Merge pull request #22909 from github/jules-4510
GHEC versioning for internal repositories
This commit is contained in:
Jules Parker
Binary file not shown.
|
After Width: | Height: | Size: 71 KiB |
BIN
assets/images/help/repository/allow-disable-forking-fpt.png
Normal file
BIN
assets/images/help/repository/allow-disable-forking-fpt.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 18 KiB |
@@ -67,7 +67,7 @@ There are several types of data that applications can request.
|
||||
| Notifications | Notification access allows applications to read your {% data variables.product.product_name %} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. |
|
||||
| Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
|
||||
| Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
|
||||
| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either {% ifversion not ghae %}public{% else %}internal{% endif %} or private repositories on a user-wide level. |
|
||||
| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. An application can request access to all of your repositories of any visibility level. For more information, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)." |
|
||||
| Repository delete | Applications can request to delete repositories that you administer, but they won't have access to your code. |
|
||||
|
||||
## Requesting updated permissions
|
||||
|
||||
@@ -27,7 +27,7 @@ You can use the security overview for a high-level view of the security status o
|
||||
|
||||
The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae-next %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %}
|
||||
|
||||
For more information about securing your code at the repository and organization levels, see "[Securing your repository](/code-security/getting-started/securing-your-repository)" and "[Securing your organization](/code-security/getting-started/securing-your-organization)."
|
||||
For more information about securing your code at the repository and organization levels, see "[Securing your repository](/code-security/getting-started/securing-your-repository)" and "[Securing your organization](/code-security/getting-started/securing-your-organization)."
|
||||
|
||||
In the security overview, you can view, sort, and filter alerts to understand the security risks in your organization and in specific repositories. You can apply multiple filters to focus on areas of interest. For example, you can identify private repositories that have a high number of {% data variables.product.prodname_dependabot_alerts %} or repositories that have no {% data variables.product.prodname_code_scanning %} alerts.
|
||||
|
||||
@@ -105,11 +105,15 @@ The level of risk for a repository is determined by the number and severity of a
|
||||
### Filter by repository type
|
||||
|
||||
| Qualifier | Description |
|
||||
| -------- | -------- |{% ifversion fpt or ghes > 3.1 or ghec %}
|
||||
| `is:public` | Display public repositories. |{% endif %}
|
||||
| -------- | -------- |
|
||||
{%- ifversion fpt or ghes > 3.1 or ghec %}
|
||||
| `is:public` | Display public repositories. |
|
||||
{% elsif ghes or ghec or ghae %}
|
||||
| `is:internal` | Display internal repositories. |
|
||||
{%- endif %}
|
||||
| `is:private` | Display private repositories. |
|
||||
| `archived:true` | Display archived repositories. |
|
||||
| `archived:true` | Display archived repositories. |
|
||||
|
||||
### Filter by team
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ Every repository on {% ifversion ghae %}{% data variables.product.product_name %
|
||||
|
||||
With wikis, you can write content just like everywhere else on {% data variables.product.product_name %}. For more information, see "[Getting started with writing and formatting on {% data variables.product.prodname_dotcom %}](/articles/getting-started-with-writing-and-formatting-on-github)." We use [our open-source Markup library](https://github.com/github/markup) to convert different formats into HTML, so you can choose to write in Markdown or any other supported format.
|
||||
|
||||
{% ifversion fpt or ghes or ghec %}If you create a wiki in a public repository, the wiki is available to {% ifversion ghes %}anyone with access to {% data variables.product.product_location %}{% else %}the public{% endif %}. {% endif %}If you create a wiki in an internal or private repository, only {% ifversion fpt or ghes or ghec %}people{% elsif ghae %}enterprise members{% endif %} with access to the repository can access the wiki. For more information, see "[Setting repository visibility](/articles/setting-repository-visibility)."
|
||||
{% ifversion fpt or ghes or ghec %}If you create a wiki in a public repository, the wiki is available to {% ifversion ghes %}anyone with access to {% data variables.product.product_location %}{% else %}the public{% endif %}. {% endif %}If you create a wiki in a private{% ifversion ghec or ghes %} or internal{% endif %} repository, only {% ifversion fpt or ghes or ghec %}people{% elsif ghae %}enterprise members{% endif %} with access to the repository can access the wiki. For more information, see "[Setting repository visibility](/articles/setting-repository-visibility)."
|
||||
|
||||
You can edit wikis directly on {% data variables.product.product_name %}, or you can edit wiki files locally. By default, only people with write access to your repository can make changes to wikis, although you can allow everyone on {% data variables.product.product_location %} to contribute to a wiki in {% ifversion ghae %}an internal{% else %}a public{% endif %} repository. For more information, see "[Changing access permissions for wikis](/communities/documenting-your-project-with-wikis/changing-access-permissions-for-wikis)".
|
||||
|
||||
|
||||
@@ -43,15 +43,15 @@ Name | Description
|
||||
**`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% endif %}{% ifversion ghes or ghae %}
|
||||
**`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/reference/enterprise-admin).{% endif %}
|
||||
**`repo`** | Grants full access to repositories, including private repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for repositories and organizations. Also grants ability to manage user projects.
|
||||
 `repo:status`| Grants read/write access to {% ifversion not ghae %}public{% else %}internal{% endif %} and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
|
||||
 `repo:status`| Grants read/write access to commit statuses in {% ifversion fpt %}public and private{% elsif ghec or ghes %}public, private, and internal{% elsif ghae %}private and internal{% endif %} repositories. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
|
||||
 `repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for {% ifversion not ghae %}public{% else %}internal{% endif %} and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.{% ifversion not ghae %}
|
||||
 `public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.{% endif %}
|
||||
 `repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% ifversion fpt or ghes > 3.0 or ghec %}
|
||||
 `security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% ifversion ghes < 3.1 %}
|
||||
 `security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
|
||||
**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% ifversion not ghae %}public{% else %}internal{% endif %} and private repositories. The `repo` {% ifversion not ghae %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
|
||||
 `write:repo_hook` | Grants read, write, and ping access to hooks in {% ifversion not ghae %}public{% else %}internal{% endif %} or private repositories.
|
||||
 `read:repo_hook`| Grants read and ping access to hooks in {% ifversion not ghae %}public{% else %}internal{% endif %} or private repositories.
|
||||
**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% ifversion fpt %}public or private{% elsif ghec or ghes %}public, private, or internal{% elsif ghae %}private or internal{% endif %} repositories. The `repo` {% ifversion fpt or ghec or ghes %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
|
||||
 `write:repo_hook` | Grants read, write, and ping access to hooks in {% ifversion fpt %}public or private{% elsif ghec or ghes %}public, private, or internal{% elsif ghae %}private or internal{% endif %} repositories.
|
||||
 `read:repo_hook`| Grants read and ping access to hooks in {% ifversion fpt %}public or private{% elsif ghec or ghes %}public, private, or internal{% elsif ghae %}private or internal{% endif %} repositories.
|
||||
**`admin:org`** | Fully manage the organization and its teams, projects, and memberships.
|
||||
 `write:org`| Read and write access to organization membership, organization projects, and team membership.
|
||||
 `read:org`| Read-only access to organization membership, organization projects, and team membership.
|
||||
|
||||
@@ -12,4 +12,3 @@ children:
|
||||
- /apps
|
||||
- /github-marketplace
|
||||
---
|
||||
|
||||
|
||||
@@ -22,4 +22,3 @@ children:
|
||||
- /site-policy-deprecated
|
||||
- /setting-up-and-managing-your-enterprise
|
||||
---
|
||||
|
||||
|
||||
@@ -24,7 +24,9 @@ Only organization owners can remove members from an organization.
|
||||
**Warning:** When you remove members from an organization:
|
||||
- The paid license count does not automatically downgrade. To pay for fewer licenses after removing users from your organization, follow the steps in "[Downgrading your organization's paid seats](/articles/downgrading-your-organization-s-paid-seats)."
|
||||
- Removed members will lose access to private forks of your organization's private repositories, but they may still have local copies. However, they cannot sync local copies with your organization's repositories. Their private forks can be restored if the user is [reinstated as an organization member](/articles/reinstating-a-former-member-of-your-organization) within three months of being removed from the organization. Ultimately, you are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property.
|
||||
- If your organization is owned by an enterprise account, removed members will also lose access to private forks of your organization's internal repositories, if the removed member is not a member of any other organization owned by the same enterprise account. For more information, see "[About enterprise accounts](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts)."
|
||||
{%- ifversion ghec %}
|
||||
- Removed members will also lose access to private forks of your organization's internal repositories, if the removed member is not a member of any other organization owned by the same enterprise account. For more information, see "[About enterprise accounts](/admin/overview/about-enterprise-accounts)."
|
||||
{%- endif %}
|
||||
- Any organization invitations sent by a removed member, that have not been accepted, are cancelled and will not be accessible.
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Managing the forking policy for your organization
|
||||
intro: 'You can allow or prevent the forking of any private{% ifversion fpt or ghes or ghae or ghec %} and internal{% endif %} repositories owned by your organization.'
|
||||
intro: 'You can allow or prevent the forking of any private{% ifversion ghes or ghae or ghec %} and internal{% endif %} repositories owned by your organization.'
|
||||
redirect_from:
|
||||
- /articles/allowing-people-to-fork-private-repositories-in-your-organization
|
||||
- /github/setting-up-and-managing-organizations-and-teams/allowing-people-to-fork-private-repositories-in-your-organization
|
||||
@@ -17,17 +17,19 @@ topics:
|
||||
shortTitle: Manage forking policy
|
||||
---
|
||||
|
||||
By default, new organizations are configured to disallow the forking of private{% ifversion fpt or ghes or ghae or ghec %} and internal{% endif %} repositories.
|
||||
By default, new organizations are configured to disallow the forking of private{% ifversion ghes or ghec or ghae %} and internal{% endif %} repositories.
|
||||
|
||||
If you allow forking of private{% ifversion fpt or ghes or ghae or ghec %} and internal{% endif %} repositories at the organization level, you can also configure the ability to fork a specific private{% ifversion fpt or ghes or ghae or ghec %} or internal{% endif %} repository. For more information, see "[Managing the forking policy for your repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository)."
|
||||
|
||||
{% data reusables.organizations.internal-repos-enterprise %}
|
||||
If you allow forking of private{% ifversion ghes or ghec or ghae %} and internal{% endif %} repositories at the organization level, you can also configure the ability to fork a specific private{% ifversion ghes or ghec or ghae %} or internal{% endif %} repository. For more information, see "[Managing the forking policy for your repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository)."
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.member-privileges %}
|
||||
5. Under "Repository forking", select **Allow forking of private repositories** or **Allow forking of private and internal repositories**.
|
||||
|
||||
1. Under "Repository forking", select **Allow forking of private {% ifversion ghec or ghes or ghae %}and internal {% endif %}repositories**.
|
||||
|
||||
{%- ifversion fpt %}
|
||||
|
||||
{%- elsif ghes or ghec or ghae %}
|
||||
|
||||
{%- endif %}
|
||||
6. Click **Save**.
|
||||
|
||||
## Further reading
|
||||
|
||||
@@ -15,11 +15,11 @@ topics:
|
||||
shortTitle: Restrict repository creation
|
||||
---
|
||||
|
||||
You can choose whether members can create repositories in your organization. If you allow members to create repositories, you can choose which types of repositories members can create.{% ifversion fpt or ghec %} To allow members to create private repositories only, your organization must use {% data variables.product.prodname_ghe_cloud %}.{% endif %} For more information, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
|
||||
You can choose whether members can create repositories in your organization. If you allow members to create repositories, you can choose which types of repositories members can create.{% ifversion fpt or ghec %} To allow members to create private repositories only, your organization must use {% data variables.product.prodname_ghe_cloud %}.{% endif %}{% ifversion fpt %} For more information, see "[About repositories](/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories)" in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
|
||||
|
||||
Organization owners can always create any type of repository.
|
||||
|
||||
{% ifversion fpt or ghec %}Enterprise owners{% else %}Site administrators{% endif %} can restrict the options you have available for your organization's repository creation policy. For more information, see "[Restricting repository creation in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."
|
||||
{% ifversion ghec or ghae or ghes %}
|
||||
{% ifversion ghec or ghae %}Enterprise owners{% elsif ghes %}Site administrators{% endif %} can restrict the options you have available for your organization's repository creation policy.{% ifversion ghec or ghes or ghae %} For more information, see "[Restricting repository creation in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."{% endif %}{% endif %}
|
||||
|
||||
{% warning %}
|
||||
|
||||
@@ -27,11 +27,14 @@ Organization owners can always create any type of repository.
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
{% data reusables.organizations.internal-repos-enterprise %}
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.member-privileges %}
|
||||
5. Under "Repository creation", select one or more options.
|
||||
|
||||
|
||||
{%- ifversion ghes or ghec or ghae %}
|
||||
|
||||
{%- elsif fpt %}
|
||||
|
||||
{%- endif %}
|
||||
6. Click **Save**.
|
||||
|
||||
@@ -60,15 +60,11 @@ If a private repository is made public and then deleted, its private forks will
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghae or ghes or ghec %}
|
||||
{% ifversion ghes or ghec or ghae %}
|
||||
|
||||
## Changing the visibility of an internal repository
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data reusables.gated-features.internal-repos %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
If the policy for your enterprise permits forking, any fork of an internal repository will be private. If you change the visibility of an internal repository, any fork owned by an organization or user account will remain private.
|
||||
|
||||
|
||||
@@ -44,31 +44,38 @@ You can use repositories to manage your work and collaborate with others.
|
||||
|
||||
## About repository visibility
|
||||
|
||||
You can restrict who has access to a repository by choosing a repository's visibility: {% ifversion fpt or ghes or ghec %}public, internal, or private{% elsif ghae %}private or internal{% else %} public or private{% endif %}.
|
||||
You can restrict who has access to a repository by choosing a repository's visibility: {% ifversion ghes or ghec %}public, internal, or private{% elsif ghae %}private or internal{% else %} public or private{% endif %}.
|
||||
|
||||
{% ifversion ghae %}When you create a repository owned by your user account, the repository is always private. When you create a repository owned by an organization, you can choose to make the repository private or internal.{% else %}When you create a repository, you can choose to make the repository public or private.{% ifversion fpt or ghes or ghec %} If you're creating the repository in an organization{% ifversion fpt or ghec %} that is owned by an enterprise account{% endif %}, you can also choose to make the repository internal.{% endif %}{% endif %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
|
||||
When you create a repository, you can choose to make the repository public or private.{% ifversion ghec or ghes %} If you're creating the repository in an organization{% ifversion ghec %} that is owned by an enterprise account{% endif %}, you can also choose to make the repository internal.{% endif %}{% endif %}{% ifversion fpt %} Repositories in organizations that use {% data variables.product.prodname_ghe_cloud %} can also be created with internal visibility. For more information, see "[About enterprise accounts](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
|
||||
|
||||
{% ifversion ghes %}
|
||||
If {% data variables.product.product_location %} is not in private mode or behind a firewall, public repositories are accessible to everyone on the internet. Otherwise, public repositories are available to everyone using {% data variables.product.product_location %}, including outside collaborators. Private repositories are only accessible to you, people you explicitly share access with, and, for organization repositories, certain organization members. {% ifversion ghes %} Internal repositories are accessible to enterprise members. For more information, see "[About internal repositories](#about-internal-repositories)."{% endif %}
|
||||
{% elsif ghae %}
|
||||
Private repositories are only accessible to you, people you explicitly share access with, and, for organization repositories, certain organization members. Internal repositories are accessible to all enterprise members. For more information, see "[About internal repositories](#about-internal-repositories)."
|
||||
{% else %}
|
||||
Public repositories are accessible to everyone on the internet. Private repositories are only accessible to you, people you explicitly share access with, and, for organization repositories, certain organization members. Internal repositories are accessible to enterprise members. For more information, see "[About internal repositories](#about-internal-repositories)."
|
||||
|
||||
When you create a repository owned by your user account, the repository is always private. When you create a repository owned by an organization, you can choose to make the repository private or internal.
|
||||
|
||||
{% endif %}
|
||||
|
||||
{%- ifversion fpt or ghec %}
|
||||
- Public repositories are accessible to everyone on the internet.
|
||||
- Private repositories are only accessible to you, people you explicitly share access with, and, for organization repositories, certain organization members.
|
||||
{%- elsif ghes %}
|
||||
- If {% data variables.product.product_location %} is not in private mode or behind a firewall, public repositories are accessible to everyone on the internet. Otherwise, public repositories are available to everyone using {% data variables.product.product_location %}, including outside collaborators.
|
||||
- Private repositories are only accessible to you, people you explicitly share access with, and, for organization repositories, certain organization members. Internal repositories are accessible to all enterprise members.
|
||||
{%- elsif ghae %}
|
||||
- Private repositories are only accessible to you, people you explicitly share access with, and, for organization repositories, certain organization members.
|
||||
{%- endif %}
|
||||
{%- ifversion ghec or ghes or ghae %}
|
||||
- Internal repositories are accessible to all enterprise members. For more information, see "[About internal repositories](#about-internal-repositories)."
|
||||
{%- endif %}
|
||||
|
||||
Organization owners always have access to every repository created in an organization. For more information, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)."
|
||||
|
||||
People with admin permissions for a repository can change an existing repository's visibility. For more information, see "[Setting repository visibility](/github/administering-a-repository/setting-repository-visibility)."
|
||||
|
||||
{% ifversion fpt or ghae or ghes or ghec %}
|
||||
{% ifversion ghes or ghec or ghae %}
|
||||
## About internal repositories
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data reusables.gated-features.internal-repos %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% data reusables.repositories.about-internal-repos %} For more information on innersource, see {% data variables.product.prodname_dotcom %}'s whitepaper "[An introduction to innersource](https://resources.github.com/whitepapers/introduction-to-innersource/)."
|
||||
|
||||
All enterprise members have read permissions to the internal repository, but internal repositories are not visible to people {% ifversion fpt or ghec %}outside of the enterprise{% else %}who are not members of any organization{% endif %}, including outside collaborators on organization repositories. For more information, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/roles-in-an-enterprise#enterprise-members)" and "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)."
|
||||
|
||||
@@ -24,8 +24,8 @@ topics:
|
||||
**Warnings**:
|
||||
|
||||
- Deleting a repository will **permanently** delete release attachments and team permissions. This action **cannot** be undone.
|
||||
- Deleting a private or internal repository will delete all forks of the repository.
|
||||
|
||||
- Deleting a private{% ifversion ghes or ghec or ghae %} or internal{% endif %} repository will delete all forks of the repository.
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
Some deleted repositories can be restored within 90 days of deletion. {% ifversion ghes or ghae %}Your site administrator may be able to restore a deleted repository for you. For more information, see "[Restoring a deleted repository](/admin/user-management/managing-repositories-in-your-enterprise/restoring-a-deleted-repository)." {% else %}For more information, see "[Restoring a deleted repository](/articles/restoring-a-deleted-repository)."{% endif %}
|
||||
|
||||
@@ -27,7 +27,7 @@ To browse the most used topics, go to https://github.com/topics/.
|
||||
|
||||
Repository admins can add any topics they'd like to a repository. Helpful topics to classify a repository include the repository's intended purpose, subject area, community, or language.{% ifversion fpt or ghec %} Additionally, {% data variables.product.product_name %} analyzes public repository content and generates suggested topics that repository admins can accept or reject. Private repository content is not analyzed and does not receive topic suggestions.{% endif %}
|
||||
|
||||
{% ifversion ghae %}Internal {% else %}Public, internal, {% endif %}and private repositories can have topics, although you will only see private repositories that you have access to in topic search results.
|
||||
{% ifversion fpt %}Public and private{% elsif ghec or ghes %}Public, private, and internal{% elsif ghae %}Private and internal{% endif %} repositories can have topics, although you will only see private repositories that you have access to in topic search results.
|
||||
|
||||
You can search for repositories that are associated with a particular topic. For more information, see "[Searching for repositories](/search-github/searching-on-github/searching-for-repositories#search-by-topic)." You can also search for a list of topics on {% data variables.product.product_name %}. For more information, see "[Searching topics](/search-github/searching-on-github/searching-topics)."
|
||||
|
||||
|
||||
@@ -109,15 +109,9 @@ The default permissions can also be configured in the organization settings. If
|
||||
1. Click **Save** to apply the settings.
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghes > 3.3 or ghae-issue-4757 or ghec %}
|
||||
{% ifversion ghes > 3.3 or ghae-issue-4757 or ghec %}
|
||||
## Allowing access to components in an internal repository
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data reusables.gated-features.internal-repos %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
Members of your enterprise can use internal repositories to work on projects without sharing information publicly. For information, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories)."
|
||||
|
||||
To configure whether workflows in an internal repository can be accessed from outside the repository:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Managing the forking policy for your repository
|
||||
intro: 'You can allow or prevent the forking of a specific private{% ifversion fpt or ghae or ghes or ghec %} or internal{% endif %} repository owned by an organization.'
|
||||
intro: 'You can allow or prevent the forking of a specific private{% ifversion ghae or ghes or ghec %} or internal{% endif %} repository owned by an organization.'
|
||||
redirect_from:
|
||||
- /articles/allowing-people-to-fork-a-private-repository-owned-by-your-organization
|
||||
- /github/administering-a-repository/allowing-people-to-fork-a-private-repository-owned-by-your-organization
|
||||
@@ -16,9 +16,7 @@ topics:
|
||||
- Repositories
|
||||
shortTitle: Manage the forking policy
|
||||
---
|
||||
An organization owner must allow forks of private{% ifversion fpt or ghae or ghes or ghec %} and internal{% endif %} repositories on the organization level before you can allow or disallow forks for a specific repository. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)."
|
||||
|
||||
{% data reusables.organizations.internal-repos-enterprise %}
|
||||
An organization owner must allow forks of private{% ifversion ghae or ghes or ghec %} and internal{% endif %} repositories on the organization level before you can allow or disallow forks for a specific repository. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)."
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
|
||||
@@ -21,9 +21,9 @@ shortTitle: Repository visibility
|
||||
|
||||
Organization owners can restrict the ability to change repository visibility to organization owners only. For more information, see "[Restricting repository visibility changes in your organization](/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization)."
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
{% ifversion ghec %}
|
||||
|
||||
If you're a member of an {% data variables.product.prodname_emu_enterprise %}, your repositories owned by your user account can only be private, and repositories in your enterprise's organizations can only be private or internal.
|
||||
Members of an {% data variables.product.prodname_emu_enterprise %} can only set the visibility of repositories owned by their user account to private, and repositories in their enterprise's organizations can only be private or internal. For more information, see "[About {% data variables.product.prodname_emus %}](/admin/authentication/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -46,22 +46,27 @@ We recommend reviewing the following caveats before you change the visibility of
|
||||
### Making a repository private
|
||||
{% ifversion fpt or ghes or ghec %}
|
||||
* {% data variables.product.product_name %} will detach public forks of the public repository and put them into a new network. Public forks are not made private.{% endif %}
|
||||
* If you change a repository's visibility from internal to private, {% data variables.product.prodname_dotcom %} will remove forks that belong to any user without access to the newly private repository. {% ifversion fpt or ghes or ghec %}The visibility of any forks will also change to private.{% elsif ghae %}If the internal repository has any forks, the visibility of the forks is already private.{% endif %} For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility)"{% ifversion fpt %}
|
||||
* If you're using {% data variables.product.prodname_free_user %} for user accounts or organizations, some features won't be available in the repository after you change the visibility to private. Any published {% data variables.product.prodname_pages %} site will be automatically unpublished. If you added a custom domain to the {% data variables.product.prodname_pages %} site, you should remove or update your DNS records before making the repository private, to avoid the risk of a domain takeover. For more information, see "[{% data variables.product.company_short %}'s products](/get-started/learning-about-github/githubs-products) and "[Managing a custom domain for your {% data variables.product.prodname_pages %} site](/articles/managing-a-custom-domain-for-your-github-pages-site)."{% endif %}{% ifversion fpt or ghec %}
|
||||
* {% data variables.product.prodname_dotcom %} will no longer include the repository in the {% data variables.product.prodname_archive %}. For more information, see "[About archiving content and data on {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)."
|
||||
* {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %}, will stop working unless the repository is owned by an organization that is part of an enterprise with a license for {% data variables.product.prodname_advanced_security %} and sufficient spare seats. {% data reusables.advanced-security.more-info-ghas %}{% endif %}{% ifversion ghes %}
|
||||
* Anonymous Git read access is no longer available. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."{% endif %}
|
||||
{%- ifversion ghes or ghec or ghae %}
|
||||
* If you change a repository's visibility from internal to private, {% data variables.product.prodname_dotcom %} will remove forks that belong to any user without access to the newly private repository. {% ifversion fpt or ghes or ghec %}The visibility of any forks will also change to private.{% elsif ghae %}If the internal repository has any forks, the visibility of the forks is already private.{% endif %} For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility)"
|
||||
{%- endif %}
|
||||
|
||||
{% ifversion fpt or ghae or ghes or ghec %}
|
||||
{%- ifversion fpt %}
|
||||
* If you're using {% data variables.product.prodname_free_user %} for user accounts or organizations, some features won't be available in the repository after you change the visibility to private. Any published {% data variables.product.prodname_pages %} site will be automatically unpublished. If you added a custom domain to the {% data variables.product.prodname_pages %} site, you should remove or update your DNS records before making the repository private, to avoid the risk of a domain takeover. For more information, see "[{% data variables.product.company_short %}'s products](/get-started/learning-about-github/githubs-products) and "[Managing a custom domain for your {% data variables.product.prodname_pages %} site](/articles/managing-a-custom-domain-for-your-github-pages-site)."
|
||||
{%- endif %}
|
||||
|
||||
{%- ifversion fpt or ghec %}
|
||||
* {% data variables.product.prodname_dotcom %} will no longer include the repository in the {% data variables.product.prodname_archive %}. For more information, see "[About archiving content and data on {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)."
|
||||
* {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %}, will stop working unless the repository is owned by an organization that is part of an enterprise with a license for {% data variables.product.prodname_advanced_security %} and sufficient spare seats. {% data reusables.advanced-security.more-info-ghas %}
|
||||
{%- endif %}
|
||||
|
||||
{%- ifversion ghes %}
|
||||
* Anonymous Git read access is no longer available. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
|
||||
{%- endif %}
|
||||
|
||||
{% ifversion ghes or ghec or ghae %}
|
||||
|
||||
### Making a repository internal
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data reusables.gated-features.internal-repos %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
* Any forks of the repository will remain in the repository network, and {% data variables.product.product_name %} maintains the relationship between the root repository and the fork. For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility)"
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -14,7 +14,7 @@ topics:
|
||||
shortTitle: Discover resources for a user
|
||||
---
|
||||
|
||||
|
||||
|
||||
|
||||
When making authenticated requests to the {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API, applications often need to fetch the current user's repositories and organizations. In this guide, we'll explain how to reliably discover those resources.
|
||||
|
||||
@@ -26,7 +26,7 @@ If you haven't already, you should read the ["Basics of Authentication"][basics-
|
||||
|
||||
## Discover the repositories that your app can access for a user
|
||||
|
||||
In addition to having their own personal repositories, a user may be a collaborator on repositories owned by other users and organizations. Collectively, these are the repositories where the user has privileged access: either it's a private repository where the user has read or write access, or it's a {% ifversion not ghae %}public{% else %}internal{% endif %} repository where the user has write access.
|
||||
In addition to having their own personal repositories, a user may be a collaborator on repositories owned by other users and organizations. Collectively, these are the repositories where the user has privileged access: either it's a private repository where the user has read or write access, or it's {% ifversion fpt %}a public{% elsif ghec or ghes %}a public or internal{% elsif ghae %}an internal{% endif %} repository where the user has write access.
|
||||
|
||||
[OAuth scopes][scopes] and [organization application policies][oap] determine which of those repositories your app can access for a user. Use the workflow below to discover those repositories.
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ Mmmmm, tastes like [JSON][json]. Let's add the `-i` flag to include headers:
|
||||
```shell
|
||||
$ curl -i https://api.github.com/users/defunkt
|
||||
|
||||
> HTTP/2 200
|
||||
> HTTP/2 200
|
||||
> server: GitHub.com
|
||||
> date: Thu, 08 Jul 2021 07:04:08 GMT
|
||||
> content-type: application/json; charset=utf-8
|
||||
@@ -248,9 +248,10 @@ $ curl -i {% data variables.product.api_url_pre %}/orgs/octo-org/repos
|
||||
|
||||
The information returned from these calls will depend on which scopes our token has when we authenticate:
|
||||
|
||||
{% ifversion not ghae %}
|
||||
* A token with `public_repo` [scope][scopes] returns a response that includes all public repositories we have access to see on github.com.{% endif %}
|
||||
* A token with `repo` [scope][scopes] returns a response that includes all {% ifversion not ghae %}public{% else %}internal{% endif %} and private repositories we have access to see on {% data variables.product.product_location %}.
|
||||
{%- ifversion fpt or ghec or ghes %}
|
||||
* A token with `public_repo` [scope][scopes] returns a response that includes all public repositories we have access to see on {% data variables.product.product_location %}.
|
||||
{%- endif %}
|
||||
* A token with `repo` [scope][scopes] returns a response that includes all {% ifversion fpt %}public or private{% elsif ghec or ghes %}public, private, or internal{% elsif ghae %}private or internal{% endif %} repositories we have access to see on {% data variables.product.product_location %}.
|
||||
|
||||
As the [docs][repos-api] indicate, these methods take a `type` parameter that
|
||||
can filter the repositories returned based on what type of access the user has
|
||||
|
||||
@@ -105,9 +105,15 @@ To search commits in all repositories owned by a certain user or organization, u
|
||||
The `is` qualifier matches commits from repositories with the specified visibility. For more information, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
|
||||
|
||||
| Qualifier | Example
|
||||
| ------------- | ------------- |{% ifversion fpt or ghes or ghec %}
|
||||
| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Commits) matches commits to public repositories.{% endif %}
|
||||
| ------------- | ------------- |
|
||||
{%- ifversion fpt or ghes or ghec %}
|
||||
| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Commits) matches commits to public repositories.
|
||||
{%- endif %}
|
||||
|
||||
{%- ifversion ghes or ghec or ghae %}
|
||||
| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Commits) matches commits to internal repositories.
|
||||
{%- endif %}
|
||||
|
||||
| `is:private` | [**is:private**](https://github.com/search?q=is%3Aprivate&type=Commits) matches commits to private repositories.
|
||||
|
||||
## Further reading
|
||||
|
||||
@@ -43,8 +43,8 @@ You can filter by the visibility of the repository containing the discussions us
|
||||
|
||||
| Qualifier | Example
|
||||
| :- | :- |{% ifversion fpt or ghes or ghec %}
|
||||
| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Discussions) matches discussions in public repositories.{% endif %}
|
||||
| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Discussions) matches discussions in internal repositories.
|
||||
| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Discussions) matches discussions in public repositories.{% endif %}{% ifversion ghec %}
|
||||
| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Discussions) matches discussions in internal repositories.{% endif %}
|
||||
| `is:private` | [**is:private tiramisu**](https://github.com/search?q=is%3Aprivate+tiramisu&type=Discussions) matches discussions that contain the word "tiramisu" in private repositories you can access.
|
||||
|
||||
## Search by author
|
||||
|
||||
@@ -149,8 +149,8 @@ You can filter your search based on the visibility of the repositories. For more
|
||||
|
||||
| Qualifier | Example
|
||||
| ------------- | ------------- |{% ifversion fpt or ghes or ghec %}
|
||||
| `is:public` | [**is:public org:github**](https://github.com/search?q=is%3Apublic+org%3Agithub&type=Repositories) matches public repositories owned by {% data variables.product.company_short %}.{% endif %}
|
||||
| `is:internal` | [**is:internal test**](https://github.com/search?q=is%3Ainternal+test&type=Repositories) matches internal repositories that you can access and contain the word "test".
|
||||
| `is:public` | [**is:public org:github**](https://github.com/search?q=is%3Apublic+org%3Agithub&type=Repositories) matches public repositories owned by {% data variables.product.company_short %}.{% endif %}{% ifversion ghes or ghec or ghae %}
|
||||
| `is:internal` | [**is:internal test**](https://github.com/search?q=is%3Ainternal+test&type=Repositories) matches internal repositories that you can access and contain the word "test".{% endif %}
|
||||
| `is:private` | [**is:private pages**](https://github.com/search?q=is%3Aprivate+pages&type=Repositories) matches private repositories that you can access and contain the word "pages."
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
@@ -80,7 +80,7 @@ You can filter by the visibility of the repository containing the issues and pul
|
||||
|
||||
| Qualifier | Example
|
||||
| ------------- | ------------- |{% ifversion fpt or ghes or ghec %}
|
||||
| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Issues) matches issues and pull requests in public repositories.{% endif %}{% ifversion fpt or ghes or ghae or ghec %}
|
||||
| `is:public` | [**is:public**](https://github.com/search?q=is%3Apublic&type=Issues) matches issues and pull requests in public repositories.{% endif %}{% ifversion ghes or ghec or ghae %}
|
||||
| `is:internal` | [**is:internal**](https://github.com/search?q=is%3Ainternal&type=Issues) matches issues and pull requests in internal repositories.{% endif %}
|
||||
| `is:private` | [**is:private cupcake**](https://github.com/search?q=is%3Aprivate+cupcake&type=Issues) matches issues and pull requests that contain the word "cupcake" in private repositories you can access.
|
||||
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
By default, the artifacts and log files generated by workflows are retained for 90 days before they are automatically deleted. You can adjust the retention period, depending on the type of repository:
|
||||
|
||||
{%- ifversion fpt or ghec or ghes %}
|
||||
- For public repositories: you can change this retention period to anywhere between 1 day or 90 days.
|
||||
- For private, internal, and {% data variables.product.prodname_ghe_server %} repositories: you can change this retention period to anywhere between 1 day or 400 days.
|
||||
{%- endif %}
|
||||
|
||||
- For private{% ifversion ghec or ghes or ghae %} and internal{% endif %} repositories: you can change this retention period to anywhere between 1 day or 400 days.
|
||||
|
||||
When you customize the retention period, it only applies to new artifacts and log files, and does not retroactively apply to existing objects. For managed repositories and organizations, the maximum retention period cannot exceed the limit set by the managing organization or enterprise.
|
||||
|
||||
@@ -1 +1 @@
|
||||
When you enable {% data variables.product.prodname_actions %}, workflows are able to run actions located within your repository and any other public repository.
|
||||
When you enable {% data variables.product.prodname_actions %}, workflows are able to run actions located within your repository and any other{% ifversion fpt %} public{% elsif ghec or ghes %} public or internal{% elsif ghae %} internal{% endif %} repository.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on `pull_request` events. Available to private and internal repositories only, you can configure these policy settings for enterprises, organizations, or repositories. For enterprises, the policies are applied to all repositories in all organizations.
|
||||
If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on `pull_request` events. Available to private {% ifversion ghec or ghes or ghae %}and internal{% endif %} repositories only, you can configure these policy settings for {% ifversion ghec %}enterprises, {% elsif ghes or ghae %}your enterprise, {% endif %}organizations, or repositories.{% ifversion ghec or ghes or ghae %} For enterprises, the policies are applied to all repositories in all organizations.{% endif %}
|
||||
|
||||
- **Run workflows from fork pull requests** - Allows users to run workflows from fork pull requests, using a `GITHUB_TOKEN` with read-only permission, and with no access to secrets.
|
||||
- **Send write tokens to workflows from pull requests** - Allows pull requests from forks to use a `GITHUB_TOKEN` with write permission.
|
||||
|
||||
@@ -6,6 +6,6 @@
|
||||
- When [LDAP Sync is enabled](/enterprise/admin/authentication/using-ldap#enabling-ldap-sync), if you remove a person from a repository, they will lose access but their forks will not be deleted. If the person is added to a team with access to the original organization repository within three months, their access to the forks will be automatically restored on the next sync.{% endif %}
|
||||
- You are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property.
|
||||
|
||||
- People with admin permissions to a private{% ifversion fpt or ghes or ghae or ghec %} or internal{% endif %} repository can disallow forking of that repository, and organization owners can disallow forking of any private{% ifversion fpt or ghes or ghae or ghec %} or internal{% endif %} repository in an organization. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)" and "[Managing the forking policy for your repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository)."
|
||||
- People with admin permissions to a private{% ifversion ghes or ghae or ghec %} or internal{% endif %} repository can disallow forking of that repository, and organization owners can disallow forking of any private{% ifversion ghes or ghae or ghec %} or internal{% endif %} repository in an organization. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)" and "[Managing the forking policy for your repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository)."
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
Reference in New Issue
Block a user