141,6 +333243,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -333370,6 +333473,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -333397,6 +333504,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/data/ghes-3.13-2022-11-28/schema.json b/src/rest/data/ghes-3.13-2022-11-28/schema.json index 9aca05c805d0..023def2cd4a5 100644 --- a/src/rest/data/ghes-3.13-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.13-2022-11-28/schema.json @@ -182584,10 +182584,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -182598,6 +182595,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } }, @@ -182623,6 +182632,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -182663,21 +182679,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -182696,7 +182702,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -182789,8 +182795,35 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -182800,7 +182833,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -214173,6 +214205,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214688,7 +214725,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -215756,6 +215794,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -216149,6 +216192,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -216737,6 +216785,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -217221,7 +217274,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -218289,6 +218343,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -218618,7 +218677,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -219686,6 +219746,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -220986,6 +221051,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -222298,6 +222368,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224039,6 +224114,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224412,6 +224492,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -225104,7 +225189,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -226172,6 +226258,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -226573,6 +226664,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -332929,6 +333025,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -333165,6 +333262,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -333193,6 +333294,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -334648,6 +334750,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -334877,6 +334980,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -334904,6 +335011,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/data/ghes-3.14-2022-11-28/schema.json b/src/rest/data/ghes-3.14-2022-11-28/schema.json index 3393c44fdce2..6358b35339a7 100644 --- a/src/rest/data/ghes-3.14-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.14-2022-11-28/schema.json @@ -182584,10 +182584,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -182598,6 +182595,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } }, @@ -182623,6 +182632,13 @@ "SPDX-2.3" ] }, + "comment": { + "type": "string", + "description": "An optional comment about the SPDX document.", + "examples": [ + "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/" + ] + }, "creationInfo": { "type": "object", "properties": { @@ -182663,21 +182679,11 @@ "CC0-1.0" ] }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "examples": [ - "github/github" - ] - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", "description": "The namespace for the SPDX document.", "examples": [ - "https://github.com/example/dependency_graph/sbom-123" + "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57" ] }, "packages": { @@ -182696,7 +182702,7 @@ "type": "string", "description": "The name of the package.", "examples": [ - "rubygems:github/github" + "github/github" ] }, "versionInfo": { @@ -182789,8 +182795,35 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "The type of relationship between the two SPDX elements.", + "examples": [ + "DEPENDS_ON" + ] + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -182800,7 +182833,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -214173,6 +214205,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -214688,7 +214725,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -215756,6 +215794,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -216149,6 +216192,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -216737,6 +216785,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -217221,7 +217274,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -218289,6 +218343,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -218618,7 +218677,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -219686,6 +219746,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -220986,6 +221051,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -222298,6 +222368,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224039,6 +224114,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -224412,6 +224492,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -225104,7 +225189,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -226172,6 +226258,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -226573,6 +226664,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -335535,6 +335631,7 @@ }, "created_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -335771,6 +335868,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -335799,6 +335900,7 @@ "permissions", "created_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" @@ -337254,6 +337356,7 @@ }, "access_granted_at": "2023-05-16T08:47:09.000-07:00", "token_id": 98716, + "token_name": "Some Token", "token_expired": false, "token_expires_at": "2023-11-16T08:47:09.000-07:00", "token_last_used_at": null @@ -337483,6 +337586,10 @@ "type": "integer", "description": "Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants." }, + "token_name": { + "type": "string", + "description": "The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens." + }, "token_expired": { "type": "boolean", "description": "Whether the associated fine-grained personal access token has expired." @@ -337510,6 +337617,7 @@ "permissions", "access_granted_at", "token_id", + "token_name", "token_expired", "token_expires_at", "token_last_used_at" diff --git a/src/rest/lib/config.json b/src/rest/lib/config.json index ae81169ecabc..47b2d63ab205 100644 --- a/src/rest/lib/config.json +++ b/src/rest/lib/config.json @@ -47,5 +47,5 @@ ] } }, - "sha": "10e2f151b45a960f135417e71bd6f0ac5ce0aa97" + "sha": "f9de54ab72eff1bc9855fd0940816350912ae5b7" } \ No newline at end of file diff --git a/src/search/README.md b/src/search/README.md index eef9a860a478..4532f3ebdc71 100644 --- a/src/search/README.md +++ b/src/search/README.md @@ -16,9 +16,36 @@ The site search is part of every version of docs.github.com. This endpoint respo You can also query our search endpoint directly at: `https://docs.github.com/search?version=&language=&query=` -- The VERSION can be any numbered supported GitHub Enterprise Server version (e.g., `3.12`), Enterprise Cloud (`ghec`), or the Free pro team plan (`dotcom`). -- The LANGUAGE CODE can be one of: `zh`, `es`, `pt`, `ru`, `ja`, `fr`, `de`, `ko` -- Any search QUERY you'd like. +- The `VERSION` can be any numbered supported GitHub Enterprise Server version (e.g., `3.12`), Enterprise Cloud (`ghec`), or the Free pro team plan (`dotcom`). +- The `LANGUAGE CODE` can be one of: `zh`, `es`, `pt`, `ru`, `ja`, `fr`, `de`, `ko` +- The `QUERY` can be any alphanumeric string value. + +## Types of search + +Our backend currently supports 3 "types" of searching. + +All searches accept a `query` param, e.g. `?query=how` and return results based on their type: + +1. **general search** + - Results: The pages of our sites that match the query, sorted by popularity + - Example: Query = "clone" -> Results + - Endpoint: `/api/search/v1` +2. **general autocomplete** + - Results: Potential terms that can be autocompleted from the query based on previous user searches + - Example: Query = "cl" -> A Result = "clone" + - Endpoint: `/api/search/autocomplete/v1` +3. **AI search autocomplete** + - Results: Human-readable full-sentence questions that best match the query. Questions are based on previous searches and popular pages + - Example: Query = "How do I clone" -> A Result = "How do I clone a repository?" + - Endpoint: `/api/search/ai-search-autocomplete/v1` + +## Elasticsearch + +Elasticsearch is an external service that we use for searching. When a user types a search, our backend queries Elasticsearch for the most relevant results. + +### Indexing Elasticsearch + +In order to provide relevant results to queries, we prefill Elasticsearch with data via Indexes. See the [Indexing README](./scripts/index/README.md) for how we index on Docs. ## Production deploys @@ -32,40 +59,25 @@ You can manually run the workflow to generate the indexes after you push your ch ### Build and sync -The preferred way to build and sync the search indices is to do so via the [GitHub Actions workflow](/.github/workflows/sync-search-elasticsearch.yml). +The preferred way to build and sync the search indices is to do so via the [GitHub Actions workflow](/.github/workflows/index-general-search.yml). ## Files ### Actions workflow files -- [`.github/workflows/sync-search-elasticsearch.yml`](/.github/workflows/sync-search-elasticsearch.yml) - Builds and syncs search indices on the `main` branch every four hours. Search indices are stored in an internal-only Elasticsearch instance. To run it manually, click "Run workflow" button in the Actions tab. +- [`.github/workflows/index-general-search.yml`](/.github/workflows/index-general-search.yml) - Populates search indices for **general search** using the `main` branch every four hours. Search indices are stored in an internal-only Elasticsearch instance. To run it manually, click "Run workflow" button in the Actions tab. +- [`.github/workflows/index-autocomplete-search.yml`](/.github/workflows/index-general-search.yml) - Populates search indices for both **general autocomplete** and **AI search autocomplete** using data from an internal repo. Runs daily. ### Notable code files and directories - [src/search/components/Search.tsx](/src/search/components/Search.tsx) - The browser-side code that enables the search. - [src/search/components/SearchResults.tsx](/src/search/components/SearchResults.tsx) - The browser-side code that displays search results. -- [src/search/middleware/es-search.js](/src/search/middleware/es-search.js) - A wrapper around the Node.js Elasticsearch module for interacting with the search API. -- [src/search/scripts/](/src/search/scripts/) - Scripts used by Actions workflows or for manual operations. -- [src/search/tests](/src/search/tests) - Tests! - -## Records - -Each record represents a page. Each record has `breadcrumbs`, `title`, `headings`, `content` (the article content in text, not HTML), `intro` (if one exists in the frontmatter), and a unique `objectID` that is currently just the permalink of the article. Here's an example: - -```json -{ - "objectID":"/en/actions/creating-actions/about-custom-actions", - "breadcrumbs":"GitHub Actions / Creating actions", - "title":"About custom actions", - "headings":"About custom actions\nTypes of actions\n[...]", - "content":"Actions are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, [...]", - "intro":"Actions are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the GitHub community.", - "toplevel":"GitHub Actions", - "popularity":0 -} -``` - -## Notes +- [src/search/middleware/general-search-middleware.ts](src/search/middleware/general-search-middleware.ts) - Entrypoint to general search when you hit docs.github/search +- [src/search/middleware/search-routes](src/search/middleware/general-search-middleware.ts) - Entrypoint to the API endpoints for our search routes +- [src/search/scripts/](/src/search/scripts/) - Scripts used by Actions workflows or for manual operations like scraping data for indexing and performing the indexing. +- [src/search/tests](/src/search/tests) - Tests relevant to searching. + +## Miscellaneous Notes - It's not strictly necessary to set an `objectID` as the search index will create one automatically, but by creating our own we have a guarantee that subsequent invocations of this upload script will overwrite existing records instead of creating numerous duplicate records with differing IDs. - Our search querying has typo tolerance. Try spelling something wrong and see what you get! diff --git a/src/search/components/Aggregations.tsx b/src/search/components/Aggregations.tsx index cde2aadf7ba8..415acbde5e58 100644 --- a/src/search/components/Aggregations.tsx +++ b/src/search/components/Aggregations.tsx @@ -2,9 +2,10 @@ import { CheckboxGroup, Checkbox, FormControl } from '@primer/react' import { useRouter } from 'next/router' import Link from 'next/link' -import type { SearchResultAggregations } from './types' import { useTranslation } from 'src/languages/components/useTranslation' +import type { SearchResultAggregations } from 'src/search/types' + type Props = { aggregations: SearchResultAggregations } diff --git a/src/search/components/SearchResults.tsx b/src/search/components/SearchResults.tsx index 054e1a14e3e4..3e628b6a1370 100644 --- a/src/search/components/SearchResults.tsx +++ b/src/search/components/SearchResults.tsx @@ -4,30 +4,39 @@ import { useRouter } from 'next/router' import { useEffect, useState } from 'react' import cx from 'classnames' -import type { SearchResultsT, SearchResultHitT, SearchQueryT } from './types' import { useTranslation } from 'src/languages/components/useTranslation' import { Link } from 'src/frame/components/Link' import { sendEvent, EventType } from 'src/events/components/events' import styles from './SearchResults.module.scss' +import type { SearchQueryContentT } from 'src/search/components/types' +import type { GeneralSearchHitWithoutIncludes, GeneralSearchResponse } from 'src/search/types' +import type { SearchTotalHits } from '@elastic/elasticsearch/lib/api/types' + type Props = { - results: SearchResultsT - search: SearchQueryT + results: GeneralSearchResponse + searchParams: SearchQueryContentT } -export function SearchResults({ results, search }: Props) { - const pages = Math.ceil(results.meta.found.value / results.meta.size) +export function SearchResults({ results, searchParams }: Props) { + const pages = Math.ceil((results.meta.found as SearchTotalHits).value / results.meta.size) const { page } = results.meta return (
    - + {pages > 1 && }
    ) } -function SearchResultHits({ hits, search }: { hits: SearchResultHitT[]; search: SearchQueryT }) { +function SearchResultHits({ + hits, + searchParams, +}: { + hits: GeneralSearchHitWithoutIncludes[] + searchParams: SearchQueryContentT +}) { return (
    {hits.length === 0 && } @@ -35,10 +44,10 @@ function SearchResultHits({ hits, search }: { hits: SearchResultHitT[]; search: ))}
    @@ -64,7 +73,7 @@ function SearchResultHit({ index, debug, }: { - hit: SearchResultHitT + hit: GeneralSearchHitWithoutIncludes query: string totalHits: number index: number diff --git a/src/search/components/ValidationErrors.tsx b/src/search/components/ValidationErrors.tsx index 3be3074b35fa..ce8bf15c5577 100644 --- a/src/search/components/ValidationErrors.tsx +++ b/src/search/components/ValidationErrors.tsx @@ -1,10 +1,10 @@ import { Flash } from '@primer/react' import { useTranslation } from 'src/languages/components/useTranslation' -import type { SearchValidationErrorT } from './types' +import type { SearchValidationErrorEntry } from '../types' interface Props { - errors: SearchValidationErrorT[] + errors: SearchValidationErrorEntry[] } export function ValidationErrors({ errors }: Props) { diff --git a/src/search/components/context/SearchContext.tsx b/src/search/components/context/SearchContext.tsx index 08ff25d14d97..086896cb8bce 100644 --- a/src/search/components/context/SearchContext.tsx +++ b/src/search/components/context/SearchContext.tsx @@ -1,10 +1,5 @@ import { createContext, useContext } from 'react' - -import type { SearchT } from '../types' - -export type SearchContextT = { - search: SearchT -} +import type { SearchContextT } from '../types' export const SearchContext = createContext(null) diff --git a/src/search/components/index.tsx b/src/search/components/index.tsx index 39399b3c08f7..26fc041be6a6 100644 --- a/src/search/components/index.tsx +++ b/src/search/components/index.tsx @@ -7,8 +7,9 @@ import { useNumberFormatter } from 'src/search/components/useNumberFormatter' import { SearchResults } from 'src/search/components/SearchResults' import { NoQuery } from 'src/search/components/NoQuery' import { useMainContext } from 'src/frame/components/context/MainContext' -import { ValidationErrors } from './ValidationErrors' -import { useSearchContext } from './context/SearchContext' +import { ValidationErrors } from 'src/search/components/ValidationErrors' +import { useSearchContext } from 'src/search/components/context/SearchContext' +import type { SearchTotalHits } from '@elastic/elasticsearch/lib/api/types' export function Search() { const { search } = useSearchContext() @@ -17,7 +18,7 @@ export function Search() { const { t } = useTranslation('search_results') const { currentVersion } = useVersion() - const { query } = search.search + const { query } = search.searchParams // A reference to the `content/search/index.md` Page object. // Not to be confused with the "page" that is for paginating @@ -37,7 +38,7 @@ export function Search() { pageTitle += ` (${searchVersion})` } if (results) { - pageTitle = `${formatInteger(results.meta.found.value)} ${pageTitle}` + pageTitle = `${formatInteger((results.meta.found as SearchTotalHits).value)} ${pageTitle}` } } @@ -63,7 +64,7 @@ export function Search() { ) : null} - {results ? : null} + {results ? : null} ) } diff --git a/src/search/components/types.ts b/src/search/components/types.ts index ce6c8a80ef77..1dad85ca9dec 100644 --- a/src/search/components/types.ts +++ b/src/search/components/types.ts @@ -1,58 +1,15 @@ -export type SearchResultHitT = { - id: string - url: string - title: string - breadcrumbs: string - highlights: { - title?: string[] - content?: string[] - content_explicit?: string[] - } - score?: number - popularity?: number - es_url?: string -} +import { GeneralSearchResponse, SearchValidationErrorEntry } from 'src/search/types' -type SearchResultsMeta = { - found: { - value: number - relation: string +export interface SearchContextT { + search: { + results?: GeneralSearchResponse + searchParams: SearchQueryContentT + validationErrors: SearchValidationErrorEntry[] } - took: { - query_msec: number - total_msec: number - } - page: number - size: number -} - -type Aggregation = { - key: string - count: number -} - -export type SearchResultAggregations = { - [key: string]: Aggregation[] } -export type SearchResultsT = { - meta: SearchResultsMeta - hits: SearchResultHitT[] - aggregations?: SearchResultAggregations -} - -export type SearchQueryT = { +// Parts of the search query that are set to the search context +export type SearchQueryContentT = { query: string debug: boolean } - -export type SearchValidationErrorT = { - error: string - // key: string -} - -export type SearchT = { - search: SearchQueryT - results?: SearchResultsT - validationErrors: SearchValidationErrorT[] -} diff --git a/src/search/lib/config.js b/src/search/lib/config.js deleted file mode 100644 index 21ec77955be7..000000000000 --- a/src/search/lib/config.js +++ /dev/null @@ -1,5 +0,0 @@ -export const namePrefix = 'github-docs' - -export default { - namePrefix, -} diff --git a/src/search/lib/elasticsearch-indexes.ts b/src/search/lib/elasticsearch-indexes.ts new file mode 100644 index 000000000000..4990d229a97b --- /dev/null +++ b/src/search/lib/elasticsearch-indexes.ts @@ -0,0 +1,91 @@ +import languages from '@/languages/lib/languages.js' +import { utcTimestamp } from '@/search/lib/helpers/time' +import { allIndexVersionKeys, versionToIndexVersionMap } from '@/search/lib/elasticsearch-versions' + +import type { SearchTypes } from '@/search/types' + +export type SearchIndexes = { + [key in SearchTypes]: SearchIndex +} + +export type SearchIndex = { + prefix: string + type: string +} + +/* Elasticsearch uses indexes to group categories of data + + We currently have 3 top-level categories of indexes: + 1. General search: This is populated using data from all of our Docs pages + 2. General autocomplete: This is populated using analytics search history in docs-internal-data + 3. AI autocomplete: This is populated with human-readable questions using a GPT query in docs-internal-data + + This file is intended to be the source of truth for Docs Elasticsearch indexes. + + Indexes are in the form: + --- + e.g. github-docs-general-search-fpt-en + + might be "tests_" for tests +*/ +const prefix = 'github-docs' +const indexes: SearchIndexes = { + generalSearch: { + prefix, + type: 'general-search', + }, + generalAutocomplete: { + prefix, + type: 'general-autocomplete', + }, + aiSearchAutocomplete: { + prefix, + type: 'ai-search-autocomplete', + }, +} + +// Source of truth for determining the index name for the Elastic Search index given a version and language +export function getElasticSearchIndex( + type: SearchTypes, + version: string, + language: string, + manualPrefix = '', +): { + indexName: string + indexAlias: string +} { + if (!(type in indexes)) { + throw new Error(`Type ${type} not found in indexes for getElasticSearchIndex function.`) + } + const index = indexes[type] as SearchIndex + + // Validate language + if (!(language in languages)) { + throw new Error( + `Language ${language} not found in languages for getElasticSearchIndex function.`, + ) + } + + // Validate version + if (!allIndexVersionKeys.includes(version)) { + throw new Error( + `Version '${version}' does not map to a valid version for getElasticSearchIndex function.`, + ) + } + + // e.g. free-pro-team becomes fpt for the index name + const indexVersion = versionToIndexVersionMap[version] + + // In the index-test-fixtures.sh script, we use the tests_ prefix index for testing + const testPrefix = process.env.NODE_ENV === 'test' ? 'tests_' : '' + + // If a manual prefix is provided, append an underscore to it + if (manualPrefix && !manualPrefix.endsWith('_')) { + manualPrefix += '_' + } + + const indexName = `${testPrefix || manualPrefix}${index.prefix}_${index.type}_${indexVersion}_${language}` + const indexAlias = `${indexName}__${utcTimestamp()}` + + return { indexName, indexAlias } +} diff --git a/src/search/lib/elasticsearch-versions.ts b/src/search/lib/elasticsearch-versions.ts new file mode 100644 index 000000000000..19dfd937d87c --- /dev/null +++ b/src/search/lib/elasticsearch-versions.ts @@ -0,0 +1,112 @@ +/* + * Source of truth for versioning in the context of Elasticsearch + * We have a unique index for each version of the docs + * so consistency is important for creating/accessing ES Indexes. + * + * Example versions (these may not be up to date): + * + * 1. free-pro-team@latest. Previously known as "dotcom". This is the default version of the docs. + * - short name: fpt + * 2. enterprise-cloud@latest + * - short name: ghec + * 3. enterprise-server@X: This is the source of versioning complexity since the version is dynamic + * - short name: ghes-X + * + * However, for (3) someone might enter `&version=3.5` as the version in the request query string. + * This would map to `ghes-3.5` + */ + +import { allVersions } from '@/versions/lib/all-versions' + +// versionToIndexVersionMap examples: +// free-pro-team@latest -> fpt +// free-pro-team -> fpt +// dotcom -> fpt +// enterprise-cloud@latest -> ghec +// enterprise-server@3.5 -> ghes-3.5 +// 3.5 -> ghes-3.5 +export const versionToIndexVersionMap: { [key: string]: string } = {} + +// For each potential input (from request query string, CLI, etc), map it to the appropriate index version +for (const versionSource of Object.values(allVersions)) { + if (versionSource.hasNumberedReleases) { + versionToIndexVersionMap[versionSource.currentRelease] = versionSource.miscVersionName + // Map shortname or plan, e.g. `ghes` or `enterprise-server` to the latest release, e.g. `ghes-3.14` + if (versionSource.latestRelease === versionSource.currentRelease) { + versionToIndexVersionMap[versionSource.plan] = versionSource.miscVersionName + versionToIndexVersionMap[versionSource.shortName] = versionSource.miscVersionName + } + } else { + versionToIndexVersionMap[versionSource.version] = versionSource.shortName + versionToIndexVersionMap[versionSource.miscVersionName] = versionSource.shortName + // The next two lines map things like `?version=free-pro-team` -> `?version=fpt` + versionToIndexVersionMap[versionSource.plan] = versionSource.shortName + versionToIndexVersionMap[versionSource.shortName] = versionSource.shortName + } +} + +// Add the values to the keys as well so that the map value -> value works for versions that are already conformed to the indexVersion syntax +for (const [, value] of Object.entries(versionToIndexVersionMap)) { + versionToIndexVersionMap[value] = value +} + +// All of the possible keys that can be input to access a version +export const allIndexVersionKeys = Array.from( + new Set([...Object.keys(versionToIndexVersionMap), ...Object.keys(allVersions)]), +) + +// These should be the only possible values that an ES index will use (source of truth) +// allIndexVersionOptions example: +// fpt, ghec, ghes-3.14, ghes-3.13, ghes-3.12, ghes-3.11, ghes-3.10 +export const allIndexVersionOptions = Array.from( + new Set([...Object.values(versionToIndexVersionMap)]), +) + +// Autocomplete only supports 3 "versions": free-pro-team, enterprise-cloud, and enterprise-server +// docs-internal-data stores data under directories with these names. It does not account for individual enterprise-server versions +// These are the "plan" names on the allVersions object +const allVersionPlans: string[] = [] +for (const version of Object.values(allVersions)) { + if (version.plan) { + allVersionPlans.push(version.plan) + } +} +// Remove duplicates +export const supportedAutocompletePlanVersions = Array.from(new Set(allVersionPlans)) + +// Returns the plan name for the given version +// Needed because {version} in the docs-internal-data paths use the version's 'plan' name, e.g. `free-pro-team` instead of `fpt` +export function getPlanVersionFromIndexVersion(indexVersion: string): string { + const planVersion = + Object.values(allVersions).find( + (info) => + info.shortName === indexVersion || + info.plan === indexVersion || + info.miscVersionName === indexVersion || + info.currentRelease === indexVersion, + )?.plan || '' + + if (!planVersion) { + throw new Error(`Plan version not found for index version ${indexVersion}`) + } + + return planVersion +} + +// Gets the matching key from allVersions for the given index version +// This is needed for scraping since the pages use the 'allVersions' key as their version +export function getAllVersionsKeyFromIndexVersion(indexVersion: string): string { + const key = Object.keys(allVersions).find( + (key) => + key === indexVersion || + allVersions[key].shortName === indexVersion || + allVersions[key].plan === indexVersion || + allVersions[key].miscVersionName === indexVersion, + ) + + if (!key) { + throw new Error(`No key found for index version ${indexVersion}`) + } + + return key +} diff --git a/src/search/lib/get-elasticsearch-results/ai-search-autocomplete.ts b/src/search/lib/get-elasticsearch-results/ai-search-autocomplete.ts new file mode 100644 index 000000000000..4d63dd62d3a9 --- /dev/null +++ b/src/search/lib/get-elasticsearch-results/ai-search-autocomplete.ts @@ -0,0 +1,125 @@ +import { Client } from '@elastic/elasticsearch' +import { getElasticsearchClient } from '@/search/lib/helpers/get-client' +import { getHighlightConfiguration } from '@/search/lib/get-elasticsearch-results/helpers/elasticsearch-highlight-config' + +import type { AutocompleteSearchResponse } from '@/search/types' +import type { + AutocompleteMatchQueriesOptions, + AutocompleteResultsArgs, +} from '@/search/lib/get-elasticsearch-results/types' +import type { QueryDslQueryContainer, SearchTotalHits } from '@elastic/elasticsearch/lib/api/types' + +// Query Elasticsearch for AI Search autocomplete results +export async function getAISearchAutocompleteResults({ + indexName, + query, + size, +}: AutocompleteResultsArgs): Promise { + const t0 = new Date() + const client = getElasticsearchClient() as Client + + const matchQueries = getAISearchAutocompleteMatchQueries(query.trim(), { + fuzzy: { + minLength: 3, + maxLength: 20, + }, + }) + const matchQuery = { + bool: { + should: matchQueries, + }, + } + + const highlight = getHighlightConfiguration(query, ['term']) + + const searchQuery = { + index: indexName, + highlight, + size, + query: matchQuery, + _source_includes: ['term'], + } + + const result = await client.search<{ term: string }>(searchQuery) + + const hitsAll = result.hits + const hits = hitsAll.hits.map((hit) => ({ + term: hit._source?.term, + highlights: (hit.highlight && hit.highlight.term) || [], + })) + + return { + meta: { + found: hitsAll.total as SearchTotalHits, + took: { query_msec: result.took, total_msec: new Date().getTime() - t0.getTime() }, + size, + }, + hits, + } +} + +function getAISearchAutocompleteMatchQueries( + query: string, + { fuzzy }: AutocompleteMatchQueriesOptions, +) { + const BOOST_PHRASE = 4.0 + const BOOST_REGULAR = 2.0 + const BOOST_PREFIX = 1.0 + const BOOST_FUZZY = 0.1 + + const matchQueries: QueryDslQueryContainer[] = [] + + // Use match_phrase for exact term matches + matchQueries.push({ + match_phrase: { + term: { + query, + boost: BOOST_PHRASE, + slop: 1, // Allows minor word reordering + }, + }, + }) + + // Use match for general matching + matchQueries.push({ + match: { + term: { + query, + boost: BOOST_PREFIX, + }, + }, + }) + + // Match phrase prefix for partial term matches + matchQueries.push({ + match_phrase_prefix: { + term: { + query, + boost: BOOST_PREFIX, + }, + }, + }) + matchQueries.push({ + match_bool_prefix: { + term: { + query, + boost: BOOST_REGULAR, + }, + }, + }) + + // Add fuzzy matching for typos and variations + if (query.length > fuzzy.minLength && query.length < fuzzy.maxLength) { + matchQueries.push({ + fuzzy: { + term: { + value: query, + boost: BOOST_FUZZY, + fuzziness: 'AUTO', + }, + }, + }) + } + + return matchQueries +} diff --git a/src/search/lib/get-elasticsearch-results/general-autocomplete.ts b/src/search/lib/get-elasticsearch-results/general-autocomplete.ts new file mode 100644 index 000000000000..0f3653940e72 --- /dev/null +++ b/src/search/lib/get-elasticsearch-results/general-autocomplete.ts @@ -0,0 +1,100 @@ +import { Client } from '@elastic/elasticsearch' +import { getElasticsearchClient } from '@/search/lib/helpers/get-client' +import { getHighlightConfiguration } from '@/search/lib/get-elasticsearch-results/helpers/elasticsearch-highlight-config' + +import type { QueryDslQueryContainer, SearchTotalHits } from '@elastic/elasticsearch/lib/api/types' +import type { AutocompleteSearchResponse } from '@/search/types' +import type { + AutocompleteMatchQueriesOptions, + AutocompleteResultsArgs, + AutocompleteElasticsearchItem, +} from '@/search/lib/get-elasticsearch-results/types' + +// Query Elasticsearch for general autocomplete results +export async function getAutocompleteSearchResults({ + indexName, + query, + size, +}: AutocompleteResultsArgs): Promise { + const t0 = new Date() + const client = getElasticsearchClient() as Client + + const matchQueries = getAutocompleteMatchQueries(query.trim(), { + fuzzy: { + minLength: 3, + maxLength: 20, + }, + }) + const matchQuery = { + bool: { + should: matchQueries, + }, + } + + const highlight = getHighlightConfiguration(query, ['term']) + + const searchQuery = { + index: indexName, + highlight, + size, + query: matchQuery, + // Send absolutely minimal from Elasticsearch to here. Less data => faster. + _source_includes: ['term'], + } + + const result = await client.search(searchQuery) + + const hitsAll = result.hits + const hits = hitsAll.hits.map((hit) => ({ + term: hit._source?.term, + highlights: (hit.highlight && hit.highlight.term) || [], + })) + + return { + meta: { + found: hitsAll.total as SearchTotalHits, + took: { query_msec: result.took, total_msec: new Date().getTime() - t0.getTime() }, + size, + }, + hits, + } +} + +function getAutocompleteMatchQueries(query: string, { fuzzy }: AutocompleteMatchQueriesOptions) { + const BOOST_PHRASE = 4.0 + const BOOST_REGULAR = 2.0 + const BOOST_FUZZY = 0.1 + + const matchQueries: QueryDslQueryContainer[] = [] + const isMultiWordQuery = query.includes(' ') || query.includes('-') + + if (isMultiWordQuery) { + matchQueries.push({ + match_phrase_prefix: { + term: { + query, + boost: BOOST_PHRASE, + }, + }, + }) + } + + matchQueries.push({ + match_bool_prefix: { + term: { + query, + boost: BOOST_REGULAR, + }, + }, + }) + + if (query.length > fuzzy.minLength && query.length < fuzzy.maxLength) { + matchQueries.push({ + fuzzy: { + term: { value: query, boost: BOOST_FUZZY, fuzziness: 'AUTO' }, + }, + }) + } + + return matchQueries +} diff --git a/src/search/middleware/es-search.js b/src/search/lib/get-elasticsearch-results/general-search.ts similarity index 59% rename from src/search/middleware/es-search.js rename to src/search/lib/get-elasticsearch-results/general-search.ts index a23e2314dec6..263a7b787739 100644 --- a/src/search/middleware/es-search.js +++ b/src/search/lib/get-elasticsearch-results/general-search.ts @@ -1,57 +1,54 @@ -import { Client } from '@elastic/elasticsearch' - -export const POSSIBLE_HIGHLIGHT_FIELDS = ['title', 'content'] -// This needs to match what we *use* in the `` component. -// For example, if we don't display "headings" we shouldn't request -// highlights for it either. -export const DEFAULT_HIGHLIGHT_FIELDS = ['title', 'content'] - -const ELASTICSEARCH_URL = process.env.ELASTICSEARCH_URL +import { getElasticsearchClient } from '@/search/lib/helpers/get-client' +import { DEFAULT_HIGHLIGHT_FIELDS } from '@/search/lib/search-request-params/search-params-objects' +import { getHighlightConfiguration } from '@/search/lib/get-elasticsearch-results/helpers/elasticsearch-highlight-config' + +import type { + SearchHit as ElasticsearchHit, + QueryDslQueryContainer, + SearchRequest, + SearchTotalHits, +} from '@elastic/elasticsearch/lib/api/types' +import type { + AdditionalIncludes, + ComputedSearchQueryParamsMap, +} from '@/search/lib/search-request-params/types' +import type { SearchAggregation, GeneralSearchHit, GeneralSearchResponse } from '@/search/types' const MAX_AGGREGATE_SIZE = 30 -const isDevMode = process.env.NODE_ENV !== 'production' +const isDevMode: boolean = process.env.NODE_ENV !== 'production' -function getClient() { - if (!ELASTICSEARCH_URL) { - // If this was mistakenly not set, it will eventually fail - // when you use the Client. But `new Client({node: undefined})` - // won't throw. And the error you get when you actually do try - // to use that Client instance is cryptic compared to this - // plain and simple thrown error. - throw new Error(`$ELASTICSEARCH_URL is not set`) - } - return new Client({ - node: ELASTICSEARCH_URL, - // The default is 30,000ms but we noticed that the median time is about - // 100-150ms with some occasional searches taking multiple seconds. - // The default `maxRetries` is 3 which is a sensible number. - // If a query gets stuck, it's better to (relatively) quickly give up - // and retry. So if it takes longer than this time here, we're banking on - // that it was just bad luck and that it'll work if we simply try again. - // See internal issue #2318. - requestTimeout: 1900, - // It's important that requestTimeout * maxRetries is less than 10 seconds. - maxRetries: 5, - }) +type getGeneralSearchResultsParams = { + indexName: string + searchParams: ComputedSearchQueryParamsMap['generalSearch'] + topics?: string[] + includeTopics?: boolean } -// The true work horse that actually performs the Elasticsearch query -export async function getSearchResults({ - indexName, - query, - page, - size, - debug, - sort, - topics, - includeTopics, - usePrefixSearch, - highlights, - include, - toplevel, - aggregate, -}) { +// Query Elasticsearch for general search results +export async function getGeneralSearchResults( + args: getGeneralSearchResultsParams, +): Promise { + const { + indexName, + searchParams: { + highlights, + include, + toplevel, + aggregate, + autocomplete, + query, + page, + size, + debug, + sort, + }, + topics, + includeTopics, + } = args + + const usePrefixSearch = autocomplete + if (topics && !Array.isArray(topics)) { throw new Error("'topics' has to be an array") } @@ -71,8 +68,8 @@ export async function getSearchResults({ throw new Error("Every entry in the 'toplevel' must be a string") } } - const t0 = new Date() - const client = getClient() + const t0 = Date.now() + const client = getElasticsearchClient() const from = size * (page - 1) const matchQueries = getMatchQueries(query.trim(), { @@ -83,7 +80,7 @@ export async function getSearchResults({ }, }) - const matchQuery = { + const matchQuery: Record = { bool: { should: matchQueries, // This allows filtering by toplevel later. @@ -91,7 +88,8 @@ export async function getSearchResults({ }, } - const topicsFilter = (topics || []).map((topic) => { + const topicsArray = Array.isArray(topics) ? topics : topics ? [topics] : [] + const topicsFilter = topicsArray.map((topic) => { return { term: { // Remember, 'topics' is a keyword field, meaning you need @@ -101,15 +99,18 @@ export async function getSearchResults({ } }) if (topicsFilter.length) { - matchQuery.bool.filter = topicsFilter + matchQuery.bool.filter = matchQuery.bool.filter || [] + matchQuery.bool.filter.push(...topicsFilter) } - if (toplevel && toplevel.length) { - matchQuery.bool.filter = { + const toplevelArray = toplevel || [] + if (toplevelArray.length) { + matchQuery.bool.filter = matchQuery.bool.filter || [] + matchQuery.bool.filter.push({ terms: { - toplevel, + toplevel: toplevelArray, }, - } + }) } const highlightFields = Array.from(highlights || DEFAULT_HIGHLIGHT_FIELDS) @@ -121,7 +122,7 @@ export async function getSearchResults({ const aggs = getAggregations(aggregate) - const searchQuery = { + const searchQuery: SearchRequest = { index: indexName, highlight, from, @@ -136,13 +137,13 @@ export async function getSearchResults({ _source_includes: ['title', 'url', 'breadcrumbs', 'popularity', 'toplevel'], } - if (includeTopics) { - searchQuery._source_includes.push('topics') + if (includeTopics && Array.isArray(searchQuery._source_includes)) { + searchQuery._source_includes?.push('topics') } - for (const key of ['intro', 'headings']) { - if (include.includes(key)) { - searchQuery._source_includes.push(key) + for (const key of ['intro', 'headings'] as const) { + if (include.includes(key) && Array.isArray(searchQuery._source_includes)) { + searchQuery._source_includes?.push(key) } } @@ -193,26 +194,26 @@ export async function getSearchResults({ highlightFields, include, }) - const aggregations = getAggregationsResult(aggregate, result.aggregations) - const t1 = new Date() + const aggregationsResult = getAggregationsResult(aggregate, result.aggregations) + const t1 = Date.now() const meta = { - found: hitsAll.total, + found: hitsAll.total as SearchTotalHits, took: { query_msec: result.took, - total_msec: t1.getTime() - t0.getTime(), + total_msec: t1 - t0, }, page, size, } - return { meta, hits, aggregations } + return { meta, hits, aggregations: aggregationsResult } } -function getAggregations(aggregate) { +function getAggregations(aggregate?: string[]): Record | undefined { if (!aggregate || !aggregate.length) return undefined - const aggs = {} + const aggs: Record = {} for (const key of aggregate) { aggs[key] = { terms: { @@ -224,66 +225,37 @@ function getAggregations(aggregate) { return aggs } -function getAggregationsResult(aggregate, result) { - if (!aggregate || !aggregate.length) return - return Object.fromEntries( - aggregate.map((key) => [ - key, - result[key].buckets - .map((bucket) => { - return { - key: bucket.key, - count: bucket.doc_count, - } - }) - .sort((a, b) => a.key.localeCompare(b.key)), - ]), - ) -} - -export async function getAutocompleteSearchResults({ indexName, query, size }) { - const client = getClient() - - const matchQueries = getAutocompleteMatchQueries(query.trim(), { - fuzzy: { - minLength: 3, - maxLength: 20, - }, - }) - const matchQuery = { - bool: { - should: matchQueries, - }, - } - - const highlight = getHighlightConfiguration(query, ['term']) - - const searchQuery = { - index: indexName, - highlight, - size, - query: matchQuery, - // Send absolutely minimal from Elasticsearch to here. Less data => faster. - _source_includes: ['term'], - } - const result = await client.search(searchQuery) - - const hitsAll = result.hits - const hits = hitsAll.hits.map((hit) => { - return { - term: hit._source.term, - highlights: (hit.highlight && hit.highlight.term) || [], +function getAggregationsResult( + aggregate?: string[], + result?: Record, +): Record | undefined { + if (!aggregate || !aggregate.length || !result) return undefined + const aggregations: Record = {} + for (const key of aggregate) { + if (result[key]?.buckets) { + aggregations[key] = result[key].buckets + .map((bucket: any) => ({ + key: bucket.key as string, + count: bucket.doc_count as number, + })) + .sort((a: { key: string }, b: { key: string }) => a.key.localeCompare(b.key)) } - }) - - const meta = { - found: hitsAll.total, } + return aggregations +} - return { meta, hits } +interface GetMatchQueriesOptions { + usePrefixSearch: boolean + fuzzy: { + minLength: number + maxLength: number + } } -function getMatchQueries(query, { usePrefixSearch, fuzzy }) { +function getMatchQueries( + query: string, + { usePrefixSearch, fuzzy }: GetMatchQueriesOptions, +): QueryDslQueryContainer[] { const BOOST_PHRASE = 10.0 const BOOST_TITLE = 4.0 const BOOST_HEADINGS = 3.0 @@ -296,7 +268,7 @@ function getMatchQueries(query, { usePrefixSearch, fuzzy }) { // which wouldn't find anything else anyway. const BOOST_FUZZY = 0.1 - const matchQueries = [] + const matchQueries: QueryDslQueryContainer[] = [] // If the query input is multiple words, it's good to know because you can // make the query do `match_phrase` and you can make `match` query @@ -453,12 +425,12 @@ function getMatchQueries(query, { usePrefixSearch, fuzzy }) { } else if (query.startsWith('http')) { // E.g. `https://docs.github.com/en/some/page?foo=bar` // will become a search on `{url: '/en/some/page'}` - let pathname + let pathname: string | undefined try { pathname = new URL(query).pathname } catch { // If it failed, it can't be initialized with the `URL` constructor - // we so we can deem it *not* a valid URL. + // so we can deem it *not* a valid URL. } if (pathname) { matchQueries.push({ @@ -471,47 +443,18 @@ function getMatchQueries(query, { usePrefixSearch, fuzzy }) { return matchQueries } -function getAutocompleteMatchQueries(query, { fuzzy }) { - const BOOST_PHRASE = 4.0 - const BOOST_REGULAR = 2.0 - const BOOST_FUZZY = 0.1 // make it always last in ranking - const matchQueries = [] - - // If the query input is multiple words, it's good to know because you can - // make the query do `match_phrase` and you can make `match` query - // with the `AND` operator (`OR` is the default). - const isMultiWordQuery = query.includes(' ') || query.includes('-') - - if (isMultiWordQuery) { - matchQueries.push({ - match_phrase_prefix: { - term: { - query, - boost: BOOST_PHRASE, - }, - }, - }) - } - matchQueries.push({ - match_bool_prefix: { - term: { - query, - boost: BOOST_REGULAR, - }, - }, - }) - if (query.length > fuzzy.minLength && query.length < fuzzy.maxLength) { - matchQueries.push({ - fuzzy: { - term: { value: query, boost: BOOST_FUZZY, fuzziness: 'AUTO' }, - }, - }) - } - - return matchQueries +interface GetHitsOptions { + indexName: string + debug?: boolean + includeTopics?: boolean + highlightFields: string[] + include: AdditionalIncludes[] } -function getHits(hits, { indexName, debug, includeTopics, highlightFields, include }) { +function getHits( + hits: ElasticsearchHit[], + { indexName, debug = false, includeTopics = false, highlightFields, include }: GetHitsOptions, +): GeneralSearchHit[] { return hits.map((hit) => { // Return `hit.highlights[...]` based on the highlight fields requested. // So if you searched with `&highlights=headings&highlights=content` @@ -521,11 +464,12 @@ function getHits(hits, { indexName, debug, includeTopics, highlightFields, inclu // headings: [...] // } // even if there was a match on 'title'. - const hitHighlights = Object.fromEntries( - highlightFields.map((key) => [key, (hit.highlight && hit.highlight[key]) || []]), - ) + const hitHighlights: Record = {} + for (const key of highlightFields) { + hitHighlights[key] = (hit.highlight && hit.highlight[key]) || [] + } - const result = { + const result: GeneralSearchHit = { id: hit._id, url: hit._source.url, title: hit._source.title, @@ -536,87 +480,15 @@ function getHits(hits, { indexName, debug, includeTopics, highlightFields, inclu result.topics = hit._source.topics || [] } if (debug) { - result.score = hit._score || 0.0 - result.popularity = hit._source.popularity || 0.0 + result.score = hit._score ?? 0.0 + result.popularity = hit._source.popularity ?? 0.0 if (isDevMode) { result.es_url = `http://localhost:9200/${indexName}/_doc/${hit._id}` } } - for (const field of include || []) { + for (const field of include) { result[field] = hit._source[field] } return result }) } - -// The highlight configuration is dependent on how we use the content -// in the UI. For example, we feel we need about 3 lines (max) -// of highlights of content under each title. If we feel it shows too -// many highlights in the search result UI, we can come back here -// and change it to something more appropriate. -function getHighlightConfiguration(query, highlights) { - const fields = {} - if (highlights.includes('title')) { - fields.title = { - // Fast Vector Highlighter - // Using this requires that you first index these fields - // with {term_vector: 'with_positions_offsets'} - type: 'fvh', - fragment_size: 200, - number_of_fragments: 1, - } - } - if (highlights.includes('content')) { - // The 'no_match_size' is so we can display *something* for the - // preview if there was no highlight match at all within the content. - fields.content = { - // Fast Vector Highlighter - // Using this requires that you first index these fields - // with {term_vector: 'with_positions_offsets'} - type: 'fvh', - fragment_size: 150, - number_of_fragments: 1, - no_match_size: 150, - - highlight_query: { - match_phrase_prefix: { - content: { - query, - }, - }, - }, - } - fields.content_explicit = { - // Fast Vector Highlighter - // Using this requires that you first index these fields - // with {term_vector: 'with_positions_offsets'} - type: 'fvh', - fragment_size: 150, - number_of_fragments: 1, - no_match_size: 0, - - highlight_query: { - match_phrase_prefix: { - content_explicit: { - query, - }, - }, - }, - } - } - if (highlights.includes('term')) { - fields.term = { - // Fast Vector Highlighter - // Using this requires that you first index these fields - // with {term_vector: 'with_positions_offsets'} - type: 'fvh', - // fragment_size: 200, - // number_of_fragments: 1, - } - } - return { - pre_tags: [''], - post_tags: [''], - fields, - } -} diff --git a/src/search/lib/get-elasticsearch-results/helpers/elasticsearch-highlight-config.ts b/src/search/lib/get-elasticsearch-results/helpers/elasticsearch-highlight-config.ts new file mode 100644 index 000000000000..98c9bc5ff6ec --- /dev/null +++ b/src/search/lib/get-elasticsearch-results/helpers/elasticsearch-highlight-config.ts @@ -0,0 +1,86 @@ +import { SearchHighlight } from '@elastic/elasticsearch/lib/api/types' + +import type { HighlightOptions } from '@/search/lib/search-request-params/types' + +export interface HighlightConfig { + type: string + fragment_size?: number + number_of_fragments?: number + no_match_size?: number + highlight_query?: object +} + +export type HighlightFields = { + [key in HighlightOptions]: HighlightConfig +} + +// When we query Elasticsearch, we can specify a highlight configuration +export function getHighlightConfiguration( + query: string, + highlightsFields: HighlightOptions[], +): SearchHighlight { + const fields = {} as HighlightFields + if (highlightsFields.includes('title')) { + fields.title = { + // Fast Vector Highlighter + // Using this requires that you first index these fields + // with {term_vector: 'with_positions_offsets'} + type: 'fvh', + fragment_size: 200, + number_of_fragments: 1, + } + } + if (highlightsFields.includes('content')) { + fields.content = { + // Fast Vector Highlighter + // Using this requires that you first index these fields + // with {term_vector: 'with_positions_offsets'} + type: 'fvh', + fragment_size: 150, + number_of_fragments: 1, + // So we can at least display something if there was no highlight match within the content. + no_match_size: 150, + + highlight_query: { + match_phrase_prefix: { + content: { + query, + }, + }, + }, + } + fields.content_explicit = { + // Fast Vector Highlighter + // Using this requires that you first index these fields + // with {term_vector: 'with_positions_offsets'} + type: 'fvh', + fragment_size: 150, + number_of_fragments: 1, + no_match_size: 0, + + highlight_query: { + match_phrase_prefix: { + content_explicit: { + query, + }, + }, + }, + } + } + if (highlightsFields.includes('term')) { + fields.term = { + // Fast Vector Highlighter + // Using this requires that you first index these fields + // with {term_vector: 'with_positions_offsets'} + type: 'fvh', + } + } + + const highlightConfig: SearchHighlight = { + pre_tags: [''], + post_tags: [''], + fields, + } + + return highlightConfig +} diff --git a/src/search/lib/get-elasticsearch-results/types.ts b/src/search/lib/get-elasticsearch-results/types.ts new file mode 100644 index 000000000000..da6fa59f5612 --- /dev/null +++ b/src/search/lib/get-elasticsearch-results/types.ts @@ -0,0 +1,23 @@ +export interface AutocompleteResultsArgs { + indexName: string + query: string + size: number +} + +export interface FuzzyConfig { + minLength: number + maxLength: number +} + +export interface MatchQueriesOptions { + usePrefixSearch?: boolean + fuzzy: FuzzyConfig +} + +export interface AutocompleteMatchQueriesOptions { + fuzzy: FuzzyConfig +} + +export interface AutocompleteElasticsearchItem { + term: string +} diff --git a/src/search/lib/helpers/get-client.ts b/src/search/lib/helpers/get-client.ts new file mode 100644 index 000000000000..b6b4c1106452 --- /dev/null +++ b/src/search/lib/helpers/get-client.ts @@ -0,0 +1,31 @@ +import { Client } from '@elastic/elasticsearch' +import { safeUrlDisplay } from '@/search/lib/helpers/strings' + +export function getElasticsearchClient(overrideURL = '', verbose = false): Client { + const node = getElasticsearchURL(overrideURL) + if (verbose) { + console.log('Connecting to Elasticsearch URL:', safeUrlDisplay(node)) + } + const client = new Client({ node }) + return client +} + +function getElasticsearchURL(overrideURL = ''): string { + if (!process.env.ELASTICSEARCH_URL && !overrideURL) { + throw new Error( + 'Must pass the elasticsearch URL option or ' + + 'set the environment variable ELASTICSEARCH_URL', + ) + } + let node = overrideURL || process.env.ELASTICSEARCH_URL || '' + + // Allow the user to lazily set it to `localhost:9200` for example. + if (!node.startsWith('http') && !node.startsWith('://') && node.split(':').length === 2) { + node = `http://${node}` + } + + const parsed = new URL(node) + if (!parsed.hostname) throw new Error('no valid hostname') + + return node +} diff --git a/src/search/lib/helpers/old-version-logic.ts b/src/search/lib/helpers/old-version-logic.ts new file mode 100644 index 000000000000..137c63c71495 --- /dev/null +++ b/src/search/lib/helpers/old-version-logic.ts @@ -0,0 +1,44 @@ +import { allVersions } from '@/versions/lib/all-versions' + +// TODO: Old version logic +type VersionAliases = { [key: string]: string } +export const versionAliases: VersionAliases = {} +export const prefixVersionAliases: VersionAliases = {} + +Object.values(allVersions).forEach((info) => { + if (info.hasNumberedReleases) { + versionAliases[info.currentRelease] = info.miscVersionName + } else { + versionAliases[info.version] = info.miscVersionName + versionAliases[info.miscVersionName] = info.miscVersionName + } + prefixVersionAliases[info.plan] = info.shortName + prefixVersionAliases[info.shortName] = info.shortName +}) + +// Temporary hard-coded switch +// +// We need to run workflows in production to index the search data +// We want the middleware + routes that consume the indexes to consume the old indexes +// until the new indexes are ready. + +// Once they are ready we can remove this file & cleanup the places it is used +export function isBeforeSearchIndexMigration() { + if (process.env.NODE_ENV === 'production') return true + return false +} + +// Old test prefix helper function +export function getGeneralSearchIndexPrefix(): string { + if (process.env.NODE_ENV === 'test') return 'tests_' + return '' +} + +export function getGeneralSearchIndexVersion(paramVersion: string): string { + const version = + prefixVersionAliases[paramVersion] || + versionAliases[paramVersion] || + allVersions[paramVersion].miscVersionName + + return version +} diff --git a/src/search/lib/helpers/strings.ts b/src/search/lib/helpers/strings.ts new file mode 100644 index 000000000000..d8ca26383cc4 --- /dev/null +++ b/src/search/lib/helpers/strings.ts @@ -0,0 +1,10 @@ +export function safeUrlDisplay(url: string): string { + const parsed = new URL(url) + if (parsed.password) { + parsed.password = '***' + } + if (parsed.username) { + parsed.username = parsed.username.slice(0, 4) + '***' + } + return parsed.toString() +} diff --git a/src/search/scripts/index/lib/utils.ts b/src/search/lib/helpers/time.ts similarity index 56% rename from src/search/scripts/index/lib/utils.ts rename to src/search/lib/helpers/time.ts index 779ba85c6990..36579358d4ef 100644 --- a/src/search/scripts/index/lib/utils.ts +++ b/src/search/lib/helpers/time.ts @@ -33,3 +33,28 @@ export function utcTimestamp() { .join('') ) } + +/** + * Converts a given number of seconds into a formatted time string "HH:mm:ss". + * + * @param {number} seconds - The total number of seconds to format. + * @returns {string} A string representing the time in "hours:minutes:seconds" format. + * + * @example + * // returns "01:30:45" + * formatSeconds(5445); + */ +export function formatSecondsToHHMMSS(seconds: number): string { + return new Date(seconds * 1000).toISOString().substr(11, 8) +} + +export function readableTimeMinAndSec(ms: number): string { + if (ms < 1000) { + return `${ms.toFixed(1)}ms` + } + const seconds = ms / 1000 + if (seconds > 60) { + return `${Math.round(seconds / 60)}m${Math.round(seconds % 60)}s` + } + return `${seconds.toFixed(1)}s` +} diff --git a/src/search/lib/search-request-params/get-search-from-request-params.ts b/src/search/lib/search-request-params/get-search-from-request-params.ts new file mode 100644 index 000000000000..1ae3fd38ad85 --- /dev/null +++ b/src/search/lib/search-request-params/get-search-from-request-params.ts @@ -0,0 +1,96 @@ +import type { Request } from 'express' +import { format } from 'node:util' + +import { getElasticSearchIndex } from '@/search/lib/elasticsearch-indexes' +import { + ValidationError, + getSearchRequestParamsObject, +} from '@/search/lib/search-request-params/search-params-objects' +import { + getGeneralSearchIndexVersion, + getGeneralSearchIndexPrefix, + isBeforeSearchIndexMigration, +} from '@/search/lib/helpers/old-version-logic' + +import type { + ComputedSearchQueryParams, + ComputedSearchQueryParamsMap, + GetSearchRequestReturn, +} from '@/search/lib/search-request-params/types' +import type { SearchTypes, SearchValidationErrorEntry } from '@/search/types' + +type ForceParams = { + [K in keyof ComputedSearchQueryParams]?: ComputedSearchQueryParams[K] +} + +// Fetches the Search Params Object based on the type of request and uses that object to validate the passed in request parameters +// For example, if the request is a general search request, the general search params object expects a `page` key, e.g. ?page=1 on the request +// If that key is not present, it will be added to the validation errors array which will result in a 400 to the user. +export function getSearchFromRequestParams( + req: Request, + type: Type, + forceParams: ForceParams = {} as ForceParams, +): GetSearchRequestReturn { + const searchParamsObject = getSearchRequestParamsObject(type) + + const searchParams: ComputedSearchQueryParamsMap[Type] = {} as ComputedSearchQueryParamsMap[Type] + const validationErrors: SearchValidationErrorEntry[] = [] + + for (const { key, default_, cast, validate, multiple } of searchParamsObject) { + if (key in forceParams) { + ;(searchParams[key] as any) = forceParams[key] as any + continue + } + + let value = req.query[key] + if (!value || (typeof value === 'string' && !value.trim())) { + if (default_ === undefined) { + validationErrors.push({ error: `No truthy value for key '${key}'`, key }) + continue + } + value = default_ + } + if (cast) { + value = cast(value) + } + try { + if (validate && !validate(value)) { + validationErrors.push({ + error: format('Not a valid value (%O) for key %O', value, key), + key, + }) + } + } catch (err) { + if (err instanceof ValidationError) { + validationErrors.push({ error: err.toString(), field: key }) + } else { + throw err + } + } + if (!multiple && Array.isArray(value)) { + validationErrors.push({ + error: format('Cannot have multiple values (%O) for key %O', value, key), + key, + }) + } + + ;(searchParams[key] as any) = value + } + + let indexName = '' + if (!validationErrors.length) { + // generalSearch is the only type of search that uses the old index prefix logic, rather than the `getElasticSearchIndex` function logic + if (type === 'generalSearch' && isBeforeSearchIndexMigration()) { + indexName = `${getGeneralSearchIndexPrefix()}github-docs-${getGeneralSearchIndexVersion(searchParams.version)}-${searchParams.language}` + } else { + const getIndexResults = getElasticSearchIndex( + type, + searchParams.version, + searchParams.language, + ) + indexName = getIndexResults.indexName + } + } + + return { indexName, searchParams, validationErrors } +} diff --git a/src/search/lib/search-request-params/search-params-objects.ts b/src/search/lib/search-request-params/search-params-objects.ts new file mode 100644 index 000000000000..76dfce35e61e --- /dev/null +++ b/src/search/lib/search-request-params/search-params-objects.ts @@ -0,0 +1,153 @@ +/* + When a request is made to a /search endpoint with query parameters, e.g. ?query=foo&version=free-pro-team, + we need to validate and parse the parameters. This file contains the configuration for which parameters + to expect based on the type of search request "e.g. general search vs autocomplete search" and how to validate them. + */ +import languages from '@/languages/lib/languages' +import { allIndexVersionKeys, versionToIndexVersionMap } from '@/search/lib/elasticsearch-versions' +import { SearchTypes } from '@/search/types' +import { versionAliases } from '@/search/lib/helpers/old-version-logic' +import { allVersions } from '@/versions/lib/all-versions' + +import type { SearchRequestQueryParams } from '@/search/lib/search-request-params/types' + +// Entry to this file, returns the query parameters to expect based on the type of search request +export function getSearchRequestParamsObject(type: SearchTypes): SearchRequestQueryParams[] { + if (type === 'generalAutocomplete') { + return AUTOCOMPLETE_PARAMS_OBJ + } else if (type === 'aiSearchAutocomplete') { + return AI_SEARCH_AUTOCOMPLETE_PARAMS_OBJ + } + return GENERAL_SEARCH_PARAMS_OBJ +} + +// - - - Everything below this line is for building the search query param objects - - - // + +// Constants +const DEFAULT_AUTOCOMPLETE_SIZE = 5 +const MAX_AUTOCOMPLETE_SIZE = 10 +const DEFAULT_SIZE = 10 +const MAX_SIZE = 50 +const DEFAULT_PAGE = 1 +const POSSIBLE_SORTS = ['best', 'relevance'] as const +const DEFAULT_SORT = POSSIBLE_SORTS[0] +const MAX_PAGE = 10 +const V1_AGGREGATES = ['toplevel'] as const +export const POSSIBLE_HIGHLIGHT_FIELDS = ['title', 'content'] as const +// This needs to match what we *use* in the `` component. +// For example, if we don't display "headings" we shouldn't request +// highlights for it either. +export const DEFAULT_HIGHLIGHT_FIELDS: readonly string[] = ['title', 'content'] + +export const V1_ADDITIONAL_INCLUDES = ['intro', 'headings', 'toplevel'] as const + +export class ValidationError extends Error {} + +const SHARED_PARAMS_OBJ: SearchRequestQueryParams[] = [ + { key: 'query' }, + { + key: 'version', + default_: 'free-pro-team', + validate: (version: string) => { + if (!versionToIndexVersionMap[version]) { + throw new ValidationError(`'${version}' not in ${allIndexVersionKeys.join(', ')}`) + } + return true + }, + }, +] + +const GENERAL_SEARCH_PARAMS_OBJ: SearchRequestQueryParams[] = [ + ...SHARED_PARAMS_OBJ, + { key: 'query' }, + // TODO: Overwrite with old version logic for now + { + key: 'version', + default_: 'dotcom', + validate: (v) => { + if (versionAliases[v] || allVersions[v]) return true + const valid = [...Object.keys(versionAliases), ...Object.keys(allVersions)] + throw new ValidationError(`'${v}' not in ${valid}`) + }, + }, + { key: 'language', default_: 'en', validate: (v) => v in languages }, + { + key: 'size', + default_: DEFAULT_SIZE, + cast: (v) => parseInt(v, 10), + validate: (v) => v >= 0 && v <= MAX_SIZE, + }, + { + key: 'page', + default_: DEFAULT_PAGE, + cast: (v) => parseInt(v, 10), + validate: (v) => v >= 1 && v <= MAX_PAGE, + }, + { key: 'sort', default_: DEFAULT_SORT, validate: (v) => POSSIBLE_SORTS.includes(v as any) }, + { + key: 'highlights', + default_: DEFAULT_HIGHLIGHT_FIELDS, + cast: (v) => (Array.isArray(v) ? v : [v]), + multiple: true, + validate: (v) => { + for (const highlight of v) { + if (!POSSIBLE_HIGHLIGHT_FIELDS.includes(highlight)) { + throw new ValidationError(`highlight value '${highlight}' is not valid`) + } + } + return true + }, + }, + { key: 'autocomplete', default_: false, cast: toBoolean }, + { key: 'debug', default_: process.env.NODE_ENV === 'development', cast: toBoolean }, + { + key: 'include', + default_: [], + cast: toArray, + multiple: true, + validate: (values) => + values.every((value: string) => V1_ADDITIONAL_INCLUDES.includes(value as any)), + }, + { + key: 'toplevel', + default_: [], + cast: toArray, + multiple: true, + }, + { + key: 'aggregate', + default_: [], + cast: toArray, + multiple: true, + validate: (values) => values.every((value: string) => V1_AGGREGATES.includes(value as any)), + }, +] + +const SHARED_AUTOCOMPLETE_PARAMS_OBJ: SearchRequestQueryParams[] = [ + { + key: 'size', + default_: DEFAULT_AUTOCOMPLETE_SIZE, + cast: (size: string) => parseInt(size, 10), + validate: (size: number) => size >= 0 && size <= MAX_AUTOCOMPLETE_SIZE, + }, +] + +const AI_SEARCH_AUTOCOMPLETE_PARAMS_OBJ: SearchRequestQueryParams[] = [ + ...SHARED_PARAMS_OBJ, + ...SHARED_AUTOCOMPLETE_PARAMS_OBJ, + { key: 'language', default_: 'en', validate: (language: string) => language === 'en' }, +] + +const AUTOCOMPLETE_PARAMS_OBJ: SearchRequestQueryParams[] = [ + ...SHARED_PARAMS_OBJ, + ...SHARED_AUTOCOMPLETE_PARAMS_OBJ, + { key: 'language', default_: 'en', validate: (language: string) => language in languages }, +] + +function toBoolean(value: any): boolean { + return value === 'true' || value === '1' +} + +function toArray(value: any): any[] { + return Array.isArray(value) ? value : [value] +} diff --git a/src/search/lib/search-request-params/types.ts b/src/search/lib/search-request-params/types.ts new file mode 100644 index 000000000000..e9673c767769 --- /dev/null +++ b/src/search/lib/search-request-params/types.ts @@ -0,0 +1,52 @@ +import { V1_ADDITIONAL_INCLUDES } from '@/search/lib/search-request-params/search-params-objects' + +import { SearchTypes, SearchValidationErrorEntry } from '@/search/types' + +export type HighlightOptions = 'title' | 'content' | 'content_explicit' | 'term' + +export type AdditionalIncludes = (typeof V1_ADDITIONAL_INCLUDES)[number] + +export interface ComputedSearchQueryParams { + query: string + size: number + version: string + language: string + // These are optional, so we need to use ComputedSearchQueryParamsMap in functions to get the exact types per Search Type + page?: number + sort?: string + highlights?: HighlightOptions[] + autocomplete?: boolean + debug?: boolean + include?: AdditionalIncludes[] + toplevel?: string[] + aggregate?: string[] +} + +export interface ComputedSearchQueryParamsMap { + generalSearch: ComputedSearchQueryParams & { + page: number + sort: string + highlights: HighlightOptions[] + autocomplete: boolean + debug: boolean + include: AdditionalIncludes[] + toplevel: string[] + aggregate: string[] + } + generalAutocomplete: ComputedSearchQueryParams + aiSearchAutocomplete: ComputedSearchQueryParams +} + +export interface SearchRequestQueryParams { + key: keyof ComputedSearchQueryParams + default_?: any + cast?: (value: any) => any + validate?: (value: any) => boolean + multiple?: boolean +} + +export interface GetSearchRequestReturn { + indexName: string + searchParams: ComputedSearchQueryParamsMap[Type] + validationErrors: SearchValidationErrorEntry[] +} diff --git a/src/search/middleware/contextualize.js b/src/search/middleware/contextualize.js deleted file mode 100644 index 20462c06c88d..000000000000 --- a/src/search/middleware/contextualize.js +++ /dev/null @@ -1,153 +0,0 @@ -import got from 'got' -import { errors } from '@elastic/elasticsearch' -import statsd from '#src/observability/lib/statsd.js' - -import { getPathWithoutVersion, getPathWithoutLanguage } from '#src/frame/lib/path-utils.js' -import { getSearchFromRequest } from './get-search-request.js' -import { getSearchResults } from './es-search.js' - -export default async function contextualizeSearch(req, res, next) { - // If it's NextJS fetching or data or it's a direct request, - // the pagePath is the "normalized" version - const { pagePath } = req - if (getPathWithoutLanguage(getPathWithoutVersion(pagePath)) !== '/search') { - return next() - } - - // When you use `/api/search/v1?version=foo&language=xy&...` - // the language and version comes from the query string. - // When you use `/xz/enterprise-cloud@latest/search?query=hello` - // the `version` and `language` is implied from the URL pathname. - // search.version = req.context.currentVersion - // search.language = req.context.currentLanguage - - const { search, validationErrors } = getSearchFromRequest(req, { - version: req.context.currentVersion, - language: req.context.currentLanguage, - }) - - if (validationErrors.map((error) => error.key).includes('query')) { - // 'query' is such an exception because the search result component - // will attempt to display its value even if there was any - // validation error. In a sense, it displays: - // - // You searched for "foo" - // But your 'page' parameter is invalid. - // - // If for example, the search input is an array, we pick the first - // value. If it's too long, we truncate it. - if (Array.isArray(search.query)) { - search.query = search.query[0] - } else if (!search.query) { - // If the 'query' query string parameter wasn't even present, - // it becomes `undefined`. But since `search.query` needs to be - // a *string*, we pretend it was provided but empty. - search.query = '' - } - } - - // This enables so that when the search is sent to Elasticsearch - // it will request an aggregate by these keyword fields. - search.aggregate = ['toplevel'] - - req.context.search = { search, validationErrors } - - if (!validationErrors.length && search.query) { - if (!process.env.ELASTICSEARCH_URL) { - // This is only true in local dev or in Preview environments. - // And in local dev, it's usually for content contributors who - // want to test a preview locally, but don't want to have to - // set up Elasticsearch. - // This same proxying logic happens in `middleware/api/index.js` - // too for the outwards facing `/api/search/v1` endpoint. - if (search.aggregate && search.toplevel && search.toplevel.length > 0) { - // Do 2 searches. One without filtering - const { toplevel, ...searchWithoutFilter } = search - searchWithoutFilter.size = 0 - const { aggregations } = await getProxySearch(searchWithoutFilter) - const { aggregate, ...searchWithoutAggregate } = search - req.context.search.results = await getProxySearch(searchWithoutAggregate) - req.context.search.results.aggregations = aggregations - } else { - req.context.search.results = await getProxySearch(search) - } - } else { - // If this throws, so be it. Let it bubble up. - // In local dev, you get to see the error. In production, - // you get a "Oops! Something went wrong" which involves a Failbot - // send. - const tags = [`indexName:${search.indexName}`, `toplevels:${search.toplevel.length}`] - const timed = statsd.asyncTimer(getSearchResults, 'contextualize.search', tags) - try { - if (search.aggregate && search.toplevel && search.toplevel.length > 0) { - // Do 2 searches. One without filtering - const { toplevel, ...searchWithoutFilter } = search - searchWithoutFilter.size = 0 - const { aggregations } = await timed(searchWithoutFilter) - req.context.search.results = await timed(search) - req.context.search.results.aggregations = aggregations - } else { - req.context.search.results = await timed(search) - } - } catch (error) { - // If the error coming from the Elasticsearch client is any sort - // of 4xx error, it will be bubbled up to the next middleware - // which might think something else is wrong with the *client's* - // request from the outside. But in reality it's not their fault. - // It's our fault in the backend side. So we throw a new error - // so that this failure to seach ultimately bubbles up to a - // proper 500 error (including Failbot reporting). - // In particular, this helps platform developers working on the - // Elasticsearch searching code. - if (error instanceof errors.ElasticsearchClientError) { - console.error('Error calling getSearchResults(%s):', search, error) - if (error.meta?.body) { - console.error(`Meta:`, error.meta.body) - } - throw new Error(error.message) - } else { - throw error - } - } - } - } - - return next() -} - -// When you use the proxy to prod, using its API, we need to "convert" -// the parameters we have figured out here in the contextualizer. -// Thankfully all the names match. For example, we might figure -// the page by doing `req.context.search.page = 123` and now we need to -// add that to the query string for the `/api/search/v1`. -// We inclusion-list all the keys that we want to take from the search -// object into the query string URL. -const SEARCH_KEYS_TO_QUERY_STRING = [ - 'query', - 'version', - 'language', - 'page', - 'aggregate', - 'toplevel', - 'size', -] - -async function getProxySearch(search) { - const url = new URL('https://docs.github.com/api/search/v1') - for (const key of SEARCH_KEYS_TO_QUERY_STRING) { - const value = search[key] - if (typeof value === 'boolean') { - url.searchParams.set(key, value ? 'true' : 'false') - } else if (Array.isArray(value)) { - for (const v of value) { - url.searchParams.append(key, v) - } - } else if (typeof value === 'number') { - url.searchParams.set(key, `${value}`) - } else if (value) { - url.searchParams.set(key, value) - } - } - console.log(`Proxying search to ${url}`) - return got(url).json() -} diff --git a/src/search/middleware/general-search-middleware.ts b/src/search/middleware/general-search-middleware.ts new file mode 100644 index 000000000000..5613d2bb7ef4 --- /dev/null +++ b/src/search/middleware/general-search-middleware.ts @@ -0,0 +1,174 @@ +/* +This file & middleware is for when a user requests our /search page e.g. 'docs.github.com/search?query=foo' + We make whatever search is in the ?query= parameter and attach it to req.search + req.search is then consumed by the search component in 'src/search/pages/search.tsx' + +When a user directly hits our API e.g. /api/search/v1?query=foo, they will hit the routes in ./search-routes.ts +*/ + +import got from 'got' +import { Request, Response, NextFunction } from 'express' +import { errors } from '@elastic/elasticsearch' +import statsd from '@/observability/lib/statsd.js' + +import { getPathWithoutVersion, getPathWithoutLanguage } from '@/frame/lib/path-utils' +import { getGeneralSearchResults } from '@/search/lib/get-elasticsearch-results/general-search' +import { getSearchFromRequestParams } from '@/search/lib/search-request-params/get-search-from-request-params' + +import type { ComputedSearchQueryParamsMap } from '@/search/lib/search-request-params/types' +import type { + GeneralSearchResponse, + SearchOnReqObject, + SearchTypes, + SearchValidationErrorEntry, +} from '@/search/types.js' + +interface Context { + currentVersion: string + currentLanguage: string + search: SearchOnReqObject +} + +interface CustomRequest extends Request { + pagePath: string + context: Context +} + +export default async function contextualizeGeneralSearch( + req: CustomRequest<'generalSearch'>, + res: Response, + next: NextFunction, +): Promise { + const { pagePath } = req + if (getPathWithoutLanguage(getPathWithoutVersion(pagePath)) !== '/search') { + return next() + } + + // Since this is a middleware language & version are already set in req.context via a prior middleware + const { indexName, searchParams, validationErrors } = getSearchFromRequestParams( + req, + 'generalSearch', + // Force the version and language keys to be set from the `req.context` object + { + version: req.context.currentVersion, + language: req.context.currentLanguage, + }, + ) + + if (validationErrors.map((error: SearchValidationErrorEntry) => error.key).includes('query')) { + if (Array.isArray(searchParams.query)) { + searchParams.query = searchParams.query[0] + } else if (!searchParams.query) { + searchParams.query = '' // If 'undefined' we need to cast to string + } + } + + searchParams.aggregate = ['toplevel'] + + req.context.search = { + searchParams, + validationErrors, + } + + if (!validationErrors.length && searchParams.query) { + // In local dev ELASTICSEARCH_URL may not be set, so we proxy the search to prod + if (!process.env.ELASTICSEARCH_URL) { + if (searchParams.aggregate && searchParams.toplevel && searchParams.toplevel.length > 0) { + // Do 2 searches. One without filtering to get the aggregations + const searchWithoutFilter = Object.fromEntries( + Object.entries(searchParams).filter(([key]) => key !== 'topLevel'), + ) + searchWithoutFilter.size = 0 + const { aggregations } = await getProxySearch( + searchWithoutFilter as ComputedSearchQueryParamsMap['generalSearch'], + ) + const searchWithoutAggregate = Object.fromEntries( + Object.entries(searchParams).filter(([key]) => key !== 'aggregate'), + ) + req.context.search.results = await getProxySearch( + searchWithoutAggregate as ComputedSearchQueryParamsMap['generalSearch'], + ) + req.context.search.results.aggregations = aggregations + } else { + req.context.search.results = await getProxySearch(searchParams) + } + } else { + const tags: string[] = [`indexName:${indexName}`, `toplevels:${searchParams.toplevel.length}`] + const timed = statsd.asyncTimer(getGeneralSearchResults, 'contextualize.search', tags) + const getGeneralSearchArgs = { + indexName, + searchParams, + } + try { + if (searchParams.aggregate && searchParams.toplevel && searchParams.toplevel.length > 0) { + // Do 2 searches. One without filtering to get the aggregations + const searchWithoutFilter = Object.fromEntries( + Object.entries(searchParams).filter(([key]) => key !== 'topLevel'), + ) + searchWithoutFilter.size = 0 + const { aggregations } = await timed({ + ...getGeneralSearchArgs, + searchParams: searchWithoutFilter as ComputedSearchQueryParamsMap['generalSearch'], + }) + req.context.search.results = await timed(getGeneralSearchArgs) + req.context.search.results.aggregations = aggregations + } else { + req.context.search.results = await timed(getGeneralSearchArgs) + } + } catch (error) { + // If the Elasticsearch sends a 4XX we want the user to see a 500 + if (error instanceof errors.ResponseError) { + console.error( + 'Error calling getSearchResults(%s):', + JSON.stringify({ + indexName, + searchParams, + }), + error, + ) + if (error?.meta?.body) { + console.error(`Meta:`, error.meta.body) + } + throw new Error(error.message) + } else { + throw error + } + } + } + } + + return next() +} + +const SEARCH_KEYS_TO_QUERY_STRING: (keyof ComputedSearchQueryParamsMap['generalSearch'])[] = [ + 'query', + 'version', + 'language', + 'page', + 'aggregate', + 'toplevel', + 'size', +] + +// Proxy the API endpoint with the relevant search params +async function getProxySearch( + search: ComputedSearchQueryParamsMap['generalSearch'], +): Promise { + const url = new URL('https://docs.github.com/api/search/v1') + for (const key of SEARCH_KEYS_TO_QUERY_STRING) { + const value = search[key] + if (typeof value === 'boolean') { + url.searchParams.set(key, value ? 'true' : 'false') + } else if (Array.isArray(value)) { + for (const v of value) { + url.searchParams.append(key, v) + } + } else if (typeof value === 'number') { + url.searchParams.set(key, `${value}`) + } else if (value) { + url.searchParams.set(key, value) + } + } + console.log(`Proxying search to ${url}`) + return got(url).json() +} diff --git a/src/search/middleware/get-search-request.js b/src/search/middleware/get-search-request.js deleted file mode 100644 index 05b340de00eb..000000000000 --- a/src/search/middleware/get-search-request.js +++ /dev/null @@ -1,229 +0,0 @@ -import { format } from 'node:util' - -import languages from '#src/languages/lib/languages.js' -import { allVersions } from '#src/versions/lib/all-versions.js' -import { POSSIBLE_HIGHLIGHT_FIELDS, DEFAULT_HIGHLIGHT_FIELDS } from './es-search.js' - -const DEFAULT_SIZE = 10 -const DEFAULT_AUTOCOMPLETE_SIZE = 8 -const MAX_SIZE = 50 // How much you return has a strong impact on performance -const MAX_AUTOCOMPLETE_SIZE = 10 -const DEFAULT_PAGE = 1 -const POSSIBLE_SORTS = ['best', 'relevance'] -const DEFAULT_SORT = POSSIBLE_SORTS[0] -const MAX_PAGE = 10 - -// There are some fields you can optionally include in the output. -// These are fields available in Elasticsearch that we don't include in -// the output by default. E.g. `...&include=intro` -// Requesting anything that is not in this list will result in -// a 400 Bad Request. -const V1_ADDITIONAL_INCLUDES = ['intro', 'headings', 'toplevel'] - -const V1_AGGREGATES = ['toplevel'] - -// If someone searches for `...&version=3.5` what they actually mean -// is `ghes-3.5`. This is because of legacy formatting with the old search. -// In some distant future we can clean up any client enough that this -// aliasing won't be necessary. -const versionAliases = {} -const prefixVersionAliases = {} -Object.values(allVersions).forEach((info) => { - if (info.hasNumberedReleases) { - versionAliases[info.currentRelease] = info.miscVersionName - } else { - versionAliases[info.version] = info.miscVersionName - versionAliases[info.miscVersionName] = info.miscVersionName - } - // This makes it so you can search for `?version=enterprise-server` - // and that actually means `?version=ghes` because there's an index - // called `github-autocomplete-en-ghes`. - prefixVersionAliases[info.plan] = info.shortName - prefixVersionAliases[info.shortName] = info.shortName -}) - -function getIndexPrefix() { - // This logic is mirrored in the scripts we use before running tests - // In particular, see the `index-test-fixtures` npm script. - // That's expected to be run before CI and local vitest testing. - // The reason we have a deliberately different index name (by prefix) - // for testing compared to regular operation is to make it convenient - // for engineers working on local manual testing *and* automated - // testing without have to re-index different content (e.g. fixtures - // vs real content) on the same index name. - if (process.env.NODE_ENV === 'test') return 'tests_' - - return '' -} - -class ValidationError extends Error {} - -const PARAMS = [ - { key: 'query' }, - { - key: 'version', - default_: 'dotcom', - validate: (v) => { - if (versionAliases[v] || allVersions[v]) return true - const valid = [...Object.keys(versionAliases), ...Object.keys(allVersions)] - throw new ValidationError(`'${v}' not in ${valid}`) - }, - }, - { key: 'language', default_: 'en', validate: (v) => v in languages }, - { - key: 'size', - default_: DEFAULT_SIZE, - cast: (v) => parseInt(v, 10), - validate: (v) => v >= 0 && v <= MAX_SIZE, - }, - { - key: 'page', - default_: DEFAULT_PAGE, - cast: (v) => parseInt(v, 10), - validate: (v) => v >= 1 && v <= MAX_PAGE, - }, - { key: 'sort', default_: DEFAULT_SORT, validate: (v) => POSSIBLE_SORTS.includes(v) }, - { - key: 'highlights', - default_: DEFAULT_HIGHLIGHT_FIELDS, - cast: (v) => (Array.isArray(v) ? v : [v]), - multiple: true, - validate: (v) => { - for (const highlight of v) { - if (!POSSIBLE_HIGHLIGHT_FIELDS.includes(highlight)) { - throw new ValidationError(`highlight value '${highlight}' is not valid`) - } - } - return true - }, - }, - { key: 'autocomplete', default_: false, cast: toBoolean }, - { key: 'debug', default_: process.env.NODE_ENV === 'development', cast: toBoolean }, - { - key: 'include', - default_: [], - cast: toArray, - multiple: true, - // Note: At the time of writing this general validator middleware - // doesn't yet know it's being used by the v1 version. - // But we don't have any other versions yet so no need to - // over-engineer this more. - validate: (values) => values.every((value) => V1_ADDITIONAL_INCLUDES.includes(value)), - }, - { - key: 'toplevel', - default_: [], - cast: toArray, - multiple: true, - }, - { - key: 'aggregate', - default_: [], - cast: toArray, - multiple: true, - validate: (values) => values.every((value) => V1_AGGREGATES.includes(value)), - }, -] - -const AUTOCOMPLETE_PARAMS = [ - { key: 'query' }, - { key: 'language', default_: 'en', validate: (v) => v in languages }, - { - key: 'version', - default_: 'free-pro-team', - validate: (v) => { - if (prefixVersionAliases[v] || allVersions[v]) return true - if (Object.values(prefixVersionAliases).includes(v)) return true - const valid = [ - ...Object.keys(prefixVersionAliases), - ...Object.values(prefixVersionAliases), - ...Object.keys(allVersions), - ] - throw new ValidationError(`'${v}' not in ${valid.join(', ')}`) - }, - }, - { - key: 'size', - default_: DEFAULT_AUTOCOMPLETE_SIZE, - cast: (v) => parseInt(v, 10), - validate: (v) => v >= 0 && v <= MAX_AUTOCOMPLETE_SIZE, - }, -] -export function getAutocompleteSearchFromRequest(req, force = {}) { - const { search, validationErrors } = getSearchFromRequest(req, {}, AUTOCOMPLETE_PARAMS) - if (validationErrors.length === 0) { - const version = prefixVersionAliases[search.version] || allVersions[search.version].shortName - search.indexName = `${getIndexPrefix()}github-autocomplete-${search.language}-${version}` - } - return { search, validationErrors } -} - -export function getSearchFromRequest(req, force = {}, params = PARAMS) { - const search = {} - const validationErrors = [] - - for (const { key, default_, cast, validate, multiple } of params) { - // This is necessary because when the version or language comes from - // the pathname, we don't want pick these up from the query string. - // This function gets used by /$locale/$version/search - // *and* /api/search/v1?language=$locale&version=$version - if (key in force) { - search[key] = force[key] - continue - } - - let value = req.query[key] - if (!value || (typeof value === 'string' && !value.trim())) { - if (default_ === undefined) { - // no value and no default, bad! - validationErrors.push({ error: `No truthy value for key '${key}'`, key }) - continue - } - value = default_ - } - if (cast) { - value = cast(value) - } - try { - if (validate && !validate(value)) { - validationErrors.push({ - error: format('Not a valid value (%O) for key %O', value, key), - key, - }) - } - } catch (err) { - if (err instanceof ValidationError) { - validationErrors.push({ error: err.toString(), field: key }) - } else { - throw err - } - } - if (!multiple && Array.isArray(value)) { - validationErrors.push({ - error: format('Cannot have multiple values (%O) for key %O', value, key), - key, - }) - } - - search[key] = value - } - - if (!validationErrors.length) { - const version = - prefixVersionAliases[search.version] || - versionAliases[search.version] || - allVersions[search.version].miscVersionName - search.indexName = `${getIndexPrefix()}github-docs-${version}-${search.language}` // github-docs-ghes-3.5-en - } - - return { search, validationErrors } -} - -function toBoolean(value) { - if (value === 'true' || value === '1') return true - return false -} - -function toArray(value) { - return Array.isArray(value) ? value : [value] -} diff --git a/src/search/middleware/search-routes.ts b/src/search/middleware/search-routes.ts new file mode 100644 index 000000000000..db84b46639f3 --- /dev/null +++ b/src/search/middleware/search-routes.ts @@ -0,0 +1,150 @@ +/* + This file and the routes included are for the /search endpoint of our API + + For general search (client searches on docs.github.com) we use the middleware in ./general-search-middleware to get the search results +*/ +import express, { Request, Response } from 'express' + +import FailBot from '@/observability/lib/failbot.js' +import { searchCacheControl } from '@/frame/middleware/cache-control.js' +import catchMiddlewareError from '@/observability/middleware/catch-middleware-error.js' +import { + setFastlySurrogateKey, + SURROGATE_ENUMS, +} from '@/frame/middleware/set-fastly-surrogate-key.js' +import { getAutocompleteSearchResults } from '@/search/lib/get-elasticsearch-results/general-autocomplete' +import { getAISearchAutocompleteResults } from '@/search/lib/get-elasticsearch-results/ai-search-autocomplete' +import { getSearchFromRequestParams } from '@/search/lib/search-request-params/get-search-from-request-params' +import { getGeneralSearchResults } from '@/search/lib/get-elasticsearch-results/general-search' + +const router = express.Router() + +router.get('/legacy', (req: Request, res: Response) => { + res.status(410).send('Use /api/search/v1 instead.') +}) + +router.get( + '/v1', + catchMiddlewareError(async (req: Request, res: Response) => { + const { indexName, searchParams, validationErrors } = getSearchFromRequestParams( + req, + 'generalSearch', + ) + if (validationErrors.length) { + // We only send the first validation error to the user + return res.status(400).json(validationErrors[0]) + } + + const getResultOptions = { + indexName, + searchParams, + } + try { + const { meta, hits, aggregations } = await getGeneralSearchResults(getResultOptions) + + if (process.env.NODE_ENV !== 'development') { + searchCacheControl(res) + // We can cache this without purging it after every deploy + // because the API search is only used as a proxy for local + // and preview environments. + setFastlySurrogateKey(res, SURROGATE_ENUMS.MANUAL) + } + + res.status(200).json({ meta, hits, aggregations }) + } catch (error) { + await handleGetSearchResultsError(req, res, error, getResultOptions) + } + }), +) + +router.get( + '/autocomplete/v1', + catchMiddlewareError(async (req: Request, res: Response) => { + const { + indexName, + validationErrors, + searchParams: { query, size }, + } = getSearchFromRequestParams(req, 'generalAutocomplete') + if (validationErrors.length) { + return res.status(400).json(validationErrors[0]) + } + + const options = { + indexName, + query, + size, + } + try { + const { meta, hits } = await getAutocompleteSearchResults(options) + + if (process.env.NODE_ENV !== 'development') { + searchCacheControl(res) + setFastlySurrogateKey(res, SURROGATE_ENUMS.MANUAL) + } + + res.status(200).json({ meta, hits }) + } catch (error) { + await handleGetSearchResultsError(req, res, error, options) + } + }), +) + +router.get( + '/ai-search-autocomplete/v1', + catchMiddlewareError(async (req: Request, res: Response) => { + const { + indexName, + validationErrors, + searchParams: { query, size }, + } = getSearchFromRequestParams(req, 'aiSearchAutocomplete') + if (validationErrors.length) { + return res.status(400).json(validationErrors[0]) + } + + const getResultOptions = { + indexName, + query, + size, + } + try { + const { meta, hits } = await getAISearchAutocompleteResults(getResultOptions) + + if (process.env.NODE_ENV !== 'development') { + searchCacheControl(res) + setFastlySurrogateKey(res, SURROGATE_ENUMS.MANUAL) + } + + res.status(200).json({ meta, hits }) + } catch (error) { + await handleGetSearchResultsError(req, res, error, getResultOptions) + } + }), +) + +async function handleGetSearchResultsError(req: Request, res: Response, error: any, options: any) { + if (process.env.NODE_ENV === 'development') { + console.error(`Error calling getSearchResults(${options})`, error) + } else { + const reports = FailBot.report(error, { url: req.url, ...options }) + if (reports) await Promise.all(reports) + } + res.status(500).json({ error: error.message }) +} + +// Redirects for latest versions +router.get('/', (req: Request, res: Response) => { + res.redirect(307, req.originalUrl.replace('/search', '/search/v1')) +}) + +router.get('/autocomplete', (req: Request, res: Response) => { + res.redirect(307, req.originalUrl.replace('/search/autocomplete', '/search/autocomplete/v1')) +}) + +router.get('/ai-search-autocomplete', (req: Request, res: Response) => { + res.redirect( + 307, + req.originalUrl.replace('/search/ai-search-autocomplete', '/search/ai-search-autocomplete/v1'), + ) +}) + +export default router diff --git a/src/search/middleware/search.js b/src/search/middleware/search.js deleted file mode 100644 index 8650b68acccc..000000000000 --- a/src/search/middleware/search.js +++ /dev/null @@ -1,160 +0,0 @@ -import express from 'express' - -import FailBot from '#src/observability/lib/failbot.js' -import { searchCacheControl } from '#src/frame/middleware/cache-control.js' -import catchMiddlewareError from '#src/observability/middleware/catch-middleware-error.js' -import { - setFastlySurrogateKey, - SURROGATE_ENUMS, -} from '#src/frame/middleware/set-fastly-surrogate-key.js' -import { getAutocompleteSearchResults, getSearchResults } from './es-search.js' -import { getAutocompleteSearchFromRequest, getSearchFromRequest } from './get-search-request.js' - -const router = express.Router() - -router.get('/legacy', (req, res) => { - res.status(410).send('Use /api/search/v1 instead.') -}) - -export const validationMiddleware = (req, res, next) => { - const { search, validationErrors } = getSearchFromRequest(req) - if (validationErrors.length) { - // There might be multiple things bad about the query parameters, - // but we send a 400 on the first possible one in the API. - return res.status(400).json(validationErrors[0]) - } - - req.search = search - return next() -} - -router.get( - '/v1', - validationMiddleware, - catchMiddlewareError(async function search(req, res) { - const { - indexName, - query, - autocomplete, - page, - size, - debug, - sort, - highlights, - include, - toplevel, - aggregate, - } = req.search - - const options = { - indexName, - query, - page, - size, - debug, - sort, - highlights, - usePrefixSearch: autocomplete, - include, - toplevel, - aggregate, - } - try { - const { meta, hits, aggregations } = await getSearchResults(options) - - if (process.env.NODE_ENV !== 'development') { - searchCacheControl(res) - // We can cache this without purging it after every deploy - // because the API search is only used as a proxy for local - // and preview environments. - setFastlySurrogateKey(res, SURROGATE_ENUMS.MANUAL) - } - - // The v1 version of the output matches perfectly what comes out - // of the getSearchResults() function. - res.status(200).json({ meta, hits, aggregations }) - } catch (error) { - // If getSearchResult() throws an error that might be 404 inside - // elasticsearch, if we don't capture that here, it will propagate - // to the next middleware. - await handleGetSearchResultsError(req, res, error, options) - } - }), -) - -export const autocompleteValidationMiddleware = (req, res, next) => { - const { search, validationErrors } = getAutocompleteSearchFromRequest(req) - if (validationErrors.length) { - // There might be multiple things bad about the query parameters, - // but we send a 400 on the first possible one in the API. - return res.status(400).json(validationErrors[0]) - } - - req.search = search - return next() -} - -router.get( - '/autocomplete/v1', - autocompleteValidationMiddleware, - catchMiddlewareError(async (req, res) => { - const { indexName, query, size } = req.search - - const options = { - indexName, - query, - size, - } - try { - const { meta, hits } = await getAutocompleteSearchResults(options) - - if (process.env.NODE_ENV !== 'development') { - searchCacheControl(res) - // We can cache this without purging it after every deploy - // because the API search is only used as a proxy for local - // and preview environments. - setFastlySurrogateKey(res, SURROGATE_ENUMS.MANUAL) - } - - // The v1 version of the output matches perfectly what comes out - // of the getSearchResults() function. - res.status(200).json({ meta, hits }) - } catch (error) { - // If getSearchResult() throws an error that might be 404 inside - // elasticsearch, if we don't capture that here, it will propagate - // to the next middleware. - await handleGetSearchResultsError(req, res, error, options) - } - }), -) - -// We have more than one place where we do `try{...} catch error( THIS )` -// which is slightly different depending on the "sub-version" (e.g. /legacy) -// This function is a single place to take care of all of these error handlings -async function handleGetSearchResultsError(req, res, error, options) { - if (process.env.NODE_ENV === 'development') { - console.error(`Error calling getSearchResults(${options})`, error) - } else { - const reports = FailBot.report(error, Object.assign({ url: req.url }, options)) - // It might be `undefined` if no backends are configured which - // is likely when using production NODE_ENV on your laptop - // where you might not have a HAYSTACK_URL configured. - if (reports) await Promise.all(reports) - } - res.status(500).json({ error: error.message }) -} - -// Alias for the latest version -router.get('/', (req, res) => { - // At the time of writing, the latest version is v1. (July 2022) - // Use `req.originalUrl` because this router is "self contained" - // which means that `req.url` will be `/` in this context. - res.redirect(307, req.originalUrl.replace('/search', '/search/v1')) -}) - -// Alias for the latest autocomplete version -router.get('/autocomplete', (req, res) => { - res.redirect(307, req.originalUrl.replace('/search/autocomplete', '/search/autocomplete/v1')) -}) - -export default router diff --git a/src/search/pages/search.tsx b/src/search/pages/search.tsx index 42965548ae69..55c0333a2e25 100644 --- a/src/search/pages/search.tsx +++ b/src/search/pages/search.tsx @@ -7,9 +7,10 @@ import { addUINamespaces, } from 'src/frame/components/context/MainContext' import { DefaultLayout } from 'src/frame/components/DefaultLayout' -import type { SearchT } from 'src/search/components/types' -import { SearchContext, SearchContextT } from 'src/search/components/context/SearchContext' +import { SearchContext } from 'src/search/components/context/SearchContext' import { Search } from 'src/search/components/index' +import { SearchOnReqObject } from 'src/search/types' +import type { SearchContextT } from 'src/search/components/types' type Props = { mainContext: MainContextT @@ -40,6 +41,8 @@ export const getServerSideProps: GetServerSideProps = async (context) => throw new Error('Expected req.context to be populated with .search') } + const searchObject = req.context.search as SearchOnReqObject<'generalSearch'> + // The `req.context.search` is similar to what's needed to React // render the search result page. // But it contains information (from the contextualizing) that is @@ -48,24 +51,24 @@ export const getServerSideProps: GetServerSideProps = async (context) => // `page` and `indexName` which was useful when it made the actual // Elasticsearch query. But it's not needed to render the results. // We explicitly pick out the parts that are needed, only. - const search: SearchT = { - search: { - query: req.context.search.search.query, - debug: req.context.search.search.debug, + const search: SearchContextT['search'] = { + searchParams: { + query: searchObject.searchParams.query, + debug: searchObject.searchParams.debug, }, - validationErrors: req.context.search.validationErrors, + validationErrors: searchObject.validationErrors, } // If there are no results (e.g. /en/search?query=) from the // contextualizing, then `req.context.search.results` will // be `undefined` which can't be serialized as a prop, using JSON.stringify. - if (req.context.search.results) { + if (searchObject.results) { search.results = { - meta: req.context.search.results.meta, - hits: req.context.search.results.hits, + meta: searchObject.results.meta, + hits: searchObject.results.hits, // Use `null` instead of `undefined` for JSON serialization. // The only reason it would ever not be truthy is if the aggregates // functionality is not enabled for this version. - aggregations: req.context.search.results.aggregations || null, + aggregations: searchObject.results.aggregations || null, } } diff --git a/src/search/scripts/analyze-text.js b/src/search/scripts/analyze-text.ts similarity index 61% rename from src/search/scripts/analyze-text.js rename to src/search/scripts/analyze-text.ts index b314a2bf2439..668836734c5c 100755 --- a/src/search/scripts/analyze-text.js +++ b/src/search/scripts/analyze-text.ts @@ -1,24 +1,19 @@ -#!/usr/bin/env node - -// [start-readme] -// -// See how a piece of text gets turned into tokens by the different -// analyzers. +// See how a piece of text gets turned into tokens by the different analyzers. // Requires that the index exists in Elasticsearch. // // Example: // -// npm run analyze-text "my words" to tokenize -// -// [end-readme] +// npm run analyze-text -- -V dotcom -l en "The name of the wind" import { Client } from '@elastic/elasticsearch' -import { program, Option } from 'commander' +import { Command, Option } from 'commander' import chalk from 'chalk' import dotenv from 'dotenv' -import { languageKeys } from '#src/languages/lib/languages.js' -import { allVersions } from '#src/versions/lib/all-versions.js' +import { languageKeys } from '@/languages/lib/languages.js' +import { allVersions } from '@/versions/lib/all-versions.js' + +import type { IndicesAnalyzeAnalyzeToken } from '@elastic/elasticsearch/lib/api/types' // Now you can optionally have set the ELASTICSEARCH_URL in your .env file. dotenv.config() @@ -38,16 +33,28 @@ dotenv.config() // // We need this later to be able to map CLI arguments to what the // records are called when found on disk. -const shortNames = Object.fromEntries( - Object.values(allVersions).map((info) => { - const shortName = info.hasNumberedReleases - ? info.miscBaseName + info.currentRelease - : info.miscBaseName - return [shortName, info] - }), -) +const shortNames: Record = + Object.fromEntries( + Object.values(allVersions).map((info) => { + const shortName = info.hasNumberedReleases + ? `${info.miscBaseName}${info.currentRelease}` + : info.miscBaseName + return [shortName, info] + }), + ) -const allVersionKeys = Object.keys(shortNames) +const allVersionKeys: string[] = Object.keys(shortNames) + +interface Options { + verbose?: boolean + version?: string + language?: string + notLanguage?: string + elasticsearchUrl?: string + indexPrefix?: string +} + +const program = new Command() program .description('Analyze text into tokens') @@ -56,21 +63,29 @@ program .addOption( new Option('-l, --language ', 'Which language to focus on').choices(languageKeys), ) + .option('--not-language ', 'Exclude a specific language') .option('-u, --elasticsearch-url ', 'If different from $ELASTICSEARCH_URL') + .option('--index-prefix ', 'Prefix for the index name') .argument('', 'text to tokenize') .parse(process.argv) -main(program.opts(), program.args) +const options = program.opts() +const args: string[] = program.args + +main(options, args).catch((err) => { + console.error(chalk.red('Error:'), err) + process.exit(1) +}) -async function main(opts, args) { +async function main(opts: Options, args: string[]): Promise { const texts = [args.join(' ')] if (!opts.elasticsearchUrl && !process.env.ELASTICSEARCH_URL) { throw new Error( - 'Must passed the elasticsearch URL option or ' + + 'Must pass the elasticsearch URL option or ' + 'set the environment variable ELASTICSEARCH_URL', ) } - let node = opts.elasticsearchUrl || process.env.ELASTICSEARCH_URL + let node = opts.elasticsearchUrl || process.env.ELASTICSEARCH_URL! // Allow the user to lazily set it to `localhost:9200` for example. if (!node.startsWith('http') && !node.startsWith('://') && node.split(':').length === 2) { @@ -79,15 +94,15 @@ async function main(opts, args) { try { const parsed = new URL(node) - if (!parsed.hostname) throw new Error('no valid hostname') + if (!parsed.hostname) throw new Error('No valid hostname') } catch (err) { - console.error(chalk.bold('URL for Elasticsearch not a valid URL', err)) + console.error(chalk.bold('URL for Elasticsearch not a valid URL'), err) return } const { verbose, language, notLanguage } = opts - // The notLanguage is useful you want to, for example, index all languages + // The notLanguage is useful if you want to, for example, index all languages // *except* English. if (language && notLanguage) { throw new Error("Can't combine --language and --not-language") @@ -116,29 +131,32 @@ async function main(opts, args) { const indexName = `${prefix}github-docs-${versionKey}-${languageKey}` console.log(chalk.yellow(`Analyzing in ${chalk.bold(indexName)}`)) - await analyzeVersion(client, texts, indexName, verbose) + await analyzeVersion(client, texts, indexName) } -function safeUrlDisplay(url) { +function safeUrlDisplay(url: string): string { const parsed = new URL(url) if (parsed.password) { parsed.password = '***' } if (parsed.username) { - parsed.username = parsed.username.slice(0, 4) + '***' + parsed.username = `${parsed.username.slice(0, 4)}***` } return parsed.toString() } -async function analyzeVersion(client, texts, indexName, verbose = false) { + +async function analyzeVersion(client: Client, texts: string[], indexName: string): Promise { for (const text of texts) { console.log(`RAW TEXT: 〝${chalk.italic(text)}〞`) for (const analyzer of ['text_analyzer_explicit', 'text_analyzer', 'standard']) { console.log('ANALYZER:', chalk.bold(analyzer)) - const { tokens } = await client.indices.analyze({ + const response = await client.indices.analyze({ index: indexName, body: { analyzer, text }, }) - const tokenWords = tokens.map((token) => token.token) + + const tokens: IndicesAnalyzeAnalyzeToken[] | undefined = response.tokens + const tokenWords: string[] = tokens?.map((token) => token.token) || [] console.log(tokenWords) } } diff --git a/src/search/scripts/index-elasticsearch.js b/src/search/scripts/index-elasticsearch.js deleted file mode 100755 index ac78d312bd7a..000000000000 --- a/src/search/scripts/index-elasticsearch.js +++ /dev/null @@ -1,575 +0,0 @@ -#!/usr/bin/env node - -// [start-readme] -// -// Creates Elasticsearch index, populates from records, -// moves the index alias, deletes old indexes. -// -// [end-readme] - -import fs from 'fs/promises' -import path from 'path' - -import { Client, errors } from '@elastic/elasticsearch' -import { program, Option, InvalidArgumentError } from 'commander' -import chalk from 'chalk' -import dotenv from 'dotenv' - -import { retryOnErrorTest } from './retry-on-error-test.js' -import { languageKeys } from '#src/languages/lib/languages.js' -import { allVersions } from '#src/versions/lib/all-versions.js' - -// Now you can optionally have set the ELASTICSEARCH_URL in your .env file. -dotenv.config() - -// Create an object that maps the "short name" of a version to -// all information about it. E.g. -// -// { -// 'ghes-3.5': { -// hasNumberedReleases: true, -// currentRelease: '3.5', -// version: 'enterprise-server@3.5', -// miscBaseName: 'ghes-' -// ... -// }, -// ... -// -// We need this later to be able to map CLI arguments to what the -// records are called when found on disk. -const shortNames = Object.fromEntries( - Object.values(allVersions).map((info) => { - const shortName = info.hasNumberedReleases - ? info.miscBaseName + info.currentRelease - : info.miscBaseName - return [shortName, info] - }), -) - -const allVersionKeys = Object.keys(shortNames) - -const DEFAULT_SLEEPTIME_SECONDS = 30 - -program - .description('Creates Elasticsearch index from records') - .option('-v, --verbose', 'Verbose outputs') - .addOption(new Option('-V, --version [VERSION...]', 'Specific versions').choices(allVersionKeys)) - .addOption( - new Option('-l, --language ', 'Which languages to focus on').choices(languageKeys), - ) - .addOption( - new Option('--not-language ', 'Specific language to omit').choices(languageKeys), - ) - .option('-u, --elasticsearch-url ', 'If different from $ELASTICSEARCH_URL') - .option('-p, --index-prefix ', 'Index string to put before index name') - .option( - '-s, --stagger-seconds ', - 'Number of seconds to sleep between each bulk operation', - (value) => { - const parsed = parseInt(value, 10) - if (isNaN(parsed)) { - throw new InvalidArgumentError('Not a number.') - } - return parsed - }, - ) - .option( - '-r, --retries ', - 'Number of retry attempts on recoverable network errors', - (value) => { - const parsed = parseInt(value, 10) - if (isNaN(parsed)) { - throw new InvalidArgumentError('Not a number.') - } - return parsed - }, - ) - .option( - '--sleep-time ', - `Number of seconds to sleep between each retry attempt (defaults to ${DEFAULT_SLEEPTIME_SECONDS})`, - (value) => { - const parsed = parseInt(value, 10) - if (isNaN(parsed)) { - throw new InvalidArgumentError('Not a number.') - } - return parsed - }, - ) - .argument('', 'where the indexable files are') - .parse(process.argv) - -main(program.opts(), program.args) - -async function main(opts, args) { - if (!args.length) { - throw new Error('Must pass the source as the first argument') - } - - const { verbose, language, notLanguage, elasticsearchUrl } = opts - - if (!elasticsearchUrl && !process.env.ELASTICSEARCH_URL) { - throw new Error( - 'Must passed the elasticsearch URL option or ' + - 'set the environment variable ELASTICSEARCH_URL', - ) - } - let node = elasticsearchUrl || process.env.ELASTICSEARCH_URL - - // Allow the user to lazily set it to `localhost:9200` for example. - if (!node.startsWith('http') && !node.startsWith('://') && node.split(':').length === 2) { - node = `http://${node}` - } - - try { - const parsed = new URL(node) - if (!parsed.hostname) throw new Error('no valid hostname') - } catch (err) { - console.error(chalk.bold('URL for Elasticsearch not a valid URL', err)) - throw err - } - - // The notLanguage is useful you want to, for example, index all languages - // *except* English. - if (language && notLanguage) { - throw new Error("Can't combine --language and --not-language") - } - - if (verbose) { - console.log(`Connecting to ${chalk.bold(safeUrlDisplay(node))}`) - } - const sourceDirectory = args[0] - try { - await fs.stat(sourceDirectory) - } catch (error) { - if (error.code === 'ENOENT') { - throw new Error(`The specified directory '${sourceDirectory}' does not exist.`) - } - throw error - } - - try { - await indexAll(node, sourceDirectory, opts) - } catch (error) { - // If any error is thrown from within the SDK, that error object will - // contain a `Connection` object which, when printed, can reveal the - // username/password or the base64 Basic auth credentials. - // So we want to carefully re-throw it so it only contains the minimal - // information for debugging without exposing the Connection credentials - // in Actions logs. - if (error instanceof errors.ElasticsearchClientError) { - // All ElasticsearchClientError error subclasses have a `name` and - // `message` but only some have a `meta`. - if (error.meta) { - console.error('Error meta: %O', error.meta) - } - throw new Error(error.message) - } - // If any other error happens that isn't from the elasticsearch SDK, - // let it bubble up. - throw error - } -} - -const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms)) - -async function indexAll(node, sourceDirectory, opts) { - const client = new Client({ node }) - - const { language, verbose, notLanguage, indexPrefix, staggerSeconds } = opts - - let version - if ('version' in opts) { - version = opts.version - if (process.env.VERSION) { - console.warn( - `'version' specified as argument ('${version}') AND environment variable ('${process.env.VERSION}')`, - ) - } - } else { - if (process.env.VERSION && process.env.VERSION !== 'all') { - version = process.env.VERSION - if (!allVersionKeys.includes(version)) { - throw new Error( - `Environment variable 'VERSION' (${version}) is not recognized. Must be one of ${allVersionKeys}`, - ) - } - } - } - let versionKeys = allVersionKeys - // If it came from the `--version` argument parsing, it might be a string - // or an array of strings because it uses `--version [VERSION...]`. - if (version) { - if (Array.isArray(version)) { - versionKeys = version - } else { - versionKeys = [version] - } - } - - // This will throw if it can't ping - await client.ping() - - const languages = - language || languageKeys.filter((lang) => !notLanguage || !notLanguage.includes(lang)) - if (verbose) { - console.log(`Indexing on languages ${chalk.bold(languages.join(', '))}`) - } - - const prefix = indexPrefix ? `${indexPrefix}_` : '' - - for (const language of languages) { - let count = 0 - for (const versionKey of versionKeys) { - console.log(chalk.yellow(`Indexing ${chalk.bold(versionKey)} in ${chalk.bold(language)}`)) - const indexName = `${prefix}github-docs-${versionKey}-${language}` - - const t0 = new Date() - await indexVersion(client, indexName, versionKey, language, sourceDirectory, opts) - const t1 = new Date() - console.log(chalk.green(`Finished indexing ${indexName}. Took ${formatTime(t1 - t0)}`)) - if (verbose) { - console.log(`To view index: ${safeUrlDisplay(node + `/${indexName}`)}`) - console.log(`To search index: ${safeUrlDisplay(node + `/${indexName}/_search`)}`) - } - count++ - // console.log({ count, versionKeysLength: versionKeys.length }) - if (staggerSeconds && count < versionKeys.length - 1) { - console.log(`Sleeping for ${staggerSeconds} seconds...`) - await sleep(1000 * staggerSeconds) - } - // A bit of visual separation betweeen each version - console.log('') - } - } -} - -function safeUrlDisplay(url) { - const parsed = new URL(url) - if (parsed.password) { - parsed.password = '***' - } - if (parsed.username) { - parsed.username = parsed.username.slice(0, 4) + '***' - } - return parsed.toString() -} - -// Return '20220719012012' if the current date is -// 2022-07-19T01:20:12.172Z. Note how the 6th month (July) becomes -// '07'. All numbers become 2 character zero-padding strings individually. -function utcTimestamp() { - const d = new Date() - - return ( - [ - `${d.getUTCFullYear()}`, - d.getUTCMonth() + 1, - d.getUTCDate(), - d.getUTCHours(), - d.getUTCMinutes(), - d.getUTCSeconds(), - ] - // If it's a number make it a zero-padding 2 character string - .map((x) => (typeof x === 'number' ? ('0' + x).slice(-2) : x)) - .join('') - ) -} - -// Consider moving this to lib -async function indexVersion(client, indexName, version, language, sourceDirectory, opts) { - const { verbose } = opts - - // Note, it's a bit "weird" that numbered releases versions are - // called the number but that's the convention the previous - // search backend used - const indexVersionName = shortNames[version].hasNumberedReleases - ? shortNames[version].currentRelease - : shortNames[version].miscBaseName - const recordsName = `github-docs-${indexVersionName}-${language}` - - const records = await loadRecords(recordsName, sourceDirectory) - - const thisAlias = `${indexName}__${utcTimestamp()}` - - // CREATE INDEX - const settings = { - analysis: { - char_filter: { - // This will turn `runs-on` into `runs_on` so that it can't be - // tokenized to `runs` because `on` is a stop word. - // It also means that prose terms, in English, like `opt-in` - // not be matched if someone searches for `opt in`. But this - // is why we have multiple different analyzers. So it becomes - // `opt_in` in the `text_analyzer_explicit` analyzer, but is - // left as `opt` in the `text_analyzer` analyzer. - hyphenation_filter: { - type: 'mapping', - mappings: ['- => _'], - }, - }, - analyzer: { - // We defined to analyzers. Both based on a "common core" with the - // `standard` tokenizer. But the second one adds Snowball filter. - // That means the tokenization of "Dependency naming" becomes - // `[dependency, naming]` in the explicit one and `[depend, name]` - // in the Snowball one. - // We do this to give a chance to boost the more exact spelling a - // bit higher with the assumption that if the user knew exactly - // what it was called, we should show that higher. - // A great use-case of this when users search for keywords that are - // code words like `dependency-name`. - text_analyzer_explicit: { - char_filter: ['hyphenation_filter'], - filter: ['lowercase', 'stop', 'asciifolding'], - tokenizer: 'standard', - type: 'custom', - }, - text_analyzer: { - filter: ['lowercase', 'stop', 'asciifolding'], - tokenizer: 'standard', - type: 'custom', - }, - }, - filter: { - // Will later, conditionally, put the snowball configuration here. - }, - }, - } - const snowballLanguage = getSnowballLanguage(language) - if (snowballLanguage) { - settings.analysis.analyzer.text_analyzer.filter.push('languaged_snowball') - settings.analysis.filter.languaged_snowball = { - type: 'snowball', - language: snowballLanguage, - } - } else { - if (verbose) { - console.warn(`No snowball language for '${language}'`) - } - } - - await client.indices.create({ - index: thisAlias, - mappings: { - properties: { - url: { type: 'keyword' }, - title: { - type: 'text', - analyzer: 'text_analyzer', - norms: false, - // This is used for fast highlighting. Uses more space but makes - // the searches faster. - term_vector: 'with_positions_offsets', - }, - title_explicit: { type: 'text', analyzer: 'text_analyzer_explicit', norms: false }, - content: { - type: 'text', - analyzer: 'text_analyzer', - // This is used for fast highlighting. Uses more space but makes - // the searches faster. - term_vector: 'with_positions_offsets', - }, - content_explicit: { - type: 'text', - analyzer: 'text_analyzer_explicit', - // This is used for fast highlighting. Uses more space but makes - // the searches faster. - term_vector: 'with_positions_offsets', - }, - headings: { type: 'text', analyzer: 'text_analyzer', norms: false }, - headings_explicit: { type: 'text', analyzer: 'text_analyzer_explicit', norms: false }, - breadcrumbs: { type: 'text' }, - popularity: { type: 'float' }, - intro: { type: 'text' }, - // Use 'keyword' because it's faster to index and (more importantly) - // faster to search on. It would be different if it was something - // users could type in into a text input. - toplevel: { type: 'keyword' }, - }, - }, - settings, - }) - - // POPULATE - const allRecords = Object.values(records).sort((a, b) => b.popularity - a.popularity) - const operations = allRecords.flatMap((doc) => { - const { title, objectID, content, breadcrumbs, headings, intro, toplevel } = doc - const contentEscaped = escapeHTML(content) - const headingsEscaped = escapeHTML(headings) - const record = { - url: objectID, - title, - title_explicit: title, - content: contentEscaped, - content_explicit: contentEscaped, - breadcrumbs, - headings: headingsEscaped, - headings_explicit: headingsEscaped, - // This makes sure the popularities are always greater than 1. - // Generally the 'popularity' is a ratio where the most popular - // one of all is 1.0. - // By making it >=1.0 when we multiply a relevance score, - // you never get a product of 0.0. - popularity: doc.popularity + 1, - intro, - toplevel, - } - return [{ index: { _index: thisAlias } }, record] - }) - - const bulkOptions = { - // Default is 'false'. - // It means that the index is NOT refreshed as documents are inserted. - // Which makes sense in our case because we do not intend to search on - // this index until after we've pointed the alias to this new index. - refresh: false, - // Default is '1m' but we have no reason *not* to be patient. It's run - // by a bot on a schedeule (GitHub Actions). - timeout: '5m', - } - - const attempts = opts.retries || 0 - const sleepTime = (opts.sleepTime || DEFAULT_SLEEPTIME_SECONDS) * 1000 - - console.log(`About to bulk index ${allRecords.length.toLocaleString()} records with retry %O`, { - attempts, - sleepTime, - }) - const t0 = new Date() - const bulkResponse = await retryOnErrorTest( - (error) => { - // Rate limiting can happen when you're indexing too much at - // same time. - return error instanceof errors.ResponseError && error.meta.statusCode === 429 - }, - () => client.bulk({ operations, ...bulkOptions }), - { - attempts, - sleepTime, - onError: (_, attempts, sleepTime) => { - console.warn( - chalk.yellow( - `Failed to bulk index ${indexName}. Will attempt ${attempts} more times (after ${ - sleepTime / 1000 - }s sleep).`, - ), - ) - }, - }, - ) - - if (bulkResponse.errors) { - // Some day, when we're more confident how and why this might happen - // we can rewrite this code to "massage" the errors better. - // For now, if it fails, it's "OK". It means we won't be proceeding, - // an error is thrown in Actions and we don't have to worry about - // an incompletion index. - console.error(`Bulk response errors: ${bulkResponse.errors}`) - throw new Error('Bulk errors happened.') - } - const t1 = new Date() - console.log(`Bulk indexed ${thisAlias}. Took ${formatTime(t1 - t0)}`) - - // The counting of documents in the index is async and can take a while - // to reflect. So send count requests until we get the right number. - let documentsInIndex = 0 - let countAttempts = 3 - while (documentsInIndex < allRecords.length) { - const { count } = await client.count({ index: thisAlias }) - documentsInIndex = count - if (documentsInIndex >= allRecords.length) break - countAttempts-- - if (!countAttempts) { - console.log(`After ${countAttempts} attempts still haven't matched the expected number.`) - break - } - await sleep(1000) - } - - console.log( - `Documents now in ${chalk.bold(thisAlias)}: ${chalk.bold(documentsInIndex.toLocaleString())}`, - ) - - // To perform an atomic operation that creates the new alias and removes - // the old indexes, we can use the updateAliases API with a body that - // includes an "actions" array. The array includes the added alias - // and the removed indexes. If any of the actions fail, none of the operations - // are performed. - // https://www.elastic.co/guide/en/elasticsearch/reference/master/indices-aliases.html - const aliasUpdates = [ - { - add: { - index: thisAlias, - alias: indexName, - }, - }, - ] - console.log(`Alias ${indexName} -> ${thisAlias}`) - - console.log('About to get indices with retry %O', { attempts, sleepTime }) - const indices = await retryOnErrorTest( - (error) => { - // 404 can happen when you're trying to get an index that - // doesn't exist. ...yet! - return error instanceof errors.ResponseError && error.meta.statusCode === 404 - }, - () => client.cat.indices({ format: 'json' }), - { - attempts, - sleepTime, - onError: (error, attempts, sleepTime) => { - console.warn( - chalk.yellow( - `Failed to get index ${indexName} (${ - error.message || error.toString() - }). Will attempt ${attempts} more times (after ${formatTime(sleepTime)}s sleep).`, - ), - ) - }, - }, - ) - for (const index of indices) { - if (index.index !== thisAlias && index.index.startsWith(indexName)) { - aliasUpdates.push({ remove_index: { index: index.index } }) - console.log('Deleting index', index.index) - } - } - if (verbose) console.log('Updating alias actions:', aliasUpdates) - await client.indices.updateAliases({ body: { actions: aliasUpdates } }) -} - -function escapeHTML(content) { - return content.replace(//g, '>').replace(/"/g, '"') -} - -async function loadRecords(indexName, sourceDirectory) { - const filePath = path.join(sourceDirectory, `${indexName}-records.json`) - const payload = await fs.readFile(filePath) - return JSON.parse(payload) -} - -function getSnowballLanguage(language) { - // Based on https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-snowball-tokenfilter.html - // Note, not all languages are supported. So this function might return - // undefined. That implies that you can't use snowballing. - return { - en: 'English', - fr: 'French', - es: 'Spanish', - ru: 'Russian', - it: 'Italian', - de: 'German', - pt: 'Portuguese', - }[language] -} - -function formatTime(ms) { - if (ms < 1000) { - return `${ms.toFixed(1)}ms` - } - const seconds = ms / 1000 - if (seconds > 60) { - return `${Math.round(seconds / 60)}m${Math.round(seconds % 60)}s` - } - return `${seconds.toFixed(1)}s` -} diff --git a/src/search/scripts/index-test-fixtures.sh b/src/search/scripts/index-test-fixtures.sh index 235eb915d28f..3091b5e84774 100755 --- a/src/search/scripts/index-test-fixtures.sh +++ b/src/search/scripts/index-test-fixtures.sh @@ -6,7 +6,10 @@ set -e # For general site-search -npm run index-elasticsearch -- -l en -l ja -V ghec -V dotcom --index-prefix tests -- src/search/tests/fixtures/search-indexes +npm run index-general-search -- src/search/tests/fixtures/search-indexes -l en -l ja -V ghec -V fpt --index-prefix tests -# For autocomplete search -npm run index -- autocomplete src/search/tests/fixtures/data -l en -l ja -v fpt -v ghec --index-prefix tests +# For general autocomplete search +npm run index-general-autocomplete -- src/search/tests/fixtures/data -l en -l ja -v fpt -v ghec --index-prefix tests + +# For AI search autocomplete +npm run index-ai-search-autocomplete -- src/search/tests/fixtures/data -l en -v fpt -v ghec --index-prefix tests diff --git a/src/search/scripts/index/README.md b/src/search/scripts/index/README.md new file mode 100644 index 000000000000..a9f9432c0b0f --- /dev/null +++ b/src/search/scripts/index/README.md @@ -0,0 +1,24 @@ +# Elastic Search Indexing + +Elasticsearch uses indexes to store the data that is used to determine search results. + +We use this scripts in this directory to index our Elasticsearch instances. + +In production, the indexing happens in the GitHub workflows: `index-autocomplete-search.yml` and `index-general-search.yml` + +## CLI Script + +Before running the indexing for **general search** you run the [scrape](../scrape/README.md) script to scrape page data into files. + +Before running the indexing for **general autocomplete** and **AI search autocomplete** you need to clone [docs-internal-data](https://github.com/github/docs-internal-data) to the root of this directory. + +There is a separate run command for indexing each type of search data: +1. **general search**: `npm run index-general-search -- ` +2. **general autocomplete**: `npm run index-general-autocomplete -- docs-internal-data` (if `docs-internal-data` is cloned to root directory) +3. **AI search autocomplete**: `npm run index-ai-search-autocomplete -- docs-internal-data` (if `docs-internal-data` is cloned to root directory) + +To see the arguments accepted by any script, pass the `--help` argument, for example + +```bash +npm run index-general-autocomplete -- --help +``` \ No newline at end of file diff --git a/src/search/scripts/index/index-autocomplete.ts b/src/search/scripts/index/index-autocomplete.ts deleted file mode 100644 index 2c88c3a50d29..000000000000 --- a/src/search/scripts/index/index-autocomplete.ts +++ /dev/null @@ -1,167 +0,0 @@ -import fs from 'node:fs' -import path from 'node:path' - -import { Client, estypes } from '@elastic/elasticsearch' - -import { getClient } from './lib/get-client' -import { utcTimestamp } from './lib/utils' -import { populate } from './lib/populate' - -import { type Version, Records } from './types' - -export const shortVersionNames = { - 'enterprise-server': 'ghes', - 'enterprise-cloud': 'ghec', - 'free-pro-team': 'fpt', -} as const - -const DEFAULT_SLEEPTIME_SECONDS = 30 - -type Options = { - dataRepoRoot: string - languages: string[] - versions: Version[] - retries?: number - sleepTime?: number - verbose?: boolean - indexPrefix?: string -} - -export async function indexAutocomplete(options: Options) { - // The data repo has a predictable structure of - // `hydro/rollups/user-searches/$language/$version/rollup.json` - // But note that the "version" might be a prefix, like enterprise-server. - // const { verbose } = options - - const client = getClient() - - const { dataRepoRoot, versions, languages } = options - for (const language of languages) { - for (const version of versions) { - const records = loadRecords({ version, language, dataRepoRoot }) - const { alias, name } = await createIndex( - client, - language, - version, - options.indexPrefix || '', - ) - await populate(client, records, { - alias, - name, - retries: options.retries || 0, - sleepTime: options.sleepTime || DEFAULT_SLEEPTIME_SECONDS, - }) - } - } -} - -type LoadOptions = { - dataRepoRoot: string - language: string - version: string -} - -function loadRecords(options: LoadOptions): Records { - // First load the rollup records for user-searches - const filePath = path.join( - options.dataRepoRoot, - 'hydro/rollups/user-searches', - options.language, - options.version, - 'rollup.json', - ) - const terms: Records = {} - - const userSearchTerms: Records = JSON.parse(fs.readFileSync(filePath, 'utf8')) - let highestValue = Math.max(...Object.values(userSearchTerms)) - if (highestValue === 0) { - throw new Error(`No records found for ${options.language} ${options.version}`) - } - for (const [term, value] of Object.entries(userSearchTerms)) { - // Why +1? - // Because we want these user-searches to alway be higher than all the - // terms generated from titles. - // For example, a common user-search term that users use - // is "log forwarding". But there might not be a deconstructed term, - // from the document titles, however there might be one called - // "log proxy". So when our users search for "log" we want to suggest, - // in the autocomplete UI "log forwarding" before "log proxy". - terms[term] = value / highestValue + 1 - } - - const documentTermsFilePath = path.join( - options.dataRepoRoot, - 'all-documents/terms', - options.language, - options.version, - 'terms.json', - ) - const documentTerms: Records = JSON.parse(fs.readFileSync(documentTermsFilePath, 'utf8')) - highestValue = Math.max(...Object.values(documentTerms)) - if (highestValue === 0) { - throw new Error(`No document title records found for ${options.language} ${options.version}`) - } - for (const [term, value] of Object.entries(documentTerms)) { - if (!(term in terms)) { - terms[term] = value / highestValue + 1 - } - } - - return terms -} - -type IndexInfo = { - alias: string - name: string -} - -async function createIndex( - client: Client, - language: string, - version: Version, - indexPrefix: string, -): Promise { - const settings: estypes.IndicesIndexSettings = { - analysis: { - analyzer: { - text_analyzer: { - filter: ['lowercase'], - tokenizer: 'standard', - type: 'custom', - }, - }, - }, - // filter: { - // // Will later, conditionally, put the snowball configuration here. - // }, - // XXX SNOWBALL? - } - - if (indexPrefix && !indexPrefix.endsWith('_')) { - indexPrefix += '_' - } - - const indexName = `${indexPrefix}github-autocomplete-${language}-${shortVersionNames[version] || version}` - const thisAlias = `${indexName}__${utcTimestamp()}` - - const mappings: estypes.MappingTypeMapping = { - properties: { - term: { - type: 'text', - analyzer: 'text_analyzer', - // This is used for fast highlighting. Uses more space but makes - // the searches faster. - term_vector: 'with_positions_offsets', - }, - popularity: { type: 'float' }, - }, - } - - await client.indices.create({ - index: thisAlias, - mappings, - settings, - }) - - return { alias: thisAlias, name: indexName } -} diff --git a/src/search/scripts/index/index-cli.ts b/src/search/scripts/index/index-cli.ts new file mode 100644 index 000000000000..dc4553d2877c --- /dev/null +++ b/src/search/scripts/index/index-cli.ts @@ -0,0 +1,186 @@ +import { program, Option, Command, InvalidArgumentError } from 'commander' +import { errors } from '@elastic/elasticsearch' +import dotenv from 'dotenv' + +import { languageKeys } from '@/languages/lib/languages.js' +import { indexGeneralAutocomplete } from './lib/index-general-autocomplete' +import { indexGeneralSearch } from './lib/index-general-search' +import { + allIndexVersionKeys, + supportedAutocompletePlanVersions, + versionToIndexVersionMap, +} from '@/search/lib/elasticsearch-versions' +import { indexAISearchAutocomplete } from './lib/index-ai-search-autocomplete' + +// If you optionally have ELASTICSEARCH_URL set in your .env file. +dotenv.config() + +program.name('index').description('CLI scripts for indexing Docs data into Elasticsearch') + +const allVersionKeysWithAll = [...allIndexVersionKeys, 'all'] + +const generalAutoCompleteCommand = new Command('general-autocomplete') + .description('Index for general search autocomplete') + .addOption( + new Option('-l, --language ', 'Specific languages(s)').choices(languageKeys), + ) + .addOption( + new Option('-v, --version ', 'Specific versions').choices(allVersionKeysWithAll), + ) + .option('--verbose', 'Verbose output') + .option('--index-prefix ', 'Prefix for the index names', '') + .argument('', 'path to the docs-internal-data repo') + .action(async (dataRepoRoot: string, options) => { + const languages = options.language ? options.language : languageKeys + const indexPrefix = options.indexPrefix || '' + if (!Array.isArray(options.version)) { + if (typeof options.version === 'undefined') { + options.version = ['all'] + } else { + options.version = [options.version] + } + } + let versions = options.version + if (!versions.length || versions[0] === 'all') { + versions = supportedAutocompletePlanVersions + } else { + versions = versions.map((version: string) => versionToIndexVersionMap[version]) + } + try { + await indexGeneralAutocomplete({ + dataRepoRoot, + languages, + versions, + indexPrefix, + }) + } catch (error: any) { + if (error instanceof errors.ElasticsearchClientError) { + if ((error as any)?.meta) { + console.error('Error meta: %O', (error as any).meta) + } + } + console.error('general-autocomplete indexing error:', error.message) + process.exit(1) + } + }) + +const generalSearchCommand = new Command('general-search') + .description( + 'Indexes records for general search. Records should be pre-scraped by the scrape script.', + ) + .option('-v, --verbose', 'Verbose outputs') + .addOption( + new Option('-V, --version [VERSION...]', 'Specific versions').choices(allVersionKeysWithAll), + ) + .addOption( + new Option('-l, --language ', 'Which languages to focus on').choices(languageKeys), + ) + .addOption( + new Option('--not-language ', 'Specific language to omit').choices(languageKeys), + ) + .option('-u, --elasticsearch-url ', 'If different from $ELASTICSEARCH_URL') + .option('-p, --index-prefix ', 'Index string to put before index name') + .option( + '-s, --stagger-seconds ', + 'Number of seconds to sleep between each bulk operation', + (value) => { + const parsed = parseInt(value, 10) + if (isNaN(parsed)) { + throw new InvalidArgumentError('Not a number.') + } + return parsed + }, + ) + .option( + '-r, --retries ', + 'Number of retry attempts on recoverable network errors', + (value) => { + const parsed = parseInt(value, 10) + if (isNaN(parsed)) { + throw new InvalidArgumentError('Not a number.') + } + return parsed + }, + ) + .option( + '--sleep-time ', + `Number of seconds to sleep between each retry attempt (defaults to 30)`, + (value) => { + const parsed = parseInt(value, 10) + if (isNaN(parsed)) { + throw new InvalidArgumentError('Not a number.') + } + return parsed + }, + 30, + ) + .argument('', 'where the indexable files are') + .action(async (sourceDirectory, options) => { + try { + await indexGeneralSearch(sourceDirectory, options) + } catch (error: any) { + if (error instanceof errors.ElasticsearchClientError) { + if ((error as any)?.meta) { + console.error('Error meta: %O', (error as any).meta) + } + } + console.error('general-search indexing error:', error.message) + process.exit(1) + } + }) + +const aiSearchAutocompleteCommand = new Command('ai-search-autocomplete') + .description('Index for AI search autocomplete') + .addOption( + new Option( + '-l, --language ', + 'Specific languages(s). (NOTE: Only english, "en" is currently supported', + ).choices(['en']), + ) + .addOption( + new Option('-v, --version ', 'Specific versions').choices(allVersionKeysWithAll), + ) + .option('--verbose', 'Verbose output') + .option('--index-prefix ', 'Prefix for the index names', '') + .argument('', 'path to the docs-internal-data repo') + .action(async (dataRepoRoot: string, options) => { + // In the future, we may want to support multiple languages + // Currently (since this is an experiment), we only support english + const languages = ['en'] + const indexPrefix = options.indexPrefix || '' + if (!Array.isArray(options.version)) { + if (typeof options.version === 'undefined') { + options.version = ['all'] + } else { + options.version = [options.version] + } + } + let versions = options.version + if (!versions.length || versions[0] === 'all') { + versions = supportedAutocompletePlanVersions + } else { + versions = versions.map((version: string) => versionToIndexVersionMap[version]) + } + try { + await indexAISearchAutocomplete({ + dataRepoRoot, + languages, + versions, + indexPrefix, + }) + } catch (error: any) { + if (error instanceof errors.ElasticsearchClientError) { + if ((error as any)?.meta) { + console.error('Error meta: %O', (error as any).meta) + } + } + console.error('ai-search-autocomplete indexing error:', error.message) + process.exit(1) + } + }) + +program.addCommand(generalAutoCompleteCommand) +program.addCommand(generalSearchCommand) +program.addCommand(aiSearchAutocompleteCommand) + +program.parse(process.argv) diff --git a/src/search/scripts/index/index.ts b/src/search/scripts/index/index.ts deleted file mode 100644 index 4b46ae05c1f6..000000000000 --- a/src/search/scripts/index/index.ts +++ /dev/null @@ -1,44 +0,0 @@ -import { program, Option } from 'commander' - -import { languageKeys } from '@/languages/lib/languages.js' -import { indexAutocomplete } from './index-autocomplete' -import { type Version } from './types' - -const defaultVersions: Version[] = ['free-pro-team', 'enterprise-server', 'enterprise-cloud'] -const shortAlias = new Map() -shortAlias.set('ghes', 'enterprise-server') -shortAlias.set('fpt', 'free-pro-team') -shortAlias.set('ghec', 'enterprise-cloud') - -program.name('index').description('CLI scripts for indexing to Elasticsearch') - -program - .command('autocomplete') - .description('Index for autocomplete') - .addOption( - new Option('-l, --language ', 'Specific languages(s)').choices(languageKeys), - ) - .addOption( - new Option('-v, --version ', 'Specific version prefix(es)').choices([ - ...defaultVersions, - ...shortAlias.keys(), - ]), - ) - .option('--verbose', 'Verbose output') - .option('--index-prefix ', 'Prefix for the index names', '') - .argument('', 'path to the docs-internal-data repo') - .action((root: string, options) => { - const languages = options.language ? options.language : languageKeys - const versions: Version[] = [] - for (const v of options.version || defaultVersions) { - if (shortAlias.has(v)) { - versions.push(shortAlias.get(v)!) - } else { - versions.push(v) - } - } - const indexPrefix = options.indexPrefix || '' - return indexAutocomplete({ dataRepoRoot: root, languages, versions, indexPrefix }) - }) - -program.parse(process.argv) diff --git a/src/search/scripts/index/lib/get-client.ts b/src/search/scripts/index/lib/get-client.ts deleted file mode 100644 index 4f9b79034430..000000000000 --- a/src/search/scripts/index/lib/get-client.ts +++ /dev/null @@ -1,27 +0,0 @@ -import { Client } from '@elastic/elasticsearch' - -export function getClient(): Client { - const node = getElasticsearchURL() - const client = new Client({ node }) - return client -} - -function getElasticsearchURL() { - if (!process.env.ELASTICSEARCH_URL) { - throw new Error( - 'Must passed the elasticsearch URL option or ' + - 'set the environment variable ELASTICSEARCH_URL', - ) - } - let node = process.env.ELASTICSEARCH_URL - - // Allow the user to lazily set it to `localhost:9200` for example. - if (!node.startsWith('http') && !node.startsWith('://') && node.split(':').length === 2) { - node = `http://${node}` - } - - const parsed = new URL(node) - if (!parsed.hostname) throw new Error('no valid hostname') - - return node -} diff --git a/src/search/scripts/index/lib/index-ai-search-autocomplete.ts b/src/search/scripts/index/lib/index-ai-search-autocomplete.ts new file mode 100644 index 000000000000..109514e04898 --- /dev/null +++ b/src/search/scripts/index/lib/index-ai-search-autocomplete.ts @@ -0,0 +1,118 @@ +import fs from 'node:fs' +import path from 'node:path' + +import { getElasticsearchClient } from '@/search/lib/helpers/get-client' +import { getElasticSearchIndex } from '@/search/lib/elasticsearch-indexes' +import { + createIndex, + populateIndex, + printSuccess, + updateAlias, +} from '@/search/scripts/index/utils/indexing-elasticsearch-utils' +import { getAISearchAutocompleteSettings } from '@/search/scripts/index/utils/settings' +import { aiSearchAutocompleteMappings } from '@/search/scripts/index/utils/mappings' +import { getPlanVersionFromIndexVersion } from '@/search/lib/elasticsearch-versions' + +import type { TermsWithFrequency } from '@/search/scripts/index/types' + +type Options = { + dataRepoRoot: string + languages: string[] + versions: string[] + retries?: number + sleepTime?: number + verbose?: boolean + indexPrefix?: string +} + +export async function indexAISearchAutocomplete(options: Options) { + const client = getElasticsearchClient(undefined, options.verbose) + await client.ping() // Will throw if not available + + console.log( + 'Indexing AI search autocomplete for languages: %O and versions: %O', + options.languages, + options.versions, + ) + + const { dataRepoRoot, languages, versions } = options + for (const language of languages) { + for (const version of versions) { + const startTime = new Date() + + const records = loadQueriesWithPriority({ dataRepoRoot, language, version }) + const { indexName, indexAlias } = getElasticSearchIndex( + 'aiSearchAutocomplete', + version, + language, + options.indexPrefix || '', + ) + + const settings = getAISearchAutocompleteSettings(language, options.verbose) + + await createIndex(client, indexAlias, settings, aiSearchAutocompleteMappings) + + const recordsArray = Object.entries(records).map(([term, popularity]) => ({ + term, + popularity, + })) + + await populateIndex(client, indexAlias, indexName, recordsArray, { + retries: options.retries, + sleepTime: options.sleepTime, + verbose: options.verbose, + }) + + await updateAlias(client, indexName, indexAlias, options) + + printSuccess(indexName, startTime, options.verbose) + } + } +} + +type LoadOptions = { + dataRepoRoot: string + language: string + version: string +} + +function loadQueriesWithPriority(options: LoadOptions): TermsWithFrequency { + // The {version} in the paths uses the version's 'plan' name, e.g. `free-pro-team` instead of `fpt` + const internalDataVersion = getPlanVersionFromIndexVersion(options.version) + + if (!internalDataVersion) { + throw new Error(`No rollup version found for version ${options.version}`) + } + + const queriesFilePath = path.join( + options.dataRepoRoot, + 'ai/search/queries', + options.language, + internalDataVersion, + 'queries.json', + ) + + const queriesFile = JSON.parse(fs.readFileSync(queriesFilePath, 'utf8')) + const { topQueries, allQueries } = queriesFile + + const terms: TermsWithFrequency = {} + + let popularity = topQueries.length + allQueries.length + + // Assign higher popularity to topQueries + for (const term of topQueries) { + terms[term] = popularity + popularity -= 1 + } + + // Assign remaining popularity to allQueries using the order they have in the JSON + for (const term of allQueries) { + // Don't read in the topQueries again (duplicates) + if (!(term in terms)) { + terms[term] = popularity + popularity -= 1 + } + } + + return terms +} diff --git a/src/search/scripts/index/lib/index-general-autocomplete.ts b/src/search/scripts/index/lib/index-general-autocomplete.ts new file mode 100644 index 000000000000..0d2eeb036f7e --- /dev/null +++ b/src/search/scripts/index/lib/index-general-autocomplete.ts @@ -0,0 +1,140 @@ +import fs from 'node:fs' +import path from 'node:path' + +import { getElasticsearchClient } from '@/search/lib/helpers/get-client' +import { getElasticSearchIndex } from '@/search/lib/elasticsearch-indexes' +import { + createIndex, + populateIndex, + printSuccess, + updateAlias, +} from '@/search/scripts/index/utils/indexing-elasticsearch-utils' +import { getGeneralAutocompleteSettings } from '@/search/scripts/index/utils/settings' +import { generalAutocompleteMappings } from '@/search/scripts/index/utils/mappings' +import { getPlanVersionFromIndexVersion } from '@/search/lib/elasticsearch-versions' + +import type { TermsWithFrequency } from '@/search/scripts/index/types' + +type Options = { + dataRepoRoot: string + languages: string[] + versions: string[] + retries?: number + sleepTime?: number + verbose?: boolean + indexPrefix?: string +} + +export async function indexGeneralAutocomplete(options: Options) { + const client = getElasticsearchClient(undefined, options.verbose) + await client.ping() // Will throw if not available + + console.log( + 'Indexing general autocomplete for languages: %O and versions: %O', + options.languages, + options.versions, + ) + + const { dataRepoRoot, versions, languages } = options + for (const language of languages) { + for (const version of versions) { + const startTime = new Date() + + const records = loadTermsWithFrequency({ version, language, dataRepoRoot }) + const { indexName, indexAlias } = getElasticSearchIndex( + 'generalAutocomplete', + version, + language, + options.indexPrefix || '', + ) + + const settings = getGeneralAutocompleteSettings(language, options.verbose) + + await createIndex(client, indexAlias, settings, generalAutocompleteMappings) + + const recordsArray = Object.entries(records).map(([term, popularity]) => ({ + term, + popularity, + })) + + await populateIndex(client, indexAlias, indexName, recordsArray, { + retries: options.retries, + sleepTime: options.sleepTime, + verbose: options.verbose, + }) + + await updateAlias(client, indexName, indexAlias, options) + + printSuccess(indexName, startTime, options.verbose) + } + } +} + +type LoadOptions = { + dataRepoRoot: string + language: string + version: string +} + +/* + * Terms are one-word search terms that a user might enter into a search toolbar + * We have two sources of "terms": + * - Previous user searches (searchTerms) + * - Terms auto-generated taking each word from each title of all of our articles (documentTerms) + * + * Each of the files live in our docs-internal-data repo that should be cloned before running this script. + * The paths to these files for each type of term are: + * - searchTerms: hydro/rollups/user-searches/{langauge}/{version}/rollup.json + * - documentTerms: hydro/rollups/user-searches/{langauge}/{version}/rollup.json + */ +function loadTermsWithFrequency(options: LoadOptions): TermsWithFrequency { + // The {version} in the paths uses the version's 'plan' name, e.g. `free-pro-team` instead of `fpt` + const internalDataVersion = getPlanVersionFromIndexVersion(options.version) + + if (!internalDataVersion) { + throw new Error(`No rollup version found for version ${options.version}`) + } + + const filePath = path.join( + options.dataRepoRoot, + 'hydro/rollups/user-searches', + options.language, + internalDataVersion, + 'rollup.json', + ) + const terms: TermsWithFrequency = {} + + const userSearchTerms: TermsWithFrequency = JSON.parse(fs.readFileSync(filePath, 'utf8')) + let maxFrequency = Math.max(...Object.values(userSearchTerms)) + if (maxFrequency === 0) { + throw new Error(`No records found for ${options.language} ${options.version}`) + } + for (const [term, frequency] of Object.entries(userSearchTerms)) { + // Normalize the frequency which will turn into "popularity" in ElasticSearch + // We include +1 here because "userSearchTerms" should have higher priority than "articleTitleTerms" + terms[term] = frequency / maxFrequency + 1 + } + + const articleTitleTermsFilePath = path.join( + options.dataRepoRoot, + 'all-documents/terms', + options.language, + internalDataVersion, + 'terms.json', + ) + const articleTitleTerms: TermsWithFrequency = JSON.parse( + fs.readFileSync(articleTitleTermsFilePath, 'utf8'), + ) + maxFrequency = Math.max(...Object.values(articleTitleTerms)) + if (maxFrequency === 0) { + throw new Error(`No document title records found for ${options.language} ${options.version}`) + } + for (const [articleTitleTerm, frequency] of Object.entries(articleTitleTerms)) { + if (!(articleTitleTerm in terms)) { + // Notice that we don't + 1 here because we want to give more priority to data from user searches + terms[articleTitleTerm] = frequency / maxFrequency + } + } + + return terms +} diff --git a/src/search/scripts/index/lib/index-general-search.ts b/src/search/scripts/index/lib/index-general-search.ts new file mode 100644 index 000000000000..c5d00b0b3540 --- /dev/null +++ b/src/search/scripts/index/lib/index-general-search.ts @@ -0,0 +1,167 @@ +import { Client } from '@elastic/elasticsearch' + +import { languageKeys } from '#src/languages/lib/languages.js' +import { getElasticSearchIndex } from '@/search/lib/elasticsearch-indexes' +import { getElasticsearchClient } from '@/search/lib/helpers/get-client' +import { + createIndex, + escapeHTML, + loadIndexRecords, + populateIndex, + printSuccess, + updateAlias, +} from '@/search/scripts/index/utils/indexing-elasticsearch-utils' +import { sleep } from '@/search/lib/helpers/time' +import { getGeneralSearchSettings } from '@/search/scripts/index/utils/settings' +import { generalSearchMappings } from '@/search/scripts/index/utils/mappings' +import { + allIndexVersionOptions, + versionToIndexVersionMap, +} from '@/search/lib/elasticsearch-versions' + +interface Options { + verbose?: boolean + version?: string | undefined + language?: string[] + notLanguage?: string[] + elasticsearchUrl?: string + indexPrefix?: string + staggerSeconds?: number + retries?: number + sleepTime: number +} + +export async function indexGeneralSearch(sourceDirectory: string, opts: Options) { + if (!sourceDirectory) { + throw new Error('Must pass the source directory as the first argument') + } + + const { language, notLanguage } = opts + + if (language && notLanguage) { + throw new Error("Can't combine --language and --not-language") + } + + const client = getElasticsearchClient(opts.elasticsearchUrl, opts.verbose) + await client.ping() // Will throw if not available + + let versions: string[] | 'all' = [] + if ('version' in opts) { + if (process.env.VERSION) { + console.warn( + `'version' specified as argument ('${versions}') AND environment variable ('${process.env.VERSION}')`, + ) + } + if (!Array.isArray(opts.version)) { + if (typeof opts.version === 'undefined') { + versions = 'all' + } else { + versions = [opts.version] + } + } else if (opts.version[0] === 'all') { + versions = 'all' + } else { + versions = opts.version + } + } else if (process.env.VERSION) { + if (process.env.VERSION !== 'all') { + versions = [process.env.VERSION] + } else { + versions = 'all' + } + } + + // Validate + if (versions !== 'all') { + for (const version of versions) { + if (!allIndexVersionOptions.includes(version || '')) { + throw new Error( + `Argument -version ${version} is not recognized. Must be one of ${allIndexVersionOptions}`, + ) + } + } + } + + let versionsToIndex: string[] = [] + if (!versions.length || versions === 'all') { + versionsToIndex = allIndexVersionOptions + } else if (versions.length) { + versionsToIndex = versions.map((version) => versionToIndexVersionMap[version]) + } + + const languages = + language || languageKeys.filter((lang) => !notLanguage || !notLanguage.includes(lang)) + + console.log( + 'Indexing general search for languages: %O and versions: %O', + languages, + versionsToIndex, + ) + + for (const language of languages) { + let count = 0 + for (const versionKey of versionsToIndex) { + const startTime = new Date() + + const { indexName, indexAlias } = getElasticSearchIndex( + 'generalSearch', + versionKey, + language, + opts.indexPrefix || '', + ) + + await indexVersion(client, indexName, indexAlias, language, sourceDirectory, opts) + + count++ + if (opts.staggerSeconds && count < versionsToIndex.length - 1) { + console.log(`Sleeping for ${opts.staggerSeconds} seconds...`) + await sleep(1000 * opts.staggerSeconds) + } + + printSuccess(indexName, startTime, opts.verbose) + } + } +} + +async function indexVersion( + client: Client, + indexName: string, + indexAlias: string, + language: string, + sourceDirectory: string, + opts: Options, +) { + const recordsData = await loadIndexRecords(indexName, sourceDirectory) + const allRecords = Object.values(recordsData).sort((a, b) => b.popularity - a.popularity) + const records = allRecords.map((doc) => { + const { title, objectID, content, breadcrumbs, headings, intro, toplevel } = doc + const contentEscaped = escapeHTML(content) + const headingsEscaped = escapeHTML(headings) + return { + url: objectID, + title, + title_explicit: title, + content: contentEscaped, + content_explicit: contentEscaped, + breadcrumbs, + headings: headingsEscaped, + headings_explicit: headingsEscaped, + popularity: doc.popularity + 1, + intro, + toplevel, + } + }) + + const settings = getGeneralSearchSettings(language, opts.verbose || false) + const mappings = generalSearchMappings + + await createIndex(client, indexAlias, settings, mappings) + + await populateIndex(client, indexAlias, indexName, records, { + retries: opts.retries, + sleepTime: opts.sleepTime * 1000, + verbose: opts.verbose, + }) + + await updateAlias(client, indexName, indexAlias, opts) +} diff --git a/src/search/scripts/index/lib/populate.ts b/src/search/scripts/index/lib/populate.ts deleted file mode 100644 index 252b90cefbcd..000000000000 --- a/src/search/scripts/index/lib/populate.ts +++ /dev/null @@ -1,107 +0,0 @@ -import chalk from 'chalk' -import { Client, errors } from '@elastic/elasticsearch' - -import type { Records, RetryConfig } from '../types' -import { retryOnErrorTest } from './retry-on-error-test' -import { repointAlias } from './repoint-alias' -import { formatTime, sleep } from './utils' - -type PopulateOptions = RetryConfig & { - verbose?: boolean - alias: string - name: string -} - -export async function populate(client: Client, records: Records, options: PopulateOptions) { - const { alias, name } = options - - const allRecords = Object.entries(records).sort((a, b) => b[1] - a[1]) - const operations = allRecords.flatMap(([term, count]) => { - const popularity = count / allRecords[0][1] // Normalize to 1.0 for the highest count - return [ - { index: { _index: alias } }, - { - term, - popularity, - }, - ] - }) - - const bulkOptions = { - // Default is 'false'. - // It means that the index is NOT refreshed as documents are inserted. - // Which makes sense in our case because we do not intend to search on - // this index until after we've pointed the alias to this new index. - refresh: false, - // Default is '1m' but we have no reason *not* to be patient. It's run - // by a bot on a schedeule (GitHub Actions). - timeout: '5m', - } - - const attempts = options.retries - const sleepTime = options.sleepTime * 1000 - - console.log(`About to bulk index ${allRecords.length.toLocaleString()} records with retry %O`, { - attempts, - sleepTime, - }) - const t0 = new Date() - const bulkResponse = await retryOnErrorTest( - (error: Error) => { - // Rate limiting can happen when you're indexing too much at - // same time. - return error instanceof errors.ResponseError && error.meta.statusCode === 429 - }, - () => client.bulk({ operations, ...bulkOptions }), - { - attempts, - sleepTime, - onError: (_, attempts, sleepTime) => { - console.warn( - chalk.yellow( - `Failed to bulk index ${name}. Will attempt ${attempts} more times (after ${ - sleepTime / 1000 - }s sleep).`, - ), - ) - }, - }, - ) - - if (bulkResponse.errors) { - // Some day, when we're more confident how and why this might happen - // we can rewrite this code to "massage" the errors better. - // For now, if it fails, it's "OK". It means we won't be proceeding, - // an error is thrown in Actions and we don't have to worry about - // an incompletion index. - console.error(`Bulk response errors: ${bulkResponse.errors}`) - throw new Error('Bulk errors happened.') - } - const t1 = new Date() - console.log(`Bulk indexed ${alias}. Took ${formatTime(t1.getTime() - t0.getTime())}`) - - // The counting of documents in the index is async and can take a while - // to reflect. So send count requests until we get the right number. - let documentsInIndex = 0 - let countAttempts = 3 - while (documentsInIndex < allRecords.length) { - const { count } = await client.count({ index: alias }) - documentsInIndex = count - if (documentsInIndex >= allRecords.length) break - countAttempts-- - if (!countAttempts) { - console.log(`After ${countAttempts} attempts still haven't matched the expected number.`) - break - } - await sleep(1000) - } - console.log( - `Documents now in ${chalk.bold(alias)}: ${chalk.bold(documentsInIndex.toLocaleString())}`, - ) - - await repointAlias(client, alias, name, { - attempts, - sleepTime, - verbose: Boolean(options.verbose), - }) -} diff --git a/src/search/scripts/index/lib/repoint-alias.ts b/src/search/scripts/index/lib/repoint-alias.ts deleted file mode 100644 index 36af59d2609e..000000000000 --- a/src/search/scripts/index/lib/repoint-alias.ts +++ /dev/null @@ -1,77 +0,0 @@ -import chalk from 'chalk' -import { Client, errors } from '@elastic/elasticsearch' - -import { retryOnErrorTest } from './retry-on-error-test' -import { formatTime } from './utils' - -export async function repointAlias( - client: Client, - alias: string, - name: string, - options: { - attempts: number - sleepTime: number - verbose: boolean - }, -) { - const { attempts, sleepTime, verbose } = options - // To perform an atomic operation that creates the new alias and removes - // the old indexes, we can use the updateAliases API with a body that - // includes an "actions" array. The array includes the added alias - // and the removed indexes. If any of the actions fail, none of the operations - // are performed. - // https://www.elastic.co/guide/en/elasticsearch/reference/master/indices-aliases.html - - type Update = - | { - add: { - index: string - alias: string - } - } - | { - remove_index: { - index: string - } - } - const aliasUpdates: Update[] = [ - { - add: { - index: alias, - alias: name, - }, - }, - ] - console.log(`Alias ${name} -> ${alias}`) - - console.log('About to get indices with retry %O', { attempts, sleepTime }) - const indices = await retryOnErrorTest( - (error: any) => { - // 404 can happen when you're trying to get an index that - // doesn't exist. ...yet! - return error instanceof errors.ResponseError && error.meta.statusCode === 404 - }, - () => client.cat.indices({ format: 'json' }), - { - attempts, - sleepTime, - onError: (error, attempts, sleepTime) => { - console.warn( - chalk.yellow( - `Failed to get index ${name} (${ - error.message || error.toString() - }). Will attempt ${attempts} more times (after ${formatTime(sleepTime)}s sleep).`, - ), - ) - }, - }, - ) - for (const index of indices) { - if (index.index !== alias && index.index.startsWith(name)) { - aliasUpdates.push({ remove_index: { index: index.index } }) - console.log('Deleting index', index.index) - } - } - if (verbose) console.log('Updating alias actions:', aliasUpdates) - await client.indices.updateAliases({ body: { actions: aliasUpdates } }) -} diff --git a/src/search/scripts/index/types.ts b/src/search/scripts/index/types.ts index 533fb79d045f..eaaa82ae0e2d 100644 --- a/src/search/scripts/index/types.ts +++ b/src/search/scripts/index/types.ts @@ -1,10 +1,43 @@ -export type Version = 'free-pro-team' | 'enterprise-server' | 'enterprise-cloud' - -export type Records = { - [key: string]: number -} - export type RetryConfig = { retries: number sleepTime: number } + +export interface Options { + language?: string + notLanguage?: string + version?: string + docsInternalData?: string + markers?: boolean + filter?: string +} + +export type Args = string[] + +export interface Page { + relativePath: string + redirect_from?: string[] +} + +export interface Config { + noMarkers: boolean + filter?: string + docsInternalDataPath?: string +} + +export type TermsWithFrequency = { [term: string]: number } + +export interface Records { + [objectID: string]: Record // Here objectId will be identical to the record's objectId +} + +export interface Record { + objectID: string // e.g. "/en/enterprise-cloud@latest/get-started" + breadcrumbs: string // e.g. "Get started / Using GitHub" + title: string // e.g. "Get started with GitHub documentation" + headings: string + content: string + intro: string + toplevel: string + popularity: number +} diff --git a/src/search/scripts/index/utils/constants.ts b/src/search/scripts/index/utils/constants.ts new file mode 100644 index 000000000000..6b833259d0c8 --- /dev/null +++ b/src/search/scripts/index/utils/constants.ts @@ -0,0 +1,11 @@ +export const SNOWBALL_LANGUAGES: { [key: string]: string } = { + en: 'English', + fr: 'French', + es: 'Spanish', + ru: 'Russian', + it: 'Italian', + de: 'German', + pt: 'Portuguese', +} + +export const DEFAULT_SLEEPTIME_SECONDS = 30 diff --git a/src/search/scripts/index/utils/indexing-elasticsearch-utils.ts b/src/search/scripts/index/utils/indexing-elasticsearch-utils.ts new file mode 100644 index 000000000000..8bde91c54685 --- /dev/null +++ b/src/search/scripts/index/utils/indexing-elasticsearch-utils.ts @@ -0,0 +1,178 @@ +import chalk from 'chalk' +import { Client, estypes, errors } from '@elastic/elasticsearch' +import fs from 'fs/promises' +import path from 'path' + +import { readableTimeMinAndSec, sleep } from '@/search/lib/helpers/time' +import { retryOnErrorTest } from '@/search/scripts/index/utils/retry-on-error-test' +import { + DEFAULT_SLEEPTIME_SECONDS, + SNOWBALL_LANGUAGES, +} from '@/search/scripts/index/utils/constants' +import { safeUrlDisplay } from '@/search/lib/helpers/strings' + +import type { Records } from '@/search/scripts/index/types' + +type Options = { + retries?: number + sleepTime?: number + verbose?: boolean +} + +export async function createIndex( + client: Client, + indexAlias: string, + settings: estypes.IndicesIndexSettings, + mappings: estypes.MappingTypeMapping, +) { + await client.indices.create({ + index: indexAlias, + mappings, + settings, + }) +} + +export async function populateIndex( + client: Client, + indexAlias: string, + indexName: string, + records: any[], + options: Options, +) { + console.log(chalk.yellow(`\nIndexing ${chalk.bold(indexName)}`)) + const bulkOperations = records.flatMap((doc) => [{ index: { _index: indexAlias } }, doc]) + + const bulkOptions = { + refresh: false, + timeout: '5m', + } + + const attempts = options.retries || 0 + const sleepTime = options.sleepTime || DEFAULT_SLEEPTIME_SECONDS * 1000 + console.log(`About to bulk index ${records.length.toLocaleString()} records with retry %O`, { + attempts, + sleepTimeMS: sleepTime, + }) + + const t0 = new Date() + const bulkResponse = await retryOnErrorTest( + (error) => error instanceof errors.ResponseError && error.meta.statusCode === 429, + () => client.bulk({ operations: bulkOperations, ...bulkOptions }), + { + attempts, + sleepTime, + onError: (_, attempts, sleepTime) => { + console.warn( + chalk.yellow( + `Failed to bulk index ${indexName}. Will attempt ${attempts} more times (after ${ + sleepTime / 1000 + }s sleep).`, + ), + ) + }, + }, + ) + + if (bulkResponse.errors) { + console.error(`Bulk response errors: ${bulkResponse.errors}`) + throw new Error('Bulk errors happened.') + } + const t1 = new Date() + console.log( + `Bulk indexed ${indexAlias}. Took ${readableTimeMinAndSec(t1.getTime() - t0.getTime())}`, + ) + + let documentsInIndex = 0 + let countAttempts = 3 + while (documentsInIndex < records.length) { + const { count } = await client.count({ index: indexAlias }) + documentsInIndex = count + if (documentsInIndex >= records.length) break + countAttempts-- + if (!countAttempts) { + console.log(`After ${countAttempts} attempts still haven't matched the expected number.`) + break + } + await sleep(1000) + } + + console.log(`Documents now in ${indexAlias}: ${documentsInIndex.toLocaleString()}`) +} + +export async function updateAlias( + client: Client, + indexName: string, + indexAlias: string, + options: Options, +) { + const aliasUpdates: estypes.IndicesUpdateAliasesAction[] = [ + { + add: { + index: indexAlias, + alias: indexName, + }, + }, + ] + + const indices = await retryOnErrorTest( + (error) => { + // 404 can happen when you're trying to get an index that + // doesn't exist. ...yet! + return error instanceof errors.ResponseError && error.meta.statusCode === 404 + }, + () => client.cat.indices({ format: 'json' }), + { + attempts: options.retries || 0, + sleepTime: (options.sleepTime || DEFAULT_SLEEPTIME_SECONDS) * 1000, + onError: (error, attempts, sleepTime) => { + console.warn( + chalk.yellow( + `Failed to get index ${indexName} (${ + error.message || error.toString() + }). Will attempt ${attempts} more times (after ${readableTimeMinAndSec(sleepTime)}s sleep).`, + ), + ) + }, + }, + ) + + for (const index of indices) { + if (index.index !== indexAlias && index.index.startsWith(indexName)) { + aliasUpdates.push({ remove_index: { index: index.index } }) + console.log('Deleting old index', index.index) + } + } + if (options.verbose) console.log('Updating alias actions:', aliasUpdates) + await client.indices.updateAliases({ body: { actions: aliasUpdates } }) +} + +export function printSuccess(indexName: string, startTime: Date, verbose = false) { + const endTime = new Date() + console.log( + chalk.green( + `Finished indexing ${indexName}. Took ${readableTimeMinAndSec(endTime.getTime() - startTime.getTime())}`, + ), + ) + + if (verbose) { + console.log(`To view index: ${safeUrlDisplay(`/${indexName}`)}`) + console.log(`To search index: ${safeUrlDisplay(`/${indexName}/_search`)}`) + } +} + +export async function loadIndexRecords( + indexName: string, + sourceDirectory: string, +): Promise { + const filePath = path.join(sourceDirectory, `${indexName}-records.json`) + const payload = await fs.readFile(filePath, 'utf8') + return JSON.parse(payload) +} + +export function escapeHTML(content: string): string { + return content.replace(//g, '>').replace(/"/g, '"') +} + +export function getSnowballLanguage(language: string): string | undefined { + return SNOWBALL_LANGUAGES[language] +} diff --git a/src/search/scripts/index/utils/mappings.ts b/src/search/scripts/index/utils/mappings.ts new file mode 100644 index 000000000000..1bacf528ee21 --- /dev/null +++ b/src/search/scripts/index/utils/mappings.ts @@ -0,0 +1,52 @@ +import type { estypes } from '@elastic/elasticsearch' + +export const generalSearchMappings: estypes.MappingTypeMapping = { + properties: { + url: { type: 'keyword' }, + title: { + type: 'text', + analyzer: 'text_analyzer', + norms: false, + term_vector: 'with_positions_offsets', + }, + title_explicit: { type: 'text', analyzer: 'text_analyzer_explicit', norms: false }, + content: { + type: 'text', + analyzer: 'text_analyzer', + term_vector: 'with_positions_offsets', + }, + content_explicit: { + type: 'text', + analyzer: 'text_analyzer_explicit', + term_vector: 'with_positions_offsets', + }, + headings: { type: 'text', analyzer: 'text_analyzer', norms: false }, + headings_explicit: { type: 'text', analyzer: 'text_analyzer_explicit', norms: false }, + breadcrumbs: { type: 'text' }, + popularity: { type: 'float' }, + intro: { type: 'text' }, + toplevel: { type: 'keyword' }, + }, +} + +export const generalAutocompleteMappings: estypes.MappingTypeMapping = { + properties: { + term: { + type: 'text', + analyzer: 'text_analyzer', + term_vector: 'with_positions_offsets', + }, + popularity: { type: 'float' }, + }, +} + +export const aiSearchAutocompleteMappings: estypes.MappingTypeMapping = { + properties: { + term: { + type: 'text', + analyzer: 'text_analyzer', + term_vector: 'with_positions_offsets', + }, + popularity: { type: 'float' }, + }, +} diff --git a/src/search/scripts/index/lib/retry-on-error-test.ts b/src/search/scripts/index/utils/retry-on-error-test.ts similarity index 97% rename from src/search/scripts/index/lib/retry-on-error-test.ts rename to src/search/scripts/index/utils/retry-on-error-test.ts index b2c88420a4ef..bed48738f492 100644 --- a/src/search/scripts/index/lib/retry-on-error-test.ts +++ b/src/search/scripts/index/utils/retry-on-error-test.ts @@ -1,5 +1,3 @@ -// [start-readme] -// // Return a function that you can use to run any code within and if it // throws you get a chance to say whether to sleep + retry. // Example: @@ -20,10 +18,8 @@ // Note that, by default, the sleep time is "exponential" by a factor of // 1.5. So the first sleep will, in the above example, // be 800ms. Then 1,200ms, Then 1,800ms. etc. -// -// [end-readme] -import { sleep } from './utils' +import { sleep } from '@/search/lib/helpers/time' export async function retryOnErrorTest( errorTest: (error: any) => boolean, diff --git a/src/search/scripts/index/utils/settings.ts b/src/search/scripts/index/utils/settings.ts new file mode 100644 index 000000000000..a2d65ca29ffe --- /dev/null +++ b/src/search/scripts/index/utils/settings.ts @@ -0,0 +1,118 @@ +import { SNOWBALL_LANGUAGES } from '@/search/scripts/index/utils/constants' + +import type { estypes } from '@elastic/elasticsearch' +import type { + AnalysisSnowballLanguage, + AnalysisCustomAnalyzer, +} from '@elastic/elasticsearch/lib/api/types' + +export function getGeneralSearchSettings( + language: string, + verbose: boolean, +): estypes.IndicesIndexSettings { + const settings: estypes.IndicesIndexSettings = { + analysis: { + char_filter: { + hyphenation_filter: { + type: 'mapping', + mappings: ['- => _'], + }, + }, + analyzer: { + text_analyzer_explicit: { + char_filter: ['hyphenation_filter'], + filter: ['lowercase', 'stop', 'asciifolding'], + tokenizer: 'standard', + type: 'custom', + } as AnalysisCustomAnalyzer, + text_analyzer: { + filter: ['lowercase', 'stop', 'asciifolding'], + tokenizer: 'standard', + type: 'custom', + } as AnalysisCustomAnalyzer, + }, + filter: {}, + }, + } + + const snowballLanguage = SNOWBALL_LANGUAGES[language] + if (snowballLanguage) { + const textAnalyzer = settings.analysis!.analyzer!.text_analyzer as AnalysisCustomAnalyzer + textAnalyzer.filter!.push('languaged_snowball') + + settings.analysis!.filter!['languaged_snowball'] = { + type: 'snowball', + language: snowballLanguage as AnalysisSnowballLanguage, + } + } else if (verbose) { + console.warn(`No snowball language for '${language}'`) + } + + return settings +} + +export function getGeneralAutocompleteSettings( + language: string, + verbose = false, +): estypes.IndicesIndexSettings { + const settings: estypes.IndicesIndexSettings = { + analysis: { + analyzer: { + text_analyzer: { + filter: ['lowercase'], + tokenizer: 'standard', + type: 'custom', + } as AnalysisCustomAnalyzer, + }, + filter: {}, + }, + } + + const snowballLanguage = SNOWBALL_LANGUAGES[language] + if (snowballLanguage) { + const textAnalyzer = settings.analysis!.analyzer!.text_analyzer as AnalysisCustomAnalyzer + textAnalyzer.filter!.push('languaged_snowball') + + settings.analysis!.filter!['languaged_snowball'] = { + type: 'snowball', + language: snowballLanguage as AnalysisSnowballLanguage, + } + } else if (verbose) { + console.warn(`No snowball language for '${language}'`) + } + + return settings +} + +export function getAISearchAutocompleteSettings( + language: string, + verbose = false, +): estypes.IndicesIndexSettings { + const settings: estypes.IndicesIndexSettings = { + analysis: { + analyzer: { + text_analyzer: { + filter: ['lowercase'], + tokenizer: 'standard', + type: 'custom', + } as AnalysisCustomAnalyzer, + }, + filter: {}, + }, + } + + const snowballLanguage = SNOWBALL_LANGUAGES[language] + if (snowballLanguage) { + const textAnalyzer = settings.analysis!.analyzer!.text_analyzer as AnalysisCustomAnalyzer + textAnalyzer.filter!.push('languaged_snowball') + + settings.analysis!.filter!['languaged_snowball'] = { + type: 'snowball', + language: snowballLanguage as AnalysisSnowballLanguage, + } + } else if (verbose) { + console.warn(`No snowball language for '${language}'`) + } + + return settings +} diff --git a/src/search/scripts/retry-on-error-test.js b/src/search/scripts/retry-on-error-test.js deleted file mode 100644 index c41b222b47d0..000000000000 --- a/src/search/scripts/retry-on-error-test.js +++ /dev/null @@ -1,76 +0,0 @@ -// [start-readme] -// -// Return a function that you can use to run any code within and if it -// throws you get a chance to say whether to sleep + retry. -// Example: -// -// async function mainFunction() { -// if (Math.random() > 0.9) throw new Error('too large') -// return 'OK' -// } -// -// const errorTest = (err) => err instanceof Error && err.message.includes('too large') -// const config = { // all optional -// attempts: 3, -// sleepTime: 800, -// onError: (err, attempts) => console.warn(`Failed ${attempts} attempts`) -// } -// const ok = await retry(errorTest, mainFunction, config) -// -// Note that, by default, the sleep time is "exponential" by a factor of -// 1.5. So the first sleep will, in the above example, -// be 800ms. Then 1,200ms, Then 1,800ms. etc. -// -// [end-readme] - -const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms)) - -export async function retryOnErrorTest( - errorTest, - callback, - { - attempts = 4, - sleepTime = 1000, - exponential = 1.5, - jitterPercent = 25, - onError = () => {}, - } = {}, -) { - while (true) { - try { - return await callback() - } catch (error) { - if (error instanceof Error && attempts > 0 && errorTest(error)) { - if (onError) onError(error, attempts, sleepTime) - attempts-- - // The reason for the jitter is to avoid a thundering herd problem. - // Suppose two independent processes/threads start at the same time. - // They both fail, perhaps due to rate limiting. Now, if they both - // sleep for 30 seconds in the first retry attempt, it'll just - // clash again 30 seconds later. But if you add a bit of jitter, at - // the next attempt these independent processes/threads will now - // start at slightly different times. - - // According to the Oxford English dictionary, they define "jitter" as: - // - // slight irregular movement, variation, or unsteadiness, - // especially in an electrical signal or electronic device. - // - await sleep(addJitter(sleepTime, jitterPercent)) - if (exponential) { - sleepTime *= 2 - } - } else { - throw error - } - } - } -} - -function addJitter(num, percent) { - // Return the number plus between 0 and $percent of that number. - // For example, for 1,000 with a 20% jitter you might get 1133.4 - // because you start with 1,000 and 13.4% is a random number between - // 0 and 20%. - return num + Math.random() * percent * 0.01 * num -} diff --git a/src/search/scripts/scrape/README.md b/src/search/scripts/scrape/README.md new file mode 100644 index 000000000000..538052f51b96 --- /dev/null +++ b/src/search/scripts/scrape/README.md @@ -0,0 +1,40 @@ +# Scraping for General Search + +We need to scrape each page on the Docs site and use the data we scrape to index Elasticsearch. + +We currently only scrape for **general search** results. + +Autocomplete search data is generated from analytics events and GPT queries. + +## CLI Script + +Before running the scraping script ensure that the server is running in another terminal with `npm run general-search-scrape-server` + +Run the script with `npm run general-search-scrape -- ` + +After a successful run it will generate a series of JSON files with the page data of every page of the Docs site into the passed directory. + +The `index-general-search.yml` workflow will scrape the records into `/tmp/records` then proceed to run the [general-search indexing script](../index/README.md) + +To see the arguments accepted by the script, pass the `--help` argument, for example + +```bash +npm run general-search-scrape -- --help +``` + +## Records (scraped pages) + +In the context of an Elasticsearch index, a record represents a page. Each record has `breadcrumbs`, `title`, `headings`, `content` (the article content in text, not HTML), `intro` (if one exists in the frontmatter), and a unique `objectID` that is currently just the permalink of the article. Here's an example: + +```json +{ + "objectID":"/en/actions/creating-actions/about-custom-actions", + "breadcrumbs":"GitHub Actions / Creating actions", + "title":"About custom actions", + "headings":"About custom actions\nTypes of actions\n[...]", + "content":"Actions are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, [...]", + "intro":"Actions are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the GitHub community.", + "toplevel":"GitHub Actions", + "popularity":0 +} +``` diff --git a/src/search/scripts/build-records.js b/src/search/scripts/scrape/lib/build-records.ts similarity index 75% rename from src/search/scripts/build-records.js rename to src/search/scripts/scrape/lib/build-records.ts index 42313c4ee149..329771487a85 100644 --- a/src/search/scripts/build-records.js +++ b/src/search/scripts/scrape/lib/build-records.ts @@ -1,14 +1,16 @@ -#!/usr/bin/env node import eventToPromise from 'event-to-promise' import chalk from 'chalk' import dotenv from 'dotenv' import boxen from 'boxen' import { HTTPError } from 'got' -import parsePageSectionsIntoRecords from './parse-page-sections-into-records.js' -import getPopularPages from './popular-pages.js' -import languages from '#src/languages/lib/languages.js' -import domwaiter from './domwaiter.js' +import languages from '@/languages/lib/languages.js' +import parsePageSectionsIntoRecords from '@/search/scripts/scrape/lib/parse-page-sections-into-records' +import getPopularPages from '@/search/scripts/scrape/lib/popular-pages' +import domwaiter from '@/search/scripts/scrape/lib/domwaiter' +import { getAllVersionsKeyFromIndexVersion } from '@/search/lib/elasticsearch-versions' + +import type { Page, Permalink, Record, Config, Redirects } from '@/search/scripts/scrape/types' const pageMarker = chalk.green('|') const recordMarker = chalk.grey('.') @@ -31,16 +33,19 @@ const MIN_TIME = parseInt(process.env.BUILD_RECORDS_MIN_TIME || '5', 10) const FORCE_0_POPULARITY_PRODUCTS = new Set(['contributing']) export default async function buildRecords( - indexName, - indexablePages, - pageVersion, - languageCode, - redirects, - config = {}, -) { + indexName: string, + indexablePages: Page[], + indexVersion: string, + languageCode: string, + redirects: Redirects, + config: Config = {} as Config, +): Promise { + // Determine the page version from the index version + const pageVersion = getAllVersionsKeyFromIndexVersion(indexVersion) + const { noMarkers, docsInternalDataPath } = config console.log(`\n\nBuilding records for index '${indexName}' (${languages[languageCode].name})`) - const records = [] + const records: Record[] = [] const pages = indexablePages // exclude pages that are not in the current language .filter((page) => page.languageCode === languageCode) @@ -55,12 +60,15 @@ export default async function buildRecords( }) }) .map((permalink) => { - permalink.url = `http://localhost:${port}${permalink.href}` + if (permalink) { + permalink.url = `http://localhost:${port}${permalink.href}` + } return permalink }) + .filter((permalink): permalink is Permalink => permalink !== undefined) const popularPages = docsInternalDataPath - ? await getPopularPages(docsInternalDataPath, redirects, pageVersion, languageCode) + ? await getPopularPages(docsInternalDataPath, redirects, indexVersion, languageCode) : {} console.log('indexable pages', indexablePages.length) @@ -93,7 +101,7 @@ export default async function buildRecords( if (err instanceof HTTPError && !err.response.ok) { console.log( '\n' + - boxen(chalk.bold(err.request.requestUrl.pathname), { + boxen(chalk.bold(err.request.requestUrl?.pathname), { title: chalk.red('The URL it failed on was'), padding: 1, borderColor: 'red', diff --git a/src/search/scripts/domwaiter.js b/src/search/scripts/scrape/lib/domwaiter.ts similarity index 50% rename from src/search/scripts/domwaiter.js rename to src/search/scripts/scrape/lib/domwaiter.ts index fccfc4aaae7c..fe70a1d9fedd 100644 --- a/src/search/scripts/domwaiter.js +++ b/src/search/scripts/scrape/lib/domwaiter.ts @@ -1,9 +1,18 @@ -import { EventEmitter } from 'node:events' +import { EventEmitter } from 'events' import Bottleneck from 'bottleneck' import got from 'got' import cheerio from 'cheerio' -export default function domwaiter(pages, opts = {}) { +import type { Permalink } from '@/search/scripts/scrape/types' + +interface DomWaiterOptions { + parseDOM?: boolean + json?: boolean + maxConcurrent?: number + minTime?: number +} + +export default function domwaiter(pages: Permalink[], opts: DomWaiterOptions = {}): EventEmitter { const emitter = new EventEmitter() const defaults = { @@ -17,26 +26,26 @@ export default function domwaiter(pages, opts = {}) { const limiter = new Bottleneck(opts) pages.forEach((page) => { - limiter.schedule(getPage, page, emitter, opts) + limiter.schedule(() => getPage(page, emitter, opts)) }) - limiter - .on('idle', () => { - emitter.emit('done') - }) - .on('error', (err) => { - emitter.emit('error', err) - }) + limiter.on('idle', () => { + emitter.emit('done') + }) + + limiter.on('error', (err) => { + emitter.emit('error', err) + }) return emitter } -async function getPage(page, emitter, opts) { +async function getPage(page: Permalink, emitter: EventEmitter, opts: DomWaiterOptions) { emitter.emit('beforePageLoad', page) if (opts.json) { try { - const json = await got(page.url).json() + const json = await got(page.url!).json() const pageCopy = Object.assign({}, page, { json }) emitter.emit('page', pageCopy) } catch (err) { @@ -44,9 +53,9 @@ async function getPage(page, emitter, opts) { } } else { try { - const body = (await got(page.url)).body + const body = (await got(page.url!)).body const pageCopy = Object.assign({}, page, { body }) - if (opts.parseDOM) pageCopy.$ = cheerio.load(body) + if (opts.parseDOM) (pageCopy as any).$ = cheerio.load(body) emitter.emit('page', pageCopy) } catch (err) { emitter.emit('error', err) diff --git a/src/search/scripts/find-indexable-pages.js b/src/search/scripts/scrape/lib/find-indexable-pages.ts similarity index 70% rename from src/search/scripts/find-indexable-pages.js rename to src/search/scripts/scrape/lib/find-indexable-pages.ts index 9e05abfec99d..ed37cd196c2b 100644 --- a/src/search/scripts/find-indexable-pages.js +++ b/src/search/scripts/scrape/lib/find-indexable-pages.ts @@ -1,8 +1,9 @@ -#!/usr/bin/env node -import { loadPages } from '#src/frame/lib/page-data.js' +import { loadPages } from '@/frame/lib/page-data.js' -export default async function findIndexablePages(match = '') { - const allPages = await loadPages() +import type { Page } from '@/search/scripts/scrape/types' + +export default async function findIndexablePages(match = ''): Promise { + const allPages: Page[] = await loadPages() const indexablePages = allPages // exclude hidden pages .filter((page) => !page.hidden) diff --git a/src/search/scripts/parse-page-sections-into-records.js b/src/search/scripts/scrape/lib/parse-page-sections-into-records.ts similarity index 91% rename from src/search/scripts/parse-page-sections-into-records.js rename to src/search/scripts/scrape/lib/parse-page-sections-into-records.ts index 0897b7c289a5..8bee4c2a237b 100644 --- a/src/search/scripts/parse-page-sections-into-records.js +++ b/src/search/scripts/scrape/lib/parse-page-sections-into-records.ts @@ -1,17 +1,18 @@ -#!/usr/bin/env node import { render } from 'cheerio-to-text' +import type { Record } from '@/search/scripts/scrape/types' + // This module takes cheerio page object and divides it into sections // using H1,H2 heading elements as section delimiters. The text // that follows each heading becomes the content of the search record. const ignoredHeadingSlugs = ['in-this-article', 'further-reading', 'prerequisites'] -export default function parsePageSectionsIntoRecords(page) { +export default function parsePageSectionsIntoRecords(page: any): Record { const { href, $ } = page const title = $('h1').first().text().trim() const breadcrumbsArray = $('[data-search=breadcrumbs] nav.breadcrumbs a') - .map((i, el) => { + .map((i: number, el: any) => { return $(el).text().trim().replace('/', '').replace(/\s+/g, ' ') }) .get() @@ -21,8 +22,7 @@ export default function parsePageSectionsIntoRecords(page) { // page that don't make much sense to find in a site search. $('[data-search=hide]').remove() - // Only slice off the last one if the length of the array is greater - // that 1. + // Only slice off the last one if the length of the array is greater than 1 // On an article page, we the breadcrumbs array will be something // like: // @@ -51,12 +51,12 @@ export default function parsePageSectionsIntoRecords(page) { const $sections = $('h2', $root) .filter('[id]') - .filter((i, el) => { + .filter((i: number, el: any) => { return !ignoredHeadingSlugs.includes($(el).attr('id')) }) const headings = $sections - .map((i, el) => $(el).text()) + .map((i: number, el: any) => $(el).text()) .get() .join('\n') .trim() diff --git a/src/search/scripts/popular-pages.js b/src/search/scripts/scrape/lib/popular-pages.ts similarity index 61% rename from src/search/scripts/popular-pages.js rename to src/search/scripts/scrape/lib/popular-pages.ts index 11dac8186206..a6e42053441b 100644 --- a/src/search/scripts/popular-pages.js +++ b/src/search/scripts/scrape/lib/popular-pages.ts @@ -2,28 +2,31 @@ import { join } from 'path' import { existsSync } from 'fs' import fs from 'fs/promises' -export default async function getPopularPages(dirPath, redirects, version, language) { - // The dirPath is the path to the github/docs-internal-data repo. - // We make assumptions about the structure of the repo. In particular, - // the pageviews rollups live in - // `hydro/rollups/pageviews/$language/$versionprefix/rollup.json` - // For example - // `hydro/rollups/pageviews/en/enterprise-cloud/rollup.json` - const versionPrefix = version.split('@')[0] - let filePath = join(dirPath, 'hydro/rollups/pageviews', language, versionPrefix, 'rollup.json') +import { getPlanVersionFromIndexVersion } from '@/search/lib/elasticsearch-versions.js' + +import type { Redirects, PopularPages } from '@/search/scripts/scrape/types' + +export default async function getPopularPages( + dirPath: string, + redirects: Redirects, + indexVersion: string, + language: string, +): Promise { + const planVersion = getPlanVersionFromIndexVersion(indexVersion) + let filePath = join(dirPath, 'hydro/rollups/pageviews', language, planVersion, 'rollup.json') if (!existsSync(filePath) && language !== 'en') { console.warn("Trying the rollup for 'en'") language = 'en' - filePath = join(dirPath, 'hydro/rollups/pageviews', language, versionPrefix, 'rollup.json') + filePath = join(dirPath, 'hydro/rollups/pageviews', language, planVersion, 'rollup.json') } if (!existsSync(filePath)) { - throw new Error(`No rollup found for version '${versionPrefix}'. Tried ${filePath}`) + throw new Error(`No rollup found for version '${planVersion}'. Tried ${filePath}`) } const rollupRaw = await fs.readFile(filePath, 'utf-8') - // Firt iterate through the array of objects, not making an assumption + // First iterate through the array of objects, not making an assumption // that the first one is the biggest one. - const all = {} + const all: { [key: string]: number } = {} for (const [path, count] of Object.entries(JSON.parse(rollupRaw))) { if (!path) { // Can happen if the SQL query is, for some unknown reason, finding @@ -41,11 +44,11 @@ export default async function getPopularPages(dirPath, redirects, version, langu // We never index these anyway so their popularity is never relevant. continue } - all[path] = count + all[path] = count as number } const biggestCount = Math.max(...Object.values(all)) - const popularPages = {} + const popularPages: PopularPages = {} for (const [path, count] of Object.entries(all)) { // Don't bother writing massively long floating point numbers // because reducing it makes the JSON records smaller and we don't @@ -55,11 +58,6 @@ export default async function getPopularPages(dirPath, redirects, version, langu // The reason we're heeding redirects is because it's possible // that the JSON file is older/"staler" than the // content itself. - // Imaging our analytics recorded that `/en/foo` had 1,234 pageviews, - // and someone goes and... `git mv content/foo content/bar` plus - // adding `redirect_from: - /foo` into the front-matter. - // Then, by using the redirects first, we can maintain that popularity - // by now "pretending" that it's `/en/bar` that has 1,234 pageviews. popularPages[redirects[path] || path] = ratio } diff --git a/src/search/scripts/sync.js b/src/search/scripts/scrape/lib/scrape-into-index-json.ts similarity index 64% rename from src/search/scripts/sync.js rename to src/search/scripts/scrape/lib/scrape-into-index-json.ts index 98feec1b81e6..56cbe264d4e6 100644 --- a/src/search/scripts/sync.js +++ b/src/search/scripts/scrape/lib/scrape-into-index-json.ts @@ -1,22 +1,22 @@ -#!/usr/bin/env node import chalk from 'chalk' -import languages from '#src/languages/lib/languages.js' -import buildRecords from './build-records.js' -import findIndexablePages from './find-indexable-pages.js' -import { allVersions } from '#src/versions/lib/all-versions.js' -import { namePrefix } from '#src/search/lib/config.js' -import { writeIndexRecords } from './search-index-records.js' +import languages from '@/languages/lib/languages.js' +import buildRecords from '@/search/scripts/scrape/lib/build-records' +import findIndexablePages from '@/search/scripts/scrape/lib/find-indexable-pages' +import { writeIndexRecords } from '@/search/scripts/scrape/lib/search-index-records' +import { getElasticSearchIndex } from '@/search/lib/elasticsearch-indexes' + +import type { Options, Config, Page, Redirects } from '@/search/scripts/scrape/types' // Build a search data file for every combination of product version and language // e.g. `github-docs-dotcom-en.json` and `github-docs-2.14-ja.json` -export default async function syncSearchIndexes({ +export default async function scrapeIntoIndexJson({ language, notLanguage, outDirectory, versionsToBuild, - config = {}, -}) { + config = {} as Config, +}: Options): Promise { const t0 = new Date() // build indices for a specific language if provided; otherwise build indices for all languages @@ -25,14 +25,14 @@ export default async function syncSearchIndexes({ ) console.log( - `Building indices for ${chalk.yellow(language || 'all languages')} and ${chalk.yellow( + `Building indices for language: ${chalk.yellow(language || 'all languages')} and version: ${chalk.yellow( versionsToBuild.length === 1 ? versionsToBuild[0] : 'all versions', )}.\n`, ) // Exclude WIP pages, hidden pages, index pages, etc - const indexablePages = await findIndexablePages(config.filter) - const redirects = {} + const indexablePages: Page[] = await findIndexablePages(config.filter) + const redirects: Redirects = {} indexablePages.forEach((page) => { const href = page.relativePath.replace('index.md', '').replace('.md', '') for (let redirectFrom of page.redirect_from || []) { @@ -47,22 +47,14 @@ export default async function syncSearchIndexes({ let countRecordsTotal = 0 // Build and validate all indices for (const languageCode of languagesToBuild) { - for (const pageVersion of versionsToBuild) { - // if GHES, resolves to the release number like 2.21, 2.22, etc. - // if FPT, resolves to 'dotcom' - const indexVersion = - allVersions[pageVersion].plan === 'enterprise-server' - ? allVersions[pageVersion].currentRelease - : allVersions[pageVersion].miscBaseName - - // github-docs-dotcom-en, github-docs-2.22-en - const indexName = `${namePrefix}-${indexVersion}-${languageCode}` + for (const indexVersion of versionsToBuild) { + const { indexName } = getElasticSearchIndex('generalSearch', indexVersion, languageCode) // The page version will be the new version, e.g., free-pro-team@latest, enterprise-server@3.7 const records = await buildRecords( indexName, indexablePages, - pageVersion, + indexVersion, languageCode, redirects, config, @@ -81,6 +73,6 @@ export default async function syncSearchIndexes({ console.log(`Rate ~${chalk.bold(rate)} pages per second.`) } -function formatSeconds(seconds) { +function formatSeconds(seconds: number): string { return new Date(seconds * 1000).toISOString().substr(11, 8) } diff --git a/src/search/scripts/validate-records.js b/src/search/scripts/scrape/lib/search-index-records.ts similarity index 61% rename from src/search/scripts/validate-records.js rename to src/search/scripts/scrape/lib/search-index-records.ts index 1adb43217c5f..c4459ccdb88a 100644 --- a/src/search/scripts/validate-records.js +++ b/src/search/scripts/scrape/lib/search-index-records.ts @@ -1,16 +1,27 @@ -#!/usr/bin/env node +import path from 'path' +import fs from 'fs/promises' import assert from 'assert' import { isArray, isString } from 'lodash-es' -function countArrayValues(arr) { - const counter = new Map() - arr.forEach((value) => counter.set(value, (counter.get(value) || 0) + 1)) - return [...counter.entries()].map(([value, count]) => { - return { value, count } - }) +import type { Record } from '@/search/scripts/scrape/types' + +export async function writeIndexRecords( + name: string, + records: Record[], + outDirectory: string, +): Promise { + validateRecords(name, records) + + const recordsObject = Object.fromEntries(records.map((record) => [record.objectID, record])) + const content = JSON.stringify(recordsObject, undefined, 0) + + const filePath = path.join(outDirectory, `${name}-records.json`) + await fs.writeFile(filePath, content) + + return filePath } -export default function validateRecords(name, records) { +function validateRecords(name: string, records: Record[]): true { assert(isString(name) && name.length, '`name` is required') assert(isArray(records) && records.length, '`records` must be a non-empty array') @@ -35,3 +46,11 @@ export default function validateRecords(name, records) { return true } + +function countArrayValues(arr: string[]) { + const counter = new Map() + arr.forEach((value) => counter.set(value, (counter.get(value) || 0) + 1)) + return [...counter.entries()].map(([value, count]) => { + return { value, count } + }) +} diff --git a/src/search/scripts/sync-search-indices.js b/src/search/scripts/scrape/scrape-cli.ts old mode 100755 new mode 100644 similarity index 55% rename from src/search/scripts/sync-search-indices.js rename to src/search/scripts/scrape/scrape-cli.ts index 17e3e13fbc25..362a29574631 --- a/src/search/scripts/sync-search-indices.js +++ b/src/search/scripts/scrape/scrape-cli.ts @@ -1,36 +1,27 @@ -#!/usr/bin/env node - -// [start-readme] -// // This script is run automatically via GitHub Actions on every push to `main` to generate searchable data. -// It can also be run manually. For more info see [contributing/search.md](contributing/search.md) -// -// [end-readme] +// It can also be run manually. import { existsSync, statSync, readdirSync } from 'fs' - -import assert from 'assert' import { program, Option } from 'commander' -import { languageKeys } from '#src/languages/lib/languages.js' -import { allVersions } from '#src/versions/lib/all-versions.js' -import searchSync from './sync.js' - -const shortNames = Object.fromEntries( - Object.values(allVersions).map((info) => { - const shortName = info.hasNumberedReleases - ? info.miscBaseName + info.currentRelease - : info.miscBaseName - return [shortName, info] - }), -) +import { languageKeys } from '@/languages/lib/languages' +import scrapeIntoIndexJson from '@/search/scripts/scrape/lib/scrape-into-index-json' +import { + allIndexVersionOptions, + versionToIndexVersionMap, +} from '@/search/lib/elasticsearch-versions' -const allVersionKeys = [...Object.keys(shortNames), ...Object.keys(allVersions)] +import type { Config, Options, ProgramOptions } from '@/search/scripts/scrape/types' program - .description('Creates search records by scraping') + .description('Creates search index JSONs by scraping a running docs site') .option('-v, --verbose', 'Verbose outputs') - .addOption(new Option('-V, --version ', 'Specific versions').choices(allVersionKeys)) + .addOption( + new Option('-V, --version ', 'Specific versions').choices([ + ...allIndexVersionOptions, + 'all', + ]), + ) .addOption( new Option('-l, --language ', 'Which languages to focus on').choices(languageKeys), ) @@ -48,8 +39,8 @@ program main(program.opts(), program.args) -async function main(opts, args) { - let language +async function main(opts: ProgramOptions, args: string[]) { + let language: string | undefined if ('language' in opts) { language = opts.language if (process.env.LANGUAGE) { @@ -72,26 +63,36 @@ async function main(opts, args) { throw new Error("Can't specify --language *and* --not-language") } - let version + let indexVersion: string | undefined if ('version' in opts) { - version = opts.version + indexVersion = opts.version if (process.env.VERSION) { console.warn( - `'version' specified as argument ('${version}') AND environment variable ('${process.env.VERSION}')`, + `'version' specified as argument ('${indexVersion}') AND environment variable ('${process.env.VERSION}')`, ) } - } else { - if (process.env.VERSION && process.env.VERSION !== 'all') { - version = process.env.VERSION - if (!allVersionKeys.includes(version)) { - throw new Error( - `Environment variable 'VERSION' (${version}) is not recognized. Must be one of ${allVersionKeys}`, - ) - } + if (!allIndexVersionOptions.includes(indexVersion || '') && indexVersion !== 'all') { + throw new Error( + `Argument -version (${indexVersion}) is not recognized. Must be one of ${allIndexVersionOptions}`, + ) + } + } else if (process.env.VERSION && process.env.VERSION !== 'all') { + indexVersion = process.env.VERSION + if (!allIndexVersionOptions.includes(indexVersion || '')) { + throw new Error( + `Environment variable 'VERSION' (${indexVersion}) is not recognized. Must be one of ${allIndexVersionOptions}`, + ) } } - let docsInternalDataPath + let versionsToBuild: string[] = [] + if (!indexVersion || indexVersion === 'all') { + versionsToBuild = allIndexVersionOptions + } else if (indexVersion) { + versionsToBuild = [versionToIndexVersionMap[indexVersion]] + } + + let docsInternalDataPath: string | undefined const { docsInternalData } = opts const { DOCS_INTERNAL_DATA } = process.env @@ -120,39 +121,20 @@ async function main(opts, args) { throw new Error(`'${docsInternalDataPath}' must contain a 'hydro' directory`) } - // A `--version` or `process.env.VERSION` was specified, we need to convert - // it to the long name. I.e. `free-pro-team@latest`. Not `dotcom`. - // But it could also have beeb specified as `all` which means that `version` - // here ill be `undefined` which is also OK. - // const indexVersion = shortNames[version].hasNumberedReleases - // ? shortNames[version].currentRelease - // : shortNames[version].miscBaseName - - let indexVersion - if (version && version !== 'all') { - // If it has been specified, it needs to be in the "long-form". - // I.e. `enterprise-server@3.5` not `ghes-3.5`. - indexVersion = version in shortNames ? shortNames[version].version : version - } - assert( - !indexVersion || indexVersion in allVersions, - `version must be undefined or one of ${Object.keys(allVersions)}`, - ) - const [outDirectory] = args - const config = { + const config: Config = { noMarkers: !opts.markers, filter: opts.filter, docsInternalDataPath, } - const options = { + const options: Options = { language, notLanguage, outDirectory, config, - versionsToBuild: indexVersion ? [indexVersion] : Object.keys(allVersions), + versionsToBuild, } - await searchSync(options) + await scrapeIntoIndexJson(options) } diff --git a/src/search/scripts/scrape/types.ts b/src/search/scripts/scrape/types.ts new file mode 100644 index 000000000000..20db4d78b968 --- /dev/null +++ b/src/search/scripts/scrape/types.ts @@ -0,0 +1,70 @@ +export interface Config { + noMarkers: boolean + filter?: string + docsInternalDataPath?: string +} + +export interface Options { + language?: string + notLanguage?: string + outDirectory: string + config: Config + versionsToBuild: string[] +} + +export interface ProgramOptions { + verbose?: boolean + version?: string + language?: string + notLanguage?: string + markers?: boolean + filter?: string + docsInternalData?: string +} + +export interface Page { + relativePath: string + languageCode: string + permalinks: Permalink[] + redirect_from?: string[] + hidden?: boolean + parentProduct?: { + wip?: boolean + hidden?: boolean + } +} + +export interface Permalink { + pageVersion: string + href: string + languageCode: string + relativePath: string + url?: string + '?'?: string +} + +export interface Record { + objectID: string + breadcrumbs: string + title: string + headings: string + content: string + intro: string + toplevel: string + popularity?: number +} + +export interface Language { + name: string + code: string +} + +export type Languages = { [key: string]: Language } + +export interface Redirects { + [key: string]: string +} + +export interface PopularPages { + [key: string]: number +} diff --git a/src/search/scripts/search-index-records.js b/src/search/scripts/search-index-records.js deleted file mode 100644 index 19684a77bf97..000000000000 --- a/src/search/scripts/search-index-records.js +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env node -import path from 'path' -import fs from 'fs/promises' - -import validateRecords from './validate-records.js' - -export async function writeIndexRecords(name, records, outDirectory) { - validateRecords(name, records) - - const recordsObject = Object.fromEntries(records.map((record) => [record.objectID, record])) - const content = JSON.stringify(recordsObject, undefined, 0) - - const filePath = path.join(outDirectory, `${name}-records.json`) - await fs.writeFile(filePath, content) - - return filePath -} diff --git a/src/search/tests/api-ai-search-autocomplete.ts b/src/search/tests/api-ai-search-autocomplete.ts new file mode 100644 index 000000000000..191f1854a287 --- /dev/null +++ b/src/search/tests/api-ai-search-autocomplete.ts @@ -0,0 +1,164 @@ +/** + * To be able to run these tests you need to index the fixtures! + * And you need to have an Elasticsearch URL to connect to for the server. + * + * To index the fixtures, run: + * + * ELASTICSEARCH_URL=http://localhost:9200 npm run index-test-fixtures + * + * This will replace any "real" Elasticsearch indexes you might have so + * once you're done working on vitest tests you need to index real + * content again. + */ + +import { expect, test, vi } from 'vitest' + +import { describeIfElasticsearchURL } from '@/tests/helpers/conditional-runs.js' +import { get } from '@/tests/helpers/e2etest-ts' + +import type { AutocompleteSearchResponse } from '@/search/types' + +if (!process.env.ELASTICSEARCH_URL) { + console.warn( + 'None of the API search middleware tests are run because ' + + "the environment variable 'ELASTICSEARCH_URL' is currently not set.", + ) +} + +const aiSearchEndpoint = '/api/search/ai-search-autocomplete/v1' +const getSearchEndpointWithParams = (searchParams: URLSearchParams) => + `${aiSearchEndpoint}?${searchParams}` + +// This suite only runs if $ELASTICSEARCH_URL is set. +describeIfElasticsearchURL('search/ai-search-autocomplete v1 middleware', () => { + vi.setConfig({ testTimeout: 60 * 1000 }) + + test('basic search', async () => { + const sp = new URLSearchParams() + // To see why this will work, + // see src/search/tests/fixtures/data/ai/* + sp.set('query', 'how do I') + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + const results = JSON.parse(res.body) as AutocompleteSearchResponse + + expect(results.meta).toBeTruthy() + expect(results.meta.found.value).toBeGreaterThanOrEqual(1) + expect(results.meta.found.relation).toBeTruthy() + + expect(results.hits).toBeTruthy() + + const hit = results.hits[0] + expect(hit.term).toBe('How do I clone a repository?') + expect(hit.highlights).toBeTruthy() + expect(hit.highlights[0]).toBe('How do I clone a repository?') + + // Check that it can be cached at the CDN + expect(res.headers['set-cookie']).toBeUndefined() + expect(res.headers['cache-control']).toContain('public') + expect(res.headers['cache-control']).toMatch(/max-age=[1-9]/) + expect(res.headers['surrogate-control']).toContain('public') + expect(res.headers['surrogate-control']).toMatch(/max-age=[1-9]/) + expect(res.headers['surrogate-key']).toBe('manual-purge') + }) + + test('invalid version', async () => { + const sp = new URLSearchParams() + sp.set('query', 'fo') + sp.set('version', 'never-heard-of') + const res = await get(`${aiSearchEndpoint}?{sp}`) + expect(res.statusCode).toBe(400) + expect(JSON.parse(res.body).error).toBeTruthy() + }) + + test('variations on version name', async () => { + const sp = new URLSearchParams() + sp.set('query', 'fo') + sp.set('version', 'enterprise-cloud') + { + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + } + sp.set('version', 'ghec') + { + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + } + sp.set('version', 'fpt') + { + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + } + sp.set('version', 'free-pro-team@latest') + { + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + } + }) + + test('invalid language', async () => { + const sp = new URLSearchParams() + sp.set('query', 'fo') + sp.set('language', 'xx') + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(400) + expect(JSON.parse(res.body).error).toBeTruthy() + }) + + test('only english supported', async () => { + const sp = new URLSearchParams() + sp.set('query', 'fo') + sp.set('language', 'ja') + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(400) + expect(JSON.parse(res.body).error).toBeTruthy() + }) + + test('fuzzy autocomplete search', async () => { + const sp = new URLSearchParams() + sp.set('query', 'cl') // Short for "clone" + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + const results = JSON.parse(res.body) as AutocompleteSearchResponse + // 'cl" matches "How do I clone a repository?" + const hit = results.hits[0] + expect(hit.term).toBe('How do I clone a repository?') + // Highlighting behavior will highlight the matching "term" which is an entire word + // In this case that word is "clone" when the query is "cl" + expect(hit.highlights[0]).toBe('How do I clone a repository?') + }) + + test('autocomplete term search', async () => { + const sp = new URLSearchParams() + sp.set('query', 'clone') + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(200) + const results = JSON.parse(res.body) as AutocompleteSearchResponse + console.log(JSON.stringify(results, null, 2)) + const hit = results.hits[0] + expect(hit.term).toBe('How do I clone a repository?') + expect(hit.highlights).toBeTruthy() + expect(hit.highlights[0]).toBe('How do I clone a repository?') + }) + + test('invalid query', async () => { + const sp = new URLSearchParams() + // No query at all + { + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(400) + } + // Empty query + { + sp.set('query', '') + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(400) + } + // Empty when trimmed + { + sp.set('query', ' ') + const res = await get(getSearchEndpointWithParams(sp)) + expect(res.statusCode).toBe(400) + } + }) +}) diff --git a/src/search/tests/api-autocomplete-search.js b/src/search/tests/api-general-autocomplete-search.ts similarity index 62% rename from src/search/tests/api-autocomplete-search.js rename to src/search/tests/api-general-autocomplete-search.ts index 2d9448aa51a5..f3e7120a0beb 100644 --- a/src/search/tests/api-autocomplete-search.js +++ b/src/search/tests/api-general-autocomplete-search.ts @@ -13,8 +13,9 @@ import { expect, test, vi } from 'vitest' -import { describeIfElasticsearchURL } from '#src/tests/helpers/conditional-runs.js' -import { get } from '#src/tests/helpers/e2etest.js' +import { describeIfElasticsearchURL } from '@/tests/helpers/conditional-runs.js' +import { get } from '@/tests/helpers/e2etest-ts' +import type { AutocompleteSearchResponse, SearchValidationErrorEntry } from '@/search/types' if (!process.env.ELASTICSEARCH_URL) { console.warn( @@ -28,13 +29,13 @@ describeIfElasticsearchURL('search/autocomplete v1 middleware', () => { vi.setConfig({ testTimeout: 60 * 1000 }) test('basic search', async () => { - const sp = new URLSearchParams() + const sp: URLSearchParams = new URLSearchParams() // To see why this will work, // see src/search/tests/fixtures/data sp.set('query', 'fo') - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: AutocompleteSearchResponse = JSON.parse(res.body) expect(results.meta).toBeTruthy() expect(results.meta.found.value).toBeGreaterThanOrEqual(1) @@ -58,55 +59,65 @@ describeIfElasticsearchURL('search/autocomplete v1 middleware', () => { }) test('invalid version', async () => { - const sp = new URLSearchParams() + const sp: URLSearchParams = new URLSearchParams() sp.set('query', 'fo') sp.set('version', 'never-heard-of') - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toBeTruthy() + const errorResponse: SearchValidationErrorEntry = JSON.parse(res.body).error + expect(errorResponse).toBeTruthy() }) test('variations on version name', async () => { - const sp = new URLSearchParams() + const sp: URLSearchParams = new URLSearchParams() sp.set('query', 'fo') + + // Test with 'enterprise-cloud' version sp.set('version', 'enterprise-cloud') { - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(200) } + + // Test with 'ghec' version sp.set('version', 'ghec') { - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(200) } + + // Test with 'fpt' version sp.set('version', 'fpt') { - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(200) } + + // Test with 'free-pro-team@latest' version sp.set('version', 'free-pro-team@latest') { - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(200) } }) test('invalid language', async () => { - const sp = new URLSearchParams() + const sp: URLSearchParams = new URLSearchParams() sp.set('query', 'fo') sp.set('language', 'xx') - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toBeTruthy() + const errorResponse: SearchValidationErrorEntry = JSON.parse(res.body).error + expect(errorResponse).toBeTruthy() }) test('fuzzy autocomplete search', async () => { - const sp = new URLSearchParams() + const sp: URLSearchParams = new URLSearchParams() sp.set('query', 'forc') - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) - // The work "fork" matches "fo" + const results: AutocompleteSearchResponse = JSON.parse(res.body) + // The work "fork" matches "forc" const hit = results.hits[0] expect(hit.term).toBe('fork') expect(hit.highlights).toBeTruthy() @@ -114,22 +125,22 @@ describeIfElasticsearchURL('search/autocomplete v1 middleware', () => { }) test('invalid query', async () => { - const sp = new URLSearchParams() + const sp: URLSearchParams = new URLSearchParams() // No query at all { - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(400) } // Empty query { sp.set('query', '') - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(400) } // Empty when trimmed { sp.set('query', ' ') - const res = await get('/api/search/autocomplete/v1?' + sp) + const res = await get('/api/search/autocomplete/v1?' + sp.toString()) expect(res.statusCode).toBe(400) } }) diff --git a/src/search/tests/api-search.js b/src/search/tests/api-search.ts similarity index 66% rename from src/search/tests/api-search.js rename to src/search/tests/api-search.ts index 167e7622d1d0..e1b2ee7c089d 100644 --- a/src/search/tests/api-search.js +++ b/src/search/tests/api-search.ts @@ -12,9 +12,9 @@ */ import { expect, test, vi } from 'vitest' - -import { describeIfElasticsearchURL } from '#src/tests/helpers/conditional-runs.js' -import { get } from '#src/tests/helpers/e2etest.js' +import { describeIfElasticsearchURL } from '@/tests/helpers/conditional-runs.js' +import { get } from '@/tests/helpers/e2etest-ts' +import { GeneralSearchResponse, SearchResultAggregations, GeneralSearchHit } from '@/search/types' if (!process.env.ELASTICSEARCH_URL) { console.warn( @@ -33,9 +33,9 @@ describeIfElasticsearchURL('search v1 middleware', () => { // see src/search/tests/fixtures/search-indexes/github-docs-dotcom-en-records.json // which clearly has a record with the title "Foo" sp.set('query', 'foo') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) expect(results.meta).toBeTruthy() expect(results.meta.found.value).toBeGreaterThanOrEqual(1) @@ -51,7 +51,7 @@ describeIfElasticsearchURL('search v1 middleware', () => { expect(results.hits.length).toBeGreaterThanOrEqual(1) // ...but only one has the word "foo" in its title so we can // be certain it comes first. - const hit = results.hits[0] + const hit: GeneralSearchHit = results.hits[0] // This specifically checks what we expect of version v1 expect(hit.url).toBe('/en/foo') expect(hit.title).toBe('Foo') @@ -75,11 +75,11 @@ describeIfElasticsearchURL('search v1 middleware', () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('debug', '1') // Note! - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) // safe because we know exactly the fixtures - const hit = results.hits[0] + const hit: GeneralSearchHit = results.hits[0] expect(hit.popularity).toBeTruthy() expect(hit.score).toBeTruthy() expect(hit.es_url).toBeTruthy() @@ -90,9 +90,9 @@ describeIfElasticsearchURL('search v1 middleware', () => { { const sp = new URLSearchParams() sp.set('query', 'sill') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) // Fixtures contains no word called 'sill'. It does contain the term // 'silly' which, in English, becomes 'silli` when stemmed. // Because we don't use `&autocomplete=true` this time, we expect @@ -105,22 +105,23 @@ describeIfElasticsearchURL('search v1 middleware', () => { const sp = new URLSearchParams() sp.set('query', 'sill') sp.set('autocomplete', 'true') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) expect(results.meta.found.value).toBeGreaterThanOrEqual(1) - const hit = results.hits[0] - const contentHighlights = hit.highlights.content - expect(contentHighlights[0]).toMatch('silly') + const hit: GeneralSearchHit = results.hits[0] + const contentHighlights: string[] | undefined = hit.highlights.content + expect(contentHighlights).toBeTruthy() + expect(contentHighlights![0]).toMatch('silly') } }) test('find nothing', async () => { const sp = new URLSearchParams() sp.set('query', 'xojixjoiwejhfoiuwehjfioweufhj') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) expect(results.hits.length).toBe(0) expect(results.meta.found.value).toBe(0) }) @@ -129,9 +130,9 @@ describeIfElasticsearchURL('search v1 middleware', () => { const sp = new URLSearchParams() sp.set('query', 'introduction heading') sp.append('highlights', 'content') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) expect(results.meta.found.value).toBeGreaterThanOrEqual(1) for (const hit of results.hits) { expect(hit.highlights.title).toBeFalsy() @@ -144,9 +145,9 @@ describeIfElasticsearchURL('search v1 middleware', () => { // This will match because it's in the 'content' but not in 'headings' sp.set('query', 'Fact of life') sp.set('highlights', 'title') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) expect(results.meta.found.value).toBeGreaterThanOrEqual(1) for (const hit of results.hits) { expect(hit.highlights.title).toBeTruthy() @@ -158,14 +159,14 @@ describeIfElasticsearchURL('search v1 middleware', () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('version', 'dotcom') - const res1 = await get('/api/search/v1?' + sp) + const res1 = await get('/api/search/v1?' + sp.toString()) expect(res1.statusCode).toBe(200) - const results1 = JSON.parse(res1.body) + const results1: GeneralSearchResponse = JSON.parse(res1.body) sp.set('version', 'free-pro-team@latest') - const res2 = await get('/api/search/v1?' + sp) + const res2 = await get('/api/search/v1?' + sp.toString()) expect(res2.statusCode).toBe(200) - const results2 = JSON.parse(res2.body) + const results2: GeneralSearchResponse = JSON.parse(res2.body) expect(results1.hits[0].id).toBe(results2.hits[0].id) }) @@ -174,90 +175,126 @@ describeIfElasticsearchURL('search v1 middleware', () => { { const res = await get('/api/search/v1') expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toBeTruthy() + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toBeTruthy() } // query is just whitespace { const sp = new URLSearchParams() sp.set('query', ' ') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toBeTruthy() + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toBeTruthy() } // unrecognized language { const sp = new URLSearchParams() sp.set('query', 'test') sp.set('language', 'xxx') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('language') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch('language') } // unrecognized page { const sp = new URLSearchParams() sp.set('query', 'test') sp.set('page', '9999') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('page') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch('page') } // unrecognized version { const sp = new URLSearchParams() sp.set('query', 'test') sp.set('version', 'xxxxx') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch("'xxxxx'") - expect(JSON.parse(res.body).field).toMatch('version') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch("'xxxxx'") + expect(errorResponse.field).toMatch('version') } // unrecognized size { const sp = new URLSearchParams() sp.set('query', 'test') sp.set('size', 'not a number') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('size') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch('size') } // unrecognized sort { const sp = new URLSearchParams() sp.set('query', 'test') sp.set('sort', 'neverheardof') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('sort') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch('sort') } // unrecognized highlights { const sp = new URLSearchParams() sp.set('query', 'test') sp.set('highlights', 'neverheardof') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('neverheardof') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch('neverheardof') } // multiple 'query' keys { const sp = new URLSearchParams() sp.append('query', 'test1') sp.append('query', 'test2') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('Cannot have multiple values') + const errorResponse = JSON.parse(res.body) as { + error: string + field?: string + } + expect(errorResponse.error).toMatch('Cannot have multiple values') } }) test('breadcrumbless records should always return a string', async () => { const sp = new URLSearchParams() sp.set('query', 'breadcrumbs') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) // safe because we know exactly the fixtures - const hit = results.hits[0] + const hit: GeneralSearchHit = results.hits[0] expect(hit.breadcrumbs).toBe('') }) }) @@ -268,9 +305,9 @@ describeIfElasticsearchURL("additional fields with 'include'", () => { test("'intro' and 'headings' are omitted by default", async () => { const sp = new URLSearchParams() sp.set('query', 'foo') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) const firstKeys = Object.keys(results.hits[0]) expect(firstKeys.includes('intro')).toBeFalsy() expect(firstKeys.includes('headings')).toBeFalsy() @@ -280,9 +317,9 @@ describeIfElasticsearchURL("additional fields with 'include'", () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('include', 'intro') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) const firstKeys = Object.keys(results.hits[0]) expect(firstKeys.includes('intro')).toBeTruthy() expect(firstKeys.includes('headings')).toBeFalsy() @@ -293,9 +330,9 @@ describeIfElasticsearchURL("additional fields with 'include'", () => { sp.set('query', 'foo') sp.append('include', 'intro') sp.append('include', 'headings') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) const firstKeys = Object.keys(results.hits[0]) expect(firstKeys.includes('intro')).toBeTruthy() expect(firstKeys.includes('headings')).toBeTruthy() @@ -305,9 +342,12 @@ describeIfElasticsearchURL("additional fields with 'include'", () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('include', 'xxxxx') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - const results = JSON.parse(res.body) + const results = JSON.parse(res.body) as { + error: string + field?: string + } expect(results.error).toMatch(`Not a valid value ([ 'xxxxx' ]) for key 'include'`) }) }) @@ -319,9 +359,9 @@ describeIfElasticsearchURL('filter by toplevel', () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('include', 'toplevel') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) // In the fixtures, there are two distinct `toplevel` that // matches to this search. const toplevels = new Set(results.hits.map((hit) => hit.toplevel)) @@ -333,9 +373,9 @@ describeIfElasticsearchURL('filter by toplevel', () => { sp.set('query', 'foo') sp.set('include', 'toplevel') sp.set('toplevel', 'Baring') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) const toplevels = new Set(results.hits.map((hit) => hit.toplevel)) expect(toplevels).toEqual(new Set(['Baring'])) }) @@ -346,9 +386,9 @@ describeIfElasticsearchURL('filter by toplevel', () => { sp.set('include', 'toplevel') sp.append('toplevel', 'Baring') sp.append('toplevel', 'Fooing') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) const toplevels = new Set(results.hits.map((hit) => hit.toplevel)) expect(toplevels).toEqual(new Set(['Fooing', 'Baring'])) }) @@ -358,9 +398,9 @@ describeIfElasticsearchURL('filter by toplevel', () => { sp.set('query', 'foo') sp.set('include', 'toplevel') sp.set('toplevel', 'Never heard of') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse = JSON.parse(res.body) expect(results.meta.found.value).toBe(0) }) }) @@ -372,12 +412,14 @@ describeIfElasticsearchURL('aggregate', () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('aggregate', 'toplevel') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(200) - const results = JSON.parse(res.body) + const results: GeneralSearchResponse & { aggregations?: SearchResultAggregations } = JSON.parse( + res.body, + ) expect(results.aggregations).toBeTruthy() - expect(results.aggregations.toplevel).toBeTruthy() - const firstAgg = results.aggregations.toplevel[0] + expect(results.aggregations!.toplevel).toBeTruthy() + const firstAgg = results.aggregations!.toplevel[0] expect(firstAgg.key).toBeTruthy() expect(firstAgg.count).toBeTruthy() }) @@ -386,8 +428,12 @@ describeIfElasticsearchURL('aggregate', () => { const sp = new URLSearchParams() sp.set('query', 'foo') sp.set('aggregate', 'unrecognizedxxx') - const res = await get('/api/search/v1?' + sp) + const res = await get('/api/search/v1?' + sp.toString()) expect(res.statusCode).toBe(400) - expect(JSON.parse(res.body).error).toMatch('aggregate') + const results = JSON.parse(res.body) as { + error: string + field?: string + } + expect(results.error).toMatch('aggregate') }) }) diff --git a/src/search/tests/fixtures/data/ai/search/queries/en/enterprise-cloud/queries.json b/src/search/tests/fixtures/data/ai/search/queries/en/enterprise-cloud/queries.json new file mode 100644 index 000000000000..73aa1eb48443 --- /dev/null +++ b/src/search/tests/fixtures/data/ai/search/queries/en/enterprise-cloud/queries.json @@ -0,0 +1,52 @@ +{ + "topQueries": [ + "How do I authenticate with SAML SSO?", + "What is GitHub Copilot?", + "How do I manage billing for GitHub Copilot?", + "How do I view my GitHub Actions usage?", + "How do I add or edit a payment method?" + ], + "allQueries": [ + "How do I authenticate with SAML SSO?", + "What is GitHub Copilot?", + "How do I manage billing for GitHub Copilot?", + "How do I view my GitHub Actions usage?", + "How do I add or edit a payment method?", + "How do I manage my GitHub billing settings?", + "How do I create an enterprise account?", + "How do I manage licenses for Visual Studio subscriptions with GitHub Enterprise?", + "How do I view my payment history and receipts?", + "How do I manage billing for Git Large File Storage?", + "How do I authorize a personal access token for SAML SSO?", + "How do I manage billing for GitHub Advanced Security?", + "How do I set up a trial of GitHub Enterprise Cloud?", + "How do I manage my spending limit for GitHub Actions?", + "How do I prevent overspending on GitHub?", + "How do I estimate spending for my enterprise?", + "How do I authorize an SSH key for SAML SSO?", + "How do I view my subscriptions and billing date?", + "How do I manage security settings for my organization?", + "How do I close an issue?", + "How do I link a pull request to an issue?", + "How do I verify or approve a domain for my organization?", + "How do I manage billing for GitHub Codespaces?", + "How do I manage billing for GitHub Packages?", + "How do I change the visibility of my GitHub Pages site?", + "How do I manage custom repository roles for an organization?", + "How do I downgrade a sponsorship?", + "How do I upgrade a sponsorship?", + "How do I downgrade the billing plan for a GitHub Marketplace app?", + "How do I use projects and tasklists?", + "How do I transfer an issue to another repository?", + "How do I create an issue?", + "How do I delete an issue?", + "How do I manage billing for GitHub Marketplace?", + "How do I manage billing for GitHub Sponsors?", + "How do I troubleshoot a declined credit card charge?", + "How do I get code suggestions in my IDE with GitHub Copilot?", + "How do I manage my personal access tokens?", + "How do I unlock a locked account?", + "How do I manage custom properties for repositories in my organization?", + "How do I use advanced secret scanning features?" + ] +} diff --git a/src/search/tests/fixtures/data/ai/search/queries/en/free-pro-team/queries.json b/src/search/tests/fixtures/data/ai/search/queries/en/free-pro-team/queries.json new file mode 100644 index 000000000000..705c0222393b --- /dev/null +++ b/src/search/tests/fixtures/data/ai/search/queries/en/free-pro-team/queries.json @@ -0,0 +1,52 @@ +{ + "topQueries": [ + "What is GitHub and how do I get started?", + "What is GitHub Copilot and how do I get started?", + "How do I connect to GitHub with SSH?", + "How do I generate a personal access token?", + "How do I clone a repository?" + ], + "allQueries": [ + "How do I generate a new SSH key and add it to the SSH agent?", + "What are the GitHub terms of service?", + "How do I connect to GitHub with SSH?", + "How do I generate a personal access token?", + "How do I get code suggestions in my IDE with GitHub Copilot?", + "How do I clone a repository?", + "How do I create a new repository?", + "How do I change my primary email address on GitHub?", + "How do I set up Git?", + "What are GitHub's plans?", + "How do I propose changes with pull requests?", + "How do I manage billing on GitHub?", + "How do I configure a publishing source for my GitHub Pages site?", + "How do I add a new SSH key to my GitHub account?", + "How do I set up a GitHub Pages site?", + "How do I recover my account if I lose my 2FA credentials?", + "How do I personalize my GitHub profile?", + "How do I view my GitHub Actions usage?", + "How do I manage my spending limit for GitHub Actions?", + "How do I create an issue on GitHub?", + "How do I verify my email address on GitHub?", + "How do I ignore files in Git?", + "How do I install GitHub Desktop?", + "How do I test my SSH connection to GitHub?", + "How do I fork a repository?", + "How do I resolve 'Permission denied (publickey)' error?", + "How do I add a theme to my GitHub Pages site using Jekyll?", + "How do I manage a custom domain for my GitHub Pages site?", + "How do I manage Copilot policies as an individual subscriber?", + "How do I manage deploy keys on GitHub?", + "How do I manage my profile README on GitHub?", + "How do I create a tasklist on GitHub?", + "How do I delete a repository?", + "How do I view my Git Large File Storage usage?", + "How do I add an email address to my GitHub account?", + "How do I manage OAuth app access restrictions for my organization?", + "How do I view all of my issues and pull requests?", + "How do I manage billing for GitHub Codespaces?", + "How do I manage billing for Git Large File Storage?", + "How do I view my payment history and receipts on GitHub?", + "How do I unlock a locked account on GitHub?" + ] +} diff --git a/src/search/tests/fixtures/search-indexes/github-docs-dotcom-en-records.json b/src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_fpt_en-records.json similarity index 100% rename from src/search/tests/fixtures/search-indexes/github-docs-dotcom-en-records.json rename to src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_fpt_en-records.json diff --git a/src/search/tests/fixtures/search-indexes/github-docs-dotcom-ja-records.json b/src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_fpt_ja-records.json similarity index 100% rename from src/search/tests/fixtures/search-indexes/github-docs-dotcom-ja-records.json rename to src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_fpt_ja-records.json diff --git a/src/search/tests/fixtures/search-indexes/github-docs-ghec-en-records.json b/src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_ghec_en-records.json similarity index 100% rename from src/search/tests/fixtures/search-indexes/github-docs-ghec-en-records.json rename to src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_ghec_en-records.json diff --git a/src/search/tests/fixtures/search-indexes/github-docs-ghec-ja-records.json b/src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_ghec_ja-records.json similarity index 100% rename from src/search/tests/fixtures/search-indexes/github-docs-ghec-ja-records.json rename to src/search/tests/fixtures/search-indexes/tests_github-docs_general-search_ghec_ja-records.json diff --git a/src/search/tests/parse-page-sections-into-records.js b/src/search/tests/parse-page-sections-into-records.ts similarity index 63% rename from src/search/tests/parse-page-sections-into-records.js rename to src/search/tests/parse-page-sections-into-records.ts index c6811f3e671f..7367ccf749f2 100644 --- a/src/search/tests/parse-page-sections-into-records.js +++ b/src/search/tests/parse-page-sections-into-records.ts @@ -5,10 +5,19 @@ import fs from 'fs/promises' import cheerio from 'cheerio' import { describe, expect, test } from 'vitest' -import parsePageSectionsIntoRecords from '../scripts/parse-page-sections-into-records' +import parsePageSectionsIntoRecords from '@/search/scripts/scrape/lib/parse-page-sections-into-records' +import type { Record } from '@/search/scripts/scrape/types' + const __dirname = path.dirname(fileURLToPath(import.meta.url)) -const fixtures = { +// Define the shape of fixtures with explicit keys and string values +const fixtures: { + pageWithSections: string + pageWithoutSections: string + pageWithoutBody: string + pageMultipleH1s: string + pageHeadingParagraphNoWhitespace: string +} = { pageWithSections: await fs.readFile( path.join(__dirname, 'fixtures/page-with-sections.html'), 'utf8', @@ -33,11 +42,11 @@ const fixtures = { describe('search parsePageSectionsIntoRecords module', () => { test('works for pages with sections', () => { - const html = fixtures.pageWithSections + const html: string = fixtures.pageWithSections const $ = cheerio.load(html) - const href = '/example/href' - const record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) - const expected = { + const href: string = '/example/href' + const record: Record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) + const expected: Record = { objectID: '/example/href', breadcrumbs: 'GitHub Actions / actions learning path', title: 'I am the page title', @@ -58,11 +67,11 @@ describe('search parsePageSectionsIntoRecords module', () => { }) test('works for pages without sections', () => { - const html = fixtures.pageWithoutSections + const html: string = fixtures.pageWithoutSections const $ = cheerio.load(html) - const href = '/example/href' - const record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) - const expected = { + const href: string = '/example/href' + const record: Record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) + const expected: Record = { objectID: '/example/href', breadcrumbs: 'Education / map topic', title: 'A page without sections', @@ -76,11 +85,11 @@ describe('search parsePageSectionsIntoRecords module', () => { }) test('works for pages without content', () => { - const html = fixtures.pageWithoutBody + const html: string = fixtures.pageWithoutBody const $ = cheerio.load(html) - const href = '/example/href' - const record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) - const expected = { + const href: string = '/example/href' + const record: Record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) + const expected: Record = { objectID: '/example/href', breadcrumbs: 'Education / map topic', title: 'A page without body', @@ -94,35 +103,29 @@ describe('search parsePageSectionsIntoRecords module', () => { }) test('only picks up the first h1 for the title', () => { - const html = fixtures.pageMultipleH1s + const html: string = fixtures.pageMultipleH1s const $ = cheerio.load(html) - const href = '/example/href' - const record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) + const href: string = '/example/href' + const record: Record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) + expect(record.title).toEqual('I am the page title') }) test("content doesn't lump headings with paragraphs together", () => { - const html = fixtures.pageHeadingParagraphNoWhitespace + const html: string = fixtures.pageHeadingParagraphNoWhitespace const $ = cheerio.load(html) - const href = '/example/href' - const record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) - - // This is a

    inside the page but it should only appear once. - // We had a bug where the heading would be injected twice. - // E.g. - // - //

    Heading

    Text here

    - // - // would become: - // - // Heading\nHeadingText here - // - // So now we make sure it only appears exactly once. - expect(record.content.match(/Changing your primary email address/g).length).toBe(1) - // But note also that it would also concatenate the text of the heading - // with the text of the paragraph without a whitespace in between. + const href: string = '/example/href' + const record: Record = parsePageSectionsIntoRecords({ href, $, languageCode: 'en' }) + + // Ensure the heading appears only once + const headingMatches = record.content.match(/Changing your primary email address/g) + expect(headingMatches).not.toBeNull() + expect(headingMatches!.length).toBe(1) + + // Ensure there's no concatenation without whitespace expect(record.content.includes('email addressYou can set')).toBeFalsy() - // Make sure that inline elements are still together. + + // Ensure inline elements remain intact expect(record.content).toMatch(/Paragraph\./) }) }) diff --git a/src/search/tests/rendering.js b/src/search/tests/rendering.ts similarity index 93% rename from src/search/tests/rendering.js rename to src/search/tests/rendering.ts index abd96a762e2a..660f9d553a45 100644 --- a/src/search/tests/rendering.js +++ b/src/search/tests/rendering.ts @@ -13,9 +13,9 @@ import { expect, test, vi } from 'vitest' -import { describeIfElasticsearchURL } from '#src/tests/helpers/conditional-runs.js' -import { get, getDOM } from '#src/tests/helpers/e2etest.js' -import { SURROGATE_ENUMS } from '#src/frame/middleware/set-fastly-surrogate-key.js' +import { describeIfElasticsearchURL } from '@/tests/helpers/conditional-runs.js' +import { get, getDOM } from '@/tests/helpers/e2etest-ts' +import { SURROGATE_ENUMS } from '@/frame/middleware/set-fastly-surrogate-key.js' if (!process.env.ELASTICSEARCH_URL) { console.warn( @@ -51,7 +51,7 @@ describeIfElasticsearchURL('search rendering page', () => { test('response headers', async () => { const res = await get('/en/search?query=foo') - // Check that it can be cached at the CDN + // Assuming `res` has a type with a `headers` property expect(res.headers['set-cookie']).toBeUndefined() expect(res.headers['cache-control']).toContain('public') expect(res.headers['cache-control']).toMatch(/max-age=[1-9]/) @@ -107,7 +107,7 @@ describeIfElasticsearchURL('search rendering page', () => { expect(results.length).toBeGreaterThan(0) // Each link should have enterprise-cloud@latest in the pathname const links = $('[data-testid="search-result"] a') - const hrefs = links.map((i, el) => $(el).attr('href')).get() + const hrefs: string[] = links.map((_, el) => $(el).attr('href') ?? '').get() for (const href of hrefs) { expect(href).toMatch('/en/enterprise-cloud@latest/') } @@ -133,7 +133,7 @@ describeIfElasticsearchURL('search rendering page', () => { expect(res.statusCode).toBe(200) }) - test('more that one search query', async () => { + test('more than one search query', async () => { const $ = await getDOM('/en/search?query=foo&query=bar') expect($('[data-testid="search-results"]').text()).toMatch('Cannot have multiple values') const results = $('[data-testid="search-result"]') diff --git a/src/search/tests/search.js b/src/search/tests/search.js deleted file mode 100644 index aa554c3d0507..000000000000 --- a/src/search/tests/search.js +++ /dev/null @@ -1,37 +0,0 @@ -import { describe, expect, test, vi } from 'vitest' - -import { get, getDOM } from '#src/tests/helpers/e2etest.js' - -describe('search results page', () => { - vi.setConfig({ testTimeout: 60 * 1000 }) - - test('says something if no query is provided', async () => { - const $ = await getDOM('/en/search') - const $container = $('[data-testid="search-results"]') - expect($container.text()).toMatch(/Enter a search term/) - // Default is the frontmatter title of the content/search/index.md - expect($('title').text()).toMatch('Search - GitHub Docs') - }) - - test('says something if query is empty', async () => { - const $ = await getDOM(`/en/search?${new URLSearchParams({ query: ' ' })}`) - const $container = $('[data-testid="search-results"]') - expect($container.text()).toMatch(/Enter a search term/) - }) - - test('mention search term in h1', async () => { - const $ = await getDOM(`/en/search?${new URLSearchParams({ query: 'peterbe' })}`) - const $container = $('[data-testid="search-results"]') - const h1Text = $container.find('h1').text() - expect(h1Text).toMatch(/Search results for/) - expect(h1Text).toMatch(/peterbe/) - expect($('title').text()).toMatch(/Search results for "peterbe"/) - }) - - test('invalid version prefix 404s', async () => { - const res = await get( - `/en/enterprise-stuff@3.10/search?${new URLSearchParams({ query: 'peterbe' })}`, - ) - expect(res.statusCode).toBe(404) - }) -}) diff --git a/src/search/tests/search.ts b/src/search/tests/search.ts new file mode 100644 index 000000000000..5fed615cd522 --- /dev/null +++ b/src/search/tests/search.ts @@ -0,0 +1,40 @@ +import { describe, expect, test, vi } from 'vitest' +import { get, getDOM } from '@/tests/helpers/e2etest-ts' + +describe('search results page', () => { + vi.setConfig({ testTimeout: 60 * 1000 }) + + test('says something if no query is provided', async (): Promise => { + const $ = await getDOM('/en/search') + const $container = $('[data-testid="search-results"]') + expect($container.text()).toMatch(/Enter a search term/) + // Default is the frontmatter title of the content/search/index.md + expect($('title').text()).toMatch('Search - GitHub Docs') + }) + + test('says something if query is empty', async (): Promise => { + const queryParams = new URLSearchParams({ query: ' ' }).toString() + const $ = await getDOM(`/en/search?${queryParams}`) + const $container = $('[data-testid="search-results"]') + expect($container.text()).toMatch(/Enter a search term/) + }) + + test('mentions search term in h1', async (): Promise => { + const searchTerm = 'peterbe' + const queryParams = new URLSearchParams({ query: searchTerm }).toString() + const $ = await getDOM(`/en/search?${queryParams}`) + const $container = $('[data-testid="search-results"]') + const h1Text: string = $container.find('h1').text() + + expect(h1Text).toMatch(/Search results for/) + expect(h1Text).toMatch(new RegExp(searchTerm)) + expect($('title').text()).toMatch(new RegExp(`Search results for "${searchTerm}"`)) + }) + + test('invalid version prefix 404s', async (): Promise => { + const queryParams = new URLSearchParams({ query: 'peterbe' }).toString() + const response = await get(`/en/enterprise-stuff@3.10/search?${queryParams}`) + + expect(response.statusCode).toBe(404) + }) +}) diff --git a/src/search/tests/topics.js b/src/search/tests/topics.js deleted file mode 100644 index 7efe8e8538e1..000000000000 --- a/src/search/tests/topics.js +++ /dev/null @@ -1,39 +0,0 @@ -import path from 'path' -import fs from 'fs' - -import { describe, expect, test } from 'vitest' -import walk from 'walk-sync' -import { difference } from 'lodash-es' - -import readFrontmatter from '#src/frame/lib/read-frontmatter.js' -import allowedTopics from '../../../data/allowed-topics.js' - -const contentDir = path.join(process.cwd(), 'content') -const topics = walk(contentDir, { includeBasePath: true }) - .filter((filename) => filename.endsWith('.md') && !filename.includes('README')) - .map((filename) => { - const fileContent = fs.readFileSync(filename, 'utf8') - const { data, errors } = readFrontmatter(fileContent) - if (errors.length > 0) { - console.warn(errors) - throw new Error(`More than 0 front-matter errors`) - } - return data.topics || [] - }) - .flat() - -const allUsedTopics = [...new Set(topics)].sort() - -describe('Check for allowed frontmatter topics', () => { - test('all used topics are allowed in /data/allowed-topics.js', () => { - expect(allUsedTopics.length).toBeGreaterThan(0) - const unusedTopics = difference(allUsedTopics, allowedTopics) - expect(unusedTopics).toEqual([]) - }) - - test('all allowed topics are used by at least one content file', () => { - expect(allowedTopics.length).toBeGreaterThan(0) - const disallowedTopics = difference(allowedTopics, allUsedTopics) - expect(disallowedTopics).toEqual([]) - }) -}) diff --git a/src/search/tests/topics.ts b/src/search/tests/topics.ts new file mode 100644 index 000000000000..c9cd13c9bfee --- /dev/null +++ b/src/search/tests/topics.ts @@ -0,0 +1,44 @@ +import path from 'path' +import fs from 'fs' + +import { describe, expect, test } from 'vitest' +import walk from 'walk-sync' +import { difference } from 'lodash-es' + +import readFrontmatter from '@/frame/lib/read-frontmatter' +import allowedTopics from '../../../data/allowed-topics' + +const contentDir: string = path.join(process.cwd(), 'content') + +const topics: string[] = walk(contentDir, { includeBasePath: true }) + .filter((filename: string) => filename.endsWith('.md') && !filename.includes('README')) + .map((filename: string) => { + const fileContent: string = fs.readFileSync(filename, 'utf8') + const { data, errors } = readFrontmatter(fileContent) + + if (errors.length > 0) { + console.warn(errors) + throw new Error(`More than 0 front-matter errors in file: ${filename}`) + } + + return (data as any).topics || [] + }) + .flat() + +const allUsedTopics: string[] = Array.from(new Set(topics)).sort() + +describe('Check for allowed frontmatter topics', () => { + test('all used topics are allowed in /data/allowed-topics.js', () => { + expect(allUsedTopics.length).toBeGreaterThan(0) + + const unusedTopics: string[] = difference(allUsedTopics, allowedTopics) + expect(unusedTopics).toEqual([]) + }) + + test('all allowed topics are used by at least one content file', () => { + expect(allowedTopics.length).toBeGreaterThan(0) + + const disallowedTopics: string[] = difference(allowedTopics, allUsedTopics) + expect(disallowedTopics).toEqual([]) + }) +}) diff --git a/src/search/types.ts b/src/search/types.ts new file mode 100644 index 000000000000..bab9fb97b734 --- /dev/null +++ b/src/search/types.ts @@ -0,0 +1,76 @@ +import type { SearchTotalHits } from '@elastic/elasticsearch/lib/api/types' +import type { + AdditionalIncludes, + ComputedSearchQueryParamsMap, +} from '@/search/lib/search-request-params/types' + +export type SearchTypes = 'generalSearch' | 'generalAutocomplete' | 'aiSearchAutocomplete' + +// Responses to API routes +export interface GeneralSearchResponse { + meta: SearchResultsMeta & { + page: number + } + hits: GeneralSearchHit[] + aggregations?: SearchResultAggregations | null +} + +export interface AutocompleteSearchResponse { + meta: SearchResultsMeta + hits: AutocompleteSearchHit[] +} + +// Response to middleware /search route +export interface SearchOnReqObject { + searchParams: ComputedSearchQueryParamsMap[Type] + validationErrors: SearchValidationErrorEntry[] + results?: GeneralSearchResponse +} + +export interface SearchValidationErrorEntry { + error: string + key?: string + field?: string +} + +// - - - Types for building the search responses - - - +export interface GeneralSearchHitWithoutIncludes { + id: string + url: string + title: string + breadcrumbs: string + topics?: string[] + score?: number + popularity?: number + es_url?: string + highlights: { + [key: string]: string[] + } +} + +export type GeneralSearchHit = GeneralSearchHitWithoutIncludes & { + [key in AdditionalIncludes]?: string +} + +interface AutocompleteSearchHit { + term?: string + highlights: string[] +} + +export type SearchAggregation = { + key: string + count: number +} + +export type SearchResultAggregations = { + [key: string]: SearchAggregation[] +} + +type SearchResultsMeta = { + found: SearchTotalHits + took: { + query_msec: number + total_msec: number + } + size: number +} diff --git a/src/tests/README.md b/src/tests/README.md index c0ae0e0f3074..d144226b2f2f 100644 --- a/src/tests/README.md +++ b/src/tests/README.md @@ -54,6 +54,10 @@ npm test -- vitest path/to/tests/directory ``` +## Allowing logging in tests + +If you set up a `console.log` in the code and want to see the output, simply append the `--silent false` flag to your test to see console output. + ## Failed Local Tests If the tests fail locally with an error like this: diff --git a/src/tests/helpers/e2etest-ts.ts b/src/tests/helpers/e2etest-ts.ts new file mode 100644 index 000000000000..9d489cdf28d0 --- /dev/null +++ b/src/tests/helpers/e2etest-ts.ts @@ -0,0 +1,181 @@ +import cheerio from 'cheerio' +import got, { Response, OptionsOfTextResponseBody, Method } from 'got' +import { omitBy, isUndefined } from 'lodash-es' + +type ResponseTypes = 'buffer' | 'json' | 'text' +type ResponseTypeMap = { + buffer: ArrayBuffer + json: any + text: string +} + +interface GetOptions { + method?: M + body?: any + followRedirects?: boolean + followAllRedirects?: boolean + headers?: Record + responseType?: ResponseType + retries?: number +} + +interface GetDOMOptions { + headers?: Record + allow500s?: boolean + allow404?: boolean + retries?: number +} + +interface ResponseWithHeaders extends Response { + headers: Record +} + +// Cache to store DOM objects +const getDOMCache = new Map() + +/** + * Makes an HTTP request using the specified method and options. + * + * @param route - The route to request. + * @param options - Configuration options for the request. + * @returns A promise that resolves to the HTTP response. + */ +export async function get( + route: string, + options: GetOptions = {}, +): Promise> { + const { + method = 'get', + body, + followRedirects = false, + followAllRedirects = false, + headers = {}, + responseType, + retries = 0, + } = options + + // Ensure the method is a valid function on `got` + const fn = got[method as 'get'] + if (!fn || typeof fn !== 'function') { + throw new Error(`No method function for '${method}'`) + } + + // Construct the options for the `got` request, omitting undefined values + const xopts: OptionsOfTextResponseBody = omitBy( + { + body, + headers, + retry: { limit: retries }, + throwHttpErrors: false, + followRedirect: followAllRedirects || followRedirects, + responseType: responseType || undefined, + }, + isUndefined, + ) + + // Perform the HTTP request + return (await fn(`http://localhost:4000${route}`, xopts)) as ResponseWithHeaders< + ResponseTypeMap[T] + > +} + +/** + * Makes a HEAD HTTP request to the specified route. + * + * @param route - The route to request. + * @param opts - Options for following redirects. + * @returns A promise that resolves to the HTTP response. + */ +export async function head( + route: string, + opts: { followRedirects?: boolean } = { followRedirects: false }, +): Promise> { + const res = await get(route, { method: 'head', followRedirects: opts.followRedirects }) + return res +} + +/** + * Makes a POST HTTP request to the specified route. + * + * @param route - The route to request. + * @param opts - Options for the request. + * @returns A promise that resolves to the HTTP response. + */ +export function post( + route: string, + opts: Omit = {}, +): Promise> { + return get(route, { ...opts, method: 'post' }) +} + +/** + * Retrieves a cached DOM object for the specified route and options. + * If the DOM is not cached, it fetches and caches it. + * + * @param route - The route to request. + * @param options - Options for fetching the DOM. + * @returns A promise that resolves to the cached DOM object. + */ +export async function getDOMCached( + route: string, + options: GetDOMOptions = {}, +): Promise { + const key = `${route}::${JSON.stringify(options)}` + if (!getDOMCache.has(key)) { + const dom = await getDOM(route, options) + getDOMCache.set(key, dom) + } + // The non-null assertion is safe here because we've just set the key if it didn't exist + return getDOMCache.get(key)! +} + +/** + * Fetches the DOM for the specified route and options. + * + * @param route - The route to request. + * @param options - Options for fetching the DOM. + * @returns A promise that resolves to the loaded DOM object. + */ +export async function getDOM(route: string, options: GetDOMOptions = {}): Promise { + const { headers, allow500s = false, allow404 = false, retries = 0 } = options + const res = await get(route, { followRedirects: true, headers, retries }) + + if (!allow500s && res.statusCode >= 500) { + throw new Error(`Server error (${res.statusCode}) on ${route}`) + } + + if (!allow404 && res.statusCode === 404) { + throw new Error(`Page not found on ${route} (${res.statusCode})`) + } + + const $ = cheerio.load(res.body || '', { xmlMode: true }) + + // Extend the Cheerio instance with the response object + ;($ as any).res = { ...res } + + return $ +} + +/** + * Fetches and parses JSON from the specified route. + * + * @param route - The route to request. + * @param opts - Options for the request. + * @returns A promise that resolves to the parsed JSON object. + */ +export async function getJSON( + route: string, + opts: Omit = {}, +): Promise { + const res = await get(route, { ...opts, followRedirects: true }) + + if (res.statusCode >= 500) { + throw new Error(`Server error (${res.statusCode}) on ${route}`) + } + + if (res.statusCode >= 400) { + console.warn(`${res.statusCode} on ${route} and the response might not be JSON`) + } + + return JSON.parse(res.body) +} diff --git a/src/versions/lib/enterprise-server-releases.js b/src/versions/lib/enterprise-server-releases.js index 4254d4a2e755..332d8af33b42 100644 --- a/src/versions/lib/enterprise-server-releases.js +++ b/src/versions/lib/enterprise-server-releases.js @@ -81,10 +81,11 @@ export const deprecated = [ ] export const legacyAssetVersions = ['3.0', '2.22', '2.21'] -// As of GHES 3.2, the archived enterprise content in no longer stored -// in the help-docs-archived-enterprise-versions repository. Instead, it -// is stored in our githubdocs Azure blog storage, in the `enterprise` -// container. +// As of GHES 3.2, we started storing the scraped assets and html +// in Azure blob storage. All enterprise deprecated veresions are +// now stored in individual docs-ghes- repos. This +// release number now indicates a change in the way the archived html +// references assets. export const firstReleaseStoredInBlobStorage = '3.2' export const all = supported.concat(deprecated) diff --git a/src/webhooks/data/fpt/schema.json b/src/webhooks/data/fpt/schema.json index d72d53465995..5f0a6677d9c7 100644 --- a/src/webhooks/data/fpt/schema.json +++ b/src/webhooks/data/fpt/schema.json @@ -18195,6 +18195,11 @@ "name": "verified", "description": "", "isRequired": true + }, + { + "type": "boolean", + "name": "enabled", + "description": "" } ] }, @@ -18317,6 +18322,11 @@ "name": "verified", "description": "", "isRequired": true + }, + { + "type": "boolean", + "name": "enabled", + "description": "" } ] }, @@ -89230,6 +89240,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -89588,6 +89604,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -89946,6 +89968,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -90303,6 +90331,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/data/ghec/schema.json b/src/webhooks/data/ghec/schema.json index 36260183b8f2..bc43803830f0 100644 --- a/src/webhooks/data/ghec/schema.json +++ b/src/webhooks/data/ghec/schema.json @@ -20529,6 +20529,11 @@ "name": "verified", "description": "", "isRequired": true + }, + { + "type": "boolean", + "name": "enabled", + "description": "" } ] }, @@ -20651,6 +20656,11 @@ "name": "verified", "description": "", "isRequired": true + }, + { + "type": "boolean", + "name": "enabled", + "description": "" } ] }, @@ -91564,6 +91574,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -91922,6 +91938,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -92280,6 +92302,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -92637,6 +92665,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/data/ghes-3.10/schema.json b/src/webhooks/data/ghes-3.10/schema.json index e7e82331c004..8a3ac7669580 100644 --- a/src/webhooks/data/ghes-3.10/schema.json +++ b/src/webhooks/data/ghes-3.10/schema.json @@ -84855,6 +84855,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -85213,6 +85219,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -85571,6 +85583,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -85928,6 +85946,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/data/ghes-3.11/schema.json b/src/webhooks/data/ghes-3.11/schema.json index 73a94c4cab7a..696f084bbd4f 100644 --- a/src/webhooks/data/ghes-3.11/schema.json +++ b/src/webhooks/data/ghes-3.11/schema.json @@ -84984,6 +84984,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -85342,6 +85348,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -85700,6 +85712,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -86057,6 +86075,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/data/ghes-3.12/schema.json b/src/webhooks/data/ghes-3.12/schema.json index 2e49d8eab867..fd9dbf9390ce 100644 --- a/src/webhooks/data/ghes-3.12/schema.json +++ b/src/webhooks/data/ghes-3.12/schema.json @@ -86248,6 +86248,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -86606,6 +86612,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -86964,6 +86976,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -87321,6 +87339,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/data/ghes-3.13/schema.json b/src/webhooks/data/ghes-3.13/schema.json index 937fd282db9c..a868ff8a1528 100644 --- a/src/webhooks/data/ghes-3.13/schema.json +++ b/src/webhooks/data/ghes-3.13/schema.json @@ -86263,6 +86263,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -86621,6 +86627,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -86979,6 +86991,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -87336,6 +87354,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/data/ghes-3.14/schema.json b/src/webhooks/data/ghes-3.14/schema.json index 02bceba929a4..021c02d4b8d5 100644 --- a/src/webhooks/data/ghes-3.14/schema.json +++ b/src/webhooks/data/ghes-3.14/schema.json @@ -87411,6 +87411,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -87769,6 +87775,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -88127,6 +88139,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", @@ -88484,6 +88502,12 @@ "description": "

    Unique identifier of the user's token. This field can also be found in audit log events and the organization's settings for their PAT grants.

    ", "isRequired": true }, + { + "type": "string", + "name": "token_name", + "description": "

    The name given to the user's token. This field can also be found in an organization's settings page for Active Tokens.

    ", + "isRequired": true + }, { "type": "boolean", "name": "token_expired", diff --git a/src/webhooks/lib/config.json b/src/webhooks/lib/config.json index 11de88301705..545246156d31 100644 --- a/src/webhooks/lib/config.json +++ b/src/webhooks/lib/config.json @@ -1,3 +1,3 @@ { - "sha": "10e2f151b45a960f135417e71bd6f0ac5ce0aa97" + "sha": "f9de54ab72eff1bc9855fd0940816350912ae5b7" } \ No newline at end of file diff --git a/tsconfig.json b/tsconfig.json index 96bc64921938..86975737dcc0 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -27,6 +27,7 @@ }, "exclude": [ "node_modules", + "docs-internal-data", "src/code-scanning/scripts/generate-code-scanning-query-list.ts" ], "include": [