Merge branch 'main' into patch-2

.devcontainer/devcontainer.json

@@ -20,7 +20,6 @@
 		"sissel.shopify-liquid",
 		"davidanson.vscode-markdownlint",
 		"bierner.markdown-preview-github-styles",
-		"yzhang.markdown-all-in-one",
 		"streetsidesoftware.code-spell-checker",
 		"hubwriter.open-reusable"
 	],

.github/actions-scripts/content-changes-table-comment.js

@@ -1,23 +1,20 @@
 #!/usr/bin/env node
 
-import createStagingAppName from '../../script/deployment/create-staging-app-name.js'
 import * as github from '@actions/github'
 import { setOutput } from '@actions/core'
 
+const { GITHUB_TOKEN, APP_URL } = process.env
 const context = github.context
 
-const githubToken = process.env.GITHUB_TOKEN
-if (!githubToken) {
+if (!GITHUB_TOKEN) {
   throw new Error(`GITHUB_TOKEN environment variable not set`)
 }
 
-const stagingPrefix = createStagingAppName({
-  repo: context.payload.repository.name,
-  pullNumber: context.payload.number,
-  branch: context.payload.pull_request.head.ref,
-})
+if (!APP_URL) {
+  throw new Error(`APP_URL environment variable not set`)
+}
 
-const octokit = github.getOctokit(githubToken)
+const octokit = github.getOctokit(GITHUB_TOKEN)
 
 const response = await octokit.rest.repos.compareCommits({
   owner: context.repo.owner,
@@ -29,7 +26,7 @@ const response = await octokit.rest.repos.compareCommits({
 const { files } = response.data
 
 let markdownTable =
-  '| **Source** | **Staging** | **Production** | **What Changed** |\n|:----------- |:----------- |:----------- |:----------- |\n'
+  '| **Source** | **Preview** | **Production** | **What Changed** |\n|:----------- |:----------- |:----------- |:----------- |\n'
 
 const pathPrefix = 'content/'
 const articleFiles = files.filter(
@@ -39,14 +36,14 @@ for (const file of articleFiles) {
   const sourceUrl = file.blob_url
   const fileName = file.filename.slice(pathPrefix.length)
   const fileUrl = fileName.slice(0, fileName.lastIndexOf('.'))
-  const stagingLink = `https://${stagingPrefix}.herokuapp.com/${fileUrl}`
+  const previewLink = `https://${APP_URL}/${fileUrl}`
   const productionLink = `https://docs.github.com/${fileUrl}`
   let markdownLine = ''
 
   if (file.status === 'modified') {
-    markdownLine = `| [content/${fileName}](${sourceUrl}) | [Modified](${stagingLink}) | [Original](${productionLink}) | |\n`
+    markdownLine = `| [content/${fileName}](${sourceUrl}) | [Modified](${previewLink}) | [Original](${productionLink}) | |\n`
   } else if (file.status === 'added') {
-    markdownLine = `| New file: [content/${fileName}](${sourceUrl}) | [Modified](${stagingLink}) | | |\n`
+    markdownLine = `| New file: [content/${fileName}](${sourceUrl}) | [Modified](${previewLink}) | | |\n`
   }
   markdownTable += markdownLine
 }

.github/actions-scripts/get-preview-app-info.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# [start-readme]
+#
+# This script sets environment variables with info about the preview app for a given PR
+#
+# [end-readme]
+
+# ENV VARS NEEDED TO RUN
+[[ -z $GITHUB_REPOSITORY ]] && { echo "Missing GITHUB_REPOSITORY. Exiting."; exit 1; }
+[[ -z $PR_NUMBER ]] && { echo "Missing PR_NUMBER. Exiting."; exit 1; }
+[[ -z $GITHUB_ENV ]] && { echo "Missing GITHUB_ENV. Exiting."; exit 1; }
+
+# Number of resource groups that we use to split preview envs across
+PREVIEW_ENV_RESOURCE_GROUPS=4
+
+REPO_NAME="${GITHUB_REPOSITORY#*\/}"
+echo "REPO_NAME=${REPO_NAME}" >> $GITHUB_ENV
+
+DEPLOYMENT_NAME="${REPO_NAME}-pr-${PR_NUMBER}"
+echo "DEPLOYMENT_NAME=${DEPLOYMENT_NAME}" >> $GITHUB_ENV
+
+RESOURCE_GROUP="preview-env-${REPO_NAME}-$((${PR_NUMBER} % ${PREVIEW_ENV_RESOURCE_GROUPS}))"
+echo "RESOURCE_GROUP=${RESOURCE_GROUP}" >> $GITHUB_ENV
+
+APP_NAME_SHORT="${REPO_NAME}-preview-${PR_NUMBER}"
+echo "APP_NAME_SHORT=${APP_NAME_SHORT}" >> $GITHUB_ENV
+
+IMAGE_REPO="${GITHUB_REPOSITORY}/pr-${PR_NUMBER}"
+echo "IMAGE_REPO=${IMAGE_REPO}" >> $GITHUB_ENV
+
+# Since this incurs a network request and can be slow, we make it optional
+if [ $FULL_APP_INFO ]; then
+  APP_INFO=$(az webapp list -g ${RESOURCE_GROUP} --query "[?tags.DocsAppName == '${APP_NAME_SHORT}'].{defaultHostName:defaultHostName, name:name} | [0]")
+
+  APP_URL=$(echo $APP_INFO | jq '.defaultHostName' | tr -d '"')
+  echo "APP_URL=${APP_URL}" >> $GITHUB_ENV
+
+  APP_NAME_FULL=$(echo $APP_INFO | jq '.name' | tr -d '"')
+  echo "APP_NAME_FULL=${APP_NAME_FULL}" >> $GITHUB_ENV
+fi

.github/actions-scripts/merge-early-access.sh

@@ -6,6 +6,6 @@
 #
 # [end-readme]
 
-mv docs-early-access/assets assets/images/early-access
+mv docs-early-access/assets/images assets/images/early-access
 mv docs-early-access/content content/early-access
 mv docs-early-access/data data/early-access

.github/workflows/azure-preview-env-deploy.yml

@@ -1,7 +1,7 @@
-name: Staging - Azure Deploy App Service
+name: Azure - Deploy Preview Environment
 
-# **What it does**: Build and deploy staging PRs to Azure
-# **Why we have it**: It's our new staging deployment mechanism, only applicable to docs-internal
+# **What it does**: Build and deploy to an Azure preview environment
+# **Why we have it**: It's our preview environment deploy mechanism, only applicable to docs-internal
 # **Who does it impact**: All contributors.
 
 # This whole workflow is only guaranteed to be secure in the *private
@@ -17,6 +17,11 @@ on:
   # request creator has permission to access secrets.
   pull_request:
   workflow_dispatch:
+    inputs:
+      PR_NUMBER:
+        description: 'PR Number'
+        type: string
+        required: true
 
 permissions:
   contents: read
@@ -28,32 +33,21 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build-and-deploy-staging-azure:
+  build-and-deploy-azure-preview:
     if: ${{ github.repository == 'github/docs-internal' }}
-    name: Build and deploy image to staging App Service
+    name: Build and deploy Azure preview environment
     runs-on: ubuntu-latest
     timeout-minutes: 15
     environment:
-      name: staging-pr-${{ github.event.number }}
+      name: preview-env-${{ github.event.number }}
       url: ${{ steps.deploy.outputs.defaultHostName }}
     env:
-      GITHUB_EVENT_NUMBER: ${{ github.event.number }}
-      STAGING_RESOURCE_GROUPS: 4
+      PR_NUMBER: ${{ github.event.number || github.event.inputs.PR_NUMBER }}
       NONPROD_REGISTRY_USERNAME: ghdocs
+      APP_LOCATION: eastus
       ENABLE_EARLY_ACCESS: ${{ github.repository == 'github/docs-internal' }}
-      # Image tag is unique to each workflow run so that it always triggers a new deployment
-      DOCKER_IMAGE: ${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}/pr-${{ github.event.number }}:${{ github.event.pull_request.head.sha }}-${{ github.run_number }}-${{ github.run_attempt }}
 
     steps:
-      - name: 'Set env vars'
-        id: vars
-        run: |
-          REPO_NAME=${GITHUB_REPOSITORY#*\/}
-          echo "REPO_NAME=${REPO_NAME}" >> $GITHUB_ENV
-          echo "DEPLOYMENT_NAME=${REPO_NAME}-pr-${GITHUB_EVENT_NUMBER}" >> $GITHUB_ENV
-          echo "RESOURCE_GROUP=preview-env-${REPO_NAME}-$((${GITHUB_EVENT_NUMBER} % ${STAGING_RESOURCE_GROUPS}))" >> $GITHUB_ENV
-          echo "APP_NAME=gh${REPO_NAME}-staging-${GITHUB_EVENT_NUMBER}" >> $GITHUB_ENV
-
       - name: 'Az CLI login'
         uses: azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
@@ -80,6 +74,14 @@ jobs:
       - name: Check out LFS objects
         run: git lfs checkout
 
+      - name: Get preview app info
+        run: .github/actions-scripts/get-preview-app-info.sh
+
+      - name: 'Set env vars'
+        run: |
+          # Image tag is unique to each workflow run so that it always triggers a new deployment
+          echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ github.event.pull_request.head.sha }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
+
       - if: ${{ env.ENABLE_EARLY_ACCESS }}
         name: Determine which docs-early-access branch to clone
         id: 'check-early-access'
@@ -152,10 +154,10 @@ jobs:
         with:
           resourceGroupName: ${{ env.RESOURCE_GROUP }}
           subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }}
-          template: ./staging-azure-deploy-template.json
+          template: ./azure-preview-env-template.json
           deploymentName: ${{ env.DEPLOYMENT_NAME }}
-          parameters: appName="${{ env.APP_NAME }}"
-            location="East US"
+          parameters: appName="${{ env.APP_NAME_SHORT }}"
+            location="${{ env.APP_LOCATION }}"
             linuxFxVersion="DOCKER|${{ env.DOCKER_IMAGE }}"
             dockerRegistryUrl="https://${{ secrets.NONPROD_REGISTRY_SERVER }}"
             dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}"

.github/workflows/azure-preview-env-destroy.yml

@@ -1,7 +1,7 @@
-name: Staging - Undeploy Azure PR
+name: Azure - Destroy Preview Env
 
-# **What it does**: To undeploy PRs from Azure staging environment, i.e. destroy the App and associated resources.
-# **Why we have it**: To save money spent on deployments for closed PRs.
+# **What it does**: Destroys resources associated with a PRs Azure preview environment
+# **Why we have it**: Closed PRs don't need apps
 # **Who does it impact**: All contributors.
 
 on:
@@ -9,32 +9,37 @@ on:
     types:
       - closed
       - locked
+  workflow_dispatch:
+    inputs:
+      PR_NUMBER:
+        description: 'PR Number'
+        type: string
+        required: true
 
 jobs:
-  undeploy:
-    name: Undeploy
+  destory-azure-preview-env:
+    name: Destroy
+    if: ${{ github.repository == 'github/docs-internal' }}
     runs-on: ubuntu-latest
     timeout-minutes: 5
     env:
-      GITHUB_EVENT_NUMBER: ${{ github.event.number }}
-      STAGING_RESOURCE_GROUPS: 4
+      PR_NUMBER: ${{ github.event.number || github.event.inputs.PR_NUMBER }}
       NONPROD_REGISTRY_NAME: ghdocs
-      IMAGE_REPO: ${{ github.repository }}/pr-${{ github.event.number }}
 
     steps:
-      - name: 'Set env vars'
-        id: vars
-        run: |
-          REPO_NAME=${GITHUB_REPOSITORY#*\/}
-          echo "RESOURCE_GROUP=preview-env-${REPO_NAME}-$((${GITHUB_EVENT_NUMBER} % ${STAGING_RESOURCE_GROUPS}))" >> $GITHUB_ENV
-          echo "DEPLOYMENT_NAME=${REPO_NAME}-pr-${GITHUB_EVENT_NUMBER}" >> $GITHUB_ENV
-          echo "APP_NAME=gh${REPO_NAME}-staging-${GITHUB_EVENT_NUMBER}" >> $GITHUB_ENV
-
       - name: 'Az CLI login'
         uses: azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
           creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
 
+      - name: Check out repo
+        uses: actions/checkout@1e204e9a9253d643386038d443f96446fa156a97
+
+      - name: Get preview app info
+        env:
+          FULL_APP_INFO: 1
+        run: .github/actions-scripts/get-preview-app-info.sh
+
       # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel)
       - name: 'Cancel any in progress deployments'
         run: |
@@ -44,7 +49,7 @@ jobs:
       # This will succeed even if the app doesn't exist / has already been deleted
       - name: 'Delete App Service App (which will also delete the App Service plan)'
         run: |
-          az webapp delete -n ${{ env.APP_NAME }} -g ${{ env.RESOURCE_GROUP }}
+          az webapp delete -n ${{ env.APP_NAME_FULL }} -g ${{ env.RESOURCE_GROUP }}
 
       # Untag all images under this PR's container registry repo - the container registry will automatically remove untagged images.
       # This will fail if the IMAGE_REPO doesn't exist, but we don't care
@@ -56,4 +61,4 @@ jobs:
       - uses: strumwolf/delete-deployment-environment@45c821e46baa405e25410700fe2e9643929706a0
         with:
           token: ${{ secrets.DOCUBOT_REPO_PAT }}
-          environment: staging-pr-${{ github.event.number }}
+          environment: preview-env-${{ env.PR_NUMBER }}

.github/workflows/codespaces-prebuild.yml

@@ -1,30 +0,0 @@
-name: Prebuild Codespaces
-
-# **What it does**: Prebuild the Codespaces image using powerful machines.
-#   See https://github.com/github/codespaces-precache#readme for more details.
-#   IMPORTANT: Requires we set a `EXPERIMENTAL_CODESPACE_CACHE_TOKEN` Codespaces
-#   Secret (NOT an Actions Secret) in the repository.
-# **Why we have it**: Reduces startup time when booting Codespaces.
-# **Who does it impact**: Any Docs contributors who want to use Codespaces.
-
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-# Currently requires write, but in the future will only require read
-permissions:
-  contents: write
-
-jobs:
-  createPrebuild:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-      - uses: github/codespaces-precache@2ad40630d7e3e45e8725d6a74656cb6dd17363dc
-        with:
-          regions: WestUs2 EastUs WestEurope SouthEastAsia
-          sku_name: basicLinux32gb
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/content-changes-table-comment.yml

@@ -45,10 +45,22 @@ jobs:
     needs: PR-Preview-Links
     if: ${{ needs.PR-Preview-Links.outputs.filterContentDir == 'true' }}
     runs-on: ubuntu-latest
+    env:
+      PR_NUMBER: ${{ github.event.pull_request.number }}
     steps:
+      - name: 'Az CLI login'
+        uses: azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
+
       - name: check out repo content
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
 
+      - name: Get preview app info
+        env:
+          FULL_APP_INFO: 1
+        run: .github/actions-scripts/get-preview-app-info.sh
+
       - name: Setup Node
         uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
         with:
@@ -57,12 +69,13 @@ jobs:
 
       - name: Install temporary dependencies
         run: |
-          npm install --no-save github-slugger
+          npm install --no-save github-slugger --registry https://registry.npmjs.org/
 
       - name: Get changes table
         id: changes
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          APP_URL: ${{ env.APP_URL }}
         run: .github/actions-scripts/content-changes-table-comment.js
 
       - name: Find content directory changes comment

.github/workflows/optimize-images.yml

@@ -50,6 +50,6 @@ jobs:
           git push --set-upstream origin $BRANCH
 
           echo "Open a pull request"
-          gh pr create --title "Optimize images" --body "Optimize images"
+          gh pr create --title "Optimize images" --body "Optimize images" --reviewer "@github/docs-engineering"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -47,9 +47,13 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
         with:
+          lfs: true
           # Enables cloning the Early Access repo later with the relevant PAT
           persist-credentials: 'false'
 
+      - name: Checkout LFS objects
+        run: git lfs checkout
+
       - name: Gather files changed
         uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b
         id: get_diff_files

.github/workflows/triage-pull-requests.yml

@@ -11,6 +11,7 @@ on:
       - opened
 
 permissions:
+  issues: write
   pull-requests: write
   repository-projects: write
 

.github/workflows/workflow-lint.yml

@@ -1,33 +0,0 @@
-name: Lint workflows
-
-# **What it does**: This lints our workflow files.
-# **Why we have it**: We want some level of consistency in our workflow files.
-# **Who does it impact**: Docs engineering.
-
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - '.github/workflows/*.yml'
-      - '.github/workflows/*.yaml'
-
-permissions:
-  contents: read
-
-# This allows a subsequently queued workflow run to interrupt previous runs
-concurrency:
-  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
-  cancel-in-progress: true
-
-jobs:
-  lint:
-    if: ${{ github.repository == 'github/docs-internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-
-      - name: Run linter
-        uses: cschleiden/actions-linter@caffd707beda4fc6083926a3dff48444bc7c24aa
-        with:
-          workflows: '[".github/workflows/*.yml", ".github/workflows/*.yaml", "!.github/workflows/remove-from-fr-board.yaml", "!.github/workflows/staging-deploy-pr.yml", "!.github/workflows/triage-issue-comments.yml", "!.github/workflows/staging-build-and-deploy-azure.yml", "!.github/workflows/staging-undeploy-azure.yml"]'

Dockerfile

@@ -76,9 +76,6 @@ ENV NODE_ENV production
 # Whether to hide iframes, add warnings to external links
 ENV AIRGAP false
 
-# By default we typically don't want to run in clustered mode
-ENV WEB_CONCURRENCY 1
-
 # Preferred port for server.mjs
 ENV PORT 4000
 

azure-preview-env-template.json

@@ -22,7 +22,8 @@
       }
   },
   "variables": {
-      "appServicePlanName": "[concat('ASP-', parameters('appName'))]"
+    "appServicePlanName": "[concat('ASP-', parameters('appName'))]",
+    "dnsName": "[concat(parameters('appName'), '-', take(uniqueString(subscription().subscriptionId, resourceGroup().id, deployment().name), 6))]"
   },
   "resources": [
       {
@@ -42,14 +43,16 @@
       {
           "type": "Microsoft.Web/sites",
           "apiVersion": "2018-11-01",
-          "name": "[parameters('appName')]",
+          "name": "[variables('dnsName')]",
           "location": "[parameters('location')]",
           "dependsOn": [
               "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
           ],
-          "tags": {},
+          "tags": {
+              "DocsAppName": "[parameters('appName')]"
+          },
           "properties": {
-              "name": "[parameters('appName')]",
+              "name": "[variables('dnsName')]",
               "siteConfig": {
                   "appSettings": [
                       {
@@ -80,10 +83,6 @@
                           "name": "DEPLOYMENT_ENV",
                           "value": "azure"
                       },
-                      {
-                          "name": "WEB_CONCURRENCY",
-                          "value": "1"
-                      },
                       {
                           "name": "ENABLED_LANGUAGES",
                           "value": "en"
@@ -105,7 +104,7 @@
   "outputs": {
       "defaultHostName": {
           "type": "string",
-          "value": "[concat('https://', parameters('appName'), '.azurewebsites.net')]"
+          "value": "[concat('https://', variables('dnsName'), '.azurewebsites.net')]"
       }
   }
 }

components/article/PlatformPicker.tsx

@@ -2,6 +2,7 @@ import { useEffect, useState } from 'react'
 import Cookies from 'js-cookie'
 import { SubNav, TabNav, UnderlineNav } from '@primer/components'
 import { sendEvent, EventType } from 'components/lib/events'
+import { useRouter } from 'next/router'
 
 import { useArticleContext } from 'components/context/ArticleContext'
 import parseUserAgent from 'components/lib/user-agent'
@@ -50,6 +51,7 @@ type Props = {
 export const PlatformPicker = ({ variant = 'subnav' }: Props) => {
   const { defaultPlatform, detectedPlatforms } = useArticleContext()
   const [currentPlatform, setCurrentPlatform] = useState(defaultPlatform || '')
+  const { asPath } = useRouter()
 
   // Run on mount for client-side only features
   useEffect(() => {
@@ -63,7 +65,7 @@ export const PlatformPicker = ({ variant = 'subnav' }: Props) => {
 
     // always trigger this on initial render. if the default doesn't change the other useEffect won't fire
     showPlatformSpecificContent(platform)
-  }, [])
+  }, [asPath])
 
   // Make sure we've always selected a platform that exists in the article
   useEffect(() => {

components/lib/events.ts

@@ -129,10 +129,14 @@ export function sendEvent({ type, version = '1.0.0', ...props }: SendEventProps)
     ...props,
   }
 
-  // Only send the beacon if the feature is not disabled in the user's browser
-  if (navigator?.sendBeacon) {
-    const blob = new Blob([JSON.stringify(body)], { type: 'application/json' })
-    navigator.sendBeacon('/events', blob)
+  const blob = new Blob([JSON.stringify(body)], { type: 'application/json' })
+  const endpoint = '/events'
+  try {
+    // Only send the beacon if the feature is not disabled in the user's browser
+    // Even if the function exists, it can still throw an error from the call being blocked
+    navigator?.sendBeacon(endpoint, blob)
+  } catch {
+    console.warn(`sendBeacon to '${endpoint}' failed.`)
   }
 
   return body

components/page-header/VersionPicker.tsx

@@ -26,8 +26,8 @@ export const VersionPicker = ({ variant }: Props) => {
     selected: allVersions[currentVersion].versionTitle === permalink.pageVersionTitle,
     item: <Link href={permalink.href}>{permalink.pageVersionTitle}</Link>,
   }))
-  const hasEnterpriseVersions = (page.permalinks || []).find((permalink) =>
-    permalink.pageVersion.startsWith('enterprise-version')
+  const hasEnterpriseVersions = (page.permalinks || []).some((permalink) =>
+    permalink.pageVersion.startsWith('enterprise-server')
   )
 
   if (hasEnterpriseVersions) {

components/sidebar/AllProductsLink.tsx

@@ -1,11 +1,18 @@
 import { useRouter } from 'next/router'
 import { ArrowLeftIcon } from '@primer/octicons-react'
+import { DEFAULT_VERSION, useVersion } from 'components/hooks/useVersion'
 
 export const AllProductsLink = () => {
   const router = useRouter()
+  const { currentVersion } = useVersion()
+  const currentVersionPathSegment = currentVersion === DEFAULT_VERSION ? '' : `/${currentVersion}`
+
   return (
     <li>
-      <a href={`/${router.locale}`} className="f6 pl-4 pr-5 ml-n1 pb-1 color-fg-default">
+      <a
+        href={`/${router.locale}${currentVersionPathSegment}`}
+        className="f6 pl-4 pr-5 ml-n1 pb-1 color-fg-default"
+      >
         <ArrowLeftIcon size="small" className="mr-1" />
         All products
       </a>

components/sidebar/SidebarHomepage.tsx

@@ -6,8 +6,6 @@ import { useVersion } from 'components/hooks/useVersion'
 import { useMainContext } from 'components/context/MainContext'
 import { Link } from 'components/Link'
 
-import { AllProductsLink } from './AllProductsLink'
-
 export const SidebarHomepage = () => {
   const router = useRouter()
   const { currentVersion } = useVersion()
@@ -55,7 +53,6 @@ export const SidebarHomepage = () => {
 
   return (
     <ul data-testid="sidebar" className="mt-4">
-      {!isFPT && <AllProductsLink />}
       <li>
         <ActionList {...{ as: 'ul' }} items={navItems}></ActionList>
       </li>

content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository.md

@@ -7,7 +7,7 @@ redirect_from:
   - /articles/inviting-collaborators-to-a-personal-repository
   - /github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository
   - /github/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository
-product: '{% ifversion fpt %}{% data reusables.gated-features.user-repo-collaborators %}{% endif %}'
+product: '{% data reusables.gated-features.user-repo-collaborators %}'
 versions:
   fpt: '*'
   ghes: '*'

content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-yourself-from-a-collaborators-repository.md

@@ -9,7 +9,6 @@ redirect_from:
   - /articles/removing-yourself-from-a-collaborators-repository
   - /github/setting-up-and-managing-your-github-user-account/removing-yourself-from-a-collaborators-repository
   - /github/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-yourself-from-a-collaborators-repository
-product: '{% data reusables.gated-features.user-repo-collaborators %}'
 versions:
   fpt: '*'
   ghes: '*'
@@ -21,8 +20,12 @@ topics:
 shortTitle: Remove yourself
 ---
 {% data reusables.user_settings.access_settings %}
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5658 %}
+2. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "repo" aria-label="The repo icon" %} Repositories**.
+{% else %}
 2. In the left sidebar, click **Repositories**.
   ![Repositories tab](/assets/images/help/settings/settings-sidebar-repositories.png)
+{% endif %}
 3. Next to the repository you want to leave, click **Leave**.
   ![Leave button](/assets/images/help/repository/repo-leave.png)
 4. Read the warning carefully, then click "I understand, leave this repository."

content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/integrating-jira-with-your-personal-projects.md

@@ -12,13 +12,12 @@ shortTitle: Integrate Jira with projects
 ---
 {% data reusables.user_settings.access_settings %}
 {% data reusables.user_settings.developer_settings %}
-3. In the left sidebar, click **{% data variables.product.prodname_oauth_apps %}**.
-![{% data variables.product.prodname_oauth_apps %} tab in the left sidebar](/assets/images/help/settings/developer-settings-oauth-apps.png)
-3. Click **Register a new application**.
-4. Under **Application name**, type "Jira".
-5. Under **Homepage URL**, type the full URL to your Jira instance.
-6. Under **Authorization callback URL**, type the full URL to your Jira instance.
-7. Click **Register application**.
+{% data reusables.user-settings.oauth_apps %}
+1. Click **Register a new application**.
+2. Under **Application name**, type "Jira".
+3. Under **Homepage URL**, type the full URL to your Jira instance.
+4. Under **Authorization callback URL**, type the full URL to your Jira instance.
+5. Click **Register application**.
 ![Register application button](/assets/images/help/oauth/register-application-button.png)
 8. Under **Developer applications**, note the "Client ID" and "Client Secret" values.
 ![Client ID and Client Secret](/assets/images/help/oauth/client-id-and-secret.png)

content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-tab-size-rendering-preference.md

@@ -14,7 +14,6 @@ shortTitle: Managing your tab size
 If you feel that tabbed indentation in code rendered on {% data variables.product.product_name %} takes up too much, or too little space, you can change this in your settings.
 
 {% data reusables.user_settings.access_settings %}
-1. In the user settings sidebar, click **Appearance**.
-   !["Appearance" tab in user settings sidebar](/assets/images/help/settings/appearance-tab.png)
+1. In the left sidebar, click **{% octicon "paintbrush" aria-label="The paintbrush icon" %} Appearance**.
 2. Under "Tab size preference", select the drop-down menu and choose your preference.
    ![Tab size preference button](/assets/images/help/settings/tab-size-preference.png )

content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md

@@ -218,6 +218,10 @@ For example:
 curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=api://AzureADTokenExchange"
 ```
 
+### Adding permissions settings
+
+{% data reusables.actions.oidc-permissions-token %}
+
 ## Updating your workflows for OIDC
 
 You can now update your YAML workflows to use OIDC access tokens instead of secrets. Popular cloud providers have published their official login actions that make it easy for you to get started with OIDC. For more information about updating your workflows, see the cloud-specific guides listed below in "[Enabling OpenID Connect for your cloud provider](#enabling-openid-connect-for-your-cloud-provider)."

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md

@@ -57,14 +57,7 @@ To update your workflows for OIDC, you will need to make two changes to your YAM
 
 ### Adding permissions settings
 
-The workflow will require a `permissions` setting with a defined [`id-token`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) value. If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. For example:
-
-```yaml{:copy}
-permissions:
-  id-token: write
-```
-
-You may need to specify additional permissions here, depending on your workflow's requirements. 
+ {% data reusables.actions.oidc-permissions-token %}
 
 ### Requesting the access token
 

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md

@@ -50,14 +50,7 @@ To update your workflows for OIDC, you will need to make two changes to your YAM
 
 ### Adding permissions settings
 
-The workflow will require a `permissions` setting with a defined [`id-token`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) value. If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. For example:
-
-```yaml{:copy}
-permissions:
-  id-token: write
-```
-
-You may need to specify additional permissions here, depending on your workflow's requirements. 
+ {% data reusables.actions.oidc-permissions-token %}
 
 ### Requesting the access token
 

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md

@@ -37,14 +37,7 @@ If your cloud provider doesn't yet offer an official action, you can update your
 
 ### Adding permissions settings
 
-The workflow will require a `permissions` setting with a defined [`id-token`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) value. If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. For example:
-
-```yaml{:copy}
-permissions:
-  id-token: write
-```
-
-You may need to specify additional permissions here, depending on your workflow's requirements. 
+ {% data reusables.actions.oidc-permissions-token %}
 
 ### Using official actions
 

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md

@@ -49,14 +49,7 @@ To update your workflows for OIDC, you will need to make two changes to your YAM
 
 ### Adding permissions settings
 
-The workflow will require a `permissions` setting with a defined [`id-token`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) value. If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. For example:
-
-```yaml{:copy}
-permissions:
-  id-token: write
-```
-
-You may need to specify additional permissions here, depending on your workflow's requirements. 
+ {% data reusables.actions.oidc-permissions-token %}
 
 ### Requesting the access token
 

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md

@@ -54,14 +54,7 @@ This example demonstrates how to use OIDC with the official action to request a
 
 ### Adding permissions settings
 
-The workflow will require a `permissions` setting with a defined [`id-token`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) value. If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. For example:
-
-```yaml{:copy}
-permissions:
-  id-token: write
-```
-
-You may need to specify additional permissions here, depending on your workflow's requirements. 
+ {% data reusables.actions.oidc-permissions-token %}
 
 ### Requesting the access token
 

content/actions/learn-github-actions/usage-limits-billing-and-administration.md

@@ -18,16 +18,23 @@ shortTitle: Workflow billing & limits
 
 ## About billing for {% data variables.product.prodname_actions %}
 
+{% data reusables.repositories.about-github-actions %} For more information, see "[Understanding {% data variables.product.prodname_actions %}](/actions/learn-github-actions/understanding-github-actions){% ifversion fpt %}."{% elsif ghes or ghec %}" and "[About {% data variables.product.prodname_actions %} for enterprises](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)."{% endif %}
+
 {% ifversion fpt or ghec %}
 {% data reusables.github-actions.actions-billing %} For more information, see "[About billing for {% data variables.product.prodname_actions %}](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."
 {% else %}
-GitHub Actions usage is free for {% data variables.product.prodname_ghe_server %}s that use self-hosted runners.
+GitHub Actions usage is free for {% data variables.product.prodname_ghe_server %} instances that use self-hosted runners. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)."
 {% endif %}
 
+
+{% ifversion fpt or ghec %}
+
 ## Availability
 
 {% data variables.product.prodname_actions %} is available on all {% data variables.product.prodname_dotcom %} products, but {% data variables.product.prodname_actions %} is not available for private repositories owned by accounts using legacy per-repository plans. {% data reusables.gated-features.more-info %}
 
+{% endif %}
+
 ## Usage limits
 
 {% ifversion fpt or ghec %}

content/actions/using-workflows/workflow-syntax-for-github-actions.md

@@ -830,7 +830,7 @@ services:
     image: ghcr.io/owner/myservice1
     credentials:
       username: ${{ github.actor }}
-      password: ${{ secrets.ghcr_token }}
+      password: ${{ secrets.github_token }}
   myservice2:
     image: dockerhub_org/myservice2
     credentials:
@@ -973,7 +973,7 @@ For more information about branch, tag, and path filter syntax, see "[`on.<push>
 | `'**'` | Matches all branch and tag names. This is the default behavior when you don't use a `branches` or `tags` filter. | `all/the/branches`<br/><br/>`every/tag` |
 | `'*feature'` | The `*` character is a special character in YAML. When you start a pattern with `*`, you must use quotes. | `mona-feature`<br/><br/>`feature`<br/><br/>`ver-10-feature` |
 | `v2*` | Matches branch and tag names that start with `v2`. | `v2`<br/><br/>`v2.0`<br/><br/>`v2.9` |
-| `v[12].[0-9]+.[0-9]+` | Matches all semantic versioning branches and tags with major version 1 or 2 | `v1.10.1`<br/><br/>`v2.0.0` |
+| `v[12].[0-9]+.[0-9]+` | Matches all semantic versioning branches and tags with major version 1 or 2. | `v1.10.1`<br/><br/>`v2.0.0` |
 
 ### Patterns to match file paths
 

content/admin/configuration/configuring-network-settings/configuring-tls.md

@@ -37,6 +37,8 @@ You can generate a certificate signing request (CSR) for your instance using the
 
 ## Uploading a custom TLS certificate
 
+{% data reusables.enterprise_site_admin_settings.tls-downtime %}
+
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.privacy %}
@@ -69,6 +71,8 @@ You can also use the `ghe-ssl-acme` command line utility on {% data variables.pr
 
 {% data reusables.enterprise_installation.lets-encrypt-prerequisites %}
 
+{% data reusables.enterprise_site_admin_settings.tls-downtime %}
+
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.privacy %}

content/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance.md

@@ -136,5 +136,5 @@ $ ghe-restore -c 169.154.1.1
 {% endnote %}
 
 You can use these additional options with `ghe-restore` command:
-- The `-c` flag overwrites the settings, certificate, and license data on the target host even if it is already configured. Omit this flag if you are setting up a staging instance for testing purposes and you wish to retain the existing configuration on the target. For more information, see the "Using using backup and restore commands" section of the [{% data variables.product.prodname_enterprise_backup_utilities %} README](https://github.com/github/backup-utils#using-the-backup-and-restore-commands).
+- The `-c` flag overwrites the settings, certificate, and license data on the target host even if it is already configured. Omit this flag if you are setting up a staging instance for testing purposes and you wish to retain the existing configuration on the target. For more information, see the "Using backup and restore commands" section of the [{% data variables.product.prodname_enterprise_backup_utilities %} README](https://github.com/github/backup-utils#using-the-backup-and-restore-commands).
 - The `-s` flag allows you to select a different backup snapshot.

content/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications.md

@@ -88,8 +88,7 @@ settings to allow incoming emails](#configuring-dns-and-firewall-settings-to-all
 4. If the test email fails, [troubleshoot your email settings](#troubleshooting-email-delivery).
 5. When the test email succeeds, at the bottom of the page, click **Save settings**.
 ![Save settings button](/assets/images/enterprise/management-console/save-settings.png)
-6. Wait for the configuration run to complete.
-![Configuring your instance](/assets/images/enterprise/management-console/configuration-run.png)
+{% data reusables.enterprise_site_admin_settings.wait-for-configuration-run %}
 
 ## Configuring DNS and firewall settings to allow incoming emails
 

content/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md

@@ -52,9 +52,11 @@ If you use Docker container actions or service containers in your workflows, you
 
 If these settings aren't correctly configured, you might receive errors like `Resource unexpectedly moved to https://<IP_ADDRESS>` when setting or changing your {% data variables.product.prodname_actions %} configuration.
 
-## Runners not connecting to {% data variables.product.prodname_ghe_server %} after changing the hostname
+## Runners not connecting to {% data variables.product.prodname_ghe_server %} with a new hostname
 
-If you change the hostname of {% data variables.product.product_location %}, self-hosted runners will be unable to connect to the old hostname, and will not execute any jobs.
+{% data reusables.enterprise_installation.changing-hostname-not-supported %}
+
+If you deploy {% data variables.product.prodname_ghe_server %} in your environment with a new hostname and the old hostname no longer resolves to your instance, self-hosted runners will be unable to connect to the old hostname, and will not execute any jobs.
 
 You will need to update the configuration of your self-hosted runners to use the new hostname for {% data variables.product.product_location %}. Each self-hosted runner will require one of the following procedures:
 

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md

@@ -15,8 +15,6 @@ redirect_from:
   - /admin/authentication/managing-identity-and-access-for-your-enterprise/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
 ---
 
-{% data reusables.enterprise-accounts.emu-saml-note %}
-
 ## About SAML single sign-on for enterprise accounts
 
 {% data reusables.saml.dotcom-saml-explanation %} {% data reusables.saml.about-saml-enterprise-accounts %}

content/admin/index.md

@@ -97,12 +97,14 @@ featuredLinks:
     - '{% ifversion ghes %}/admin/installation{% endif %}'
     - '{% ifversion ghae %}/admin/identity-and-access-management/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad{% endif %}'
     - '{% ifversion ghae %}/admin/overview/about-upgrades-to-new-releases{% endif %}'
+    - '{% ifversion ghae %}/get-started/signing-up-for-github/setting-up-a-trial-of-github-ae{% endif %}'
     - '{% ifversion ghes %}/billing/managing-your-license-for-github-enterprise{% endif %}'
     - '{% ifversion ghes %}/admin/configuration/command-line-utilities{% endif %}'
     - '{% ifversion ghec %}/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise{% endif %}'
     - '{% ifversion ghec %}/admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise{% endif %}'
     - '{% ifversion ghec %}/admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks{% endif %}'
     - '{% ifversion ghec %}/billing/managing-your-license-for-github-enterprise/using-visual-studio-subscription-with-github-enterprise/setting-up-visual-studio-subscription-with-github-enterprise{% endif %}'
+    - /admin/configuration/configuring-github-connect/managing-github-connect
     - /admin/enterprise-support/about-github-enterprise-support
   videos:
     - title: "GitHub in the Enterprise – Maya Ross"

content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md

@@ -90,6 +90,9 @@ The `$GITHUB_VIA` variable is available in the pre-receive hook environment when
 | <pre>git refs delete api</pre> | Deletion of a ref via the API | "[Git database](/rest/reference/git#delete-a-reference)" in the REST API documentation |
 | <pre>git refs update api</pre> | Update of a ref via the API | "[Git database](/rest/reference/git#update-a-reference)" in the REST API documentation |
 | <pre>git repo contents api</pre> | Change to a file's contents via the API | "[Create or update file contents](/rest/reference/repos#create-or-update-file-contents)" in the REST API documentation |
+{%- ifversion ghes > 3.0 %}
+| `merge ` | Merge of a pull request using auto-merge | "[Automatically merging a pull request](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)" |
+{%- endif %}
 | <pre>merge base into head</pre> | Update of the topic branch from the base branch when the base branch requires strict status checks (via **Update branch** in a pull request, for example) | "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)" |
 | <pre>pull request branch delete button</pre> | Deletion of a topic branch from a pull request in the web interface | "[Deleting and restoring branches in a pull request](/github/administering-a-repository/deleting-and-restoring-branches-in-a-pull-request#deleting-a-branch-used-for-a-pull-request)" |
 | <pre>pull request branch undo button</pre> | Restoration of a topic branch from a pull request in the web interface | "[Deleting and restoring branches in a pull request](/github/administering-a-repository/deleting-and-restoring-branches-in-a-pull-request#restoring-a-deleted-branch)" |

content/admin/user-management/managing-organizations-in-your-enterprise/adding-people-to-teams.md

@@ -9,6 +9,7 @@ redirect_from:
 intro: 'Once a team has been created, organization admins can add users from {% data variables.product.product_location %} to the team and determine which repositories they have access to.'
 versions:
   ghes: '*'
+  ghae: '*'
 type: how_to
 topics:
   - Access management
@@ -29,8 +30,12 @@ Each team has its own individually defined [access permissions for repositories
 {% data reusables.organizations.invite_to_team %}
 {% data reusables.organizations.review-team-repository-access %}
 
+{% ifversion ghes %}
+
 ## Mapping teams to LDAP groups (for instances using LDAP Sync for user authentication)
 
 {% data reusables.enterprise_management_console.badge_indicator %}
 
 To add a new member to a team synced to an LDAP group, add the user as a member of the LDAP group, or contact your LDAP administrator.
+
+{% endif %}

content/admin/user-management/managing-organizations-in-your-enterprise/continuous-integration-using-jenkins.md

@@ -7,6 +7,7 @@ redirect_from:
   - /admin/user-management/continuous-integration-using-jenkins
 versions:
   ghes: '*'
+  ghae: '*'
 type: reference
 topics:
   - CI

content/admin/user-management/managing-organizations-in-your-enterprise/creating-teams.md

@@ -6,6 +6,7 @@ redirect_from:
   - /admin/user-management/creating-teams
 versions:
   ghes: '*'
+  ghae: '*'
 type: how_to
 topics:
   - Access management
@@ -32,6 +33,8 @@ A prudent combination of teams is a powerful way to control repository access. F
 {% data reusables.organizations.create-team-choose-parent %}
 {% data reusables.organizations.create_team %}
 
+{% ifversion ghes %}
+
 ## Creating teams with LDAP Sync enabled
 
 Instances using LDAP for user authentication can use LDAP Sync to manage a team's members. Setting the group's **Distinguished Name** (DN) in the **LDAP group** field will map a team to an LDAP group on your LDAP server. If you use LDAP Sync to manage a team's members, you won't be able to manage your team within {% data variables.product.product_location %}. The mapped team will sync its members in the background and periodically at the interval configured when LDAP Sync is enabled. For more information, see "[Enabling LDAP Sync](/enterprise/admin/authentication/using-ldap#enabling-ldap-sync)."
@@ -60,3 +63,5 @@ You must be a site admin and an organization owner to create a team with LDAP sy
 {% data reusables.organizations.team_visibility %}
 {% data reusables.organizations.create-team-choose-parent %}
 {% data reusables.organizations.create_team %}
+
+{% endif %}

content/admin/user-management/managing-organizations-in-your-enterprise/managing-projects-using-jira.md

@@ -1,6 +1,6 @@
 ---
 title: Managing projects using Jira
-intro: 'You can integrate Jira with {% data variables.product.prodname_enterprise %} for project management.'
+intro: 'You can integrate Jira with {% data variables.product.product_name %} for project management.'
 redirect_from:
   - /enterprise/admin/guides/installation/project-management-using-jira
   - /enterprise/admin/articles/project-management-using-jira
@@ -10,6 +10,7 @@ redirect_from:
   - /admin/user-management/managing-projects-using-jira
 versions:
   ghes: '*'
+  ghae: '*'
 type: how_to
 topics:
   - Enterprise

content/admin/user-management/managing-organizations-in-your-enterprise/removing-users-from-teams-and-organizations.md

@@ -6,6 +6,7 @@ redirect_from:
   - /admin/user-management/removing-users-from-teams-and-organizations
 versions:
   ghes: '*'
+  ghae: '*'
 type: how_to
 topics:
   - Access management
@@ -24,6 +25,8 @@ Only owners or team admins can remove organization members. When a user is remov
 
 ## Removing a team member
 
+{% ifversion ghes %}
+
 {% warning %}
 
 **Note:** {% data reusables.enterprise_management_console.badge_indicator %}
@@ -32,6 +35,8 @@ To remove an existing member of a team synced to an LDAP group, contact your LDA
 
 {% endwarning %}
 
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.user_settings.access_org %}
 {% data reusables.organizations.specific_team %}

content/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys.md

@@ -17,8 +17,12 @@ shortTitle: Deploy keys
 ---
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5658 %}
+3. In the "Security" section of the sidebar, click **{% octicon "key" aria-label="The key icon" %} Deploy keys**.
+{% else %}
 3. In the left sidebar, click **Deploy keys**.
 ![Deploy keys setting](/assets/images/help/settings/settings-sidebar-deploy-keys.png)
+{% endif %}
 4. On the Deploy keys page, take note of the deploy keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid deploy keys you'd like to keep, click **Approve**.
 	![Deploy key list](/assets/images/help/settings/settings-deploy-key-review.png)
 

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md

@@ -0,0 +1,119 @@
+---
+title: About code scanning alerts
+intro: 'Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.'
+product: '{% data reusables.gated-features.code-scanning %}'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+type: overview
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+---
+
+{% data reusables.code-scanning.beta %}
+{% data reusables.code-scanning.enterprise-enable-code-scanning %}
+
+## About alerts from {% data variables.product.prodname_code_scanning %}
+
+You can set up {% data variables.product.prodname_code_scanning %} to check the code in a repository using the default {% data variables.product.prodname_codeql %} analysis, a third-party analysis, or multiple types of analysis. When the analysis is complete, the resulting alerts are displayed alongside each other in the security view of the repository. Results from third-party tools or from custom queries may not include all of the properties that you see for alerts detected by {% data variables.product.company_short %}'s default {% data variables.product.prodname_codeql %} analysis. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
+
+By default, {% data variables.product.prodname_code_scanning %} analyzes your code periodically on the default branch and during pull requests. For information about managing alerts on a pull request, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
+
+## About alert details
+
+Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.
+
+![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png)
+
+If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.
+
+When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_capc %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
+
+### About severity levels
+
+Alert severity levels may be `Error`, `Warning`, or `Note`.
+
+If {% data variables.product.prodname_code_scanning %} is enabled as a pull request check, the check will fail if it detects any results with a severity of `error`. {% ifversion fpt or ghes > 3.1 or ghae or ghec %}You can specify which severity level of code scanning alerts causes a check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
+
+{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
+### About security severity levels
+
+{% data variables.product.prodname_code_scanning_capc %} displays security severity levels for alerts that are generated by security queries. Security severity levels can be `Critical`, `High`, `Medium`, or `Low`.
+
+To calculate the security severity of an alert, we use Common Vulnerability Scoring System (CVSS) data. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities, and is commonly used by other security products to score alerts. For more information about how severity levels are calculated, see [this blog post](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/).
+
+By default, any {% data variables.product.prodname_code_scanning %} results with a security severity of `Critical` or `High` will cause a check failure. You can specify which security severity level for {% data variables.product.prodname_code_scanning %} results should cause a check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
+
+### About labels for alerts that are not found in application code
+
+{% data variables.product.product_name %} assigns a category label to alerts that are not found in application code. The label relates to the location of the alert.
+
+- **Generated**: Code generated by the build process
+- **Test**: Test code
+- **Library**: Library or third-party code
+- **Documentation**: Documentation
+
+{% data variables.product.prodname_code_scanning_capc %} categorizes files by file path. You cannot manually categorize source files.
+
+Here is an example from the {% data variables.product.prodname_code_scanning %} alert list of an alert marked as occurring in library code.
+
+![Code scanning library alert in list](/assets/images/help/repository/code-scanning-library-alert-index.png)
+
+On the alert page, you can see that the filepath is marked as library code (`Library` label).
+
+![Code scanning library alert details](/assets/images/help/repository/code-scanning-library-alert-show.png)
+
+{% if codeql-ml-queries %}
+
+## About experimental alerts
+
+{% data reusables.code-scanning.beta-codeql-ml-queries %}
+
+In repositories that run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql %} action, you may see some alerts that are marked as experimental. These are alerts that were found using a machine learning model to extend the capabilities of an existing {% data variables.product.prodname_codeql %} query.
+
+![Code scanning experimental alert in list](/assets/images/help/repository/code-scanning-experimental-alert-list.png)
+
+### Benefits of using machine learning models to extend queries
+
+Queries that use machine learning models are capable of finding vulnerabilities in code that was written using frameworks and libraries that the original query writer did not include.
+
+Each of the security queries for {% data variables.product.prodname_codeql %} identifies code that's vulnerable to a specific type of attack. Security researchers write the queries and include the most common frameworks and libraries. So each existing query finds vulnerable uses of common frameworks and libraries. However, developers use many different frameworks and libraries, and a manually maintained query cannot include them all. Consequently, manually maintained queries do not provide coverage for all frameworks and libraries.
+
+{% data variables.product.prodname_codeql %} uses a machine learning model to extend an existing security query to cover a wider range of frameworks and libraries. The machine learning model is trained to detect problems in code it's never seen before. Queries that use the model will find results for frameworks and libraries that are not described in the original query.
+
+### Alerts identified using machine learning
+
+Alerts found using a machine learning model are tagged as "Experimental alerts" to show that the technology is under active development. These alerts have a higher rate of false positive results than the queries they are based on. The machine learning model will improve based on user actions such as marking a poor result as a false positive or fixing a good result.
+
+![Code scanning experimental alert details](/assets/images/help/repository/code-scanning-experimental-alert-show.png)
+
+## Enabling experimental alerts
+
+The default {% data variables.product.prodname_codeql %} query suites do not include any queries that use machine learning to generate experimental alerts. To run machine learning queries during {% data variables.product.prodname_code_scanning %} you need to run the additional queries contained in one of the following query suites.
+
+{% data reusables.code-scanning.codeql-query-suites %}
+
+When you update your workflow to run an additional query suite this will increase the analysis time.
+
+``` yaml
+- uses: github/codeql-action/init@v1
+  with:
+    # Run extended queries including queries using machine learning
+    queries: security-extended
+```
+
+For more information, see "[Configuring code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs)."
+
+## Disabling experimental alerts
+
+The simplest way to disable queries that use machine learning to generate experimental alerts is to stop running the `security-extended` or `security-and-quality` query suite. In the example above, you would comment out the `queries` line. If you need to continue to run the `security-extended` or `security-and-quality` suite and the machine learning queries are causing problems, then you can open a ticket with [{% data variables.product.company_short %} support](https://support.github.com/contact) with the following details.
+
+- Ticket title: "{% data variables.product.prodname_code_scanning %}: removal from experimental alerts beta"
+- Specify details of the repositories or organizations that are affected
+- Request an escalation to engineering
+
+{% endif %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql.md

@@ -43,7 +43,7 @@ There are two main ways to use {% data variables.product.prodname_codeql %} anal
 
 ## About {% data variables.product.prodname_codeql %} queries
 
-{% data variables.product.company_short %} experts, security researchers, and community contributors write and maintain the default {% data variables.product.prodname_codeql %} queries used for {% data variables.product.prodname_code_scanning %}. The queries are regularly updated to improve analysis and reduce any false positive results. The queries are open source, so you can view and contribute to the queries in the [`github/codeql`](https://github.com/github/codeql) repository. For more information, see [{% data variables.product.prodname_codeql %}](https://securitylab.github.com/tools/codeql) on the GitHub Security Lab website. You can also write your own queries. For more information, see "[About {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/)" in the {% data variables.product.prodname_codeql %} documentation.
+{% data variables.product.company_short %} experts, security researchers, and community contributors write and maintain the default {% data variables.product.prodname_codeql %} queries used for {% data variables.product.prodname_code_scanning %}. The queries are regularly updated to improve analysis and reduce any false positive results. The queries are open source, so you can view and contribute to the queries in the [`github/codeql`](https://github.com/github/codeql) repository. For more information, see [{% data variables.product.prodname_codeql %}](https://codeql.github.com/) on the {% data variables.product.prodname_codeql %} website. You can also write your own queries. For more information, see "[About {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/)" in the {% data variables.product.prodname_codeql %} documentation.
 
 You can run additional queries as part of your code scanning analysis. 
 

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning.md

@@ -17,7 +17,7 @@ topics:
   - Advanced Security
   - Code scanning
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md

@@ -24,7 +24,7 @@ topics:
   - Python
 shortTitle: Configure code scanning
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
@@ -89,7 +89,7 @@ If you scan pull requests, then the results appear as alerts in a pull request c
 {% ifversion fpt or ghes > 3.1 or ghae or ghec %}
 ### Defining the severities causing pull request check failure
 
-By default, only alerts with the severity level of `Error`{% ifversion fpt or ghes > 3.1  or ghae or ghec %} or security severity level of `Critical` or `High`{% endif %} will cause a pull request check failure, and a check will still succeed with alerts of lower severities. You can change the levels of alert severities{% ifversion fpt or ghes > 3.1  or ghae or ghec %} and of security severities{% endif %} that will cause a pull request check failure in your repository settings. For more information about severity levels, see "[Managing code scanning alerts for your repository](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#about-alerts-details)."
+By default, only alerts with the severity level of `Error`{% ifversion fpt or ghes > 3.1  or ghae or ghec %} or security severity level of `Critical` or `High`{% endif %} will cause a pull request check failure, and a check will still succeed with alerts of lower severities. You can change the levels of alert severities{% ifversion fpt or ghes > 3.1  or ghae or ghec %} and of security severities{% endif %} that will cause a pull request check failure in your repository settings. For more information about severity levels, see "[About code scanning alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details)."
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
@@ -351,7 +351,7 @@ To add one or more queries, add a `with: queries:` entry within the `uses: githu
 
 You can also specify query suites in the value of `queries`. Query suites are collections of queries, usually grouped by purpose or language.
 
-{% data reusables.code-scanning.codeql-query-suites %}
+{% data reusables.code-scanning.codeql-query-suites-explanation %}
 
 {% if codeql-packs %}
 ### Working with custom configuration files

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages.md

@@ -26,7 +26,7 @@ topics:
   - C#
   - Java
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/index.md

@@ -16,6 +16,7 @@ topics:
   - Code scanning
 children:
   - /about-code-scanning
+  - /about-code-scanning-alerts
   - /triaging-code-scanning-alerts-in-pull-requests
   - /setting-up-code-scanning-for-a-repository
   - /managing-code-scanning-alerts-for-your-repository
@@ -28,4 +29,4 @@ children:
   - /running-codeql-code-scanning-in-a-container
   - /viewing-code-scanning-logs
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md

@@ -23,62 +23,9 @@ topics:
   - Alerts
   - Repositories
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
 
 {% data reusables.code-scanning.beta %}
 
-## About alerts from {% data variables.product.prodname_code_scanning %}
-
-You can set up {% data variables.product.prodname_code_scanning %} to check the code in a repository using the default {% data variables.product.prodname_codeql %} analysis, a third-party analysis, or multiple types of analysis. When the analysis is complete, the resulting alerts are displayed alongside each other in the security view of the repository. Results from third-party tools or from custom queries may not include all of the properties that you see for alerts detected by {% data variables.product.company_short %}'s default {% data variables.product.prodname_codeql %} analysis. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
-
-By default, {% data variables.product.prodname_code_scanning %} analyzes your code periodically on the default branch and during pull requests. For information about managing alerts on a pull request, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
-
-{% data reusables.code-scanning.upload-sarif-alert-limit %}
-
-## About alerts details
-
-Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.
-
-![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png)
-
-If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, this can also detect data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.
-
-When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_capc %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
-
-### About severity levels
-
-Alert severity levels may be `Error`, `Warning`, or `Note`.
-
-By default, any code scanning results with a severity of `error` will cause check failure. {% ifversion fpt or ghes > 3.1 or ghae or ghec %}You can specify the severity level at which pull requests that trigger code scanning alerts should fail. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
-
-{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
-### About security severity levels
-
-{% data variables.product.prodname_code_scanning_capc %} displays security severity levels for alerts that are generated by security queries. Security severity levels can be `Critical`, `High`, `Medium`, or `Low`.
-
-To calculate the security severity of an alert, we use Common Vulnerability Scoring System (CVSS) data. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities, and is commonly used by other security products to score alerts. For more information about how severity levels are calculated, see [the blog post](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/).
-
-By default, any code scanning results with a security severity of `Critical` or `High` will cause a check failure. You can specify which security severity level for code scanning results should cause a check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
-
-### About labels for alerts that are not found in application code
-
-{% data variables.product.product_name %} assigns a category label to alerts that are not found in application code. The label relates to the location of the alert.
-
-- **Generated**: Code generated by the build process
-- **Test**: Test code
-- **Library**: Library or third-party code
-- **Documentation**: Documentation
-
-{% data variables.product.prodname_code_scanning_capc %} categorizes files by file path. You cannot manually categorize source files.
-
-Here is an example from the {% data variables.product.prodname_code_scanning %} alert list of an alert marked as occuring in library code.
-
-![Code scanning library alert in list](/assets/images/help/repository/code-scanning-library-alert-index.png)
-
-On the alert page, you can see that the filepath is marked as library code (`Library` label).
-
-![Code scanning library alert details](/assets/images/help/repository/code-scanning-library-alert-show.png)
-
 ## Viewing the alerts for a repository
 
 Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
@@ -104,6 +51,8 @@ By default, the code scanning alerts page is filtered to show alerts for the def
 1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
    ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png)
 
+For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts)."
+
 {% ifversion fpt or ghes > 3.1 or ghae or ghec %}
 {% note %}
 
@@ -133,7 +82,7 @@ If you enter multiple filters, the view will show alerts matching _all_ these fi
 
 {% ifversion fpt or ghes > 3.3 or ghec %}
 
-You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag.
+You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag{% if codeql-ml-queries %} and `-tag:experimental` will omit all experimental alerts. For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."{% else %}.{% endif %}
 
 {% endif %}
 
@@ -177,7 +126,7 @@ You can search the list of alerts. This is useful if there is a large number of
 
 {% endif %}
 
-{% ifversion fpt or ghes > 3.3 or ghae-issue-5036 %}
+{% if code-scanning-task-lists %}
 ## Tracking {% data variables.product.prodname_code_scanning %} alerts in issues
 
 {% data reusables.code-scanning.beta-alert-tracking-in-issues %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container.md

@@ -22,7 +22,7 @@ topics:
   - Containers
   - Java
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.deprecation-codeql-runner %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md

@@ -5,9 +5,7 @@ intro: You can add code scanning alerts to issues using task lists. This makes i
 product: '{% data reusables.gated-features.code-scanning %}'
 permissions: 'If you have write permission to a repository you can track {% data variables.product.prodname_code_scanning %} alerts in issues using task lists.'
 versions:
-  fpt: '*'
-  ghes: '> 3.3'
-  ghae: issue-5036
+  feature: 'code-scanning-task-lists'
 type: how_to
 topics:
   - Advanced Security

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md

@@ -21,7 +21,7 @@ topics:
   - Alerts
   - Repositories
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow.md

@@ -26,7 +26,7 @@ topics:
   - C#
   - Java
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.not-available %}
@@ -192,6 +192,19 @@ If you split your analysis into multiple workflows as described above, we still
 
 If your analysis is still too slow to be run during `push` or `pull_request` events, then you may want to only trigger analysis on the `schedule` event. For more information, see "[Events](/actions/learn-github-actions/introduction-to-github-actions#events)."
 
+### Check which query suites the workflow runs
+
+By default, there are three main query suites available for each language. If you have optimized the CodeQL database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically; it contains the fastest security queries with the lowest rates of false positive results. 
+
+You may be running extra queries or query suites in addition to the default queries. Check whether the workflow defines an additional query suite or additional queries to run using the `queries` element. You can experiment with disabling the additional query suite or queries. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs)."
+
+{% if codeql-ml-queries %}
+{% note %}
+
+**Note:** If you run the `security-extended` or `security-and-quality` query suite for JavaScript, then some queries use experimental technology. For more information, see "[About code scanning alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."
+{% endnote %}
+{% endif %}
+
 {% ifversion fpt or ghec %}
 ## Results differ between analysis platforms
 

content/code-security/code-scanning/index.md

@@ -21,4 +21,4 @@ children:
   - /integrating-with-code-scanning
   - /using-codeql-code-scanning-with-your-existing-ci-system
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+

content/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning.md

@@ -19,7 +19,7 @@ topics:
   - Webhooks
   - Integration
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning %}

content/code-security/code-scanning/integrating-with-code-scanning/index.md

@@ -21,4 +21,4 @@ children:
   - /uploading-a-sarif-file-to-github
   - /sarif-support-for-code-scanning
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+

content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md

@@ -21,7 +21,7 @@ topics:
   - Integration
   - SARIF
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.deprecation-codeql-runner %}

content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md

@@ -24,7 +24,7 @@ topics:
   - CI
   - SARIF
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning %}

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system.md

@@ -28,7 +28,7 @@ topics:
   - C#
   - Java
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.deprecation-codeql-runner %}
 {% data reusables.code-scanning.beta %}
@@ -83,7 +83,7 @@ $ /path/to-runner/codeql-runner-linux init --languages cpp,java
 
 {% data reusables.code-scanning.run-additional-queries %}
 
-{% data reusables.code-scanning.codeql-query-suites %}
+{% data reusables.code-scanning.codeql-query-suites-explanation %}
 
 To add one or more queries, pass a comma-separated list of paths to the `--queries` flag of the `init` command. You can also specify additional queries in a configuration file.
 

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/index.md

@@ -27,4 +27,4 @@ children:
   - /troubleshooting-codeql-runner-in-your-ci-system
   - /migrating-from-the-codeql-runner-to-codeql-cli
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system.md

@@ -25,7 +25,7 @@ topics:
   - CI
   - SARIF
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 <!--UI-LINK: When GitHub Enterprise Server <=3.0 doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
 
 {% data reusables.code-scanning.deprecation-codeql-runner %}

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system.md

@@ -23,7 +23,7 @@ topics:
   - Integration
   - CI
 ---
-<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
+
 
 {% data reusables.code-scanning.deprecation-codeql-runner %}
 {% data reusables.code-scanning.beta %}

content/code-security/guides.md

@@ -30,6 +30,7 @@ includeGuides:
   - /code-security/secret-scanning/secret-scanning-partners
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository

content/communities/moderating-comments-and-conversations/limiting-interactions-for-your-user-account.md

@@ -27,7 +27,6 @@ You can also block users. For more information, see "[Blocking a user from your
 ## Limiting interactions for your user account
 
 {% data reusables.user_settings.access_settings %}
-1. In your user settings sidebar, under "Moderation settings", click **Interaction limits**.
-  !["Interaction limits" tab in the user settings sidebar](/assets/images/help/settings/settings-sidebar-interaction-limits.png)
+1. In the "Access" section of the sidebar, select **{% octicon "report" aria-label="The report icon" %} Moderation** then click **Interaction limits**.
 {% data reusables.community.set-interaction-limit %}
   ![Temporary interaction limit options](/assets/images/help/settings/user-account-temporary-interaction-limits-options.png)

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md

@@ -40,7 +40,7 @@ You can set the following top-level keys for each issue form.
 | `description` | A description for the issue form template, which appears in the template chooser interface. | Required | String |
 | `body` | Definition of the input types in the form. | Required | Array |
 | `assignees` | People who will be automatically assigned to issues created with this template. | Optional | Array or comma-delimited string |
-| `labels` | Labels that will automatically be added to issues created with this template. | Optional | String |
+| `labels` | Labels that will automatically be added to issues created with this template. | Optional | Array or comma-delimited string |
 | `title` | A default title that will be pre-populated in the issue submission form. | Optional | String |
 
 For the available `body` input types and their syntaxes, see "[Syntax for {% data variables.product.prodname_dotcom %}'s form schema](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema)."

content/get-started/signing-up-for-github/setting-up-a-trial-of-github-ae.md

@@ -12,7 +12,7 @@ shortTitle: GitHub AE trial
 
 You can set up a 90-day trial to evaluate {% data variables.product.prodname_ghe_managed %}. This process allows you to deploy a {% data variables.product.prodname_ghe_managed %} account in your existing Azure region. 
 
-- **{% data variables.product.prodname_ghe_managed %} account**: The Azure resource that contains the required components, including the instance.
+- **{% data variables.product.prodname_ghe_managed %} account**: The Azure resource that contains the deployment of {% data variables.product.prodname_ghe_managed %}.
 - **{% data variables.product.prodname_ghe_managed %} portal**: The Azure management tool at [https://portal.azure.com](https://portal.azure.com). This is used to deploy the {% data variables.product.prodname_ghe_managed %} account.
 
 ## Setting up your trial of {% data variables.product.prodname_ghe_managed %}
@@ -41,13 +41,13 @@ The email address you entered above will receive instructions on how to access y
 
 {% note %}
 
-**Note:** Software updates for your {% data variables.product.prodname_ghe_managed %} instance are performed by {% data variables.product.prodname_dotcom %}. For more information, see "[About upgrades to new releases](/admin/overview/about-upgrades-to-new-releases)."
+**Note:** Software updates for your {% data variables.product.prodname_ghe_managed %} deployment are performed by {% data variables.product.prodname_dotcom %}. For more information, see "[About upgrades to new releases](/admin/overview/about-upgrades-to-new-releases)."
 
 {% endnote %}
 
 ## Navigating to your enterprise
 
-You can use the {% data variables.actions.azure_portal %} to navigate to your {% data variables.product.prodname_ghe_managed %} instance. The resulting list includes all the {% data variables.product.prodname_ghe_managed %} instances in your Azure region.
+You can use the {% data variables.actions.azure_portal %} to navigate to your {% data variables.product.prodname_ghe_managed %} deployment. The resulting list includes all the {% data variables.product.prodname_ghe_managed %} deployments in your Azure region.
 
 1. On the {% data variables.actions.azure_portal %}, in the left panel, click **All resources**.
 1. From the available filters, click **All types**, then deselect **Select all** and select **GitHub AE**:
@@ -55,11 +55,11 @@ You can use the {% data variables.actions.azure_portal %} to navigate to your {%
 
 ## Next steps
 
-Once your instance has been provisioned, the next step is to initialize {% data variables.product.prodname_ghe_managed %}. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/github-ae@latest/admin/configuration/configuring-your-enterprise/initializing-github-ae)."
+Once your deployment has been provisioned, the next step is to initialize {% data variables.product.prodname_ghe_managed %}. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/github-ae@latest/admin/configuration/configuring-your-enterprise/initializing-github-ae)."
 
 ## Finishing your trial
 
-You can upgrade to a full license at any time during the trial period by contacting contact {% data variables.contact.contact_enterprise_sales %}. If you haven't upgraded by the last day of your trial, then the instance is automatically deleted.
+You can upgrade to a full license at any time during the trial period by contacting contact {% data variables.contact.contact_enterprise_sales %}. If you haven't upgraded by the last day of your trial, then the deployment is automatically deleted.
 
 If you need more time to evaluate {% data variables.product.prodname_ghe_managed %}, contact {% data variables.contact.contact_enterprise_sales %} to request an extension.
 

content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -25,11 +25,9 @@ shortTitle: Enterprise Cloud trial
 
 You can use organizations for free with {% data variables.product.prodname_free_team %}, which includes limited features. For additional features, such as SAML single sign-on (SSO), access control for {% data variables.product.prodname_pages %}, and included {% data variables.product.prodname_actions %} minutes, you can upgrade to {% data variables.product.prodname_ghe_cloud %}. For a detailed list of the features available with {% data variables.product.prodname_ghe_cloud %}, see our [Pricing](https://github.com/pricing) page.
 
-{% data reusables.saml.saml-accounts %} For more information, see "[About identity and access management with SAML single sign-on](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+You can set up a trial of {% data variables.product.prodname_ghe_cloud %} to evaluate these additional features on a new or existing organization account.
 
-{% data reusables.enterprise-accounts.emu-short-summary %}
-
-{% data variables.product.prodname_emus %} is not part of the free trial of {% data variables.product.prodname_ghe_cloud %}. If you're interested in {% data variables.product.prodname_emus %}, please contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
+Trials are also available for {% data variables.product.prodname_ghe_server %}. For more information, see "[Setting up a trial of {% data variables.product.prodname_ghe_server %}](/articles/setting-up-a-trial-of-github-enterprise-server)."
 
 {% data reusables.products.which-product-to-use %}
 
@@ -39,7 +37,11 @@ You can set up a 30-day trial to evaluate {% data variables.product.prodname_ghe
 
 Your trial includes 50 seats. If you need more seats to evaluate {% data variables.product.prodname_ghe_cloud %}, contact {% data variables.contact.contact_enterprise_sales %}. At the end of the trial, you can choose a different number of seats.
 
-Trials are also available for {% data variables.product.prodname_ghe_server %}. For more information, see "[Setting up a trial of {% data variables.product.prodname_ghe_server %}](/articles/setting-up-a-trial-of-github-enterprise-server)."
+{% data reusables.saml.saml-accounts %}
+
+For more information, see "[About identity and access management with SAML single sign-on](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+
+{% data variables.product.prodname_emus %} is not part of the free trial of {% data variables.product.prodname_ghe_cloud %}. If you're interested in {% data variables.product.prodname_emus %}, please contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
 
 ## Setting up your trial of {% data variables.product.prodname_ghe_cloud %}
 
@@ -62,11 +64,13 @@ After setting up your trial, you can explore {% data variables.product.prodname_
 
 ## Finishing your trial
 
-You can buy {% data variables.product.prodname_enterprise %} or downgrade to {% data variables.product.prodname_team %} at any time during your trial.
+You can buy {% data variables.product.prodname_enterprise %} at any time during your trial. Purchasing {% data variables.product.prodname_enterprise %} ends your trial, removing the 50-seat maximum and initiating payment.
 
-If you don't purchase {% data variables.product.prodname_enterprise %} or {% data variables.product.prodname_team %} before your trial ends, your organization will be downgraded to {% data variables.product.prodname_free_team %} and lose access to any advanced tooling and features that are only included with paid products, including {% data variables.product.prodname_pages %} sites published from those private repositories. If you don't plan to upgrade, to avoid losing access to advanced features, make the repositories public before your trial ends. For more information, see "[Setting repository visibility](/articles/setting-repository-visibility)."
+If you don't purchase {% data variables.product.prodname_enterprise %}, when the trial ends, your organization will be downgraded. If you used an existing organization for the trial, the organization will be downgraded to the product you were using before the trial. If you created a new organization for the trial, the organization will be downgraded to {% data variables.product.prodname_free_team %}. 
 
-Downgrading to {% data variables.product.prodname_free_team %} for organizations also disables any SAML settings configured during the trial period. Once you purchase {% data variables.product.prodname_enterprise %} or {% data variables.product.prodname_team %}, your SAML settings will be enabled again for users in your organization to authenticate.
+Your organization will lose access to any functionality that is not included in the new product, such as advanced features like {% data variables.product.prodname_pages %} for private repositories. If you don't plan to upgrade, to avoid losing access to advanced features, consider making affected repositories public before your trial ends. For more information, see "[Setting repository visibility](/articles/setting-repository-visibility)."
+
+Downgrading also disables any SAML settings configured during the trial period. If you later purchase {% data variables.product.prodname_enterprise %}, your SAML settings will be enabled again for users in your organization to authenticate.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}

content/get-started/using-github/github-command-palette.md

@@ -26,10 +26,12 @@ The ability to run commands directly from your keyboard, without navigating thro
 
 ## Opening the {% data variables.product.prodname_command_palette %}
 
-Open the command palette using one of the following keyboard shortcuts:
+Open the command palette using one of the following default keyboard shortcuts:
 - Windows and Linux: <kbd>Ctrl</kbd>+<kbd>K</kbd> or <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>K</kbd>
 - Mac: <kbd>Command</kbd>+<kbd>K</kbd> or <kbd>Command</kbd>+<kbd>Option</kbd>+<kbd>K</kbd>
 
+You can customize the keyboard shortcuts you use to open the command palette in the [Accessibility section](https://github.com/settings/accessibility) of your user settings. For more information, see "[Customizing your {% data variables.product.prodname_command_palette %} keyboard shortcuts](#customizing-your-github-command-palette-keyboard-shortcuts)."
+
 When you open the command palette, it shows your location at the top left and uses it as the scope for suggestions (for example, the `mashed-avocado` organization).
 
 ![Command palette launch](/assets/images/help/command-palette/command-palette-launch.png)
@@ -42,6 +44,12 @@ When you open the command palette, it shows your location at the top left and us
 
 {% endnote %}
 
+### Customizing your {% data variables.product.prodname_command_palette %} keyboard shortcuts
+
+
+The default keyboard shortcuts used to open the command palette may conflict with your default OS and browser keyboard shortcuts. You have the option to customize your keyboard shortcuts in the [Accessibility section](https://github.com/settings/accessibility) of your account settings. In the command palette settings, you can customize the keyboard shortcuts for opening the command palette in both search mode and command mode. 
+
+![Command palette keyboard shortcut settings](/assets/images/help/command-palette/command-palette-keyboard-shortcut-settings.png)
 ## Navigating with the {% data variables.product.prodname_command_palette %}
 
 You can use the command palette to navigate to any page that you have access to on {% data variables.product.product_name %}.
@@ -96,7 +104,7 @@ You can use the {% data variables.product.prodname_command_palette %} to run com
 
 For a full list of supported commands, see "[{% data variables.product.prodname_command_palette %} reference](#github-command-palette-reference)."
 
-1. Use <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>K</kbd> (Windows and Linux) or <kbd>Command</kbd>+<kbd>Shift</kbd>+<kbd>K</kbd> (Mac) to open the command palette in command mode. If you already have the command palette open, press <kbd>></kbd> to switch to command mode. {% data variables.product.prodname_dotcom %} suggests commands based on your location.
+1. The default keyboard shortcuts to open the command palette in command mode are <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>K</kbd> (Windows and Linux) or <kbd>Command</kbd>+<kbd>Shift</kbd>+<kbd>K</kbd> (Mac). If you already have the command palette open, press <kbd>></kbd> to switch to command mode. {% data variables.product.prodname_dotcom %} suggests commands based on your location.
 
    ![Command palette command mode](/assets/images/help/command-palette/command-palette-command-mode.png)
 
@@ -106,6 +114,7 @@ For a full list of supported commands, see "[{% data variables.product.prodname_
 
 4. Use the arrow keys to highlight the command you want and use <kbd>Enter</kbd> to run it.
 
+
 ## Closing the command palette
 
 When the command palette is active, you can use one of the following keyboard shortcuts to close the command palette:
@@ -113,6 +122,8 @@ When the command palette is active, you can use one of the following keyboard sh
 - Search and navigation mode: <kbd>Esc</kbd> or <kbd>Ctrl</kbd>+<kbd>K</kbd> (Windows and Linux)  <kbd>Command</kbd>+<kbd>K</kbd> (Mac)
 - Command mode: <kbd>Esc</kbd> or <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>K</kbd> (Windows and Linux)  <kbd>Command</kbd>+<kbd>Shift</kbd>+<kbd>K</kbd> (Mac)
 
+If you have customized the command palette keyboard shortcuts in the Accessibility settings, your customized keyboard shortcuts will be used for both opening and closing the command palette.  
+
 ## {% data variables.product.prodname_command_palette %} reference
 
 ### Keystroke functions

content/issues/tracking-your-work-with-issues/about-task-lists.md

@@ -76,5 +76,5 @@ Any issues that are referenced in a task list specify that they are tracked by t
 
 ## Further reading
 
-* "[Basic writing and formatting syntax](/articles/basic-writing-and-formatting-syntax)"{% ifversion fpt or ghes > 3.3 or ghae-issue-5036 %}
+* "[Basic writing and formatting syntax](/articles/basic-writing-and-formatting-syntax)"{% if code-scanning-task-lists %}
 * "[Tracking {% data variables.product.prodname_code_scanning %} alerts in issues using task lists](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists)"{% endif %}

content/issues/tracking-your-work-with-issues/creating-an-issue.md

@@ -153,7 +153,7 @@ Query parameter | Example
 `projects` | `https://github.com/octo-org/octo-repo/issues/new?title=Bug+fix&projects=octo-org/1` creates an issue with the title "Bug fix" and adds it to the organization's project board 1.
 `template` | `https://github.com/octo-org/octo-repo/issues/new?template=issue_template.md` creates an issue with a template in the issue body. The `template` query parameter works with templates stored in an `ISSUE_TEMPLATE` subdirectory within the root, `docs/` or `.github/` directory in a repository. For more information, see "[Using templates to encourage useful issues and pull requests](/communities/using-templates-to-encourage-useful-issues-and-pull-requests)."
 
-{% ifversion fpt or ghes > 3.3 or ghae-issue-5036 %}
+{% if code-scanning-task-lists %}
 ## Creating an issue from a {% data variables.product.prodname_code_scanning %} alert
 
 {% data reusables.code-scanning.beta-alert-tracking-in-issues %}

content/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization.md

@@ -23,6 +23,7 @@ If you allow forking of private{% ifversion ghes or ghec or ghae %} and internal
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
+{% data reusables.profile.org_member_privileges %}
 1. Under "Repository forking", select **Allow forking of private {% ifversion ghec or ghes or ghae %}and internal {% endif %}repositories**.
 
    {%- ifversion fpt %}

content/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages.md

@@ -23,8 +23,7 @@ It's also possible to verify a domain for your organization{% ifversion ghec %}
 ## Verifying a domain for your user site
 
 {% data reusables.user_settings.access_settings %}
-1. In the left sidebar, click **Pages**.
-![Pages option in the settings menu](/assets/images/help/settings/user-settings-pages.png)
+1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "browser" aria-label="The pages icon" %} Pages**.
 {% data reusables.pages.settings-verify-domain-setup %}
 1. Wait for your DNS configuration to change, this may be immediate or take up to 24 hours. You can confirm the change to your DNS configuration by running the `dig` command on the command line. In the command below, replace `USERNAME` with your username and `example.com` with the domain you're verifying. If your DNS configuration has updated, you should see your new TXT record in the output.
   ```
@@ -38,8 +37,7 @@ Organization owners can verify custom domains for their organization.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-1. In the left sidebar, click **Pages**.
-![Pages option in the settings menu](/assets/images/help/settings/org-settings-pages.png)
+1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "browser" aria-label="The browser icon" %} Pages**.
 {% data reusables.pages.settings-verify-domain-setup %}
 1. Wait for your DNS configuration to change, this may be immediate or take up to 24 hours. You can confirm the change to your DNS configuration by running the `dig` command on the command line. In the command below, replace `ORGANIZATION` with the name of your organization and `example.com` with the domain you're verifying. If your DNS configuration has updated, you should see your new TXT record in the output.
   ```

content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request.md

@@ -170,6 +170,7 @@ For more information on creating pull requests in {% data variables.product.prod
 ## Further reading
 
 - "[Creating a pull request from a fork](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork)"
+- "[Keeping your pull request in sync with the base branch](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/keeping-your-pull-request-in-sync-with-the-base-branch)"
 - "[Changing the base branch of a pull request](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-base-branch-of-a-pull-request)"
 - "[Adding issues and pull requests to a project board from the sidebar](/articles/adding-issues-and-pull-requests-to-a-project-board/#adding-issues-and-pull-requests-to-a-project-board-from-the-sidebar)"
 - "[About automation for issues and pull requests with query parameters](/issues/tracking-your-work-with-issues/creating-issues/about-automation-for-issues-and-pull-requests-with-query-parameters)"

content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/index.md

@@ -22,6 +22,7 @@ children:
   - /using-query-parameters-to-create-a-pull-request
   - /changing-the-stage-of-a-pull-request
   - /requesting-a-pull-request-review
+  - /keeping-your-pull-request-in-sync-with-the-base-branch
   - /changing-the-base-branch-of-a-pull-request
   - /committing-changes-to-a-pull-request-branch-created-from-a-fork
 shortTitle: Propose changes

content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/keeping-your-pull-request-in-sync-with-the-base-branch.md

@@ -0,0 +1,56 @@
+---
+title: Keeping your pull request in sync with the base branch
+intro: 'After you open a pull request, you can update the head branch, which contains your changes, with any changes that have been made in the base branch.'
+permissions: People with write permissions to the repository to which the head branch of the pull request belongs can update the head branch with changes that have been made in the base branch.
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+topics:
+  - Pull requests
+shortTitle: Update the head branch
+---
+
+## About keeping your pull request in sync
+
+Before merging your pull requests, other changes may get merged into the base branch causing your pull request's head branch to be out of sync. Updating your pull request with the latest changes from the base branch can help catch problems prior to merging.
+
+You can update a pull request's head branch from the command line or the pull request page. The **Update branch** button is displayed when all of these are true:
+
+* There are no merge conflicts between the pull request branch and the base branch.
+* The pull request branch is not up to date with the base branch.
+* The base branch requires branches to be up to date before merging{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6069 %} or the setting to always suggest updating branches is enabled{% endif %}.
+
+For more information, see "[Require status checks before merging](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches){% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6069 %}" and "[Managing suggestions to update pull request branches](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-suggestions-to-update-pull-request-branches){% endif %}."
+
+If there are changes to the base branch that cause merge conflicts in your pull request branch, you will not be able to update the branch until all conflicts are resolved. For more information, see "[About merge conflicts](/pull-requests/collaborating-with-pull-requests/addressing-merge-conflicts/about-merge-conflicts)."
+
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6069 %}
+From the pull request page you can update your pull request's branch using a traditional merge or by rebasing. A traditional merge results in a merge commit that merges the base branch into the head branch of the pull request. Rebasing applies the changes from _your_ branch onto the latest version of the base branch. The result is a branch with a linear history, since no merge commit is created.
+{% else %}
+Updating your branch from the pull request page performs a traditional merge. The resulting merge commit merges the base branch into the head branch of the pull request.
+{% endif %}
+
+## Updating your pull request branch
+
+{% data reusables.repositories.sidebar-pr %}
+
+1. In the "Pull requests" list, click the pull request you'd like to update.
+
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6069 %}
+1. In the merge section near the bottom of the page, you can:
+   - Click **Update branch** to perform a traditional merge.
+   ![Button to update branch](/assets/images/help/pull_requests/pull-request-update-branch-with-dropdown.png)
+   - Click the update branch drop down menu, click **Update with rebase**, and then click **Rebase branch** to update by rebasing on the base branch.
+   ![Drop-down menu showing merge and rebase options](/assets/images/help/pull_requests/pull-request-update-branch-rebase-option.png)
+{% else %}
+1. In the merge section near the bottom of the page, click **Update branch** to perform a traditional merge.
+  ![Button to update branch](/assets/images/help/pull_requests/pull-request-update-branch.png)
+{% endif %}
+
+## Further reading
+
+- "[About pull requests](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)"
+- "[Changing the stage of a pull request](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request)"
+- "[Committing changes to a pull request branch created from a fork](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/committing-changes-to-a-pull-request-branch-created-from-a-fork)"