Fix multiple blank lines in content and data (#37909)
This commit is contained in:
Grace Park
@@ -33,7 +33,6 @@ If you choose to hide your private contributions, visitors will only see your pu
|
||||
{% data reusables.profile.access_profile %}
|
||||
1. Under "Contributions & Activity", select or deselect **Include private contributions on my profile**.
|
||||
|
||||
|
||||
## Changing the visibility of achievements
|
||||
|
||||
{% data reusables.user-settings.access_settings %}
|
||||
|
||||
@@ -67,7 +67,6 @@ In the "All activity" section of your news feed, you can view updates from repos
|
||||
You'll see updates in your news feed when a user you follow:
|
||||
{% endif %}
|
||||
|
||||
|
||||
- Stars a repository.
|
||||
- Follows another user.{% ifversion fpt or ghes or ghec %}
|
||||
- Creates a public repository.{% endif %}
|
||||
|
||||
@@ -69,4 +69,3 @@ This pattern is employed in several actions. For more examples, see:
|
||||
- [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby)
|
||||
- [`google-github-actions/setup-gcloud`](https://github.com/google-github-actions/setup-gcloud)
|
||||
- [`hashicorp/setup-terraform`](https://github.com/hashicorp/setup-terraform)
|
||||
|
||||
|
||||
@@ -68,4 +68,3 @@ To remove a published action from {% data variables.product.prodname_marketplace
|
||||
Actions with the {% octicon "verified" aria-label="The verified badge" %}, or verified creator badge, indicate that {% data variables.product.prodname_dotcom %} has verified the creator of the action as a partner organization. Partners can email <a href="mailto:partnerships@github.com">partnerships@github.com</a> to request the verified creator badge.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -47,4 +47,3 @@ You can configure your CD workflow to run when a {% data variables.product.produ
|
||||
- [AUTOTITLE](/actions/deployment/about-deployments/deploying-with-github-actions)
|
||||
- [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment){% ifversion fpt or ghec %}
|
||||
- "[AUTOTITLE](/billing/managing-billing-for-github-actions)"{% endif %}
|
||||
|
||||
|
||||
@@ -14,7 +14,6 @@ topics:
|
||||
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
|
||||
## Introduction
|
||||
|
||||
This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a project to [Azure Kubernetes Service](https://azure.microsoft.com/services/kubernetes-service/).
|
||||
|
||||
@@ -14,7 +14,6 @@ topics:
|
||||
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
|
||||
## Introduction
|
||||
|
||||
This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a web app to [Azure Static Web Apps](https://azure.microsoft.com/services/app-service/static/).
|
||||
|
||||
@@ -233,7 +233,6 @@ You could also use a `curl` command to request the JWT, using the following envi
|
||||
| `ACTIONS_ID_TOKEN_REQUEST_URL` | The URL for {% data variables.product.prodname_dotcom %}'s OIDC provider. |
|
||||
| `ACTIONS_ID_TOKEN_REQUEST_TOKEN` | Bearer token for the request to the OIDC provider. |
|
||||
|
||||
|
||||
For example:
|
||||
|
||||
```shell copy
|
||||
@@ -464,7 +463,6 @@ To configure the repository to use the organization's template, a repository adm
|
||||
|
||||
You can now update your YAML workflows to use OIDC access tokens instead of secrets. Popular cloud providers have published their official login actions that make it easy for you to get started with OIDC. For more information about updating your workflows, see the cloud-specific guides listed below in "[Enabling OpenID Connect for your cloud provider](#enabling-openid-connect-for-your-cloud-provider)."
|
||||
|
||||
|
||||
## Enabling OpenID Connect for your cloud provider
|
||||
|
||||
To enable and configure OIDC for your specific cloud provider, see the following guides:
|
||||
|
||||
@@ -72,7 +72,6 @@ In the following example, `StringLike` is used with a wildcard operator (`*`) to
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
## Updating your {% data variables.product.prodname_actions %} workflow
|
||||
|
||||
To update your workflows for OIDC, you will need to make two changes to your YAML:
|
||||
|
||||
@@ -164,7 +164,6 @@ Variables stored in an environment are only available to workflow jobs that refe
|
||||
1. Click **Add variable**.
|
||||
{%- endif %}
|
||||
|
||||
|
||||
You can also create and configure environments through the REST API. For more information, see "[AUTOTITLE](/rest/deployments/environments)," "[AUTOTITLE](/rest/actions/secrets),"{% ifversion actions-configuration-variables %} "[AUTOTITLE](/rest/actions/variables),"{% endif %} and "[AUTOTITLE](/rest/deployments/branch-policies)."
|
||||
|
||||
Running a workflow that references an environment that does not exist will create an environment with the referenced name. The newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.
|
||||
|
||||
@@ -290,7 +290,6 @@ Modifies the default permissions granted to `GITHUB_TOKEN`. This will vary depen
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
|
||||
```yaml copy
|
||||
concurrency:
|
||||
group: {% raw %}'${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'{% endraw %}
|
||||
@@ -527,7 +526,6 @@ This step runs a command to check out LFS objects from the repository.
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
|
||||
```yaml copy
|
||||
- name: Gather files changed
|
||||
uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b
|
||||
|
||||
@@ -43,7 +43,6 @@ The following diagram illustrates the architecture of ARC's autoscaling runner s
|
||||
10. Throughout the job run execution, the runner continuously communicates the logs and job run status back to the {% data variables.product.prodname_actions %} Service.
|
||||
11. When the runner completes its job successfully, the EphemeralRunner Controller checks with the {% data variables.product.prodname_actions %} Service to see if runner can be deleted. If it can, the Ephemeral RunnerSet deletes the runner.
|
||||
|
||||
|
||||
## {% data variables.product.prodname_actions_runner_controller %} components
|
||||
|
||||
ARC consists of a set of custom resources. An ARC deployment applies these custom resources onto a Kubernetes cluster. Once applied, it creates a set of Pods that contain your self-hosted runners' containers. With ARC, {% data variables.product.company_short %} can treat these runner containers as self-hosted runners and allocate jobs to them as needed.
|
||||
|
||||
@@ -20,7 +20,6 @@ defaultPlatform: linux
|
||||
|
||||
You can authenticate {% data variables.product.prodname_actions_runner_controller %} (ARC) to the {% data variables.product.prodname_dotcom %} API by using a {% data variables.product.prodname_github_app %} or by using a {% data variables.product.pat_v1 %}.
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-runner-groups)."
|
||||
|
||||
@@ -75,7 +75,6 @@ For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managin
|
||||
|
||||
You can add self-hosted runners at the organization level, where they can be used to process jobs for multiple repositories in an organization. To add a self-hosted runner to an organization, you must be an organization owner. For information about how to add a self-hosted runner with the REST API, see "[AUTOTITLE](/rest/actions#self-hosted-runners)."
|
||||
|
||||
|
||||
{% data reusables.organizations.navigate-to-org %}
|
||||
{% data reusables.organizations.org_settings %}
|
||||
{% data reusables.organizations.settings-sidebar-actions-runners %}
|
||||
|
||||
@@ -63,7 +63,6 @@ ACTIONS_RUNNER_HOOK_JOB_STARTED=/cleanup_script.sh
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
|
||||
### No timeout setting
|
||||
|
||||
There is currently no timeout setting available for scripts executed by `ACTIONS_RUNNER_HOOK_JOB_STARTED` or `ACTIONS_RUNNER_HOOK_JOB_COMPLETED`. As a result, you could consider adding timeout handling to your script.
|
||||
|
||||
@@ -126,7 +126,6 @@ jobs:
|
||||
|
||||
For some examples of Docker actions, see the [Docker-image.yml workflow](https://github.com/actions/starter-workflows/blob/main/ci/docker-image.yml) and "[AUTOTITLE](/actions/creating-actions/creating-a-docker-container-action)."
|
||||
|
||||
|
||||
## Using release management for your custom actions
|
||||
|
||||
The creators of a community action have the option to use tags, branches, or SHA values to manage releases of the action. Similar to any dependency, you should indicate the version of the action you'd like to use based on your comfort with automatically accepting updates to the action.
|
||||
|
||||
@@ -26,7 +26,6 @@ By default, {% data variables.product.product_name %} stores build logs and arti
|
||||
|
||||
|
||||
|
||||
|
||||
{% endwebui %}
|
||||
|
||||
{% cli %}
|
||||
|
||||
@@ -31,7 +31,6 @@ shortTitle: Remove workflow artifacts
|
||||
|
||||
|
||||
|
||||
|
||||
## Setting the retention period for an artifact
|
||||
|
||||
Retention periods for artifacts and logs can be configured at the repository, organization, and enterprise level. For more information, see {% ifversion fpt or ghec or ghes %}"[AUTOTITLE](/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy)."{% elsif ghae %}"[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)," "[AUTOTITLE](/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization)," or "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise)."{% endif %}
|
||||
|
||||
@@ -468,7 +468,6 @@ You can transform Azure DevOps templates with {% data variables.product.prodname
|
||||
| Iterative insertion | Not applicable | Partially supported |
|
||||
| Templates with parameters | Varies | Partially supported |
|
||||
|
||||
|
||||
#### Template file path names
|
||||
|
||||
{% data variables.product.prodname_actions_importer %} can extract templates with relative or dynamic file paths with variable, parameter, and iterative expressions in the file name. However, there must be a default value set.
|
||||
@@ -535,7 +534,6 @@ steps:
|
||||
| stage | `job` | Partially supported |
|
||||
| stageList | `job` | Partially supported |
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** A template used under the `step` key with this parameter type is only serialized as a composite action if the steps are used at the beginning or end of the template steps. A template used under the `stage`, `deployment`, and `job` keys with this parameter type are not transformed into a reusable workflow, and instead are serialized as a standalone workflow.
|
||||
|
||||
@@ -162,7 +162,6 @@ For example:
|
||||
gh actions-importer forecast bamboo --project PAN --output-dir tmp/forecast_reports
|
||||
```
|
||||
|
||||
|
||||
### Inspecting the forecast report
|
||||
|
||||
The `forecast_report.md` file in the specified output directory contains the results of the forecast.
|
||||
@@ -373,7 +372,6 @@ For more information about supported Bamboo concept and plugin mappings, see the
|
||||
| `bamboo.shortPlanKey` | {% raw %}`${{ github.workflow }}`{% endraw %}
|
||||
| `bamboo.shortPlanName` | {% raw %}`${{ github.workflow }}`{% endraw %}
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** Unknown variables are transformed to {% raw %}`${{ env.<variableName> }}`{% endraw %} and must be replaced or added under `env` for proper operation. For example, `${bamboo.jira.baseUrl}` will become {% raw %}`${{ env.jira_baseUrl }}`{% endraw %}.
|
||||
|
||||
@@ -414,7 +414,6 @@ For information about supported GitLab constructs, see the [`github/gh-actions-i
|
||||
| `CI_EXTERNAL_PULL_REQUEST_TARGET_BRANCH_NAME` | {% raw %}`${{ github.event.pull_request.base.ref }}`{% endraw %} |
|
||||
| `CI_EXTERNAL_PULL_REQUEST_TARGET_BRANCH_SHA` | {% raw %}`${{ github.event.pull_request.base.sha }}`{% endraw %} |
|
||||
|
||||
|
||||
## Legal notice
|
||||
|
||||
{% data reusables.actions.actions-importer-legal-notice %}
|
||||
|
||||
@@ -178,7 +178,6 @@ Both Azure Pipelines and {% data variables.product.prodname_actions %} allow you
|
||||
|
||||
Below is an example of the syntax for each system. The workflows start a first job named `initial`, and when that job completes, two jobs named `fanout1` and `fanout2` will run. Finally, when those jobs complete, the job `fanin` will run.
|
||||
|
||||
|
||||
### Azure Pipelines syntax for dependencies between jobs
|
||||
|
||||
{% raw %}
|
||||
|
||||
@@ -54,7 +54,6 @@ CircleCI can reuse pieces of workflows with YAML anchors and aliases. {% data va
|
||||
|
||||
## Using Docker images
|
||||
|
||||
|
||||
Both CircleCI and {% data variables.product.prodname_actions %} support running steps inside of a Docker image.
|
||||
|
||||
CircleCI provides a set of pre-built images with common dependencies. These images have the `USER` set to `circleci`, which causes permissions to conflict with {% data variables.product.prodname_actions %}.
|
||||
|
||||
@@ -402,5 +402,4 @@ jobs:
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
|
||||
For more information, see "[AUTOTITLE](/actions/using-containerized-services/about-service-containers)."
|
||||
|
||||
@@ -118,7 +118,6 @@ on:
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
|
||||
### Checking out submodules
|
||||
|
||||
Travis CI and {% data variables.product.prodname_actions %} both allow you to control whether submodules are included in the repository clone.
|
||||
|
||||
@@ -21,7 +21,6 @@ versions:
|
||||
|
||||
{% data reusables.repositories.actions-workflow-status-badge-intro %}
|
||||
|
||||
|
||||
To add a workflow status badge to your `README.md` file, first find the URL for the status badge you would like to display. Then you can use Markdown to display the badge as an image in your `README.md` file. For more information about image markup in Markdown, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#images)."
|
||||
|
||||
## Using the workflow file name
|
||||
|
||||
@@ -38,4 +38,3 @@ versions:
|
||||
## Setting container resource options
|
||||
|
||||
{% data reusables.actions.jobs.section-running-jobs-in-a-container-options %}
|
||||
|
||||
|
||||
@@ -66,7 +66,6 @@ If there is an exact match to the provided `key`, this is considered a cache hit
|
||||
|
||||
You cannot change the contents of an existing cache. Instead, you can create a new cache with a new key.
|
||||
|
||||
|
||||
### Input parameters for the `cache` action
|
||||
|
||||
- `key`: **Required** The key created when saving a cache and the key used to search for a cache. It can be any combination of variables, context values, static strings, and functions. Keys have a maximum length of 512 characters, and keys longer than the maximum length will cause the action to fail.
|
||||
|
||||
@@ -45,8 +45,6 @@ After a required workflow has run at least once in a repository, you can view it
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Adding a required workflow to an organization
|
||||
|
||||
Organization owners can configure required workflows in their organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#adding-a-required-workflow-to-an-organization)."
|
||||
|
||||
@@ -553,7 +553,6 @@ Alternatively, use a {% data variables.product.prodname_github_app %} instead of
|
||||
|
||||
## `jobs.<job_id>.steps[*].run`
|
||||
|
||||
|
||||
Runs command-line programs using the operating system's shell. If you do not provide a `name`, the step name will default to the text specified in the `run` command.
|
||||
|
||||
Commands run using non-login shells by default. You can choose a different shell and customize the shell used to run commands. For more information, see [`jobs.<job_id>.steps[*].shell`](#jobsjob_idstepsshell).
|
||||
|
||||
@@ -19,7 +19,6 @@ topics:
|
||||
<!--The CodeQL CLI man pages include a link to a section in this article. If you rename this article,
|
||||
make sure that you also update the MS short link: https://aka.ms/code-scanning-docs/configuring-ghes.-->
|
||||
|
||||
|
||||
{% data reusables.code-scanning.beta %}
|
||||
|
||||
## About {% data variables.product.prodname_code_scanning %}
|
||||
|
||||
@@ -46,4 +46,3 @@ The dependency review action is included in your installation of {% data variabl
|
||||
{% data reusables.dependency-review.dependency-review-action-overview %}
|
||||
|
||||
Users run the dependency review action using a {% data variables.product.prodname_actions %} workflow. If you have not already set up runners for {% data variables.product.prodname_actions %}, you must do this to enable users to run workflows. You can provision self-hosted runners at the repository, organization, or enterprise account level. For information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)."
|
||||
|
||||
|
||||
@@ -56,4 +56,3 @@ When you enable one or more security and analysis features for existing reposito
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -35,7 +35,6 @@ The root site administrator can unlock access to the {% data variables.enterpris
|
||||
{% data reusables.enterprise_site_admin_settings.click-user-management %}
|
||||
1. Locked user accounts will appear as "State: blocked". To unblock the user and allow authentication, to the right of the user's details, click {% octicon "law" aria-label="Unblock user" %}.
|
||||
|
||||
|
||||
{%- endif %}
|
||||
|
||||
## Troubleshooting failed connections to the {% data variables.enterprise.management_console %}
|
||||
|
||||
@@ -914,7 +914,6 @@ This command disables replication on an existing replica node and converts the r
|
||||
ghe-repl-promote
|
||||
```
|
||||
|
||||
|
||||
### ghe-repl-setup
|
||||
|
||||
Run this utility on an existing node to begin enabling a high availability configuration. The utility puts the node in standby mode before you begin replication with [`ghe-repl-start`](#ghe-repl-start). For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)."
|
||||
@@ -1016,8 +1015,6 @@ This utility rewrites the imported repository. This gives you a chance to rename
|
||||
git-import-rewrite
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Security
|
||||
|
||||
### ghe-find-insecure-git-operations
|
||||
@@ -1028,8 +1025,6 @@ This utility searches your instance's logs and identifies Git operations over SS
|
||||
ghe-find-insecure-git-operations
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
### ghe-diagnostics
|
||||
|
||||
@@ -32,7 +32,6 @@ During initialization, the enterprise owner will name your enterprise, configure
|
||||
|
||||
To begin initialization, you will receive an invitation email from {% data variables.product.company_short %}. Before you configure {% data variables.product.prodname_ghe_managed %}, review the following prerequisites.
|
||||
|
||||
|
||||
To initialize {% data variables.location.product_location %}, you must have a SAML identity provider (IdP). {% data reusables.saml.ae-uses-saml-sso %} To connect your IdP to your enterprise during initialization, you should have your IdP's Entity ID (SSO) URL, Issuer ID URL, and public signing certificate (Base64-encoded). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
|
||||
|
||||
{% note %}
|
||||
|
||||
@@ -114,7 +114,3 @@ If you review the troubleshooting advice for replication and continue to experie
|
||||
|
||||
- On each affected node, run `ghe-repl-status -vv`, then copy the output to your ticket. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repl-status)."
|
||||
- On each affected node, create a support bundle to attach to your ticket. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support#creating-and-sharing-support-bundles)."
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -20,7 +20,6 @@ When an upgrade package is automatically downloaded for {% data variables.locati
|
||||
|
||||
If a hotpatch is available for an upgrade, the `.hpkg` will download automatically. In the management console you can choose to install the hotpatch immediately or schedule installation for a later time. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-a-hotpatch)."
|
||||
|
||||
|
||||
## Enabling automatic update checks
|
||||
|
||||
{% tip %}
|
||||
|
||||
@@ -46,7 +46,6 @@ The peak quantity of connected runners without performance loss depends on such
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
{%- ifversion ghes = 3.4 %}
|
||||
|
||||
{% data reusables.actions.hardware-requirements-3.4 %}
|
||||
|
||||
@@ -62,7 +62,6 @@ The recommended approach is to enable automatic access to all actions from {% da
|
||||
|
||||
**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)."
|
||||
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -20,7 +20,6 @@ topics:
|
||||
|
||||
{% data variables.product.product_name %} supports CAP for any {% data variables.enterprise.prodname_emu_enterprise %} where OIDC SSO is enabled. {% data variables.product.product_name %} enforces your IdP's IP conditions but cannot enforce your device compliance conditions. Enterprise owners can choose to use this IP allow list configuration instead of {% data variables.product.product_name %}'s IP allow list, and can do so once OIDC SSO is configured. For more information about IP allow lists, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
|
||||
|
||||
|
||||
For more information about using OIDC with {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)" and "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)."
|
||||
|
||||
## Considerations for integrations and automations
|
||||
|
||||
@@ -27,7 +27,6 @@ With {% data variables.product.prodname_emus %}, your enterprise uses your corpo
|
||||
|
||||
After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable.
|
||||
|
||||
|
||||
{% data reusables.enterprise_user_management.SAML-to-OIDC-migration-for-EMU %}
|
||||
|
||||
{% note %}
|
||||
@@ -108,7 +107,6 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a
|
||||
|
||||
{% data reusables.enterprise-accounts.download-recovery-codes %}
|
||||
|
||||
|
||||
### Enabling provisioning
|
||||
|
||||
After you enable SAML SSO, enable provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
|
||||
|
||||
@@ -32,7 +32,6 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf
|
||||
|
||||
To migrate your enterprise from SAML to OIDC, you will disable your existing {% data variables.product.prodname_emu_idp_application %} application on Azure AD, prepare and begin the migration as the setup user for your enterprise on {% data variables.location.product_location %}, then install and configure the new application for OIDC on Azure AD. After the migration is complete and Azure AD provisions your users, the users can authenticate to access your enterprise's resources on {% data variables.location.product_location %} using OIDC.
|
||||
|
||||
|
||||
{% warning %}
|
||||
|
||||
**Warning**: Migration of your enterprise from SAML to OIDC can take up to an hour. During the migration, users cannot access your enterprise on {% data variables.location.product_location %}.
|
||||
|
||||
@@ -55,7 +55,6 @@ For more information about managing identity and access for your enterprise on {
|
||||
|
||||
## Adding the {% data variables.product.product_name %} application in Okta
|
||||
|
||||
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-browse-app-catalog %}
|
||||
{%- ifversion ghae %}
|
||||
|
||||
@@ -31,7 +31,6 @@ You can deploy {% data variables.product.prodname_ghe_server %} on global Azure
|
||||
|
||||
Before launching {% data variables.location.product_location %} on Azure, you'll need to determine the machine type that best fits the needs of your organization. For more information about memory optimized machines, see "[Memory optimized virtual machine sizes](https://docs.microsoft.com/en-gb/azure/virtual-machines/sizes-memory)" in the Microsoft Azure documentation. To review the minimum resource requirements for {% data variables.product.product_name %}, see "[Minimum requirements](#minimum-requirements)."
|
||||
|
||||
|
||||
{% data reusables.enterprise_installation.warning-on-scaling %}
|
||||
|
||||
{% data reusables.enterprise_installation.azure-instance-recommendation %}
|
||||
|
||||
@@ -1239,7 +1239,6 @@ Before you'll see `git` category actions, you must enable Git events in the audi
|
||||
| `repository_secret_scanning_custom_pattern_push_protection.enabled` | Push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %} was enabled for your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
|
||||
| `repository_secret_scanning_custom_pattern_push_protection.disabled` | Push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %} was disabled for your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."{%- endif %}
|
||||
|
||||
|
||||
{%- ifversion secret-scanning-audit-log-custom-patterns %}
|
||||
## `repository_secret_scanning_push_protection` category actions
|
||||
|
||||
|
||||
@@ -95,7 +95,6 @@ Key | Value
|
||||
`user_id` | ID of the user affected by the action.{% endif %}
|
||||
`user` | Name of the user affected by the action.
|
||||
|
||||
|
||||
To see actions grouped by category, you can also use the action qualifier as a `key:value` pair. For more information, see "[Search based on the action performed](#search-based-on-the-action-performed)."
|
||||
|
||||
For a full list of actions in your enterprise audit log, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
|
||||
|
||||
@@ -221,7 +221,6 @@ To set up streaming to Google Cloud Storage, you must create a service account i
|
||||
|
||||
4. To verify that {% data variables.product.prodname_dotcom %} can connect and write to the Google Cloud Storage bucket, click **Check endpoint**.
|
||||
|
||||
|
||||
{% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
|
||||
|
||||
### Setting up streaming to Splunk
|
||||
|
||||
@@ -20,7 +20,6 @@ If you currently use {% data variables.product.prodname_ghe_cloud %} with a sing
|
||||
|
||||
You can also create an enterprise account by setting up a free trial of {% data variables.product.prodname_ghe_cloud %}. Trials are limited to 50 seats. If you have an existing organization with more than 50 seats that you want to invite into the trial, please contact {% data variables.contact.contact_enterprise_sales %}. For more information, see "[AUTOTITLE](/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud)".
|
||||
|
||||
|
||||
When you create an enterprise account that owns your existing organization on {% data variables.product.product_name %}, the organization's resources remain accessible to members at the same URLs. After you add your organization to the enterprise account, the following changes will apply to the organization.
|
||||
|
||||
- Your existing organization will automatically be owned by the enterprise account.
|
||||
|
||||
@@ -79,7 +79,6 @@ Across all organizations owned by your enterprise, you can set a base repository
|
||||
4. Under "Base permissions", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
|
||||
5. Under "Base permissions", select the dropdown menu and click a policy.
|
||||
|
||||
|
||||
## Enforcing a policy for repository creation
|
||||
|
||||
Across all organizations owned by your enterprise, you can allow members to create repositories, restrict repository creation to organization owners, or allow owners to administer the setting on the organization level.
|
||||
@@ -308,8 +307,6 @@ Anonymous Git read access will be entirely removed in a future release of {% dat
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
|
||||
If necessary, you can prevent repository administrators from changing anonymous Git access settings for repositories on your enterprise by locking the repository's access settings. After you lock a repository's Git read access setting, only a site administrator can change the setting.
|
||||
|
||||
{% data reusables.enterprise_site_admin_settings.list-of-repos-with-anonymous-git-read-access-enabled %}
|
||||
|
||||
@@ -102,7 +102,6 @@ Each time a user sees a mandatory message, an audit log event is created. The ev
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
## Creating a global announcement banner
|
||||
|
||||
You can set a global announcement banner to be displayed to all users at the top of every page{% ifversion ghec %} within your enterprise{% endif %}.
|
||||
|
||||
@@ -67,5 +67,4 @@ The report includes both enterprise members and outside collaborators.
|
||||
1. Optionally, to generate a new report, next to "Dormant Users", click **New report**.
|
||||
1. Under "Recent reports", next to the report you want to download, click {% octicon "download" aria-hidden="true" %} **Download**.
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -74,4 +74,3 @@ If you want your app to respond to events on {% data variables.product.prodname_
|
||||
### {% data variables.product.prodname_github_app %}s that can take certain actions
|
||||
|
||||
When you set up your {% data variables.product.prodname_github_app %}, you can select specific permissions for the app. These permissions determine what the app can do via the {% data variables.product.prodname_dotcom %} API, what they can do on behalf of a signed in user, and what webhooks the app can receive. For more information, see "[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app)."
|
||||
|
||||
|
||||
@@ -79,4 +79,3 @@ For more information about comparing {% data variables.product.prodname_actions
|
||||
|
||||
You can use a {% data variables.product.prodname_github_app %} to authenticate in a {% data variables.product.prodname_actions %}
|
||||
workflow if the built in `GITHUB_TOKEN` does not have sufficient permissions. For more information, see "[AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow)."
|
||||
|
||||
|
||||
@@ -23,4 +23,3 @@ You can specify up to 10 callback URLs. If you specify multiple callback URLs, y
|
||||
The callback URL is different from the setup URL. Users are redirected to the setup URL after they install a {% data variables.product.prodname_github_app %}. Users are redirected to the callback URL when they authorize a {% data variables.product.prodname_github_app %} via the web application flow. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-setup-url)."
|
||||
|
||||
For more information about generating user access tokens, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)". For more information about registering a {% data variables.product.prodname_github_app %}, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)." For more information about modifying a {% data variables.product.prodname_github_app %} registration, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app)."
|
||||
|
||||
|
||||
@@ -47,7 +47,6 @@ During development, you will likely use your personal computer or codespace to r
|
||||
|
||||
Once you write the code for your {% data variables.product.prodname_github_app %}, you should ensure that it follows best practices. If necessary, remember to update your {% data variables.product.prodname_github_app %} registration. If your {% data variables.product.prodname_github_app %} needs to run on a server instead of a user's device, deploy your app to your server. Finally, you can share your {% data variables.product.prodname_github_app %} with other users and organizations.
|
||||
|
||||
|
||||
### Follow best practices
|
||||
|
||||
Before deploying your {% data variables.product.prodname_github_app %}, make sure you follow best practices. For example, make sure that your {% data variables.product.prodname_github_app %}'s credentials are secure. For more information, see "[AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app)."
|
||||
|
||||
@@ -21,7 +21,6 @@ shortTitle: View listing transactions
|
||||
|
||||
{% endnote %}
|
||||
|
||||
|
||||
You can view or download the transaction data to keep track of your subscription activity. Click the **Export CSV** button to download a `.csv` file. You can also select a period of time to view and search within the transaction page.
|
||||
|
||||
## Transaction data fields
|
||||
|
||||
@@ -22,7 +22,6 @@ To offer paid plans for your app, the app must be owned by an organization and y
|
||||
|
||||
## Requesting publisher verification
|
||||
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
1. At the bottom of the left sidebar, click **Developer settings**.
|
||||
|
||||
@@ -61,7 +61,6 @@ For example, if you notice that a customer is on a 5 person plan and needs to mo
|
||||
|
||||
Use the `LISTING_PLAN_NUMBER` for the plan the customer would like to purchase. When you create new pricing plans they receive a `LISTING_PLAN_NUMBER`, which is unique to each plan across your listing, and a `LISTING_PLAN_ID`, which is unique to each plan in the {% data variables.product.prodname_marketplace %}. You can find these numbers when you [List plans](/rest/apps#list-plans), which identifies your listing's pricing plans. Use the `LISTING_PLAN_ID` and the "[AUTOTITLE](/rest/apps#list-accounts-for-a-plan)" endpoint to get the `CUSTOMER_ACCOUNT_ID`.
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** If your customer upgrades to additional units (such as seats), you can still send them to the appropriate plan for their purchase, but we are unable to support `unit_count` parameters at this time.
|
||||
|
||||
@@ -29,7 +29,6 @@ Cancellations and downgrades take effect on the first day of the next billing cy
|
||||
|
||||
Each `marketplace_purchase` webhook payload will have the following information:
|
||||
|
||||
|
||||
Key | Type | Description
|
||||
----|------|-------------
|
||||
`action` | `string` | The action performed to generate the webhook. Can be `purchased`, `cancelled`, `pending_change`, `pending_change_cancelled`, or `changed`. For more information, see the example webhook payloads below. **Note:** The `pending_change` and `pending_change_cancelled` payloads contain the same keys as shown in the [`changed` payload example](#example-webhook-payload-for-a-changed-event).
|
||||
|
||||
@@ -68,7 +68,6 @@ If you are a site administrator for {% data variables.location.product_location
|
||||
```
|
||||
When you're prompted to "Enter a file in which to save the key", you can press **Enter** to accept the default file location. Please note that if you created SSH keys previously, ssh-keygen may ask you to rewrite another key, in which case we recommend creating a custom-named SSH key. To do so, type the default file location and replace id_ssh_keyname with your custom key name.
|
||||
|
||||
|
||||
{% mac %}
|
||||
|
||||
```shell
|
||||
|
||||
@@ -29,4 +29,3 @@ You can view a list of devices that have logged into your account, and revoke an
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -26,7 +26,6 @@ $ ssh -T -ai ~/.ssh/id_rsa git@{% data variables.command_line.codeblock %}
|
||||
|
||||
The _username_ in the response is the account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %} that the key is currently attached to. If the response looks something like "username/repo", the key has been attached to a repository as a [_deploy key_](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys).
|
||||
|
||||
|
||||
To force SSH to use only the key provided on the command line, use `-o` to add the `IdentitiesOnly=yes` option:
|
||||
|
||||
```shell
|
||||
|
||||
@@ -92,7 +92,6 @@ $ ssh -T git@{% data variables.command_line.codeblock %}
|
||||
> 2048 <em>SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
|
||||
```
|
||||
|
||||
|
||||
{% endlinux %}
|
||||
|
||||
The `ssh-add` command _should_ print out a long string of numbers and letters. If it does not print anything, you will need to [generate a new SSH key](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) and associate it with {% data variables.product.product_name %}.
|
||||
|
||||
@@ -71,7 +71,6 @@ You can configure {% data variables.product.prodname_copilot %} in your organiza
|
||||
|
||||
You can either disable {% data variables.product.prodname_copilot %} for all organizations in your enterprise or for a specific organization.
|
||||
|
||||
|
||||
### Canceling your {% data variables.product.prodname_copilot_business_short %} subscription for your enterprise account
|
||||
|
||||
{% note %}
|
||||
|
||||
@@ -43,7 +43,6 @@ When you cancel a free trial on a paid plan, your subscription is immediately ca
|
||||
|
||||
{% data reusables.marketplace.marketplace-org-perms %}
|
||||
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.billing_plans %}
|
||||
@@ -54,7 +53,6 @@ When you cancel a free trial on a paid plan, your subscription is immediately ca
|
||||
|
||||
{% data reusables.marketplace.marketplace-org-perms %}
|
||||
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.billing_plans %}
|
||||
|
||||
@@ -39,5 +39,3 @@ You can purchase other features and products with your existing {% data variable
|
||||
**Tip:** {% data variables.product.prodname_dotcom %} has programs for verified students and academic faculty, which include academic discounts. For more information, visit [{% data variables.product.prodname_education %}](https://education.github.com/).
|
||||
|
||||
{% endtip %}
|
||||
|
||||
|
||||
|
||||
@@ -52,7 +52,6 @@ After an organization's subscription is downgraded, the organization will lose a
|
||||
|
||||
Downgrading from {% data variables.product.prodname_ghe_cloud %} disables any SAML settings. If you later purchase {% data variables.product.prodname_enterprise %}, you will need to reconfigure SAML.
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** If your organization is owned by an enterprise account, billing cannot be managed at the organization level. To downgrade, you must remove the organization from the enterprise account first. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise)."
|
||||
|
||||
@@ -45,7 +45,6 @@ You will use your personal account to set up the organization. You'll also need
|
||||
|
||||
## Step 3: Upgrade the organization to a yearly paid subscription
|
||||
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.billing_plans %}
|
||||
|
||||
@@ -21,7 +21,6 @@ redirect_from:
|
||||
|
||||
GHAS is a suite of tools that requires active participation from developers across your enterprise. To realize the best return on your investment, you must learn how to use, apply, and maintain GHAS.
|
||||
|
||||
|
||||
We’ve created a phased approach to GHAS rollouts developed from industry and GitHub best practices. We expect most customers will want to follow these phases, based on our experience helping customers with a successful deployment of {% data variables.product.prodname_GH_advanced_security %}, but you may need to modify this approach to meet the needs of your company.
|
||||
|
||||
Enabling GHAS across a large organization can be broken down into six core phases.
|
||||
|
||||
@@ -36,7 +36,6 @@ GHAS takes a developer-centered approach to software security by integrating sea
|
||||
|
||||
Involving development groups earlier, ideally from the time of purchase, helps companies utilize GHAS to address security concerns earlier in the development process. When both groups work together, they achieve alignment early in the process, remove silos, build and strengthen their working relationships, and take more responsibility for the rollout.
|
||||
|
||||
|
||||
## Learn about GHAS
|
||||
|
||||
To set realistic expectations for the rollout, ensure that all stakeholders understand the following key facts about how GHAS works.
|
||||
|
||||
@@ -152,7 +152,6 @@ If a project communicates with an external service, it might use a token or priv
|
||||
|
||||
As you audit your repositories and speak to security and developer teams, build a list of the secret types that you will later use to configure custom patterns for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
For the next article in this series, see "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs)."
|
||||
|
||||
@@ -30,7 +30,6 @@ You can also create a new issue to track an alert:
|
||||
|
||||
You can use more than one issue to track the same {% data variables.product.prodname_code_scanning %} alert, and issues can belong to different repositories from the repository where the {% data variables.product.prodname_code_scanning %} alert was found.
|
||||
|
||||
|
||||
{% data variables.product.product_name %} provides visual cues in different locations of the user interface to indicate when you are tracking {% data variables.product.prodname_code_scanning %} alerts in issues.
|
||||
|
||||
- The code scanning alerts list page will show which alerts are tracked in issues so that you can view at a glance which alerts still require processing and how any issues they are tracked in.
|
||||
|
||||
@@ -196,7 +196,6 @@ The extraction diagnostics information gives an indication of overall database h
|
||||
|
||||
However, if you see extractor errors in the overwhelming majority of files that were compiled during database creation, you should look into the errors in more detail to try to understand why some source files weren't extracted properly.
|
||||
|
||||
|
||||
## The build takes too long
|
||||
|
||||
If your build with {% data variables.product.prodname_codeql %} analysis takes too long to run, there are several approaches you can try to reduce the build time.
|
||||
|
||||
@@ -248,7 +248,6 @@ codeql github upload-results \
|
||||
|
||||
There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.product_name %} shortly afterward. You can see alerts directly in the pull request or on the **Security** tab for branches, depending on the code you checked out. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests)" and "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository)."
|
||||
|
||||
|
||||
{% ifversion code-scanning-tool-status-page %}
|
||||
## Uploading diagnostic information to {% data variables.product.product_name %} if the analysis fails
|
||||
|
||||
|
||||
@@ -350,4 +350,3 @@ Some extra notes on the following properties:
|
||||
- `tests`: This specifies the location of the tests. In this case, the tests are in the root folder (and all sub-folders) of the pack.
|
||||
|
||||
- `version`: There is no `version` property for the tests pack. This prevents test packs from accidentally being published.
|
||||
|
||||
|
||||
@@ -77,10 +77,8 @@ codeql database analyze <database> --format=<format> --output=<output> <query-sp
|
||||
|
||||
You must specify:
|
||||
|
||||
|
||||
- `<database>`: the path to the {% data variables.product.prodname_codeql %} database you want to analyze.
|
||||
- `--format`: the format of the results file generated during analysis. A
|
||||
number of different formats are supported, including CSV, [SARIF](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#sarif-file), and graph formats. For more information about CSV and SARIF,
|
||||
- `--format`: the format of the results file generated during analysis. A number of different formats are supported, including CSV, [SARIF](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#sarif-file), and graph formats. For more information about CSV and SARIF,
|
||||
see [Results](#results). To find out which other results formats are
|
||||
supported, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/database-analyze)."
|
||||
- `--output`: the output path of the results file generated during analysis.
|
||||
@@ -131,13 +129,8 @@ For full details of all the options you can use when analyzing databases, see "[
|
||||
Query specifiers are used by `codeql database analyze` and other commands that operate on a set of queries.
|
||||
The complete form of a query specifier is `scope/name@range:path`, where:
|
||||
|
||||
|
||||
- `scope/name` is the qualified name of a {% data variables.product.prodname_codeql %} pack.
|
||||
|
||||
|
||||
- `range` is a [semver range](https://docs.npmjs.com/cli/v6/using-npm/semver#ranges).
|
||||
|
||||
|
||||
- `path` is a file system path to a single query, a directory containing queries, or a query suite file.
|
||||
|
||||
When you specify a `scope/name`, the `range` and `path` are
|
||||
@@ -157,7 +150,6 @@ pack.
|
||||
|
||||
### Example query specifiers
|
||||
|
||||
|
||||
- `codeql/python-queries` - All the queries in the default query suite of the latest version of the `codeql/python-queries` pack.
|
||||
|
||||
- `codeql/python-queries@1.2.3` - All the queries in the default query suite of version `1.2.3` of the `codeql/python-queries` pack.
|
||||
@@ -284,13 +276,10 @@ If you are using {% data variables.product.prodname_codeql_cli %} v2.8.1 or late
|
||||
|
||||
The complete way to specify a set of queries is in the form `scope/name@range:path`, where:
|
||||
|
||||
|
||||
- `scope/name` is the qualified name of a {% data variables.product.prodname_codeql %} pack.
|
||||
|
||||
|
||||
- `range` is a [semver range](https://docs.npmjs.com/cli/v6/using-npm/semver#ranges).
|
||||
|
||||
|
||||
- `path` is a file system path to a single query, a directory containing queries, or a query suite file.
|
||||
|
||||
When you specify a `scope/name`, the `range` and `path` are
|
||||
|
||||
@@ -34,7 +34,6 @@ You can use the `pack` command in the {% data variables.product.prodname_codeql_
|
||||
For more information about compatibility between published query packs and different {% data variables.product.prodname_codeql %} releases, see "[About {% data variables.product.prodname_codeql %} pack compatibility](/code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility)."
|
||||
{% endif %}
|
||||
|
||||
|
||||
## Creating a {% data variables.product.prodname_codeql %} pack
|
||||
|
||||
You can create a {% data variables.product.prodname_codeql %} pack by running the following command from the checkout root of your project:
|
||||
@@ -45,10 +44,8 @@ codeql pack init <scope>/<pack>
|
||||
|
||||
You must specify:
|
||||
|
||||
|
||||
- `<scope>`: the name of the {% data variables.product.prodname_dotcom %} organization or user account that you will publish to.
|
||||
|
||||
|
||||
- `<pack>`: the name for the pack that you are creating.
|
||||
|
||||
The `codeql pack init` command creates the directory structure and configuration files for a {% data variables.product.prodname_codeql %} pack. By default, the command creates a query pack. If you want to create a library pack, you must edit the `qlpack.yml` file to explicitly declare the file as a library pack by including the `library:true` property.
|
||||
@@ -57,13 +54,10 @@ The `codeql pack init` command creates the directory structure and configuration
|
||||
|
||||
If you already have a `qlpack.yml` file, you can edit it manually to convert it into a {% data variables.product.prodname_codeql %} pack.
|
||||
|
||||
|
||||
1. Edit the `name` property so that it matches the format `<scope>/<name>`, where `<scope>` is the name of the {% data variables.product.prodname_dotcom %} organization or user account that you will publish to.
|
||||
|
||||
|
||||
2. In the `qlpack.yml` file, include a `version` property with a semver identifier, as well as an optional `dependencies` block.
|
||||
|
||||
|
||||
3. Migrate the list of dependencies in `libraryPathDependencies` to the `dependencies` block. Specify the version range for each dependency. If the range is unimportant, or you are unsure of compatibility, you can specify `"\*"`, which indicates that any version is acceptable and will default to the latest version when you run `codeql pack install`.
|
||||
|
||||
For more information about the properties, see "[About {% data variables.product.prodname_codeql %} packs](/code-security/codeql-cli/codeql-cli-reference/about-codeql-packs#about-codeql-packs)."
|
||||
|
||||
@@ -33,10 +33,8 @@ default-suite-file: default-queries.qls # optional, a pointer to a query-suite i
|
||||
license: # optional, the license under which the pack is published
|
||||
dependencies: # map from CodeQL pack name to version range
|
||||
```
|
||||
|
||||
- `name:` must follow the `<scope>/<pack>` format, where `<scope>` is the {% data variables.product.prodname_dotcom %} organization that you will publish to and <pack> is the name for the pack.
|
||||
|
||||
|
||||
- A maximum of one of `default-suite` or `default-suite-file` is allowed. These are two different ways to define a default query suite to be run, the first by specifying queries directly in the qlpack.yml file and the second by specifying a query suite in the pack.
|
||||
|
||||
## Running `codeql pack publish`
|
||||
|
||||
@@ -235,7 +235,6 @@ You can view all open alerts, and you can reopen alerts that have been previousl
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
## Reviewing the audit logs for {% data variables.product.prodname_dependabot_alerts %}
|
||||
|
||||
When a member of your organization {% ifversion not fpt %}or enterprise {% endif %}performs an action related to {% data variables.product.prodname_dependabot_alerts %}, you can review the actions in the audit log. For more information about accessing the log, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#accessing-the-audit-log){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)."{% else %}."{% endif %}
|
||||
|
||||
@@ -374,7 +374,6 @@ updates:
|
||||
|
||||
**Note**: {% data variables.product.prodname_dependabot %} can only run version updates on manifest or lock files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the `ignore` option of your configuration file. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)."
|
||||
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.4 %}
|
||||
@@ -763,7 +762,6 @@ updates:
|
||||
| `bundler` | The dependencies must be in the _vendor/cache_ directory.</br>Other file paths are not supported. | [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html) |
|
||||
| `gomod` | No path requirement (dependencies are usually located in the _vendor_ directory) | [`go mod vendor` documentation](https://golang.org/ref/mod#go-mod-vendor) |
|
||||
|
||||
|
||||
### `versioning-strategy`
|
||||
|
||||
When {% data variables.product.prodname_dependabot %} edits a manifest file to update a version, it uses the following overall strategies:
|
||||
|
||||
@@ -72,7 +72,6 @@ Security overview allows you to review security configurations and alerts, makin
|
||||
Security overview shows which security features are enabled for the repository, and lets you configure any available security features that are not already enabled.
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
## Available for free public repositories
|
||||
|
||||
|
||||
@@ -50,7 +50,6 @@ You can also use the organization settings page for "Code security and analysis"
|
||||
You can use the organization settings page for "Code security and analysis" to enable {% data variables.product.prodname_code_scanning %} for all public repositories in an organization:
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghec or ghes or ghae %}
|
||||
|
||||
@@ -206,5 +206,4 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
|
||||
{% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
|
||||
1. Click **Allow secret**.
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -36,7 +36,6 @@ You can access any advisory in the {% data variables.product.prodname_advisory_d
|
||||
{% endtip %}
|
||||
3. Click an advisory to view details. By default, you will see {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. {% ifversion GH-advisory-db-supports-malware %}To show malware advisories, use `type:malware` in the search bar.{% endif %}
|
||||
|
||||
|
||||
{% note %}
|
||||
|
||||
The database is also accessible using the GraphQL API. {% ifversion GH-advisory-db-supports-malware %}By default, queries will return {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities unless you specify `type:malware`.{% endif %} For more information, see the "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory)."
|
||||
|
||||
@@ -32,7 +32,6 @@ If we accept and publish the improvement, the person who submitted the improveme
|
||||
{% ifversion fpt or ghec %}
|
||||
Only repository owners and administrators can edit repository-level security advisories. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory)."{% endif %}
|
||||
|
||||
|
||||
1. Navigate to https://github.com/advisories.
|
||||
1. Select the security advisory you would like to contribute to.
|
||||
1. On the right-hand side of the page, click the **Suggest improvements for this vulnerability** link.
|
||||
|
||||
@@ -103,4 +103,3 @@ You can view data for security alerts across organizations in an enterprise. {%
|
||||
{% data reusables.organizations.team-security-overview %}
|
||||
{% data reusables.organizations.filter-security-overview %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -55,7 +55,6 @@ As a first step, you want to make a complete inventory of your dependencies. The
|
||||
|
||||
The {% data variables.dependency-review.action_name %} enforces a dependency review on your pull requests, making it easy for you to see if a pull request will introduce a vulnerable version of a dependency to your repository. When a vulnerability is detected, the {% data variables.dependency-review.action_name %} can block the pull request from merging. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."{% endif %}
|
||||
|
||||
|
||||
### Assessment of exposure to risk from a vulnerable dependency
|
||||
|
||||
When you discover you are using a vulnerable dependency, for example, a library or a framework, you must assess your project's level of exposure and determine what action to take. Vulnerabilities are usually reported with a severity score to show how severe their impact could be. The severity score is a useful guide but cannot tell you the full impact of the vulnerability on your code.
|
||||
|
||||
@@ -65,4 +65,3 @@ You can configure the {% data variables.dependency-review.action_name %} to bett
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -35,7 +35,6 @@ Maven | [Maven Dependency Tree Dependency Submission](https://github.com/marketp
|
||||
Mill | [Mill Dependency Submission](https://github.com/marketplace/actions/mill-dependency-submission) | {% octicon "x" aria-label="Not maintained by {% data variables.product.prodname_dotcom %}" %} |
|
||||
Scala | [Sbt Dependency Submission](https://github.com/marketplace/actions/sbt-dependency-submission) | {% octicon "x" aria-label="Not maintained by {% data variables.product.prodname_dotcom %}" %} |
|
||||
|
||||
|
||||
For example, the following [Go Dependency Submission](https://github.com/actions/go-dependency-submission) workflow calculates the dependencies for a Go build-target (a Go file with a `main` function) and submits the list to the Dependency submission API.
|
||||
|
||||
```yaml
|
||||
|
||||
@@ -21,4 +21,3 @@ You can manually select the region that your codespaces will be created in, allo
|
||||
{% data reusables.user-settings.codespaces-tab %}
|
||||
1. Under "Region", select the setting you want: **Set automatically** or **Set manually**.
|
||||
2. If you chose **Set manually**, select the dropdown menu and click your region.
|
||||
|
||||
|
||||
@@ -31,9 +31,6 @@ There are currently two methods of accessing resources on a private network with
|
||||
|
||||
The {% data variables.product.prodname_cli %} extension allows you to create a bridge between a codespace and your local machine, so that the codespace can access any remote resource that is accessible from your machine. The codespace uses your local machine as a network gateway to reach those resources. For more information, see "[Using {% data variables.product.prodname_cli %} to access remote resources](https://github.com/github/gh-net#codespaces-network-bridge)."
|
||||
|
||||
|
||||
|
||||
|
||||
### Using a VPN to access resources behind a private network
|
||||
|
||||
As an alternative to the {% data variables.product.prodname_cli %} extension, you can use a VPN to access resources behind a private network from within your codespace.
|
||||
|
||||
@@ -92,7 +92,6 @@ You can use {% data variables.product.prodname_cli %} to delete several or all o
|
||||
|
||||
{% endvscode %}
|
||||
|
||||
|
||||
{% cli %}
|
||||
|
||||
You can delete several or all of your codespaces with a single command, using `gh codespace delete` followed by one of these flags:
|
||||
|
||||
@@ -102,7 +102,6 @@ By default, {% data variables.product.prodname_github_codespaces %} forwards por
|
||||
|
||||
{% endvscode %}
|
||||
|
||||
|
||||
{% cli %}
|
||||
|
||||
{% data reusables.cli.cli-learn-more %}
|
||||
|
||||
@@ -125,7 +125,6 @@ For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-re
|
||||
|
||||
{% endtip %}
|
||||
|
||||
|
||||
## Committing your changes
|
||||
|
||||
1. At the right side of the navigation bar, click the check mark.
|
||||
|
||||
@@ -59,7 +59,6 @@ This displays the workflow run history for prebuilds for the associated branch.
|
||||
|
||||
{% data reusables.codespaces.prebuilds-permission-authorization %}
|
||||
|
||||
|
||||
## Disabling a prebuild configuration
|
||||
|
||||
To pause the update of prebuilds for a configuration, you can disable workflow runs for the configuration. Disabling the workflow runs for a prebuild configuration does not delete any previously created prebuilds for that configuration and, as a result, codespaces will continue to be generated from an existing prebuild.
|
||||
|
||||
@@ -64,7 +64,6 @@ In your organization's repositories, blocked users also cannot:
|
||||
1. Click **Block user**.
|
||||
1. Optionally, to add a note to describe why a user was blocked, click **Add Note**. The note will be visible to the owners and moderators of the organization.
|
||||
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[AUTOTITLE](/communities/maintaining-your-safety-on-github/viewing-users-who-are-blocked-from-your-organization)"
|
||||
|
||||
@@ -75,7 +75,6 @@ If reported content is enabled for a public repository, you can also report cont
|
||||
- In order to get accurate information about the abuse, the abuse report form will direct you to use the in-product abuse report links. If an in-product link is not available, you can go through {% data variables.contact.report_abuse %} or {% data variables.contact.report_content %}.
|
||||
- Users in India can contact {% data variables.product.prodname_dotcom %}'s Grievance Officer for India through [support.github.com/contact/india-grievance-officer](https://support.github.com/contact/india-grievance-officer).
|
||||
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Further reading
|
||||
|
||||
@@ -33,7 +33,6 @@ If you selected a specific amount of time to block the user, they will be automa
|
||||
|
||||
## Unblocking a user in the organization settings
|
||||
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.block_users %}
|
||||
|
||||
@@ -30,7 +30,6 @@ Organization owners and moderators can also block users for a specific amount of
|
||||
|
||||
## Limiting interactions in your organization
|
||||
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
1. _For organization owners:_ In the "Access" section of the sidebar, select **{% octicon "report" aria-hidden="true" %} Moderation**, then click **Interaction limits**.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user