jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity

Update all files to use {% data %} (#15253)

Browse Source 
* Add back changes from prior to purge

* Manually fix some invalid Liquid

* Updoot render-content

* Improve test messages to show correct output

* Run el scripto

* Pass the remaining test
This commit is contained in:
Jason Etcovitch
2020-09-29 16:01:04 -04:00
committed by GitHub
parent aa5a62d49d
commit caaee7a124
14816 changed files with 100317 additions and 100247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/admin/policies/about-pre-receive-hooks.md
View File

@@ -1,6 +1,6 @@
---
title: About pre-receive hooks
intro: '*Pre-receive hooks* are scripts that run on the {{ site.data.variables.product.prodname_ghe_server }} appliance that you can use to implement quality checks.'
intro: '*Pre-receive hooks* are scripts that run on the {% data variables.product.prodname_ghe_server %} appliance that you can use to implement quality checks.'
redirect_from:
- /enterprise/admin/developer-workflow/about-pre-receive-hooks
- /enterprise/admin/policies/about-pre-receive-hooks
@@ -23,4 +23,4 @@ Examples of how you can use pre-receive hooks:
### Impact on performance and workflows
Impact to developers and their workflows can be significant and must be considered carefully. Pre-receive hooks that are based on business needs and implemented thoughtfully will provide the most benefit to the organization as a whole.
Pre-receive hooks can have unintended effects on the performance of {{ site.data.variables.product.product_location_enterprise }} and should be carefully implemented and reviewed.
Pre-receive hooks can have unintended effects on the performance of {% data variables.product.product_location_enterprise %} and should be carefully implemented and reviewed.

20
content/admin/policies/creating-a-pre-receive-hook-environment.md
View File

@@ -8,9 +8,9 @@ versions:
enterprise-server: '*'
---
A pre-receive environment for {{ site.data.variables.product.prodname_ghe_server }} is a Linux [`chroot`](https://en.wikipedia.org/wiki/Chroot) environment. Because pre-receive hooks execute on every push event, they should be fast and lightweight. The environment needed for such checks will typically be minimal.
A pre-receive environment for {% data variables.product.prodname_ghe_server %} is a Linux [`chroot`](https://en.wikipedia.org/wiki/Chroot) environment. Because pre-receive hooks execute on every push event, they should be fast and lightweight. The environment needed for such checks will typically be minimal.
{{ site.data.variables.product.prodname_ghe_server }} provides a default environment which includes these packages: `awk`, `bash`, `coreutils`, `curl`, `find`, `gnupg`, `grep`, `jq`, `sed`.
{% data variables.product.prodname_ghe_server %} provides a default environment which includes these packages: `awk`, `bash`, `coreutils`, `curl`, `find`, `gnupg`, `grep`, `jq`, `sed`.
If you have a specific requirement that isn't met by this environment, such as support for a particular language, you can create and upload your own 64-bit Linux `chroot` environment.
@@ -18,7 +18,7 @@ If you have a specific requirement that isn't met by this environment, such as s
You can use a Linux container management tool to build a pre-receive hook environment. This example uses [Alpine Linux](http://www.alpinelinux.org/) and [Docker](https://www.docker.com/).
{{ site.data.reusables.linux.ensure-docker }}
{% data reusables.linux.ensure-docker %}
2. Create the file `Dockerfile.alpine-3.3` that contains this information:
```
@@ -48,7 +48,7 @@ You can use a Linux container management tool to build a pre-receive hook enviro
$ docker export pre-receive.alpine-3.3 | gzip > alpine-3.3.tar.gz
```
This file `alpine-3.3.tar.gz` is ready to be uploaded to the {{ site.data.variables.product.prodname_ghe_server }} appliance.
This file `alpine-3.3.tar.gz` is ready to be uploaded to the {% data variables.product.prodname_ghe_server %} appliance.
### Creating a pre-receive hook environment using chroot
@@ -70,12 +70,12 @@ You can use a Linux container management tool to build a pre-receive hook enviro
For more information about creating a chroot environment see "[Chroot](https://wiki.debian.org/chroot)" from the *Debian Wiki*, "[BasicChroot](https://help.ubuntu.com/community/BasicChroot)" from the *Ubuntu Community Help Wiki*, or "[Installing Alpine Linux in a chroot](http://wiki.alpinelinux.org/wiki/Installing_Alpine_Linux_in_a_chroot)" from the *Alpine Linux Wiki*.
### Uploading a pre-receive hook environment on {{ site.data.variables.product.prodname_ghe_server }}
### Uploading a pre-receive hook environment on {% data variables.product.prodname_ghe_server %}
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{{ site.data.reusables.enterprise-accounts.hooks-tab }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.hooks-tab %}
5. Click **Manage environments**.
![Manage Environments](/assets/images/enterprise/site-admin-settings/manage-pre-receive-environments.png)
6. Click **Add environment**.
@@ -88,7 +88,7 @@ For more information about creating a chroot environment see "[Chroot](https://w
![Add environment button](/assets/images/enterprise/site-admin-settings/add-environment-button.png)
### Uploading a pre-receive hook environment via the administrative shell
1. Upload a readable `*.tar.gz` file that contains your environment to a web host and copy the URL or transfer the file to the {{ site.data.variables.product.prodname_ghe_server }} appliance via `scp`. When using `scp`, you may need to adjust the `*.tar.gz` file permissions so that the file is world readable.
1. Upload a readable `*.tar.gz` file that contains your environment to a web host and copy the URL or transfer the file to the {% data variables.product.prodname_ghe_server %} appliance via `scp`. When using `scp`, you may need to adjust the `*.tar.gz` file permissions so that the file is world readable.
1. Connect to the administrative shell.
2. Use the `ghe-hook-env-create` command and type the name you want for the environment as the first argument and the full local path or URL of a `*.tar.gz` file that contains your environment as the second argument.

18
content/admin/policies/creating-a-pre-receive-hook-script.md
View File

@@ -8,10 +8,10 @@ versions:
enterprise-server: '*'
---
You can see examples of pre-receive hooks for {{ site.data.variables.product.prodname_ghe_server }} in the [`github/platform-samples` repository](https://github.com/github/platform-samples/tree/master/pre-receive-hooks).
You can see examples of pre-receive hooks for {% data variables.product.prodname_ghe_server %} in the [`github/platform-samples` repository](https://github.com/github/platform-samples/tree/master/pre-receive-hooks).
### Writing a pre-receive hook script
A pre-receive hook script executes in a pre-receive hook environment on the {{ site.data.variables.product.prodname_ghe_server }} appliance. When you create a pre-receive hook script, consider the available input, output, exit-status and environment variables.
A pre-receive hook script executes in a pre-receive hook environment on the {% data variables.product.prodname_ghe_server %} appliance. When you create a pre-receive hook script, consider the available input, output, exit-status and environment variables.
#### Input (stdin)
After a push occurs and before any refs are updated on the remote repository, the `git-receive-pack` process invokes the pre-receive hook script with the standard input of one line per ref to be updated:
@@ -43,7 +43,7 @@ The `exit-status` of a pre-receive script determines if the push will be accepte
| non-zero | The push will be rejected. |
#### Environment variables
Outside of the values that are provided to `stdin`, there are additional variables that are available to a pre-receive hook script running on {{ site.data.variables.product.prodname_ghe_server }}.
Outside of the values that are provided to `stdin`, there are additional variables that are available to a pre-receive hook script running on {% data variables.product.prodname_ghe_server %}.
| Variable | Description |
| :------------- | :------------- |
@@ -61,9 +61,9 @@ Outside of the values that are provided to `stdin`, there are additional variabl
| $GIT_PUSH_OPTION_N | Where <em>N</em> is an integer starting at 0, this variable contains the push option string that was sent by the client. The first option that was sent is stored in GIT_PUSH_OPTION_0, the second option that was sent is stored in GIT_PUSH_OPTION_1, and so on. For more information about push options, see "[git-push](https://git-scm.com/docs/git-push#git-push---push-optionltoptiongt)" in the Git documentation. |{% if currentVersion ver_gt "enterprise-server@2.21" %}
| $GIT_USER_AGENT | The user-agent string sent by the client that pushed the changes. |{% endif %}
### Setting permissions and pushing a pre-receive hook to {{ site.data.variables.product.prodname_ghe_server }}
### Setting permissions and pushing a pre-receive hook to {% data variables.product.prodname_ghe_server %}
A pre-receive hook script is contained in a repository on the {{ site.data.variables.product.prodname_ghe_server }} appliance. A site administrator must take into consideration the repository permissions and ensure that only the appropriate users have access.
A pre-receive hook script is contained in a repository on the {% data variables.product.prodname_ghe_server %} appliance. A site administrator must take into consideration the repository permissions and ensure that only the appropriate users have access.
We recommend consolidating hooks to a single repository. If the consolidated hook repository is public, the `README.md` can be used to explain policy enforcements. Also, contributions can be accepted via pull requests. However, pre-receive hooks can only be added from the default branch. For a testing workflow, forks of the repository with configuration should be used.
@@ -78,19 +78,19 @@ We recommend consolidating hooks to a single repository. If the consolidated hoo
git update-index --chmod=+x <em>SCRIPT_FILE.sh</em>
```
2. Commit and push to your designated pre-receive hooks repository on the {{ site.data.variables.product.prodname_ghe_server }} instance.
2. Commit and push to your designated pre-receive hooks repository on the {% data variables.product.prodname_ghe_server %} instance.
```shell
$ git commit -m "<em>YOUR COMMIT MESSAGE</em>"
$ git push
```
3. [Create the pre-receive hook](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance/#creating-pre-receive-hooks) on the {{ site.data.variables.product.prodname_ghe_server }} instance.
3. [Create the pre-receive hook](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance/#creating-pre-receive-hooks) on the {% data variables.product.prodname_ghe_server %} instance.
### Testing pre-receive scripts locally
You can test a pre-receive hook script locally before you create or update it on your {{ site.data.variables.product.prodname_ghe_server }} appliance. One method is to create a local Docker environment to act as a remote repository that can execute the pre-receive hook.
You can test a pre-receive hook script locally before you create or update it on your {% data variables.product.prodname_ghe_server %} appliance. One method is to create a local Docker environment to act as a remote repository that can execute the pre-receive hook.
{{ site.data.reusables.linux.ensure-docker }}
{% data reusables.linux.ensure-docker %}
2. Create a file called `Dockerfile.dev` containing:

144
content/admin/policies/enforcing-repository-management-policies-in-your-enterprise.md
View File

@@ -31,7 +31,7 @@ versions:
### Configuring the default visibility of new repositories on your appliance
Each time someone creates a new repository on {{ site.data.variables.product.product_location_enterprise }}, that person must choose a visibility for the repository. When you configure a default visibility setting for the instance, you choose which visibility is selected by default. For more information on repository visibility, see "[About repository visibility](/github/creating-cloning-and-archiving-repositories/about-repository-visibility)."
Each time someone creates a new repository on {% data variables.product.product_location_enterprise %}, that person must choose a visibility for the repository. When you configure a default visibility setting for the instance, you choose which visibility is selected by default. For more information on repository visibility, see "[About repository visibility](/github/creating-cloning-and-archiving-repositories/about-repository-visibility)."
If a site administrator disallows members from creating certain types of repositories, members will not be able to create that type of repository even if the visibility setting defaults to that type. For more information, see "[Restricting repository creation in your instance](/enterprise/{{ currentVersion }}/admin/guides/user-management/restricting-repository-creation-in-your-instance)."
@@ -41,18 +41,18 @@ If a site administrator disallows members from creating certain types of reposit
{% endtip %}
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{% data reusables.enterprise-accounts.policies-tab %}
{% else %}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{% data reusables.enterprise-accounts.settings-tab %}
{% endif %}
{{ site.data.reusables.enterprise-accounts.options-tab }}
{% data reusables.enterprise-accounts.options-tab %}
1. Under "Default repository visibility", use the drop-down menu and select a default visibility.
![Drop-down menu to choose the default repository visibility for your instance](/assets/images/enterprise/site-admin-settings/default-repository-visibility-settings.png)
{{ site.data.reusables.enterprise_installation.image-urls-viewable-warning }}
{% data reusables.enterprise_installation.image-urls-viewable-warning %}
### Setting a policy for changing a repository's visibility
@@ -60,26 +60,26 @@ When you prevent members from changing repository visibility, only site administ
If a site administrator has restricted repository creation to organization owners only, then members will not be able to change repository visibility. If a site administrator has restricted member repository creation to private repositories only, then members will only be able to change repositories from public to private. For more information, see "[Setting a policy for repository creation](/enterprise/{{ currentVersion }}/admin/guides/user-management/restricting-repository-creation-in-your-instance)."
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{{ site.data.reusables.enterprise-accounts.repositories-tab }}
5. Under "Repository visibility change", review the information about changing the setting. {{ site.data.reusables.enterprise-accounts.view-current-policy-config-orgs }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.repositories-tab %}
5. Under "Repository visibility change", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
{{ site.data.reusables.enterprise-accounts.repository-visibility-policy }}
{% data reusables.enterprise-accounts.repository-visibility-policy %}
### Setting a policy for repository creation
{{ site.data.reusables.organizations.repo-creation-constants }}
{% data reusables.organizations.repo-creation-constants %}
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{{ site.data.reusables.enterprise-accounts.repositories-tab }}
5. Under "Repository creation", review the information about changing the setting. {{ site.data.reusables.enterprise-accounts.view-current-policy-config-orgs }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.repositories-tab %}
5. Under "Repository creation", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
{% if currentVersion ver_gt "enterprise-server@2.19" %}
{{ site.data.reusables.enterprise-accounts.repo-creation-policy }}
{{ site.data.reusables.enterprise-accounts.repo-creation-types }}
{% data reusables.enterprise-accounts.repo-creation-policy %}
{% data reusables.enterprise-accounts.repo-creation-types %}
{% else %}
6. Under "Repository creation", use the drop-down menu and choose a policy.
![Drop-down menu with repository creation policies](/assets/images/enterprise/site-admin-settings/repository-creation-drop-down.png)
@@ -87,13 +87,13 @@ If a site administrator has restricted repository creation to organization owner
### Setting a policy for repository deletion and transfer
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{{ site.data.reusables.enterprise-accounts.repositories-tab }}
5. Under "Repository deletion and transfer", review the information about changing the setting. {{ site.data.reusables.enterprise-accounts.view-current-policy-config-orgs }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.repositories-tab %}
5. Under "Repository deletion and transfer", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
{{ site.data.reusables.enterprise-accounts.repository-deletion-policy }}
{% data reusables.enterprise-accounts.repository-deletion-policy %}
### Setting a policy for Git push limits
@@ -104,36 +104,36 @@ By default, when you enforce repository upload limits, people cannot add or upda
{% if currentVersion ver_lt "enterprise-server@2.20" %}
{% tip %}
**Note:** Only files larger than {{ site.data.variables.large_files.warning_size }} will be checked against the Git push limit. If you need to set a lower push limit, contact {{ site.data.variables.contact.contact_ent_support }} for assistance.
**Note:** Only files larger than {% data variables.large_files.warning_size %} will be checked against the Git push limit. If you need to set a lower push limit, contact {% data variables.contact.contact_ent_support %} for assistance.
{% endtip %}
{% endif %}
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{% data reusables.enterprise-accounts.policies-tab %}
{% else %}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{% data reusables.enterprise-accounts.settings-tab %}
{% endif %}
{{ site.data.reusables.enterprise-accounts.options-tab }}
{% data reusables.enterprise-accounts.options-tab %}
4. Under "Repository upload limit", use the drop-down menu and click a maximum object size.
![Drop-down menu with maximum object size options](/assets/images/enterprise/site-admin-settings/repo-upload-limit-dropdown.png)
5. Optionally, to enforce a maximum upload limit for all repositories on {{ site.data.variables.product.product_location_enterprise }}, select **Enforce on all repositories**
5. Optionally, to enforce a maximum upload limit for all repositories on {% data variables.product.product_location_enterprise %}, select **Enforce on all repositories**
![Enforce maximum object size on all repositories option](/assets/images/enterprise/site-admin-settings/all-repo-upload-limit-option.png)
### Configuring the merge conflict editor for pull requests between repositories
Requiring users to resolve merge conflicts locally on their computer can prevent people from inadvertently writing to an upstream repository from a fork.
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{% data reusables.enterprise-accounts.policies-tab %}
{% else %}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{% data reusables.enterprise-accounts.settings-tab %}
{% endif %}
{{ site.data.reusables.enterprise-accounts.options-tab }}
{% data reusables.enterprise-accounts.options-tab %}
1. Under "Conflict editor for pull requests between repositories", use the drop-down menu, and click **Disabled**.
![Drop-down menu with option to disable the merge conflict editor](/assets/images/enterprise/settings/conflict-editor-settings.png)
@@ -143,28 +143,28 @@ Each repository inherits a default force push setting from the settings of the u
#### Blocking all force pushes on your appliance
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{% data reusables.enterprise-accounts.policies-tab %}
{% else %}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{% data reusables.enterprise-accounts.settings-tab %}
{% endif %}
{{ site.data.reusables.enterprise-accounts.options-tab }}
{% data reusables.enterprise-accounts.options-tab %}
4. Under "Force pushes", use the drop-down menu, and click **Allow**, **Block** or **Block to the default branch**.
![Force pushes dropdown](/assets/images/enterprise/site-admin-settings/force-pushes-dropdown.png)
5. Optionally, select **Enforce on all repositories**, which will override organization and repository level settings for force pushes.
#### Blocking force pushes to a specific repository
{{ site.data.reusables.enterprise_site_admin_settings.override-policy }}
{% data reusables.enterprise_site_admin_settings.override-policy %}
{{ site.data.reusables.enterprise_site_admin_settings.sign-in }}
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.repository-search }}
{{ site.data.reusables.enterprise_site_admin_settings.click-repo }}
{{ site.data.reusables.enterprise_site_admin_settings.admin-top-tab }}
{{ site.data.reusables.enterprise_site_admin_settings.admin-tab }}
{% data reusables.enterprise_site_admin_settings.sign-in %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.repository-search %}
{% data reusables.enterprise_site_admin_settings.click-repo %}
{% data reusables.enterprise_site_admin_settings.admin-top-tab %}
{% data reusables.enterprise_site_admin_settings.admin-tab %}
4. Select **Block** or **Block to the default branch** under **Push and Pull**.
![Block force pushes](/assets/images/enterprise/site-admin-settings/repo/repo-block-force-pushes.png)
@@ -174,12 +174,12 @@ Repositories inherit force push settings from the user account or organization t
You can override the default inherited settings by configuring the settings for a user account or organization.
{{ site.data.reusables.enterprise_site_admin_settings.sign-in }}
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.search-user-or-org }}
{{ site.data.reusables.enterprise_site_admin_settings.click-user-or-org }}
{{ site.data.reusables.enterprise_site_admin_settings.admin-top-tab }}
{{ site.data.reusables.enterprise_site_admin_settings.admin-tab }}
{% data reusables.enterprise_site_admin_settings.sign-in %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.search-user-or-org %}
{% data reusables.enterprise_site_admin_settings.click-user-or-org %}
{% data reusables.enterprise_site_admin_settings.admin-top-tab %}
{% data reusables.enterprise_site_admin_settings.admin-tab %}
5. Under "Repository default settings" in the "Force pushes" section, select
- **Block** to block force pushes to all branches.
- **Block to the default branch** to only block force pushes to the default branch.
@@ -189,28 +189,28 @@ You can override the default inherited settings by configuring the settings for
### Configuring anonymous Git read access
{{ site.data.reusables.enterprise_user_management.disclaimer-for-git-read-access }}
{% data reusables.enterprise_user_management.disclaimer-for-git-read-access %}
If you have [enabled private mode](/enterprise/admin/configuration/enabling-private-mode) on your instance, you can allow repository administrators to enable anonymous Git read access to public repositories.
Enabling anonymous Git read access allows users to bypass authentication for custom tools on your instance. When you or a repository administrator enable this access setting for a repository, unauthenticated Git operations (and anyone with network access to {{ site.data.variables.product.prodname_ghe_server }}) will have read access to the repository without authentication.
Enabling anonymous Git read access allows users to bypass authentication for custom tools on your instance. When you or a repository administrator enable this access setting for a repository, unauthenticated Git operations (and anyone with network access to {% data variables.product.prodname_ghe_server %}) will have read access to the repository without authentication.
If necessary, you can prevent repository administrators from changing anonymous Git access settings for repositories on {{ site.data.variables.product.product_location_enterprise }} by locking the repository's access settings. After you lock a repository's Git read access setting, only a site administrator can change the setting.
If necessary, you can prevent repository administrators from changing anonymous Git access settings for repositories on {% data variables.product.product_location_enterprise %} by locking the repository's access settings. After you lock a repository's Git read access setting, only a site administrator can change the setting.
{{ site.data.reusables.enterprise_site_admin_settings.list-of-repos-with-anonymous-git-read-access-enabled }}
{% data reusables.enterprise_site_admin_settings.list-of-repos-with-anonymous-git-read-access-enabled %}
{{ site.data.reusables.enterprise_user_management.exceptions-for-enabling-anonymous-git-read-access }}
{% data reusables.enterprise_user_management.exceptions-for-enabling-anonymous-git-read-access %}
#### Setting anonymous Git read access for all repositories
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
{{ site.data.reusables.enterprise-accounts.policies-tab }}
{% data reusables.enterprise-accounts.policies-tab %}
{% else %}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{% data reusables.enterprise-accounts.settings-tab %}
{% endif %}
{{ site.data.reusables.enterprise-accounts.options-tab }}
{% data reusables.enterprise-accounts.options-tab %}
4. Under "Anonymous Git read access", use the drop-down menu, and click **Enabled**.
![Anonymous Git read access drop-down menu showing menu options "Enabled" and "Disabled"](/assets/images/enterprise/site-admin-settings/enable-anonymous-git-read-access.png)
3. Optionally, to prevent repository admins from changing anonymous Git read access settings in all repositories on your instance, select **Prevent repository admins from changing anonymous Git read access**.
@@ -218,11 +218,11 @@ If necessary, you can prevent repository administrators from changing anonymous
#### Setting anonymous Git read access for a specific repository
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.repository-search }}
{{ site.data.reusables.enterprise_site_admin_settings.click-repo }}
{{ site.data.reusables.enterprise_site_admin_settings.admin-top-tab }}
{{ site.data.reusables.enterprise_site_admin_settings.admin-tab }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.repository-search %}
{% data reusables.enterprise_site_admin_settings.click-repo %}
{% data reusables.enterprise_site_admin_settings.admin-top-tab %}
{% data reusables.enterprise_site_admin_settings.admin-tab %}
6. Under "Danger Zone", next to "Enable Anonymous Git read access", click **Enable**.
!["Enabled" button under "Enable anonymous Git read access" in danger zone of a repository's site admin settings ](/assets/images/enterprise/site-admin-settings/site-admin-enable-anonymous-git-read-access.png)
7. Review the changes. To confirm, click **Yes, enable anonymous Git read access.**

2
content/admin/policies/index.md
View File

@@ -1,6 +1,6 @@
---
title: Setting policies for your enterprise
intro: 'You can set policies in {{ site.data.variables.product.prodname_enterprise }} to reduce risk and increase quality.'
intro: 'You can set policies in {% data variables.product.prodname_enterprise %} to reduce risk and increase quality.'
redirect_from:
- /enterprise/admin/developer-workflow
- /enterprise/admin/policies

36
content/admin/policies/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance.md
View File

@@ -1,6 +1,6 @@
---
title: Managing pre-receive hooks on the GitHub Enterprise Server appliance
intro: 'Configure how people will use pre-receive hooks within their {{ site.data.variables.product.prodname_ghe_server }} appliance.'
intro: 'Configure how people will use pre-receive hooks within their {% data variables.product.prodname_ghe_server %} appliance.'
redirect_from:
- /enterprise/admin/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance
- /enterprise/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-appliance/
@@ -11,10 +11,10 @@ versions:
### Creating pre-receive hooks
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{{ site.data.reusables.enterprise-accounts.hooks-tab }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.hooks-tab %}
4. Click **Add pre-receive hook**.
![Add pre-receive hook](/assets/images/enterprise/site-admin-settings/add-pre-receive-hook.png)
5. In the **Hook name** field, enter the name of the hook that you want to create.
@@ -32,19 +32,19 @@ versions:
### Editing pre-receive hooks
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{{ site.data.reusables.enterprise-accounts.hooks-tab }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.hooks-tab %}
1. Next to the pre-receive hook that you want to edit, click {% octicon "pencil" aria-label="The edit icon" %}.
![Edit pre-receive](/assets/images/enterprise/site-admin-settings/edit-pre-receive-hook.png)
### Deleting pre-receive hooks
{{ site.data.reusables.enterprise_site_admin_settings.access-settings }}
{{ site.data.reusables.enterprise_site_admin_settings.business }}
{{ site.data.reusables.enterprise-accounts.settings-tab }}
{{ site.data.reusables.enterprise-accounts.hooks-tab }}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.hooks-tab %}
2. Next to the pre-receive hook that you want to delete, click {% octicon "x" aria-label="X symbol" %}.
![Edit pre-receive](/assets/images/enterprise/site-admin-settings/delete-pre-receive-hook.png)
@@ -52,9 +52,9 @@ versions:
An organization administrator can only configure hook permissions for an organization if the site administrator selected the **Administrators can enable or disable this hook** option when they created the pre-receive hook. To configure pre-receive hooks for a repository, you must be an organization administrator or owner.
{{ site.data.reusables.profile.enterprise_access_profile }}
{{ site.data.reusables.profile.access_org }}
{{ site.data.reusables.organizations.org_settings }}
{% data reusables.profile.enterprise_access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
4. In the left sidebar, click **Hooks**.
![Hooks sidebar](/assets/images/enterprise/orgs-and-teams/hooks-sidebar.png)
5. Next to the pre-receive hook that you want to configure, click the **Hook permissions** drop-down menu. Select whether to enable or disable the pre-receive hook, or allow it to be configured by the repository administrators.
@@ -64,10 +64,10 @@ An organization administrator can only configure hook permissions for an organiz
A repository owner can only configure a hook if the site administrator selected the **Administrators can enable or disable this hook** option when they created the pre-receive hook. In an organization, the organization owner must also have selected the **Configurable** hook permission. To configure pre-receive hooks for a repository, you must be a repository owner.
{{ site.data.reusables.profile.enterprise_access_profile }}
{% data reusables.profile.enterprise_access_profile %}
2. Click **Repositories** and select which repository you want to configure pre-receive hooks for.
![Repositories](/assets/images/enterprise/repos/repositories.png)
{{ site.data.reusables.repositories.sidebar-settings }}
{% data reusables.repositories.sidebar-settings %}
4. In the left sidebar, click **Hooks & Services**.
![Hooks and services](/assets/images/enterprise/repos/hooks-services.png)
5. Next to the pre-receive hook that you want to configure, click the **Hook permissions** drop-down menu. Select whether to enable or disable the pre-receive hook.