jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-30 03:01:36 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into deployment-guides/add-gke

Browse Source
This commit is contained in:
Leona B. Campbell
2020-12-16 14:53:24 -08:00
committed by GitHub
parent d836fd11fb 7785ab9242
commit cf968af103
2928 changed files with 50085 additions and 10095 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/allowed-actions.js vendored
View File

@@ -25,12 +25,13 @@ module.exports = [
'pascalgn/automerge-action@c9bd182',
'peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326',
'peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd',
'peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8',
'peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43',
'rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9',
'rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e',
'repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88',
'repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d',
'someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd',
'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0',
'EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575'
'EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575',
'dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58'
]

39
.github/workflows/close-unwanted-pull-requests.yml vendored
View File

@@ -1,39 +0,0 @@
name: Close unwanted pull requests
on:
pull_request:
paths:
- '.github/workflows/**'
- '.github/CODEOWNERS'
- 'translations/**'
- 'assets/fonts/**'
- 'data/graphql/**'
- 'lib/graphql/**'
- 'lib/redirects/**'
- 'lib/webhooks/**'
jobs:
close_unwanted_pull_requests:
if: github.repository == 'github/docs' && github.event.pull_request.user.login != 'Octomerger'
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
with:
script: |
await github.issues.createComment({
...context.repo,
issue_number: context.payload.pull_request.number,
body:
`Thanks for contributing! We do not accept community changes to these files at this time.
- '.github/workflows/**'
- '.github/CODEOWNERS'
- 'translations/**'
- 'assets/fonts/**'
- 'data/graphql/**'
- 'lib/graphql/**'
- 'lib/redirects/**'
- 'lib/webhooks/**'`
})
await github.issues.update({
...context.repo,
issue_number: context.payload.pull_request.number,
state: 'closed'
})

3
.github/workflows/codeql.yml vendored
View File

@@ -2,6 +2,9 @@ name: CodeQL analysis
on:
push:
branches: main
pull_request:
branches: main
paths:
- '**/*.js'
- '.github/workflows/codeql.yml'

2
.github/workflows/remove-unused-assets.yml vendored
View File

@@ -33,7 +33,7 @@ jobs:
- name: Remove script results file
run: rm -rf ./results.md
- name: Create pull request
uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
uses: peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43
with:
# need to use a token with repo and workflow scopes for this step
token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}

2
.github/workflows/repo-sync-stalls.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
const timeDelta = Date.now() - Date.parse(pr.created_at);
const minutesOpen = timeDelta / 1000 / 60;
if (minutesOpen > 30) {
if (minutesOpen > 180) {
core.setFailed('Repo sync appears to be stalled')
}
})

122
.github/workflows/triage-unallowed-contributions.yml vendored Normal file
View File

@@ -0,0 +1,122 @@
name: Check unallowed file changes
on:
pull_request_target:
paths:
- '.github/workflows/**'
- '.github/CODEOWNERS'
- 'translations/**'
- 'assets/fonts/**'
- 'data/graphql/**'
- 'lib/graphql/**'
- 'lib/redirects/**'
- 'lib/rest/**'
- 'lib/webhooks/**'
jobs:
triage:
if: github.repository == 'github/docs' && github.event.pull_request.user.login != 'Octomerger'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Check for existing requested changes
id: requested-change
uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
with:
github-token: ${{secrets.GITHUB_TOKEN}}
result-encoding: json
script: |
const pullReviews = await github.pulls.listReviews({
...context.repo,
pull_number: context.payload.number
})
const botReviews = pullReviews.data
.filter(review => review.user.login === 'github-actions[bot]')
.sort((a, b) => new Date(b.submitted_at) - new Date(a.submitted_at))
.shift()
if (botReviews) {
console.log(`Pull request reviews authored by the github-action bot: ${botReviews}`)
}
return botReviews
- name: Get files changed
uses: dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58
id: filter
with:
# Base branch used to get changed files
base: 'main'
# Enables setting an output in the format in `${FILTER_NAME}_files
# with the names of the matching files formatted as JSON array
list-files: json
# Returns list of changed files matching each filter
filters: |
translation:
- 'translations/**'
openapi:
- 'lib/rest/static/**'
notAllowed:
- '.github/workflows/**'
- '.github/CODEOWNERS'
- 'translations/**'
- 'assets/fonts/**'
- 'data/graphql/**'
- 'lib/graphql/**'
- 'lib/redirects/**'
- 'lib/rest/**'
- 'lib/webhooks/**'
# When there are changes to files we can't accept
# and no review exists,leave a REQUEST_CHANGES review
- name: Request pull request changes
# Check for no reviews or reviews that aren't CHANGES_REQUESTED
if: ${{ steps.filter.outputs.notAllowed == 'true' && (!steps.requested-change.outputs.result || fromJson(steps.requested-change.outputs.result).state != 'CHANGES_REQUESTED') }}
uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const changedFiles = ${{steps.filter.outputs.notAllowed_files}}
const restFiles = ${{steps.filter.outputs.openapi_files}}
const translationFiles = ${{steps.filter.outputs.translation_files}}
const markdownFiles = changedFiles.map(file => `- \`${file}\`\n`).join('')
let reviewMessage = `👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions.\n${markdownFiles}\n\nYou'll need to revert all of these ☝️ files using [GitHub Desktop](https://docs.github.com/en/free-pro-team@latest/desktop/contributing-and-collaborating-using-github-desktop/reverting-a-commit) or \`git checkout origin/main <file name>\`. Once you get those files reverted, we can continue with the review process. :octocat:`
if (restFiles.length > 0) {
reviewMessage += "\n\nIt looks like you've modified the OpenAPI schema (`lib/rest/static/**`). While we aren't accepting changes to the schema directly, you can open an issue for any updates to the REST API docs. Head on over to the [`github/rest-api-description`](https://github.com/github/rest-api-description/issues/new?assignees=&labels=Inaccuracy&template=schema-inaccuracy.md&title=%5BSchema+Inaccuracy%5D+%3CDescribe+Problem%3E) repository to open an issue. ⚡"
}
if (translationFiles.length > 0) {
await github.issues.addLabels({
...context.repo,
issue_number: context.payload.number,
labels: ['localization']
})
reviewMessage += "\n\nIt looks like you've modified translated content. Unfortunately, we are not able to accept pull requests for translated content. Our translation process involves an integration with an external service at crowdin.com, where all translation activity happens. We hope to eventually open up the translation process to the open source community, but we're not there yet. See https://github.com/github/docs/blob/main/CONTRIBUTING.md#earth_asia-translations for more details."
}
await github.pulls.createReview({
...context.repo,
pull_number: context.payload.number,
body: reviewMessage,
event: 'REQUEST_CHANGES'
})
# When the most recent review was CHANGES_REQUESTED and the existing
# PR no longer contains unallowed changes, dismiss the previous review
- name: Dismiss pull request review
# Check that unallowed files aren't modified and that a
# CHANGES_REQUESTED review already exists
if: ${{ steps.filter.outputs.notAllowed == 'false' && steps.requested-change.outputs.result && fromJson(steps.requested-change.outputs.result).state == 'CHANGES_REQUESTED' }}
uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
await github.pulls.dismissReview({
...context.repo,
pull_number: context.payload.number,
review_id: ${{fromJson(steps.requested-change.outputs.result).id}},
message: `✨Looks like you reverted all files we don't accept contributions for. 🙌 A member of the docs team will review your PR soon. 🚂`
})

7
.github/workflows/update-graphql-files.yml vendored
View File

@@ -9,6 +9,7 @@ env:
FREEZE: ${{ secrets.FREEZE }}
on:
workflow_dispatch:
schedule:
- cron: '20 16 * * *' # run every day at 16:20 UTC / 8:20 PST
@@ -36,15 +37,15 @@ jobs:
- name: Run updater scripts
env:
# need to use a token from a user with access to github/github for this step
GITHUB_TOKEN: ${{ secrets.ZEKE_PAT_WITH_REPO_AND_WORKFLOW_SCOPE_FOR_REPO_SYNC }}
GITHUB_TOKEN: ${{ secrets.RACHMARI_REPO_WORKFLOW }}
run: |
script/graphql/update-files.js
- name: Create pull request
id: create-pull-request
uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
uses: peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43
with:
# need to use a token with repo and workflow scopes for this step
token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: 'Action ran graphql script"update-files"'
title: GraphQL schema update
body:

3
Gemfile.lock
View File

@@ -10,10 +10,11 @@ GEM
PLATFORMS
ruby
x86_64-linux
DEPENDENCIES
graphql (= 1.10.6)
graphql-schema_comparator (~> 1.0.0)
BUNDLED WITH
2.1.4
2.2.1

4
app.json
View File

@@ -2,9 +2,11 @@
"name": "docs.github.com",
"env": {
"NODE_ENV": "production",
"NPM_CONFIG_PRODUCTION": "true"
"NPM_CONFIG_PRODUCTION": "true",
"ENABLED_LANGUAGES": "en, de"
},
"buildpacks": [
{ "url": "https://github.com/DataDog/heroku-buildpack-datadog.git#1.21" },
{ "url": "heroku/nodejs" }
],
"formation": {

BIN
assets/images/actions-approve-deployments.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

BIN
assets/images/actions-review-deployments.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
assets/images/environments-sidebar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 147 KiB

BIN
assets/images/help/enterprises/add-a-domain-button.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
assets/images/help/enterprises/verified-domains-tab.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
assets/images/help/pull_requests/allow-auto-merge-checkbox.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
assets/images/help/pull_requests/confirm-auto-merge-button.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
assets/images/help/pull_requests/disable-auto-merge-button.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
assets/images/help/pull_requests/enable-auto-merge-button.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
assets/images/help/pull_requests/enable-auto-merge-drop-down.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
assets/images/help/pull_requests/pull-request-information-fields.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
assets/images/help/settings/appearance-tab.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.5 KiB

After

Width:  |  Height:  |  Size: 15 KiB

2
content/actions/creating-actions/creating-a-javascript-action.md
View File

@@ -176,7 +176,7 @@ git tag -a -m "My first action release" v1
git push --follow-tags
```
As an alternative to checking in your `node_modules` directory you can use a tool called [`@vercel/ncc`](https://github.com/vercel/ncc) to compile your code and modules into one file used for distribution.
Checking in your `node_modules` directory can cause problems. As an alternative, you can use a tool called [`@vercel/ncc`](https://github.com/vercel/ncc) to compile your code and modules into one file used for distribution.
1. Install `vercel/ncc` by running this command in your terminal.
`npm i -g @vercel/ncc`

13
content/actions/creating-actions/metadata-syntax-for-github-actions.md
View File

@@ -117,6 +117,7 @@ runs:
{% endraw %}
#### `outputs.<output_id>.value`
**Required** The value that the output parameter will be mapped to. You can set this to a `string` or an expression with context. For example, you can use the `steps` context to set the `value` of an output to the output value of a step.
For more information on how to use context and expression syntax, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
@@ -205,7 +206,7 @@ For example, this `cleanup.js` will only run on Linux-based runners:
**Required** The run steps that you plan to run in this action.
##### `runs.steps.run`
##### `runs.steps[*].run`
**Required** The command you want to run. This can be inline or a script in your action repository:
```yaml
@@ -228,23 +229,23 @@ runs:
For more information, see "[`github context`](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)".
##### `runs.steps.shell`
##### `runs.steps[*].shell`
**Required** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell).
##### `runs.steps.name`
##### `runs.steps[*].name`
**Optional** The name of the composite run step.
##### `runs.steps.id`
##### `runs.steps[*].id`
**Optional** A unique identifier for the step. You can use the `id` to reference the step in contexts. For more information, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
##### `runs.steps.env`
##### `runs.steps[*].env`
**Optional** Sets a `map` of environment variables for only that step. If you want to modify the environment variable stored in the workflow, use {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}`echo "{name}={value}" >> $GITHUB_ENV`{% else %}`echo "::set-env name={name}::{value}"`{% endif %} in a composite run step.
##### `runs.steps.working-directory`
##### `runs.steps[*].working-directory`
**Optional** Specifies the working directory where the command is run.

2
content/actions/guides/about-continuous-integration.md
View File

@@ -25,7 +25,7 @@ Building and testing your code requires a server. You can build and test updates
### About continuous integration using {% data variables.product.prodname_actions %}
CI using {% data variables.product.prodname_actions %} offers workflows that can build the code in your repository and run your tests. Workflows can run on {% data variables.product.prodname_dotcom %}-hosted virtual machines, or on machines that you host yourself. For more information, see "[Virtual environments for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners)," and "[About self-hosted runners](/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)."
CI using {% data variables.product.prodname_actions %} offers workflows that can build the code in your repository and run your tests. Workflows can run on {% data variables.product.prodname_dotcom %}-hosted virtual machines, or on machines that you host yourself. For more information, see "[Virtual environments for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners)" and "[About self-hosted runners](/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)."
You can configure your CI workflow to run when a {% data variables.product.product_name %} event occurs (for example, when new code is pushed to your repository), on a set schedule, or when an external event occurs using the repository dispatch webhook.

8
content/actions/guides/building-and-testing-java-with-maven.md
View File

@@ -53,7 +53,7 @@ jobs:
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B package --file pom.xml
run: mvn --batch-mode --update-snapshots verify
```
{% endraw %}
@@ -85,7 +85,7 @@ steps:
with:
java-version: 1.8
- name: Run the Maven verify phase
run: mvn -B verify --file pom-ci.xml
run: mvn --batch-mode --update-snapshots verify
```
{% endraw %}
@@ -108,7 +108,7 @@ steps:
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: mvn -B package --file pom.xml
run: mvn --batch-mode --update-snapshots verify
```
{% endraw %}
@@ -125,7 +125,7 @@ Maven will usually create output files like JARs, EARs, or WARs in the `target`
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
- run: mvn -B package --file pom.xml
- run: mvn --batch-mode --update-snapshots verify
- run: mkdir staging && cp target/*.jar staging
- uses: actions/upload-artifact@v2
with:

4
content/actions/guides/building-and-testing-nodejs.md
View File

@@ -193,9 +193,9 @@ steps:
{% data reusables.github-actions.setup-node-intro %}
To authenticate to your private registry, you'll need to store your npm authentication token as a secret in your repository settings. For example, create a secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
To authenticate to your private registry, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
In the example below, the secret `NPM_TOKEN` stores the npm authentication token. The `setup-node` action configures the *.npmrc* file to read the npm authentication token from the `NODE_AUTH_TOKEN` environment variable. When using the `setup-node` action to create an *.npmrc* file, you must set the `NPM_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token.
In the example below, the secret `NPM_TOKEN` stores the npm authentication token. The `setup-node` action configures the *.npmrc* file to read the npm authentication token from the `NODE_AUTH_TOKEN` environment variable. When using the `setup-node` action to create an *.npmrc* file, you must set the `NODE_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token.
Before installing dependencies, use the `setup-node` action to create the *.npmrc* file. The action has two input parameters. The `node-version` parameter sets the Node.js version, and the `registry-url` parameter sets the default registry. If your package registry uses scopes, you must use the `scope` parameter. For more information, see [`npm-scope`](https://docs.npmjs.com/misc/scope).

2
content/actions/guides/building-and-testing-powershell.md
View File

@@ -214,7 +214,7 @@ The `always()` function configures the job to continue processing even if there
### Publishing to PowerShell Gallery
You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use repository secrets to store any tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use secrets to store any tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
The following example creates a package and uses `Publish-Module` to publish it to the PowerShell Gallery:

2
content/actions/guides/building-and-testing-python.md
View File

@@ -391,7 +391,7 @@ jobs:
You can configure your workflow to publish your Python package to any package registry you'd like when your CI tests pass.
You can store any access tokens or credentials needed to publish your package using repository secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
You can store any access tokens or credentials needed to publish your package using secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
{% raw %}
```yaml

2
content/actions/guides/publishing-docker-images.md
View File

@@ -50,7 +50,7 @@ To push to Docker Hub, you will need to have a Docker Hub account, and have a Do
The `build-push-action` options required for Docker Hub are:
* `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as encrypted secrets in your {% data variables.product.prodname_dotcom %} repository so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
* `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as secrets so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
* `repository`: Your Docker Hub repository in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY`.
{% raw %}

8
content/actions/guides/publishing-java-packages-with-maven.md
View File

@@ -84,7 +84,7 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Publish package
run: mvn -B deploy
run: mvn --batch-mode deploy
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
@@ -143,7 +143,7 @@ jobs:
with:
java-version: 1.8
- name: Publish package
run: mvn -B deploy
run: mvn --batch-mode deploy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
@@ -182,7 +182,7 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Publish to the Maven Central Repository
run: mvn -B deploy
run: mvn --batch-mode deploy
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
@@ -191,7 +191,7 @@ jobs:
with:
java-version: 1.8
- name: Publish to GitHub Packages
run: mvn -B deploy
run: mvn --batch-mode deploy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```

2
content/actions/guides/publishing-nodejs-packages.md
View File

@@ -44,7 +44,7 @@ If you add steps in your workflow to configure the `publishConfig` fields in you
Each time you create a new release, you can trigger a workflow to publish your package. The workflow in the example below runs when the `release` event triggers with type `created`. The workflow publishes the package to the npm registry if CI tests pass.
To perform authenticated operations against the npm registry in your workflow, you'll need to store your npm authentication token as a secret in your repository settings. For example, create a secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
To perform authenticated operations against the npm registry in your workflow, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
By default, npm uses the `name` field of the *package.json* file to determine the npm registry. When publishing to a global namespace, you only need to include the package name. For example, you would publish a package named `npm-hello-world-test` to the `https://www.npmjs.com/package/npm-hello-world-test`.

9
content/actions/index.md
View File

@@ -25,18 +25,15 @@ featuredLinks:
- /actions/reference/workflow-commands-for-github-actions
- /actions/reference/environment-variables
changelog:
- title: Workflow visualization
date: '2020-12-08'
href: https://github.blog/changelog/2020-12-08-github-actions-workflow-visualization/
- title: Removing set-env and add-path commands on November 16
date: '2020-11-09'
href: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
- title: Ubuntu-latest workflows will use Ubuntu-20.04
date: '2020-10-29'
href: https://github.blog/changelog/2020-10-29-github-actions-ubuntu-latest-workflows-will-use-ubuntu-20-04
- title: MacOS Big Sur Preview
date: '2020-10-29'
href: https://github.blog/changelog/2020-10-29-github-actions-macos-big-sur-preview
- title: Self-Hosted Runner Group Access Changes
date: '2020-10-16'
href: https://github.blog/changelog/2020-10-16-github-actions-self-hosted-runner-group-access-changes/
product_video: https://www.youtube-nocookie.com/embed/cP0I9w2coGU

2
content/actions/learn-github-actions/finding-and-customizing-actions.md
View File

@@ -79,7 +79,7 @@ steps:
#### Using branches
Referring to a specific branch means that the action will always use include the latest updates on the target branch, but can create problems if those updates include breaking changes. This example targets a branch named `@main`:
Referring to a specific branch means that the action will always use the latest updates on the target branch, but can create problems if those updates include breaking changes. This example targets a branch named `@main`:
```yaml
steps:

8
content/actions/learn-github-actions/managing-complex-workflows.md
View File

@@ -1,7 +1,7 @@
---
title: Managing complex workflows
shortTitle: Managing complex workflows
intro: 'This guide shows you how to use the advanced features of {% data variables.product.prodname_actions %}, with secret management, dependent jobs, caching, build matrices, and labels.'
intro: 'This guide shows you how to use the advanced features of {% data variables.product.prodname_actions %}, with secret management, dependent jobs, caching, build matrices,{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} environments,{% endif %} and labels.'
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
@@ -148,6 +148,12 @@ jobs:
For more information, see ["Using labels with self-hosted runners](/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners)."
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
### Using environments
You can configure environments with protection rules and secrets. Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. For more information, see "[Environments](/actions/reference/environments)."
{% endif %}
### Next steps
To continue learning about {% data variables.product.prodname_actions %}, see "[Sharing workflows with your organization](/actions/learn-github-actions/sharing-workflows-with-your-organization)."

2
content/actions/learn-github-actions/migrating-from-jenkins-to-github-actions.md
View File

@@ -57,7 +57,7 @@ Jenkins uses directives to manage _Declarative Pipelines_. These directives defi
| Jenkins Directives | {% data variables.product.prodname_actions %} |
| ------------- | ------------- |
| [`environment`](https://jenkins.io/doc/book/pipeline/syntax/#environment) | [`jobs.<job_id>.env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) <br> [`jobs.<job_id>.steps.env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv) |
| [`environment`](https://jenkins.io/doc/book/pipeline/syntax/#environment) | [`jobs.<job_id>.env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) <br> [`jobs.<job_id>.steps[*].env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv) |
| [`options`](https://jenkins.io/doc/book/pipeline/syntax/#parameters) | [`jobs.<job_id>.strategy`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy) <br> [`jobs.<job_id>.strategy.fail-fast`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast) <br> [`jobs.<job_id>.timeout-minutes`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes)|
| [`parameters`](https://jenkins.io/doc/book/pipeline/syntax/#parameters) | [`inputs`](/actions/creating-actions/metadata-syntax-for-github-actions#inputs) <br> [`outputs`](/actions/creating-actions/metadata-syntax-for-github-actions#outputs) |
| [`triggers`](https://jenkins.io/doc/book/pipeline/syntax/#triggers) | [`on`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#on) <br> [`on.<event_name>.types`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onevent_nametypes) <br> [<code>on.<push\|pull_request>.<branches\|tags></code>](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestbranchestags) <br> [<code>on.<push\|pull_request>.paths</code>](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestpaths) |

2
content/actions/learn-github-actions/migrating-from-travis-ci-to-github-actions.md
View File

@@ -176,7 +176,7 @@ When migrating from Travis CI, consider the following key features in {% data va
#### Storing secrets
{% data variables.product.prodname_actions %} allows you to store secrets and reference them in your jobs. {% data variables.product.prodname_actions %} also includes policies that allow you to limit access to secrets at the repository and organization level. For more information, see "[Encrypted secrets](/actions/reference/encrypted-secrets)."
{% data variables.product.prodname_actions %} allows you to store secrets and reference them in your jobs. {% data variables.product.prodname_actions %} organizations can limit which repositories can access organization secrets. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}Environment protection rules can require manual approval for a workflow to access environment secrets. {% endif %}For more information, see "[Encrypted secrets](/actions/reference/encrypted-secrets)."
#### Sharing files between jobs and workflows

12
content/actions/learn-github-actions/security-hardening-for-github-actions.md
View File

@@ -19,7 +19,7 @@ This guide explains how to configure security hardening for certain {% data vari
### Using secrets
Sensitive values should never be stored as plaintext in workflow files, but rather as secrets. [Secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) can be configured at the organization or repository level, and allow you to store sensitive information in {% data variables.product.product_name %}.
Sensitive values should never be stored as plaintext in workflow files, but rather as secrets. [Secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) can be configured at the organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or environment{% else %} or repository{% endif %} level, and allow you to store sensitive information in {% data variables.product.product_name %}.
Secrets use [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes), so that they are encrypted before reaching {% data variables.product.product_name %}. This occurs when the secret is submitted [using the UI](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository) or through the [REST API](/rest/reference/actions#secrets). This client-side encryption helps the minimize risks related to accidental logging (for example, exception logs and request logs, among others) within {% data variables.product.product_name %}'s infrastructure. Once the secret is uploaded, {% data variables.product.product_name %} is then able to decrypt it so that it can be injected into the workflow runtime.
@@ -38,6 +38,10 @@ To help prevent accidental disclosure, {% data variables.product.product_name %}
- **Audit and rotate registered secrets**
- Periodically review the registered secrets to confirm they are still required. Remove those that are no longer needed.
- Rotate secrets periodically to reduce the window of time during which a compromised secret is valid.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
- **Consider requiring review for access to secrets**
- You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[Encrypted secrets](/actions/reference/encrypted-secrets)" and "[Environments](/actions/reference/environments)."
{% endif %}
### Using third-party actions
@@ -66,13 +70,13 @@ This means that a compromise of a single action within a workflow can be very si
### Considering cross-repository access
{% data variables.product.product_name %} is intentionally scoped for a single repository at a time. The `GITHUB_TOKEN` used in the workflow environment grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files. Users have specific permissions for each repository, so having the `GITHUB_TOKEN` for one repository grant access to another would impact the {% data variables.product.prodname_dotcom %} permission model if not implemented carefully. Similarly, caution must be taken when adding {% data variables.product.prodname_dotcom %} authentication tokens to the workflow environment, because this can also affect the {% data variables.product.prodname_dotcom %} permission model by inadvertently granting broad access to collaborators.
{% data variables.product.product_name %} is intentionally scoped for a single repository at a time. The `GITHUB_TOKEN` grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files. Users have specific permissions for each repository, so having the `GITHUB_TOKEN` for one repository grant access to another would impact the {% data variables.product.prodname_dotcom %} permission model if not implemented carefully. Similarly, caution must be taken when adding {% data variables.product.prodname_dotcom %} authentication tokens to a workflow, because this can also affect the {% data variables.product.prodname_dotcom %} permission model by inadvertently granting broad access to collaborators.
We have [a plan on the {% data variables.product.prodname_dotcom %} roadmap](https://github.com/github/roadmap/issues/74) to support a flow that allows cross-repository access within {% data variables.product.product_name %}, but this is not yet a supported feature. Currently, the only way to perform privileged cross-repository interactions is to place a {% data variables.product.prodname_dotcom %} authentication token or SSH key as a secret within the workflow environment. Because many authentication token types do not allow for granular access to specific resources, there is significant risk in using the wrong token type, as it can grant much broader access than intended.
We have [a plan on the {% data variables.product.prodname_dotcom %} roadmap](https://github.com/github/roadmap/issues/74) to support a flow that allows cross-repository access within {% data variables.product.product_name %}, but this is not yet a supported feature. Currently, the only way to perform privileged cross-repository interactions is to place a {% data variables.product.prodname_dotcom %} authentication token or SSH key as a secret within the workflow. Because many authentication token types do not allow for granular access to specific resources, there is significant risk in using the wrong token type, as it can grant much broader access than intended.
This list describes the recommended approaches for accessing repository data within a workflow, in descending order of preference:
1. **The `GITHUB_TOKEN` in the workflow environment**
1. **The `GITHUB_TOKEN`**
- This token is intentionally scoped to the single repository that invoked the workflow, and has the same level of access as a write-access user on the repository. The token is created before each job begins and expires when the job is finished. For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)."
- The `GITHUB_TOKEN` should be used whenever possible.
2. **Repository deploy key**

3
content/actions/managing-workflow-runs/enabling-debug-logging.md
View File

@@ -13,6 +13,9 @@ versions:
These extra logs are enabled by setting secrets in the repository containing the workflow, so the same permissions requirements will apply:
- {% data reusables.github-actions.permissions-statement-secrets-repository %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
- {% data reusables.github-actions.permissions-statement-secrets-environment %}
{% endif %}
- {% data reusables.github-actions.permissions-statement-secrets-organization %}
- {% data reusables.github-actions.permissions-statement-secrets-api %}

3
content/actions/managing-workflow-runs/index.md
View File

@@ -1,7 +1,7 @@
---
title: Managing workflow runs
shortTitle: Managing workflow runs
intro: 'You can view the status and results of each step in your workflow, cancel a pending workflow, view billable job execution minutes, debug and re-run a failed workflow, search and download logs, and download artifacts.'
intro: 'You can view the status and results of each step in your workflow, cancel a pending workflow, {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}review deployments, {% endif %}view billable job execution minutes, debug and re-run a failed workflow, search and download logs, and download artifacts.'
redirect_from:
- /actions/configuring-and-managing-workflows/managing-a-workflow-run
- /articles/viewing-your-repository-s-workflows
@@ -24,6 +24,7 @@ versions:
{% link_in_list /manually-running-a-workflow %}
{% link_in_list /re-running-a-workflow %}
{% link_in_list /canceling-a-workflow %}
{% link_in_list /reviewing-deployments %}
{% link_in_list /disabling-and-enabling-a-workflow %}
{% link_in_list /deleting-a-workflow-run %}
{% link_in_list /viewing-job-execution-time %}

27
content/actions/managing-workflow-runs/reviewing-deployments.md Normal file
View File

@@ -0,0 +1,27 @@
---
title: Reviewing deployments
intro: You can approve or reject jobs awaiting review.
product: '{% data reusables.gated-features.environments %}'
versions:
free-pro-team: '*'
enterprise-server: '>=3.1'
---
{% data reusables.actions.environments-beta %}
### About required reviews in workflows
Jobs that reference an environment configured with required reviewers will wait for an approval before starting. While a job is awaiting approval, it has a status of "Waiting". If a job is not approved within 30 days, the workflow run will be automatically canceled.
For more information about environments and required approvals, see "[Environments](/actions/reference/environments)."
### Approving or rejecting a job
1. Navigate to the workflow run that requires review. For more information about navigating to a workflow run, see "[Viewing workflow run history](/actions/managing-workflow-runs/viewing-workflow-run-history)."
2. Click **Review deployments**.
![Review deployments](/assets/images/actions-review-deployments.png)
3. Select the job environment(s) to approve or reject. Optionally, leave a comment.
![Approve deployments](/assets/images/actions-approve-deployments.png)
4. Approve or reject:
- To approve the job, click **Approve and deploy**. Once a job is approved (and any other environment protection rules have passed), the job will proceed. At this point, the job can access any secrets stored in the environment.
- To reject the job, click **Reject**. If a job is rejected, the workflow will fail.

2
content/actions/reference/authentication-in-a-workflow.md
View File

@@ -14,8 +14,6 @@ versions:
{% data reusables.actions.enterprise-beta %}
{% data reusables.actions.enterprise-github-hosted-runners %}
Anyone with `write` access to a repository can create, read, and use secrets.
### About the `GITHUB_TOKEN` secret
{% data variables.product.prodname_dotcom %} automatically creates a `GITHUB_TOKEN` secret to use in your workflow. You can use the `GITHUB_TOKEN` to authenticate in a workflow run.

41
content/actions/reference/encrypted-secrets.md
View File

@@ -1,6 +1,6 @@
---
title: Encrypted secrets
intro: Encrypted secrets allow you to store sensitive information in your repository or organization.
intro: Encrypted secrets allow you to store sensitive information in your organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or repository environments{% else %} or repository{% endif %}.
product: '{% data reusables.gated-features.actions %}'
redirect_from:
- /github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets
@@ -12,14 +12,19 @@ versions:
---
{% data reusables.actions.enterprise-beta %}
{% data reusables.actions.environments-beta %}
{% data reusables.actions.enterprise-github-hosted-runners %}
### About encrypted secrets
Secrets are encrypted environment variables that you create in a repository or organization. The secrets you create are available to use in {% data variables.product.prodname_actions %} workflows. {% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to help ensure that secrets are encrypted before they reach {% data variables.product.prodname_dotcom %}, and remain encrypted until you use them in a workflow.
Secrets are encrypted environment variables that you create in an organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or repository environment{% else %} or repository{% endif %}. The secrets that you create are available to use in {% data variables.product.prodname_actions %} workflows. {% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to help ensure that secrets are encrypted before they reach {% data variables.product.prodname_dotcom %} and remain encrypted until you use them in a workflow.
{% data reusables.github-actions.secrets-org-level-overview %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until approval is granted by required approvers.
{% endif %}
#### Naming your secrets
The following rules apply to secret names:
@@ -27,7 +32,10 @@ The following rules apply to secret names:
* Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed.
* Secret names must not start with the `GITHUB_` prefix.
* Secret names must not start with a number.
* Secret names must be unique at the level they are created at. For example, a secret created at the organization-level must have a unique name at that level, and a secret created at the repository-level must have a unique name in that repository. If an organization-level secret has the same name as a repository-level secret, then the repository-level secret takes precedence.
* Secret names are not case-sensitive.
* Secret names must be unique at the level they are created at. For example, {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}a secret created at the environment level must have a unique name in that environment, {% endif %}a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.
If a secret with the same name exists at multiple levels, the secret at the lower level takes precedence. For example, if an organization-level secret has the same name as a repository-level secret, then the repository-level secret takes precedence.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} Similarly, if an organization, repository, and environment all have a secret with the same name, the environment-level secret takes precedence.{% endif %}
To help ensure that {% data variables.product.prodname_dotcom %} redacts your secret in logs, avoid using structured data as the values of secrets. For example, avoid creating secrets that contain JSON or encoded Git blobs.
@@ -43,6 +51,10 @@ You can use and read encrypted secrets in a workflow file if you have access to
{% endwarning %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
Organization and repository secrets are read when a workflow run is queued, and environment secrets are read when a job referencing the environment starts.
{% endif %}
You can also manage secrets using the REST API. For more information, see "[Secrets](/rest/reference/actions#secrets)."
#### Limiting credential permissions
@@ -56,12 +68,27 @@ When generating credentials, we recommend that you grant the minimum permissions
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.github-actions.sidebar-secret %}
1. Click **Add a new secret**.
1. Click **New repository secret**.
1. Type a name for your secret in the **Name** input box.
1. Enter the value for your secret.
1. Click **Add secret**.
If your repository can access secrets from the parent organization, then those secrets are also listed on this page.
If your repository {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}has environment secrets or {% endif %}can access secrets from the parent organization, then those secrets are also listed on this page.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
### Creating encrypted secrets for an environment
{% data reusables.github-actions.permissions-statement-secrets-environment %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.github-actions.sidebar-environment %}
1. Click on the environment that you want to add a secret to.
1. Under **Environment secrets**, click **Add secret**.
1. Type a name for your secret in the **Name** input box.
1. Enter the value for your secret.
1. Click **Add secret**.
{% endif %}
### Creating encrypted secrets for an organization
@@ -72,7 +99,7 @@ When creating a secret in an organization, you can use a policy to limit which r
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.org_settings %}
{% data reusables.github-actions.sidebar-secret %}
1. Click **New secret**.
1. Click **New organization secret**.
1. Type a name for your secret in the **Name** input box.
1. Enter the **Value** for your secret.
1. From the **Repository access** dropdown list, choose an access policy.
@@ -151,7 +178,7 @@ steps:
### Limits for secrets
Your workflow can have up to 100 secrets. The names of secret environment variables must be unique in a repository.
You can store up to 1,000 secrets per organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, 100 secrets per repository, and 100 secrets per environment{% else %} and 100 secrets per repository{% endif %}. A workflow may use up to 100 organization secrets and 100 repository secrets.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} Additionally, a job referencing an environment may use up to 100 environment secrets.{% endif %}
Secrets are limited to 64 KB in size. To use secrets that are larger than 64 KB, you can store encrypted secrets in your repository and save the decryption passphrase as a secret on {% data variables.product.prodname_dotcom %}. For example, you can use `gpg` to encrypt your credentials locally before checking the file in to your repository on {% data variables.product.prodname_dotcom %}. For more information, see the "[gpg manpage](https://www.gnupg.org/gph/de/manual/r1023.html)."

6
content/actions/reference/environment-variables.md
View File

@@ -18,7 +18,7 @@ versions:
{% data variables.product.prodname_dotcom %} sets default environment variables that are available to every step in a workflow run. Environment variables are case-sensitive. Commands run in actions or steps can create, read, and modify environment variables.
To set custom environment variables, you need to specify the variables in the workflow file. You can define environment variables for a step, job, or entire workflow using the [`jobs.<job_id>.steps.env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv), [`jobs.<job_id>.env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv), and [`env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) keywords. For more information, see "[Workflow syntax for {% data variables.product.prodname_dotcom %}](/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv)."
To set custom environment variables, you need to specify the variables in the workflow file. You can define environment variables for a step, job, or entire workflow using the [`jobs.<job_id>.steps[*].env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv), [`jobs.<job_id>.env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv), and [`env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) keywords. For more information, see "[Workflow syntax for {% data variables.product.prodname_dotcom %}](/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv)."
```yaml
steps:
@@ -51,8 +51,8 @@ We strongly recommend that actions use environment variables to access the files
| `GITHUB_WORKSPACE` | The {% data variables.product.prodname_dotcom %} workspace directory path. The workspace directory is a copy of your repository if your workflow uses the [actions/checkout](https://github.com/actions/checkout) action. If you don't use the `actions/checkout` action, the directory will be empty. For example, `/home/runner/work/my-repo-name/my-repo-name`. |
| `GITHUB_SHA` | The commit SHA that triggered the workflow. For example, `ffac537e6cbbf934b08745a378932722df287a53`. |
| `GITHUB_REF` | The branch or tag ref that triggered the workflow. For example, `refs/heads/feature-branch-1`. If neither a branch or tag is available for the event type, the variable will not exist. |
| `GITHUB_HEAD_REF` | Only set for forked repositories. The branch of the head repository.
| `GITHUB_BASE_REF` | Only set for forked repositories. The branch of the base repository.
| `GITHUB_HEAD_REF` | Only set for pull request events. The name of the head branch.
| `GITHUB_BASE_REF` | Only set for pull request events. The name of the base branch.
| `GITHUB_SERVER_URL`| Returns the URL of the {% data variables.product.product_name %} server. For example: `https://{% data variables.product.product_url %}`.
| `GITHUB_API_URL` | Returns the API URL. For example: `{% data variables.product.api_url_code %}`.
| `GITHUB_GRAPHQL_URL` | Returns the GraphQL API URL. For example: `{% data variables.product.graphql_url_code %}`.

69
content/actions/reference/environments.md Normal file
View File

@@ -0,0 +1,69 @@
---
title: Environments
intro: You can configure environments with protection rules and secrets. A workflow job can reference an environment to use the environment's protection rules and secrets.
product: '{% data reusables.gated-features.environments %}'
versions:
free-pro-team: '*'
enterprise-server: '>=3.1'
---
{% data reusables.actions.environments-beta %}
### About environments
You can configure environments with protection rules and secrets. When a workflow job references an environment, the job won't start until all of the environment's protection rules pass. A job also cannot access secrets that are defined in an environment until all the environment protection rules pass.
{% if currentVersion == "free-pro-team@latest" %}
Environment protection rules and environment secrets are only available on public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets.
{% endif %}
#### Environment protection rules
Environment protection rules require specific conditions to pass before a job referencing the environment can proceed. You can use environment protection rules to require a manual approval or to delay a job.
##### Required reviewers
Use required reviewers to require a specific person or team to approve workflow jobs that reference the environment. You can list up to six users or teams as reviewers. The reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
For more information on reviewing jobs that reference an environment with required reviewers, see "[Reviewing deployments](/actions/managing-workflow-runs/reviewing-deployments)."
##### Wait timer
Use a wait timer to delay a job for a specific amount of time after the job is initially triggered. The time (in minutes) must be an integer between 0 and 43,200 (30 days).
#### Environment secrets
Secrets stored in an environment are only available to workflow jobs that reference the environment. If the environment requires approval, a job cannot access environment secrets until one of the required reviewers approves it. For more information about secrets, see "[Encrypted secrets](/actions/reference/encrypted-secrets)."
### Creating an environment
{% data reusables.github-actions.permissions-statement-environment %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.github-actions.sidebar-environment %}
1. Click **New environment**.
1. Enter a name for the environment, then click **Configure environment**. Environment names are not case sensitive. An environment name may not exceed 255 characters and must be unique within the repository.
1. Configure any environment protection rules or environment secrets.
Running a workflow that references an environment that does not exist will create an environment with the referenced name. The newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.
### Referencing an environment
Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. When the job is sent to the runner, the job can access the environment's secrets.
For more information on syntax to reference environments in workflows, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment)." For more information on reviewing jobs that reference an environment with required reviewers, see "[Reviewing deployments](/actions/managing-workflow-runs/reviewing-deployments)."
When a workflow references an environment, the environment will appear in the repository's deployments. For more information about viewing current and previous deployments, see "[Viewing deployment history](/developers/overview/viewing-deployment-history)."
### Deleting an environment
{% data reusables.github-actions.permissions-statement-environment %}
Deleting an environment will delete all secrets and protection rules associated with the environment. Any jobs currently waiting because of protection rules from the deleted environment will automatically fail.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.github-actions.sidebar-environment %}
1. Next the the environment that you want to delete, click {% octicon "trashcan" aria-label="The trashcan icon" %}.
2. Click **I understand, delete this environment**.

28
content/actions/reference/events-that-trigger-workflows.md
View File

@@ -139,7 +139,7 @@ jobs:
| Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
| ------------------ | ------------ | ------------ | ------------------|
| [repository_dispatch](/webhooks/event-payloads/#repository_dispatch) | n/a | Last commit on the `GITHUB_REF` branch | Branch that received dispatch |
| [repository_dispatch](/webhooks/event-payloads/#repository_dispatch) | n/a | Last commit on default branch | Default branch |
{% data reusables.github-actions.branch-requirement %}
@@ -311,7 +311,7 @@ Runs your workflow anytime the `issue_comment` event occurs. {% data reusables.d
| Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
| --------------------- | -------------- | ------------ | -------------|
| [`issue_comment`](/rest/reference/activity#issue_comment) | - `created`<br/>- `edited`<br/>- `deleted`<br/> | Last commit on default branch | Default branch |
| [`issue_comment`](/developers/webhooks-and-events/webhook-events-and-payloads#issue_comment) | - `created`<br/>- `edited`<br/>- `deleted`<br/> | Last commit on default branch | Default branch |
{% data reusables.developer-site.limit_workflow_to_activity_types %}
@@ -530,6 +530,12 @@ on:
types: [assigned, opened, synchronize, reopened]
```
{% note %}
**Note:** In order to protect public repositories from malicious users, all pull request workflows raised from repository forks run with a read-only token and no access to secrets.
{% endnote %}
{% data reusables.developer-site.pull_request_forked_repos_link %}
#### `pull_request_review`
@@ -576,7 +582,19 @@ on:
#### `pull_request_target`
This event is similar to `pull_request`, except that it runs in the context of the base repository of the pull request, rather than in the merge commit. This means that you can more safely make your secrets available to the workflows triggered by the pull request, because only workflows defined in the commit on the base repository are run. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload.
{% warning %}
**Warning:** The `pull_request_target` event is granted a read/write repository token and access to secrets, even from a fork. (The `pull_request` event does not grant read/write or secret access from a repository fork.) Do not check out and build or run untrusted code from pull request with this event.
{% endwarning %}
This event runs in the context of the base repository of the pull request, rather than in the merge commit as `pull_request` does. This is by design to prevent you from executing unsafe code that could alter your repository or steal any secrets you use in your workflow. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload.
{% warning %}
**Warning**: When using the `pull_request_target` event, be aware that it runs in the context of the base repository. This means that the `GITHUB_TOKEN` has write access to the repository, and the cache shares the same scope as the base branch. As a result, do not run untrusted code in the same context, as there is a risk that it may access sensitive information and unexpectedly manipulate the workflow environment. In addition, to help prevent cache poisoning, do not save the cache if there is a possibility that the cache contents were altered.
{% endwarning %}
| Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
| --------------------- | -------------- | ------------ | -------------|
@@ -699,6 +717,8 @@ on:
{% data reusables.webhooks.workflow_run_desc %}
{% data reusables.github-actions.branch-requirement %}
| Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
| --------------------- | -------------- | ------------ | -------------|
| [`workflow_run`](/webhooks/event-payloads/#workflow_run) | - n/a | Last commit on default branch | Default branch |
@@ -723,4 +743,4 @@ on:
{% data reusables.github-actions.actions-do-not-trigger-workflows %} For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)."
If you would like to trigger a workflow from a workflow run, you can trigger the event using a personal access token. You'll need to create a personal access token and store it as a secret. To minimize your {% data variables.product.prodname_actions %} usage costs, ensure that you don't create recursive or unintended workflow runs. For more information, see "[Creating and storing encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."
If you would like to trigger a workflow from a workflow run, you can trigger the event using a personal access token. You'll need to create a personal access token and store it as a secret. To minimize your {% data variables.product.prodname_actions %} usage costs, ensure that you don't create recursive or unintended workflow runs. For more information on storing a personal access token as a secret, see "[Creating and storing encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."

10
content/actions/reference/index.md
View File

@@ -27,11 +27,19 @@ You can configure workflows to run when specific GitHub events occur, at a sched
### Authentication and secrets
{% data variables.product.prodname_dotcom %} provides a token that you can use to authenticate on behalf of {% data variables.product.prodname_actions %}. You can also store sensitive information as a secret in your organization or repository. {% data variables.product.prodname_dotcom %} encrypts all secrets.
{% data variables.product.prodname_dotcom %} provides a token that you can use to authenticate on behalf of {% data variables.product.prodname_actions %}. You can also store sensitive information as a secret in your organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or environments{% else %} or repository{% endif %}. {% data variables.product.prodname_dotcom %} encrypts all secrets.
{% link_in_list /authentication-in-a-workflow %}
{% link_in_list /encrypted-secrets %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
### Environments
Workflow jobs can reference environments that have protection rules or environment-specific secrets.
{% link_in_list /environments %}
{% endif %}
### {% data variables.product.prodname_dotcom %}-hosted runners
GitHub offers hosted virtual machines to run workflows. The virtual machine contains an environment with tools, packages, and environment variables for GitHub Actions to use.

81
content/actions/reference/workflow-syntax-for-github-actions.md
View File

@@ -187,7 +187,7 @@ For more information about cron syntax, see "[Events that trigger workflows](/ac
### `env`
A `map` of environment variables that are available to all jobs and steps in the workflow. You can also set environment variables that are only available to a job or step. For more information, see [`jobs.<job_id>.env`](#jobsjob_idenv) and [`jobs.<job_id>.steps.env`](#jobsjob_idstepsenv).
A `map` of environment variables that are available to all jobs and steps in the workflow. You can also set environment variables that are only available to a job or step. For more information, see [`jobs.<job_id>.env`](#jobsjob_idenv) and [`jobs.<job_id>.steps[*].env`](#jobsjob_idstepsenv).
{% data reusables.repositories.actions-env-var-note %}
@@ -223,7 +223,7 @@ defaults:
A workflow run is made up of one or more jobs. Jobs run in parallel by default. To run jobs sequentially, you can define dependencies on other jobs using the `jobs.<job_id>.needs` keyword.
Each job runs in an environment specified by `runs-on`.
Each job runs in a runner environment specified by `runs-on`.
You can run an unlimited number of jobs as long as you are within the workflow usage limits. For more information, see "[Usage limits and billing](/actions/reference/usage-limits-billing-and-administration)" for {% data variables.product.prodname_dotcom %}-hosted runners and "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners/#usage-limits)" for self-hosted runner usage limits.
@@ -249,9 +249,9 @@ The name of the job displayed on {% data variables.product.prodname_dotcom %}.
### `jobs.<job_id>.needs`
Identifies any jobs that must complete successfully before this job will run. It can be a string or array of strings. If a job fails, all jobs that need it are skipped unless the jobs use a conditional statement that causes the job to continue.
Identifies any jobs that must complete successfully before this job will run. It can be a string or array of strings. If a job fails, all jobs that need it are skipped unless the jobs use a conditional expression that causes the job to continue.
#### Example
#### Example requiring dependent jobs to be successful
```yaml
jobs:
@@ -270,6 +270,20 @@ The jobs in this example run sequentially:
2. `job2`
3. `job3`
#### Example not requiring dependent jobs to be successful
```yaml
jobs:
job1:
job2:
needs: job1
job3:
if: always()
needs: [job1, job2]
```
In this example, `job3` uses the `always()` conditional expression so that it always runs after `job1` and `job2` have completed, regardless of whether they were successful. For more information, see "[Context and expression syntax](/actions/reference/context-and-expression-syntax-for-github-actions#job-status-check-functions)."
### `jobs.<job_id>.runs-on`
**Required** The type of machine to run the job on. The machine can be either a {% data variables.product.prodname_dotcom %}-hosted runner or a self-hosted runner.
@@ -306,6 +320,39 @@ runs-on: [self-hosted, linux]
For more information, see "[About self-hosted runners](/github/automating-your-workflow-with-github-actions/about-self-hosted-runners)" and "[Using self-hosted runners in a workflow](/github/automating-your-workflow-with-github-actions/using-self-hosted-runners-in-a-workflow)."
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
### `jobs.<job_id>.environment`
The environment that the job references. All environment protection rules must pass before a job referencing the environment is sent to a runner. For more information, see "[Environments](/actions/reference/environments)."
You can provide the environment as only the environment `name`, or as an environment object with the `name` and `url`. The URL maps to `environment_url` in the deployments API. For more information about the deployments API, see "[Deployments](/rest/reference/repos#deployments)."
##### Example using a single environment name
```yaml
environment: staging_environment
```
##### Example using environment name and URL
```yaml
environment:
name: production_environment
url: https://github.com
```
The URL can be an expression and can use any context except for the `secrets` context. For more information about expressions, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)."
#### Example
{% raw %}
```yaml
environment:
name: production_environment
url: ${{ steps.step_name.outputs.url_output }}
```
{% endraw %}
{% endif %}
### `jobs.<job_id>.outputs`
A `map` of outputs for a job. Job outputs are available to all downstream jobs that depend on this job. For more information on defining job dependencies, see [`jobs.<job_id>.needs`](#jobsjob_idneeds).
@@ -340,7 +387,7 @@ jobs:
### `jobs.<job_id>.env`
A `map` of environment variables that are available to all steps in the job. You can also set environment variables for the entire workflow or an individual step. For more information, see [`env`](#env) and [`jobs.<job_id>.steps.env`](#jobsjob_idstepsenv).
A `map` of environment variables that are available to all steps in the job. You can also set environment variables for the entire workflow or an individual step. For more information, see [`env`](#env) and [`jobs.<job_id>.steps[*].env`](#jobsjob_idstepsenv).
{% data reusables.repositories.actions-env-var-note %}
@@ -415,11 +462,11 @@ jobs:
```
{% endraw %}
### `jobs.<job_id>.steps.id`
### `jobs.<job_id>.steps[*].id`
A unique identifier for the step. You can use the `id` to reference the step in contexts. For more information, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)."
### `jobs.<job_id>.steps.if`
### `jobs.<job_id>.steps[*].if`
You can use the `if` conditional to prevent a step from running unless a condition is met. You can use any supported context and expression to create a conditional.
@@ -449,11 +496,11 @@ steps:
uses: actions/heroku@1.0.0
```
### `jobs.<job_id>.steps.name`
### `jobs.<job_id>.steps[*].name`
A name for your step to display on {% data variables.product.prodname_dotcom %}.
### `jobs.<job_id>.steps.uses`
### `jobs.<job_id>.steps[*].uses`
Selects an action to run as part of a step in your job. An action is a reusable unit of code. You can use an action defined in the same repository as the workflow, a public repository, or in a [published Docker container image](https://hub.docker.com/).
@@ -556,7 +603,7 @@ jobs:
uses: docker://gcr.io/cloud-builders/gradle
```
### `jobs.<job_id>.steps.run`
### `jobs.<job_id>.steps[*].run`
Runs command-line programs using the operating system's shell. If you do not provide a `name`, the step name will default to the text specified in the `run` command.
@@ -661,7 +708,7 @@ For built-in shell keywords, we provide the following defaults that are executed
- There doesn't seem to be a way to fully opt into fail-fast behavior other than writing your script to check each error code and respond accordingly. Because we can't actually provide that behavior by default, you need to write this behavior into your script.
- `cmd.exe` will exit with the error level of the last program it executed, and it will return the error code to the runner. This behavior is internally consistent with the previous `sh` and `pwsh` default behavior and is the `cmd.exe` default, so this behavior remains intact.
### `jobs.<job_id>.steps.with`
### `jobs.<job_id>.steps[*].with`
A `map` of the input parameters defined by the action. Each input parameter is a key/value pair. Input parameters are set as environment variables. The variable is prefixed with `INPUT_` and converted to upper case.
@@ -681,7 +728,7 @@ jobs:
last_name: Octocat
```
### `jobs.<job_id>.steps.with.args`
### `jobs.<job_id>.steps[*].with.args`
A `string` that defines the inputs for a Docker container. {% data variables.product.prodname_dotcom %} passes the `args` to the container's `ENTRYPOINT` when the container starts up. An `array of strings` is not supported by this parameter.
@@ -704,7 +751,7 @@ The `args` are used in place of the `CMD` instruction in a `Dockerfile`. If you
1. Use defaults that allow using the action without specifying any `args`.
1. If the action exposes a `--help` flag, or something similar, use that as the default to make your action self-documenting.
### `jobs.<job_id>.steps.with.entrypoint`
### `jobs.<job_id>.steps[*].with.entrypoint`
Overrides the Docker `ENTRYPOINT` in the `Dockerfile`, or sets it if one wasn't already specified. Unlike the Docker `ENTRYPOINT` instruction which has a shell and exec form, `entrypoint` keyword accepts only a single string defining the executable to be run.
@@ -720,7 +767,7 @@ steps:
The `entrypoint` keyword is meant to be used with Docker container actions, but you can also use it with JavaScript actions that don't define any inputs.
### `jobs.<job_id>.steps.env`
### `jobs.<job_id>.steps[*].env`
Sets environment variables for steps to use in the runner environment. You can also set environment variables for the entire workflow or a job. For more information, see [`env`](#env) and [`jobs.<job_id>.env`](#jobsjob_idenv).
@@ -741,11 +788,11 @@ steps:
```
{% endraw %}
### `jobs.<job_id>.steps.continue-on-error`
### `jobs.<job_id>.steps[*].continue-on-error`
Prevents a job from failing when a step fails. Set to `true` to allow a job to pass when this step fails.
### `jobs.<job_id>.steps.timeout-minutes`
### `jobs.<job_id>.steps[*].timeout-minutes`
The maximum number of minutes to run the step before killing the process.
@@ -755,7 +802,7 @@ The maximum number of minutes to let a job run before {% data variables.product.
### `jobs.<job_id>.strategy`
A strategy creates a build matrix for your jobs. You can define different variations of an environment to run each job in.
A strategy creates a build matrix for your jobs. You can define different variations to run each job in.
### `jobs.<job_id>.strategy.matrix`

1
content/admin/configuration/configuring-email-for-notifications.md
View File

@@ -18,6 +18,7 @@ Notification emails are sent if there is activity on a repository a user is watc
Your dedicated technical account manager in {% data variables.contact.github_support %} can configure email for notifications to be sent through your SMTP server. Make sure you include the following details in your support request.
- Your SMTP server address
- Login information to authenticate to the server: username and password
- The port your SMTP server uses to send email
- The domain name that your SMTP server will send with a HELO response, if any
- The type of encryption used by your SMTP server

2
content/admin/enterprise-support/about-github-enterprise-support.md
View File

@@ -93,7 +93,7 @@ For urgent issues, we can help you in English 24 hours per day, 7 days per week,
| Day after Thanksgiving | Fourth Friday in November |
| Christmas Eve | December 24 |
| Christmas Day | December 25 |
| Day after Christmas | December 26 |
| Day after Christmas | December 28 |
| New Year's Eve | December 31 |
#### Holidays in Japan

4
content/admin/enterprise-support/about-support-for-advanced-security.md
View File

@@ -44,7 +44,7 @@ We offer support for {% data variables.product.prodname_advanced_security %} in
{% data variables.contact.enterprise_support %} observes these U.S. holidays.
| U.S. holiday | Date observed in 2018 |
| U.S. holiday | Date observed |
| --- | --- |
| New Year's Day | January 1 |
| Martin Luther King, Jr. Day | Third Monday in January |
@@ -57,7 +57,7 @@ We offer support for {% data variables.product.prodname_advanced_security %} in
| Day after Thanksgiving | Fourth Friday in November |
| Christmas Eve | December 24 |
| Christmas Day | December 25 |
| Day after Christmas | December 26 |
| Day after Christmas | December 28 |
| New Year's Eve | December 31 |
### Installing {% data variables.product.prodname_advanced_security %} updates

2
content/admin/index.md
View File

@@ -28,3 +28,5 @@ versions:
{% link_with_intro /packages %}
{% link_with_intro /enterprise-support %}
{% link_with_intro /release-notes %}

2
content/desktop/installing-and-configuring-github-desktop/keyboard-shortcuts.md
View File

@@ -51,6 +51,7 @@ GitHub Desktop keyboard shortcuts on macOS
|<kbd>⌘</kbd><kbd>2</kbd> | Show your commit history
|<kbd>⌘</kbd><kbd>B</kbd> | Show all your branches
|<kbd>⌘</kbd><kbd>G</kbd> | Go to the commit summary field
|<kbd>⌘</kbd><kbd>Enter</kbd> | Commit changes when summary or description field is active
|<kbd>space</kbd>| Select or deselect all highlighted files
|<kbd>⇧</kbd><kbd>⌘</kbd><kbd>N</kbd> | Create a new branch
|<kbd>⇧</kbd><kbd>⌘</kbd><kbd>R</kbd> | Rename the current branch
@@ -104,6 +105,7 @@ GitHub Desktop keyboard shortcuts on Windows
|<kbd>Ctrl</kbd><kbd>2</kbd> | Show your commit history
|<kbd>Ctrl</kbd><kbd>B</kbd> | Show all your branches
|<kbd>Ctrl</kbd><kbd>G</kbd> | Go to the commit summary field
|<kbd>Ctrl</kbd><kbd>Enter</kbd> | Commit changes when summary or description field is active
|<kbd>space</kbd>| Select or deselect all highlighted files
|<kbd>Ctrl</kbd><kbd>Shift</kbd><kbd>N</kbd> | Create a new branch
|<kbd>Ctrl</kbd><kbd>Shift</kbd><kbd>R</kbd> | Rename the current branch

4
content/developers/apps/authorizing-oauth-apps.md
View File

@@ -272,7 +272,9 @@ The optional `redirect_uri` parameter can also be used for localhost URLs. If th
For the `http://localhost/path` callback URL, you can use this `redirect_uri`:
http://localhost:1234/path
```
http://localhost:1234/path
```
### Creating multiple tokens for OAuth Apps

2
content/developers/apps/using-content-attachments.md
View File

@@ -166,7 +166,7 @@ To create a Probot App, follow these steps:
}
```
4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to [localhost:3000](http://localhost:3000), and click the **Register GitHub App** button:
4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to `http://localhost:3000`, and click the **Register GitHub App** button:
![Register a Probot GitHub App](/assets/images/github-apps/github_apps_probot-registration.png)

1
content/developers/overview/index.md
View File

@@ -11,6 +11,7 @@ versions:
{% link_in_list /about-githubs-apis %}
{% link_in_list /managing-deploy-keys %}
{% link_in_list /viewing-deployment-history %}
{% link_in_list /using-ssh-agent-forwarding %}
{% link_in_list /secret-scanning %}
{% link_in_list /replacing-github-services %}

20
content/developers/overview/viewing-deployment-history.md Normal file
View File

@@ -0,0 +1,20 @@
---
title: Viewing deployment history
intro: View current and previous deployments for your repository.
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
{% data reusables.actions.environments-beta %}
You can deliver deployments through {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}{% data variables.product.prodname_actions %} and environments or with {% endif %}the REST API and third party apps. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}For more information about {% data variables.product.prodname_actions %}, see "[{% data variables.product.prodname_actions %}](/actions)." {% endif %}For more information about deployments with the REST API, see "[Repositories](/rest/reference/repos#deployments)."
To view current and past deployments, click **Environments** on the home page of your repository. ![Environments](/assets/images/environments-sidebar.png)
The deployments page displays the last active deployment of each environment for your repository. If the deployment includes an environment URL, a "View deployment" button that links to the URL is shown next to the deployment.
The activity log shows the deployment history for your environments. By default, only the most recent deployment for an environment has an `Active` status; all previously active deployments have an `Inactive` status. For more information on automatic inactivation of deployments, see "[Inactive deployments](/rest/reference/repos#inactive-deployments)."
You can also use the REST API to get information about deployments. For more information, see "[Repositories](/rest/reference/repos#deployments)."

2
content/developers/webhooks-and-events/issue-event-types.md
View File

@@ -91,7 +91,7 @@ The base reference branch of the pull request changed.
|:----------|:----------------:|:-----------------:|
| <ul><li>Pull requests</li></ul> | **X** | |
### Event object properties
#### Event object properties
{% data reusables.issue-events.issue-event-common-properties %}

2
content/developers/webhooks-and-events/securing-your-webhooks.md
View File

@@ -72,7 +72,7 @@ end
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
def verify_signature(payload_body)
signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ENV['SECRET_TOKEN'], payload_body)
return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE_2'])
return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE_256'])
end{% elsif currentVersion ver_lt "enterprise-server@2.23" %}
def verify_signature(payload_body)
signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)

2
content/developers/webhooks-and-events/webhook-events-and-payloads.md
View File

@@ -715,7 +715,7 @@ Key | Type | Description
### package
Activity related to {% data variables.product.prodname_registry %}. {% data reusables.webhooks.action_type_desc %} For more information, see the "[blocking organization users](/rest/reference/orgs#blocking)" REST API. For more information, see "[Managing packages with {% data variables.product.prodname_registry %}](/github/managing-packages-with-github-packages)" to learn more about {% data variables.product.prodname_registry %}.
Activity related to {% data variables.product.prodname_registry %}. {% data reusables.webhooks.action_type_desc %} For more information, see "[Managing packages with {% data variables.product.prodname_registry %}](/github/managing-packages-with-github-packages)" to learn more about {% data variables.product.prodname_registry %}.
#### Availability

2
content/education/teach-and-learn-with-github-education/apply-for-a-student-developer-pack.md
View File

@@ -18,7 +18,7 @@ To be eligible for the {% data variables.product.prodname_student_pack %}, you m
- Have a [{% data variables.product.prodname_dotcom %} user account](/articles/signing-up-for-a-new-github-account)
- Be at least 13 years old
Documents that prove your current student status include a picture of your school ID, class schedule, transcript, and affiliation or enrollment verification letter.
Documents that prove your current student status include a picture of your school ID with current enrollment date, class schedule, transcript, and affiliation or enrollment verification letter.
During your tenure as a student, you may be prompted to periodically re-verify your current academic status.

4
content/github/administering-a-repository/about-protected-branches.md
View File

@@ -11,12 +11,16 @@ versions:
github-ae: '*'
---
### About protected branches
{% data reusables.pull_requests.about-protected-branches %} You can choose to enforce restrictions on how a pull request is merged into your repository.
Repository owners and people with admin permissions for a repository can enforce certain workflows or requirements, before a collaborator can merge a branch in your repository by creating protected branch rules.
{% data reusables.repositories.branch-rules-example %} For more information, see "[Configuring protected branches](/articles/configuring-protected-branches/)."
{% data reusables.pull_requests.you-can-auto-merge %}
### Prioritization of protected branch rules
If a repository has multiple protected branch rules that affect the same branches, the rules that include a specific branch name have the highest priority. If there is more than one protected branch rule that references the same specific branch name, then the branch rule created first will have higher priority.

2
content/github/administering-a-repository/configuring-pull-request-merges.md
View File

@@ -1,6 +1,6 @@
---
title: Configuring pull request merges
intro: 'You can configure pull request merges on {% data variables.product.product_location %} to match your workflow and preferences for managing Git history by enabling, disabling, or enforcing standard merge commits, squashed commits, or rebased commits on all pull requests in your repository.'
intro: 'You can configure pull request merges on {% data variables.product.product_location %} to match your workflow and preferences for managing Git history.'
mapTopic: true
redirect_from:
- /articles/configuring-pull-request-merges

1
content/github/administering-a-repository/index.md
View File

@@ -39,6 +39,7 @@ versions:
{% link_in_list /about-merge-methods-on-github %}
{% link_in_list /configuring-commit-squashing-for-pull-requests %}
{% link_in_list /configuring-commit-rebasing-for-pull-requests %}
{% link_in_list /managing-auto-merge-for-pull-requests-in-your-repository %}
{% link_in_list /managing-the-automatic-deletion-of-branches %}
{% topic_link_in_list /defining-the-mergeability-of-pull-requests %}
{% link_in_list /about-protected-branches %}

17
content/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository.md Normal file
View File

@@ -0,0 +1,17 @@
---
title: Managing auto-merge for pull requests in your repository
intro: "You can allow or disallow auto-merge for pull requests in your repository."
product: '{% data reusables.gated-features.auto-merge %}'
versions:
free-pro-team: '*'
permissions: People with maintainer permissions can manage auto-merge for pull requests in a repository.
---
{% data reusables.pull_requests.auto-merge-release-phase %}
If you allow auto-merge for pull requests in your repository, people can configure individual pull requests in the repository to merge automatically when all merge requirements are met. For more information, see "[Automatically merging a pull request](/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request)."
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
1. Under "Merge button", select or deselect **Allow auto-merge**.
![Checkbox to allow or disallow auto-merge](/assets/images/help/pull_requests/allow-auto-merge-checkbox.png)

43
content/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: Automatically merging a pull request
intro: 'You can increase development velocity by enabling auto-merge for a pull request so that the pull request will merge automatically when all merge requirements are met.'
product: '{% data reusables.gated-features.auto-merge %}'
versions:
free-pro-team: '*'
---
{% data reusables.pull_requests.auto-merge-release-phase %}
### About auto-merge
If you enable auto-merge for a pull request, the pull request will merge automatically when all required reviews are met and status checks have passed. Auto-merge prevents you from waiting around for requirements to be met, so you can move on to other tasks.
Before you can use auto-merge with a pull request, auto-merge must be enabled for the repository. For more information, see "[Managing auto-merge for pull requests in your repository](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository)."
You can provide feedback about auto-merge by [contacting us](https://support.github.com/contact/feedback?category=prs-and-code-review&subject=Pull%20request%20auto-merge%20feedback).
### Enabling auto-merge
People with write permissions to a repository can enable auto-merge for a pull request.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-pr %}
1. In the "Pull Requests" list, click the pull request you'd like to auto-merge.
1. Optionally, to choose a merge method, select the **Enable auto-merge** drop-down menu, then click a merge method. For more information, see "[About pull request merges](/github/collaborating-with-issues-and-pull-requests/about-pull-request-merges)."
!["Enable auto-merge" drop-down menu](/assets/images/help/pull_requests/enable-auto-merge-drop-down.png)
1. Click **Enable auto-merge**.
![Button to enable auto-merge](/assets/images/help/pull_requests/enable-auto-merge-button.png)
1. If you chose the merge or squash and merge methods, type a commit message and description and choose the email address you want to author the merge commit.
![Fields to enter commit message and description and choose commit author email](/assets/images/help/pull_requests/pull-request-information-fields.png)
1. Click **Confirm auto-merge**.
![Button to confirm auto-merge](/assets/images/help/pull_requests/confirm-auto-merge-button.png)
### Disabling auto-merge
People with write permissions to a repository and pull request authors can disable auto-merge for a pull request.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-pr %}
1. In the "Pull Requests" list, click the pull request you'd like to disable auto-merge for.
1. In the merge box, click **Disable auto-merge**.
![Button to disable auto-merge](/assets/images/help/pull_requests/disable-auto-merge-button.png)

1
content/github/collaborating-with-issues-and-pull-requests/index.md
View File

@@ -60,5 +60,6 @@ versions:
{% topic_link_in_list /incorporating-changes-from-a-pull-request %}
{% link_in_list /about-pull-request-merges %}
{% link_in_list /merging-a-pull-request %}
{% link_in_list /automatically-merging-a-pull-request %}
{% link_in_list /closing-a-pull-request %}
{% link_in_list /reverting-a-pull-request %}

2
content/github/collaborating-with-issues-and-pull-requests/merging-a-pull-request.md
View File

@@ -14,6 +14,8 @@ versions:
In a pull request, you propose that changes you've made on a head branch should be merged into a base branch. {% data reusables.pull_requests.about-protected-branches %} However, there may be restrictions on when you can merge a pull request into a specific branch. For example, you may only be able to merge a pull request into the default branch if required status checks are passing. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches)."
{% data reusables.pull_requests.you-can-auto-merge %}
If the pull request has merge conflicts, or if you'd like to test the changes before merging, you can [check out the pull request locally](/articles/checking-out-pull-requests-locally) and merge it using the command line.
You can't merge a draft pull request. For more information about draft pull requests, see "[About pull requests](/articles/about-pull-requests#draft-pull-requests)."

2
content/github/developing-online-with-codespaces/configuring-codespaces-for-your-project.md
View File

@@ -15,7 +15,7 @@ versions:
{% data reusables.codespaces.about-configuration %}
If you don't define a configuration in your repository, {% data variables.product.prodname_dotcom %} creates a codespace with a base Linux image. The base Linux image includes tools for Node.js, JavaScript, TypeScript, Python, C++, Java, C#, .NET Core, PHP, and PowerShell. For more information about the base Linux image, see the [`microsoft/vscode-dev-containers`](https://github.com/microsoft/vscode-dev-containers/tree/master/containers/codespaces-linux) repository.
If you don't define a configuration in your repository, {% data variables.product.prodname_dotcom %} creates a codespace with a base Linux image. The base Linux image includes tools for Python, Node.js, JavaScript, TypeScript, C++, Java, C#, F#, .NET Core, PHP, PowerShell, Go, Ruby, and Rust. For more information about the base Linux image, see the [`microsoft/vscode-dev-containers`](https://github.com/microsoft/vscode-dev-containers/tree/master/containers/codespaces-linux) repository.
{% data reusables.codespaces.about-personalization %} {% data reusables.codespaces.codespace-config-order %} For more information, see "[Personalizing {% data variables.product.prodname_codespaces %} for your account](/github/developing-online-with-codespaces/personalizing-codespaces-for-your-account)."

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning.md
View File

@@ -296,7 +296,7 @@ You can quickly analyze small portions of a monorepo when you modify code in spe
### Accessing private repositories
If your workflow for {% data variables.product.prodname_code_scanning %} accesses a private repository, other than the repository that contains the workflow, you'll need to configure Git to authenticate with a personal access token. Define the secret in the runner environment by using `jobs.<job_id>.steps.env` in your workflow before any {% data variables.product.prodname_codeql %} actions. For more information, see "[Creating a personal access token for the command line](/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)" and "[Creating and storing encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."
If your workflow for {% data variables.product.prodname_code_scanning %} accesses a private repository, other than the repository that contains the workflow, you'll need to configure Git to authenticate with a personal access token. Define the secret in the runner environment by using `jobs.<job_id>.steps[*].env` in your workflow before any {% data variables.product.prodname_codeql %} actions. For more information, see "[Creating a personal access token for the command line](/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)" and "[Creating and storing encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."
For example, the following configuration has Git replace the full URLs to the `ghost/foo`, `ghost/bar`, and `ghost/baz` repositories on {% data variables.product.prodname_dotcom_the_website %} with URLs that include the personal access token that you store in the `ACCESS_TOKEN` environment variable.

8
content/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions.md
View File

@@ -8,7 +8,9 @@ versions:
### About billing for {% data variables.product.prodname_actions %}
{% data reusables.github-actions.actions-billing %} {% data reusables.github-actions.actions-spending-limit %}
{% data reusables.github-actions.actions-billing %}
{% data reusables.github-actions.actions-spending-limit-brief %} For more information, see "[About spending limits](#about-spending-limits)."
Minutes reset every month, while storage usage does not.
@@ -69,8 +71,8 @@ Your {% data variables.product.prodname_actions %} usage shares your account's e
### About spending limits
By default, your account will have a spending limit of $0 for {% data variables.product.prodname_actions %} usage. To enable using minutes and storage for private repositories beyond the amounts included with your account, you can increase the spending limit or allow unlimited spending. For more information, see "[Managing your spending limit for {% data variables.product.prodname_actions %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-actions)."
{% data reusables.github-actions.actions-spending-limit-detailed %}
{% data reusables.github-actions.spending-limit-enterprise-account %}
For information on managing and changing your account's spending limit, see "[Managing your spending limit for {% data variables.product.prodname_actions %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-actions)."
{% data reusables.dotcom_billing.actions-packages-unpaid-account %}

6
content/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages.md
View File

@@ -10,6 +10,8 @@ versions:
{% data reusables.package_registry.packages-billing %}
{% data reusables.package_registry.packages-spending-limit-brief %} For more information, see "[About spending limits](#about-spending-limits)."
{% data reusables.package_registry.container-registry-beta-billing-note %}
Data transfer resets every month, while storage usage does not.
@@ -50,8 +52,8 @@ Your {% data variables.product.prodname_registry %} usage shares your account's
### About spending limits
By default, your account will have a spending limit of $0 for {% data variables.product.prodname_registry %} usage. To enable storage and data transfer for private packages beyond the amounts included with your account, you can increase the spending limit or allow unlimited spending. For more information, see "[Managing your spending limit for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-packages)."
{% data reusables.package_registry.packages-spending-limit-detailed %}
{% data reusables.package_registry.spending-limit-enterprise-account %}
For information on managing and changing your account's spending limit, see "[Managing your spending limit for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-packages)."
{% data reusables.dotcom_billing.actions-packages-unpaid-account %}

14
content/github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-actions.md
View File

@@ -8,13 +8,15 @@ versions:
### About spending limits for {% data variables.product.prodname_actions %}
{% data reusables.github-actions.actions-billing %} {% data reusables.github-actions.actions-spending-limit %}
{% data reusables.github-actions.actions-billing %}
You can set a higher spending limit or, for some accounts, allow unlimited spending. If you pay for your organization or enterprise account by invoice, you can prepay for overages to set a higher spending limit. The spending limit applies to your combined overages for {% data variables.product.prodname_actions %} and {% data variables.product.prodname_registry %}. For more information about pricing for {% data variables.product.prodname_actions %} usage, see "[About billing for {% data variables.product.prodname_actions %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions)."
{% data reusables.github-actions.actions-spending-limit-brief %}
As soon as you set a spending limit above $0, you will be responsible for any overages that occurred in the past. For example, if your organization uses {% data variables.product.prodname_team %}, does not allow overages, and creates workflow artifacts that increase your storage usage for the month from 1.9GB to 2.1GB, you will use slightly more storage than the 2GB your product includes.
{% data reusables.actions.actions-packages-set-spending-limit %} For more information about pricing for {% data variables.product.prodname_actions %} usage, see "[About billing for {% data variables.product.prodname_actions %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions)."
Because you have not enabled overages, your next attempt to publish a version of the package will fail. You will not receive a bill for the 0.1GB overage that month. However, if you enable overages in a future month, your first bill will include the 0.1GB of overage from the past in addition to any overages for the current billing cycle.
As soon as you set a spending limit other than $0, you will be responsible for any existing overages in the current billing period. For example, if your organization uses {% data variables.product.prodname_team %}, does not allow overages, and creates workflow artifacts that increase your storage usage for the month from 1.9GB to 2.1GB, you will use slightly more storage than the 2GB your product includes.
Because you have not enabled overages, your next attempt to create a workflow artifact will fail. You will not receive a bill for the 0.1GB overage that month. However, if you enable overages, your first bill will include the 0.1GB of existing overage for the current billing cycle, as well as any additional overages you accrue.
### Managing the spending limit for {% data variables.product.prodname_actions %} for your user account
@@ -30,8 +32,6 @@ Anyone can manage the spending limit for {% data variables.product.prodname_acti
Organizations owners and billing managers can manage the spending limit for {% data variables.product.prodname_actions %} for an organization.
If you pay for your organization account by invoice, you cannot manage the spending limit for your enterprise account on {% data variables.product.product_name %}. If you want to allow repositories owned by your organization to use {% data variables.product.prodname_actions %} beyond the storage or data transfer included for each repository, you can prepay for overages. Because overages must prepaid, you cannot enable unlimited spending on accounts paid by invoice. Your spending limit will be 150% of the amount you prepaid. If you have any questions, [contact our account management team](https://enterprise.github.com/contact).
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
@@ -44,8 +44,6 @@ If you pay for your organization account by invoice, you cannot manage the spend
Enterprise owners and billing managers can manage the spending limit for {% data variables.product.prodname_actions %} for an enterprise account.
{% data reusables.github-actions.spending-limit-enterprise-account %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.billing-tab %}

12
content/github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-packages.md
View File

@@ -10,11 +10,13 @@ versions:
{% data reusables.package_registry.packages-billing %}
You can set a higher spending limit or, for some accounts, allow unlimited spending. If you pay for your organization or enterprise account by invoice, you can prepay for overages to set a higher spending limit. The spending limit applies to your combined overages for {% data variables.product.prodname_registry %} and {% data variables.product.prodname_actions %}. For more information about pricing for {% data variables.product.prodname_registry %} usage, see "[About billing for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages)."
{% data reusables.package_registry.packages-spending-limit-brief %}
As soon as you set a spending limit above $0, you will be responsible for any overages that occurred in the past. For example, if your organization uses {% data variables.product.prodname_team %}, does not allow overages, and publishes a new version of a private package that increases your storage usage for the month from 1.9GB to 2.1GB, publishing the version will use slightly more than the 2GB your product includes.
{% data reusables.actions.actions-packages-set-spending-limit %} For more information about pricing for {% data variables.product.prodname_registry %} usage, see "[About billing for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages)."
Because you have not enabled overages, your next attempt to publish a version of the package will fail. You will not receive a bill for the 0.1GB overage that month. However, if you enable overages in a future month, your first bill will include the 0.1GB of overage from the past in addition to any overages for the current billing cycle.
As soon as you set a spending limit other than $0, you will be responsible for any existing overages in the current billing period. For example, if your organization uses {% data variables.product.prodname_team %}, does not allow overages, and publishes a new version of a private package that increases your storage usage for the month from 1.9GB to 2.1GB, publishing the version will use slightly more than the 2GB your product includes.
Because you have not enabled overages, your next attempt to publish a version of the package will fail. You will not receive a bill for the 0.1GB overage that month. However, if you enable overages, your first bill will include the 0.1GB of existing overage for the current billing cycle, as well as any additional overages you accrue.
### Managing the spending limit for {% data variables.product.prodname_registry %} for your user account
@@ -30,8 +32,6 @@ Anyone can manage the spending limit for {% data variables.product.prodname_regi
Organizations owners and billing managers can manage the spending limit for {% data variables.product.prodname_registry %} for an organization.
If you pay for your organization account by invoice, you cannot manage the spending limit for your enterprise account on {% data variables.product.product_name %}. If you want to allow repositories owned by your organization to use {% data variables.product.prodname_registry %} beyond the storage or data transfer included for each repository, you can prepay for overages. Because overages must prepaid, you cannot enable unlimited spending on accounts paid by invoice. Your spending limit will be 150% of the amount you prepaid. If you have any questions, [contact our account management team](https://enterprise.github.com/contact).
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
@@ -44,8 +44,6 @@ If you pay for your organization account by invoice, you cannot manage the spend
Enterprise owners and billing managers can manage the spending limit for {% data variables.product.prodname_registry %} for an enterprise account.
{% data reusables.package_registry.spending-limit-enterprise-account %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.billing-tab %}

1
content/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization.md
View File

@@ -39,6 +39,7 @@ Organization members can have *owner*{% if currentVersion == "free-pro-team@late
| Access the organization audit log | **X** | | |
| Edit the organization's profile page (see "[About your organization's profile](/articles/about-your-organization-s-profile)" for details) | **X** | | |
| Verify the organization's domains (see "[Verifying your organization's domain](/articles/verifying-your-organization-s-domain)" for details) | **X** | | |
| Restrict email notifications to verified domains (see "[Restricting email notifications to an approved domain](/github/setting-up-and-managing-organizations-and-teams/restricting-email-notifications-to-an-approved-domain)" for details) | **X** | | |
| Delete **all teams** | **X** | | |
| Delete the organization account, including all repositories | **X** | | |
| Create teams (see "[Setting team creation permissions in your organization](/articles/setting-team-creation-permissions-in-your-organization)" for details) | **X** | **X** | |

3
content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md
View File

@@ -60,7 +60,8 @@ In addition to managing organization-level settings, organization owners have ad
| [Report abusive or spammy content](/articles/reporting-abuse-or-spam) | **X** | **X** | **X** | **X** | **X** |{% endif %}
| Apply labels | | **X** | **X** | **X** | **X** |
| Create, edit, delete labels | | | **X** | **X** | **X** |
| Close, reopen, and assign all issues and pull requests | | **X** | **X** | **X** | **X** |
| Close, reopen, and assign all issues and pull requests | | **X** | **X** | **X** | **X** |{% if currentVersion == "free-pro-team@latest" %}
| [Enable and disable auto-merge on a pull request](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository) | | | **X** | **X** | **X** |{% endif %}
| Apply milestones | | **X** | **X** | **X** | **X** |
| Mark [duplicate issues and pull requests](/articles/about-duplicate-issues-and-pull-requests)| | **X** | **X** | **X** | **X** |
| Request [pull request reviews](/articles/requesting-a-pull-request-review) | | **X** | **X** | **X** | **X** |

11
content/github/setting-up-and-managing-organizations-and-teams/restricting-email-notifications-to-an-approved-domain.md
View File

@@ -9,14 +9,19 @@ versions:
free-pro-team: '*'
---
When restricted email notifications are enabled in an organization, members can only receive email notifications about organization activity at an email address associated with the organization's verified domain. For more information, see "[Verifying your organization's domain](/articles/verifying-your-organization-s-domain)."
### About email restrictions
When restricted email notifications are enabled in an organization, members can only use an email address associated with the organization's verified domains to receive email notifications about organization activity. For more information, see "[Verifying your organization's domain](/articles/verifying-your-organization-s-domain)."
Outside collaborators are not subject to restrictions on email notifications for verified domains. For more information on outside collaborators, see "[Permission levels for an organization](/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization#outside-collaborators)."
If your organization is owned by an enterprise account, organization members will be able to receive notifications from any domains verified for the enterprise account, in addition to any domains verified for the organization. For more information, see "[Verifying your enterprise account's domain](/github/setting-up-and-managing-your-enterprise/verifying-your-enterprise-accounts-domain)."
### Restricting email notifications to an approved domain
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
{% data reusables.organizations.verified-domains %}
5. Under "Enforcement preferences", select **Restrict email notifications to domain email**.
![Checkbox to restrict email notifications to verified domain emails](/assets/images/help/organizations/restrict-email-notifications-to-domain.png)
{% data reusables.organizations.restrict-email-notifications %}
6. Click **Save**.

32
content/github/setting-up-and-managing-organizations-and-teams/verifying-your-organizations-domain.md
View File

@@ -8,46 +8,34 @@ versions:
free-pro-team: '*'
---
### About domain verification
To verify domains on {% data variables.product.product_name %}, you must have owner permissions in the organization. For more information, see "[Permission levels for an organization](/articles/permission-levels-for-an-organization)." You will also need access to modify domain records with your domain hosting service.
After verifying ownership of your organization's domains, a "Verified" badge will display on the organization's profile. If your organization is on {% data variables.product.prodname_ghe_cloud %} and has agreed to the Corporate Terms of Service, organization owners will be able to verify the identity of organization members by viewing each member's email address within the verified domain. For more information, see "[About your organization's profile page](/articles/about-your-organization-s-profile/)" and "[Upgrading to the Corporate Terms of Service](/articles/upgrading-to-the-corporate-terms-of-service)."
To display a "Verified" badge, the website and email information shown on your organization's profile must match the verified domain or domains. If the website and email address shown on your organization's profile are hosted on different domains, you must verify both domains.
If your organization is owned by an enterprise account, a "Verified" badge will display on your organization's profile for any domains verified for the enterprise account, in addition to any domains verified for the organization. For more information, see "[Verifying your enterprise account's domain](/github/setting-up-and-managing-your-enterprise/verifying-your-enterprise-accounts-domain)."
{% note %}
**Note:** If the email address and website shown on your organization's profile use variants of the same domain, you must verify both variants. For example, if your organization's profile shows the website `www.example.com` and the email address `info@example.com`, you would need to verify both `www.example.com` and `example.com`.
{% endnote %}
{% data reusables.organizations.verified-domains-details %}
On {% data variables.product.prodname_ghe_cloud %}, after verifying ownership of your organization's domain, you can restrict email notifications for the organization to that domain. For more information, see "[Restricting email notifications to an approved domain](/articles/restricting-email-notifications-to-an-approved-domain)."
### Verifying your organization's domain
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
{% data reusables.organizations.verified-domains %}
5. Click **Add a domain**.
![Add a domain button](/assets/images/help/organizations/add-a-domain-button.png)
6. In the domain field, type the domain you'd like to verify, then click **Add domain**.
![Add a domain field](/assets/images/help/organizations/add-domain-field.png)
7. Follow the instructions under **Add a DNS TXT record** to create a DNS TXT record with your domain hosting service. It may take up to 72 hours for your DNS configuration to change. Once your DNS configuration has changed, continue to the next step.
![Instructions to create a DNS txt record](/assets/images/help/organizations/create-dns-txt-record-instructions.png)
{% tip %}
**Tip:** You can confirm your DNS configuration has changed by running the `dig` command on the command line. In the example command, replace `ORGANIZATION` with the name of your organization, and `example.com` with the domain you'd like to verify. You should see your new TXT record listed in the command output.
{% data reusables.organizations.add-domain %}
{% data reusables.organizations.add-dns-txt-record %}
1. Wait for your DNS configuration to change, which may take up to 72 hours. You can confirm your DNS configuration has changed by running the `dig` command on the command line, replacing `ORGANIZATION` with the name of your organization and `example.com` with the domain you'd like to verify. You should see your new TXT record listed in the command output.
```shell
$ dig _github-challenge-<em>ORGANIZATION</em>.<em>example.com</em> +nostats +nocomments +nocmd TXT
```
{% endtip %}
8. After confirming your TXT record is added to your DNS, navigate to the Verified domains tab in your organization's settings. You can follow steps one through four above to locate the Verified domains tab.
![Verified domains settings page with pending domain](/assets/images/help/organizations/pending-domain-verification.png)
9. Next to the domain that's pending verification, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}, then click **Continue verifying**.
![Continue verifying domain button](/assets/images/help/organizations/continue-verifying-domain.png)
10. Click **Verify domain**.
![Verify domain button](/assets/images/help/organizations/verify-domain-final-button.png)
{% data reusables.organizations.continue-verifying-domain %}
11. Optionally, once the "Verified" badge is visible on your organization's profile page, you can delete the TXT entry from the DNS record at your domain hosting service.
![Verified badge](/assets/images/help/organizations/verified-badge.png)

2
content/github/setting-up-and-managing-your-enterprise/index.md
View File

@@ -34,6 +34,8 @@ versions:
{% link_in_list /enforcing-team-policies-in-your-enterprise-account %}
{% link_in_list /enforcing-security-settings-in-your-enterprise-account %}
{% link_in_list /configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta %}
{% link_in_list /verifying-your-enterprise-accounts-domain %}
{% link_in_list /restricting-email-notifications-for-your-enterprise-account-to-approved-domains %}
{% link_in_list /enforcing-a-policy-on-dependency-insights-in-your-enterprise-account %}
{% link_in_list /enforcing-github-actions-policies-in-your-enterprise-account %}
{% link_in_list /configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account %}

26
content/github/setting-up-and-managing-your-enterprise/restricting-email-notifications-for-your-enterprise-account-to-approved-domains.md Normal file
View File

@@ -0,0 +1,26 @@
---
title: Restricting email notifications for your enterprise account to approved domains
intro: "You can prevent your enterprise's information from leaking into personal accounts by restricting email notifications about activity in organizations owned by your enterprise account to verified domains."
product: '{% data reusables.gated-features.enterprise-accounts %}'
versions:
free-pro-team: '*'
permissions: Enterprise owners can restrict email notifications for an enterprise account.
---
{% data reusables.enterprise-accounts.verifying-domains-release-phase %}
### About email restrictions for your enterprise account
When you restrict email notifications to verified domains, enterprise members can only use an email address associated with a verified domain to receive email notifications about activity in organizations owned by your enterprise account. The domains can be inherited from the enterprise account or configured for the specific organization. For more information about email restrictions for organizations, see "[Restricting email notifications to an approved domain](/github/setting-up-and-managing-organizations-and-teams/restricting-email-notifications-to-an-approved-domain)."
If email restrictions are enabled for an enterprise account, organization owners cannot disable email restrictions for any organization owned by the enterprise account. If changes occur that result in an organization having no verified domains, either inherited from an enterprise account that owns the organization or for the specific organization, email restrictions will be disabled for the organization.
### Restricting email notifications for your enterprise account
Before you can restrict email notifications for your enterprise account, you must verify at least one domain for the enterprise account. For more information, see "[Verifying your enterprise account's domain](/github/setting-up-and-managing-your-enterprise/verifying-your-enterprise-accounts-domain)."
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.verified-domains-tab %}
{% data reusables.organizations.restrict-email-notifications %}
1. Click **Save**.

44
content/github/setting-up-and-managing-your-enterprise/verifying-your-enterprise-accounts-domain.md Normal file
View File

@@ -0,0 +1,44 @@
---
title: Verifying your enterprise account's domain
intro: 'You can confirm the identity of organizations owned by your enterprise account by verifying ownership of your domain names with {% data variables.product.company_short %}.'
product: '{% data reusables.gated-features.enterprise-accounts %}'
versions:
free-pro-team: '*'
permissions: Enterprise owners can verify an enterprise account's domain.
redirect_from:
- /github/articles/verifying-your-enterprise-accounts-domain
- /early-access/github/articles/verifying-your-enterprise-accounts-domain
---
{% data reusables.enterprise-accounts.verifying-domains-release-phase %}
### About domain verification
You can confirm that the websites and email addresses listed on the profiles of any organization owned by your enterprise account are controlled by your enterprise by verifying the domains. Verified domains for an enterprise account apply to every organization owned by the enterprise account, and organization owners can verify additional domains for their organizations. For more information, see "[Verifying your organization's domain](/github/setting-up-and-managing-organizations-and-teams/verifying-your-organizations-domain)."
After you verify ownership of your enterprise account's domains, a "Verified" badge will display on the profile of each organization that has the domain listed on its profile. {% data reusables.organizations.verified-domains-details %}
Organization owners will be able to verify the identity of organization members by viewing each member's email address within the verified domain.
After you verify domains for your enterprise account, you can restrict email notifications to verified domains for all the organizations owned by your enterprise account. For more information, see "[Restricting email notifications for your enterprise account to approved domains](/github/setting-up-and-managing-your-enterprise/restricting-email-notifications-for-your-enterprise-account-to-approved-domains)."
Even if you don't restrict email notifications for the enterprise account, if an organization owner has restricted email notifications for the organization, organization members will be able to receive notifications from any domains verified for the enterprise account, in addition to any domains verified for the organization. For more information about restricting notifications for an organization, see "[Restricting email notifications to an approved domain](/github/setting-up-and-managing-organizations-and-teams/restricting-email-notifications-to-an-approved-domain)."
### Verifying your enterprise account's domain
To verify your enterprise account's domain, you must have access to modify domain records with your domain hosting service.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.verified-domains-tab %}
1. Click **Add a domain**.
![Add a domain button](/assets/images/help/enterprises/add-a-domain-button.png)
{% data reusables.organizations.add-domain %}
{% data reusables.organizations.add-dns-txt-record %}
1. Wait for your DNS configuration to change, which may take up to 72 hours. You can confirm your DNS configuration has changed by running the `dig` command on the command line, replacing `ENTERPRISE-ACCOUNT` with the name of your enterprise account, and `example.com` with the domain you'd like to verify. You should see your new TXT record listed in the command output.
```shell
dig _github-challenge-<em>ENTERPRISE-ACCOUNT</em>.<em>example.com</em> +nostats +nocomments +nocmd TXT
```
{% data reusables.organizations.continue-verifying-domain %}
1. Optionally, after the "Verified" badge is visible on your organizations' profiles, delete the TXT entry from the DNS record at your domain hosting service.
![Verified badge](/assets/images/help/organizations/verified-badge.png)

2
content/github/setting-up-and-managing-your-github-profile/viewing-contributions-on-your-profile.md
View File

@@ -11,7 +11,7 @@ versions:
github-ae: '*'
---
{% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}Your contribution graph shows activity from public repositories. {% endif %}You can choose to show activity from {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}both public and{% endif %}private repositories, with specific details of your activity in private repositories anonymized. For more information, see "[Publicizing or hiding your private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile)."
{% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}Your contribution graph shows activity from public repositories. {% endif %}You can choose to show activity from {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}both public and {% endif %}private repositories, with specific details of your activity in private repositories anonymized. For more information, see "[Publicizing or hiding your private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile)."
{% note %}

6
content/github/setting-up-and-managing-your-github-user-account/permission-levels-for-a-user-account-repository.md
View File

@@ -44,7 +44,8 @@ The repository owner has full control of the repository. In addition to the acti
| Define code owners for the repository | "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)" |
| Archive the repository | "[About archiving repositories](/github/creating-cloning-and-archiving-repositories/about-archiving-repositories)" |{% if currentVersion == "free-pro-team@latest" %}
| Create security advisories | "[About {% data variables.product.prodname_security_advisories %}](/github/managing-security-vulnerabilities/about-github-security-advisories)" |
| Display a sponsor button | "[Displaying a sponsor button in your repository](/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository)" |{% endif %}
| Display a sponsor button | "[Displaying a sponsor button in your repository](/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository)" |
| Allow or disallow auto-merge for pull requests | "[Managing auto-merge for pull requests in your repository](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository)" | {% endif %}
### Collaborator access for a repository owned by a user account
@@ -66,7 +67,8 @@ Collaborators can also perform the following actions.
| Manage labels for issues and pull requests in the repository | "[Labeling issues and pull requests](/github/managing-your-work-on-github/labeling-issues-and-pull-requests)" |
| Manage milestones for issues and pull requests in the repository | "[Creating and editing milestones for issues and pull requests](/github/managing-your-work-on-github/creating-and-editing-milestones-for-issues-and-pull-requests)" |
| Mark an issue or pull request in the repository as a duplicate | "[About duplicate issues and pull requests](/github/managing-your-work-on-github/about-duplicate-issues-and-pull-requests)" |
| Create, merge, and close pull requests in the repository | "[Proposing changes to your work with pull requests](/github/collaborating-with-issues-and-pull-requests/proposing-changes-to-your-work-with-pull-requests)" |
| Create, merge, and close pull requests in the repository | "[Proposing changes to your work with pull requests](/github/collaborating-with-issues-and-pull-requests/proposing-changes-to-your-work-with-pull-requests)" |{% if currentVersion == "free-pro-team@latest" %}
| Enable and disable auto-merge for a pull request | "[Automatically merging a pull request](/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request)"{% endif %}
| Apply suggested changes to pull requests in the repository |"[Incorporating feedback in your pull request](/github/collaborating-with-issues-and-pull-requests/incorporating-feedback-in-your-pull-request)" |
| Create a pull request from a fork of the repository | "[Creating a pull request from a fork](/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)" |
| Submit a review on a pull request that affects the mergeability of the pull request | "[Reviewing proposed changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-proposed-changes-in-a-pull-request)" |

21
content/github/site-policy/github-additional-product-terms.md
View File

@@ -4,7 +4,7 @@ versions:
free-pro-team: '*'
---
Version Effective Date: December 7, 2020
Version Effective Date: December 14, 2020
When you create an Account, you're given access to lots of different features and products that are all a part of the Service. Because many of these features and products offer different functionality, they may require additional terms and conditions specific to that feature or product. Below, we've listed those features and products, along with the corresponding additional terms that apply to your use of them.
@@ -46,13 +46,11 @@ GitHub Pages are subject to some specific bandwidth and usage limits, and may no
### 5. Actions and Packages
#### a. Actions Usage
GitHub Actions enables you to create custom software development lifecycle workflows directly in your GitHub repository. Each Account comes with included compute and storage quantities for use with Actions, depending on your Account plan, which can be found in the [Actions documentation](/actions). Your Actions compute usage is displayed within [your account settings](https://github.com/settings/billing), and you will be notified by email in advance of reaching the limit of your included quantities. If you want to use Actions beyond your included quantities, then you may [enable overages](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions).
GitHub Actions is billed on a usage basis. The [Actions documentation](/actions) includes details, including compute and storage quantities (depending on your Account plan), and how to monitor your Actions minutes usage and set usage limits.
Compute usage for included and paid quantities is calculated in minutes based on the type of Actions you execute (e.g. Linux, Windows, macOS). The minutes used for each Action's job or task will be rounded up to the nearest minute. For included quantities and depending on the type of Action, a multiplier may be applied to the amount of time used to execute each job or task, prior to being rounded up to the nearest minute. Overage minutes are charged at the [stated per minute price](https://github.com/features/actions) based on the type of Actions you execute. Actions and Packages share storage, and your storage usage is displayed within your [account settings](https://github.com/settings/billing). For additional details about included quantity usage calculations, see the [Actions documentation](/actions).
Actions and any elements of the Action service may not be used in violation of the Agreement, the [Acceptable Use Policy](/github/site-policy/github-acceptable-use-policies), or the GitHub Actions [service limitations](/actions/reference/usage-limits-billing-and-administration/#usage-limits). Additionally, Actions should not be used for:
Actions and any elements of the Actions service may not be used in violation of the Agreement, the [GitHub Acceptable Use Polices](/github/site-policy/github-acceptable-use-policies), or the GitHub Actions service limitations set forth in the [Actions documentation](/actions). Additionally, Actions should not be used for:
- cryptomining;
- using our servers to disrupt, or to gain or to attempt to gain unauthorized access to, any service, device, data, account or network (other than those authorized by the [GitHub Bug Bounty program](https://bounty.github.com))
- using our servers to disrupt, or to gain or to attempt to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the [GitHub Bug Bounty program](https://bounty.github.com));
- the provision of a stand-alone or integrated application or service offering Actions or any elements of Actions for commercial purposes;
- any activity that places a burden on our servers, where that burden is disproportionate to the benefits provided to users (for example, don't use Actions as a content delivery network or as part of a serverless application, but a low benefit Action could be ok if its also low burden); or
- any other activity unrelated to the production, testing, deployment, or publication of the software project associated with the repository where GitHub Actions are used.
@@ -60,16 +58,7 @@ Actions and any elements of the Action service may not be used in violation of t
In order to prevent violations of these limitations and abuse of GitHub Actions, GitHub may monitor your use of GitHub Actions. Misuse of GitHub Actions may result in termination of jobs, or restrictions in your ability to use GitHub Actions.
#### b. Packages Usage
GitHub Packages may be used to download, publish, and manage packages of Content. Each Account plan comes with included bandwidth and storage quantities for use with Packages, which can be found in the [Packages documentation](/github/managing-packages-with-github-package-registry/about-github-package-registry). Actions and Packages share storage between the two Service features. Storage and bandwidth usage are displayed within your [account settings](https://github.com/settings/billing), and you will be notified by email in advance of reaching the limit of your included quantities. If you want to use Packages beyond your included bandwidth and storage quantities, then you may [enable overages](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages).
Bandwidth usage is calculated based on the amount of data transferred out of your repositories through Packages, but package transfers through Actions will not count toward your included or paid quantities. Packages bandwidth usage is limited by the [Acceptable Use Policy](/github/site-policy/github-acceptable-use-policies#7-excessive-bandwidth-use), and included bandwidth quantities are determined by your [account plan](https://github.com/pricing).
Actions and Packages storage usage is shared between the two Service features. Storage usage is calculated as a weighted average over the course of the month and does not reset each month. Public and private repositories have different included storage quantities, and the included quantities for private repositories depend on your [account plan](https://github.com/pricing).
#### c. Payment and Billing for Actions and Packages
Billing for Actions and Packages is usage-based. Additional quantities of Actions or Packages cannot be purchased separately. For monthly-billed customers, you must have a payment method on file to choose to pay for additional quantities of these Service features. You will be charged on a monthly, recurring basis based on your usage in the preceding month, unless you are billed by invoice. For invoiced customers, you must pay the fees within thirty (30) days of the GitHub invoice date. For customers paying for Service feature overages in advance, unused prepaid minutes will not roll over to the next billing period and will not be refunded.
You can set a monthly spending limit in your [account settings](https://github.com/settings/billing/cost_management). You will be notified by email in advance of reaching the limit of your included quantities and the designated spending limit of your paid additional quantities.
GitHub Packages is billed on a usage basis. The [Packages documentation](/packages) includes details, including bandwidth and storage quantities (depending on your Account plan), and how to monitor your Packages usage and set usage limits. Packages bandwidth usage is limited by the [GitHub Acceptable Use Polices](/github/site-policy/github-acceptable-use-policies).
### 6. Learning Lab

2
content/github/site-policy/github-marketplace-developer-agreement.md
View File

@@ -169,7 +169,7 @@ UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEG
**10.3** GitHub may terminate this Agreement at any time if (a) you have breached any provision of this Agreement or (b) GitHub is required to do so by law.
**10.4** Effects of Termination by Developer. Upon receiving forty-five (45) days advanced written notice of termination from Developer, Developer will be disabled from taking on new customers via Marketplace. Any outstanding fees shall be remitted upon termination and removal of the Developer Product from Marketplace. If termination is initiated as a result of a GitHub modication to these terms (Section 11), the terms in effect immediately prior to such modification shall govern for the duration of the 45-day notice period until the date of actual termination.
**10.4** Effects of Termination by Developer. Upon receiving forty-five (45) days advanced written notice of termination from Developer, Developer will be disabled from taking on new customers via Marketplace. Any outstanding fees shall be remitted upon termination and removal of the Developer Product from Marketplace. If termination is initiated as a result of a GitHub modification to these terms (Section 11), the terms in effect immediately prior to such modification shall govern for the duration of the 45-day notice period until the date of actual termination.
**10.5** The obligations in Sections 2, 3, 4, 5, 8, 9 and 12-18 will survive any expiration or termination of this Agreement.

6
content/github/working-with-github-pages/managing-a-custom-domain-for-your-github-pages-site.md
View File

@@ -40,7 +40,9 @@ To set up a `www` or custom subdomain, such as `www.example.com` or `blog.exampl
{% data reusables.pages.navigate-site-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.pages.save-custom-domain %}
5. Navigate to your DNS provider and create a `CNAME` record that points your subdomain to the default domain for your site. For example, if you want to use the subdomain `www.example.com` for your user site, create a `CNAME` record that points `www.example.com` to `<user>.github.io`. If you want to use the subdomain `www.anotherexample.com` for your organization site, create a `CNAME` record that points `www.anotherexample.com` to `<organization>.github.io`. The `CNAME` file should always point to `<user>.github.io` or `<organization>.github.io`, excluding the repository name. {% data reusables.pages.contact-dns-provider %} {% data reusables.pages.default-domain-information %}
5. Navigate to your DNS provider and create a `CNAME` record that points your subdomain to the default domain for your site. For example, if you want to use the subdomain `www.example.com` for your user site, create a `CNAME` record that points `www.example.com` to `<user>.github.io`. If you want to use the subdomain `www.anotherexample.com` for your organization site, create a `CNAME` record that points `www.anotherexample.com` to `<organization>.github.io`. The `CNAME` record should always point to `<user>.github.io` or `<organization>.github.io`, excluding the repository name. {% data reusables.pages.contact-dns-provider %} {% data reusables.pages.default-domain-information %}
{% indented_data_reference site.data.reusables.pages.wildcard-dns-warning spaces=3 %}
{% data reusables.command_line.open_the_multi_os_terminal %}
6. To confirm that your DNS record configured correctly, use the `dig` command, replacing _WWW.EXAMPLE.COM_ with your subdomain.
```shell
@@ -71,6 +73,8 @@ To set up an apex domain, such as `example.com`, you must configure a _CNAME_ fi
185.199.110.153
185.199.111.153
```
{% indented_data_reference site.data.reusables.pages.wildcard-dns-warning spaces=3 %}
{% data reusables.command_line.open_the_multi_os_terminal %}
6. To confirm that your DNS record configured correctly, use the `dig` command, replacing _EXAMPLE.COM_ with your apex domain. Confirm that the results match the IP addresses for {% data variables.product.prodname_pages %} above.
```shell

6
content/github/working-with-github-pages/troubleshooting-custom-domains-and-github-pages.md
View File

@@ -39,11 +39,7 @@ Make sure your site does not:
- Use more than one `www` subdomain. For example, both `www.example.com` and `www.anotherexample.com`.
- Use both an apex domain and custom subdomain. For example, both `example.com` and `docs.example.com`.
{% warning %}
**Warning:** We strongly recommend not using wildcard DNS records, such as `*.example.com`. A wildcard DNS record will allow anyone to host a {% data variables.product.prodname_pages %} site at one of your subdomains.
{% endwarning %}
{% data reusables.pages.wildcard-dns-warning %}
For a list of supported custom domains, see "[About custom domains and {% data variables.product.prodname_pages %}](/articles/about-custom-domains-and-github-pages/#supported-custom-domains)."

10
content/graphql/overview/resource-limitations.md
View File

@@ -125,7 +125,7 @@ These two examples show how to calculate the total nodes in a call.
= 22,060 total nodes</pre>
### Rate limit
## Rate limit
The GraphQL API v4 limit is different from the REST API v3's [rate limits](/rest/overview/resources-in-the-rest-api#rate-limiting).
@@ -136,13 +136,7 @@ To accurately represent the server cost of a query, the GraphQL API v4 calculate
* The formula uses the `first` and `last` arguments on a parent connection and its children to pre-calculate the potential load on GitHub's systems, such as MySQL, ElasticSearch, and Git.
* Each new connection has its own point value. Points are combined with other points from the call into an overall rate limit score.
The GraphQL API v4 rate limit is **5,000 points per hour**.
{% if currentVersion == "free-pro-team@latest" %}
For {% data variables.product.prodname_github_apps %} or {% data variables.product.prodname_oauth_app %}s that belong to a {% data variables.product.prodname_ghe_cloud %} account, requests to resources owned by the same {% data variables.product.prodname_ghe_cloud %} account have an increased limit of 15,000 points per hour.
{% endif %}
The GraphQL API v4 rate limit is **5,000 points per hour**.
Note that 5,000 points per hour is not the same as 5,000 calls per hour: the GraphQL API v4 and REST API v3 use different rate limits.

12
content/packages/index.md
View File

@@ -19,15 +19,15 @@ featuredLinks:
- /packages/guides/enabling-improved-container-support
- /packages/guides/configuring-rubygems-for-use-with-github-packages
changelog:
- title: ghcr.io container names redirect to the container page
date: '2020-12-14'
href: https://github.blog/changelog/2020-12-14-ghcr-io-container-names-redirect-to-the-container-page/
- title: Filter for tagged and untagged containers
date: '2020-12-14'
href: https://github.blog/changelog/2020-12-14-packages-can-filter-for-tagged-and-untagged-containers/
- title: Packages container support is an opt-in beta
date: '2020-11-17'
href: https://docs.github.com/packages/getting-started-with-github-container-registry/enabling-improved-container-support
- title: Organization admins access to containers
date: '2020-11-16'
href: https://github.blog/changelog/2020-11-16-packages-organization-admins-access-to-containers/
- title: Packages now respects IP allow list settings
date: '2020-11-12'
href: https://github.blog/changelog/2020-11-12-packages-now-respects-ip-allow-list-settings/
redirect_from:
- /github/managing-packages-with-github-packages
- /categories/managing-packages-with-github-package-registry

2
content/packages/learn-github-packages/about-github-packages.md
View File

@@ -46,7 +46,7 @@ You can review the package's README, some metadata like licensing, download stat
{% if currentVersion == "free-pro-team@latest" %}
### About billing for {% data variables.product.prodname_registry %}
{% data reusables.package_registry.packages-billing %} For more information, see "[About billing for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages)."
{% data reusables.package_registry.packages-billing %} {% data reusables.package_registry.packages-spending-limit-brief %} For more information, see "[About billing for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages)."
{% data reusables.package_registry.container-registry-beta-billing-note %}
{% endif %}

5
data/graphql/schema.docs.graphql
View File

@@ -13418,6 +13418,11 @@ type MarketplaceListing implements Node {
"""
hasTermsOfService: Boolean!
"""
Whether the creator of the app is a verified org
"""
hasVerifiedOwner: Boolean!
"""
A technical description of how this app works with GitHub.
"""

43
data/release-notes/2-20/0.yml Normal file
View File

@@ -0,0 +1,43 @@
date: '2020-02-11'
sections:
features:
- 'On a repository branch, repository administrators can reject any push that contains a merge commit by enabling `Require linear history` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}'
- 'Repository administrators can grant all users with push access the ability to force-push to a protected branch by enabling `Allow force pushes` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/, https://github.com/github/ce-oss-happiness/issues/42, https://github.com/github/github/pull/125950 {% endcomment %}'
- 'Repository administrators can grant all users with push access the ability to delete a protected branch by enabling `Allow deletions` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}'
- 'Administrators can set a `maxobjectsize` limit on repositories, [limiting the size of push commits](https://help.github.com/en/enterprise/admin/installation/setting-git-push-limits) to a repository that are not in [Git LFS](https://help.github.com/en/enterprise/admin/installation/configuring-git-large-file-storage-on-github-enterprise-server). {% comment %} https://github.com/github/babeld/pull/864, https://team.githubapp.com/posts/33519, https://github.com/githubcustomers/Slack/issues/27 {% endcomment %}'
- 'Organization owners can create a set of default labels when creating a new repository.{% comment %} https://github.com/github/issues-projects/issues/237, https://github.com/github/issues-projects/issues/179 {% endcomment %}'
security_fixes:
- Packages have been updated to the latest security versions.
bugs:
- 'When a member of an organization tried to view a public repository in that organization, an SSO prompt could break the page display. {% comment %} https://github.com/github/github/issues/126677, https://github.com/github/github/pull/127501 {% endcomment %}'
- "When viewing a users' profile, the links to that users' teams could be broken. {% comment %} https://github.com/github/github/issues/131771, https://github.com/github/github/pull/131865 {% endcomment %}"
- 'Users with the `maintain` role were unable to edit repository topics. {% comment %} https://github.com/github/github/pull/129503, https://github.com/github/github/issues/119456 {% endcomment %}'
- "A user who isn't an administrator for an organization would receive a 500 error when attempting to access the sign up page. {% comment %} https://github.com/github/github/pull/129213, https://github.com/github/github/issues/129210, https://github.com/github/github/issues/129212 {% endcomment %}"
- 'The edit history popup would not display on gist comments. {% comment %} https://github.com/github/github/pull/129134, https://github.com/github/github/issues/128496 {% endcomment %}'
- 'A new account could be registered with an email that was already registered. {% comment %} https://github.com/github/github/pull/127905, https://github.com/github/github/issues/127858 {% endcomment %}'
- 'A storage service was hitting a file descriptor limit and causing kernel hanging and other services to log errors. {% comment %} https://github.com/github/enterprise2/pull/18775 {% endcomment %}'
- 'When an autolink reference was part of a url, the hyperlink could be removed. {% comment %} https://github.com/github/github/pull/126776 {% endcomment %}'
- 'When adding a comment to a pull request, the `Linked Issues` section from the sidebar could disappear. {% comment %} https://github.com/github/issues-projects/issues/384, https://github.com/github/github/pull/130514 {% endcomment %}'
- 'When editing an existing organization invitation for a user, a duplicate header could be appear on the `Teams` table. {% comment %} https://github.com/github/github/issues/120381, https://github.com/github/github/pull/128939 {% endcomment %}'
- 'The `resqued` service could stop logging events when the queues became too large. {% comment %} https://github.com/github/github/pull/130087, https://github.com/github/business-support/issues/2696 {% endcomment %}'
- 'Self-signed certificates are not automatically generated when running the `ghe-config-apply` command for cluster and high-availability configurations. {% comment %} https://github.com/github/enterprise2/pull/18773 {% endcomment %}'
changes:
- 'No logo will be displayed for a topic if one has not been uploaded. {% comment %} https://github.com/github/github/issues/130513, https://github.com/github/github/pull/130515 {% endcomment %}'
- 'When viewing an issue on a mobile browser, the issue metadata is listed at the top of the page. {% comment %} https://github.com/github/github/pull/127560 {% endcomment %}'
- 'Consul''s top-level domain has changed from ".consul" to ".ghe.local". {% comment %} https://github.com/github/enterprise2/pull/17443, https://github.com/github/enterprise2/issues/17701 {% endcomment %}'
- 'The hookshot service no longer relies on ElasticSearch and only uses MySQL as a database store. {% comment %} https://github.com/github/enterprise2/pull/18158, https://github.com/github/hookshot/pull/1128, https://github.com/github/enterprise2/pull/15898 {% endcomment %}'
- 'Improved visual distinction between issue, project and discussion has been implemented on project note cards. {% comment %} https://github.com/github/github/pull/132038 {% endcomment %}'
- 'On a pull request review, a notice is displayed if a multi-line comment is truncated. {% comment %} https://github.com/github/github/issues/125948, https://github.com/github/github/pull/128677 {% endcomment %}'
- 'Users can view their audit log on the `Security Log` tab of their personal settings page. {% comment %} https://github.com/github/github/pull/123041{% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When pushing to a gist, an exception could be triggered during the post-receive hook. {% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
- Duplicate webhook entries in the database can cause upgrades from previous versions to fail. (updated 2020-02-26)
- 'Upgrades and settings updates will fail if background worker configurations have been customised. {% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'When upgrading from previous versions, background job workers may not be spawned, preventing essential features such as merging pull requests. (updated 2020-04-07) {% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
- 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'

20
data/release-notes/2-20/1.yml Normal file
View File

@@ -0,0 +1,20 @@
date: '2020-02-27'
sections:
security_fixes:
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/19116, https://github.com/github/enterprise2/pull/19110, https://github.com/github/enterprise2/pull/19154, https://github.com/github/enterprise2/pull/19142 {% endcomment %}'
bugs:
- 'Restore from backups would fail with an `Invalid RDB version number` error. {% comment %} https://github.com/github/enterprise2/pull/19117, https://github.com/github/enterprise2/pull/19109 {% endcomment %}'
- 'Upgrading an HA replica would stall indefinitely waiting for MySQL to start. {% comment %} https://github.com/github/enterprise2/pull/19168, https://github.com/github/enterprise2/pull/19101 {% endcomment %}'
- 'PR review comments with unexpected values for "position" or "original_position" caused imports to fail. {% comment %} https://github.com/github/github/pull/135439, https://github.com/github/github/pull/135374 {% endcomment %}'
- 'Duplicate webhook entries in the database could cause upgrades from previous versions to fail. {% comment %} https://github.com/github/hookshot/pull/1541, https://github.com/github/hookshot/pull/1426, https://github.com/github/hookshot/pull/1540 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When pushing to a gist, an exception could be triggered during the post-receive hook. {% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
- 'Upgrades and settings updates will fail if background worker configurations have been customised. {% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'When upgrading from previous versions, background job workers may not be spawned, preventing essential features such as merging pull requests. (updated 2020-04-07) {% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
- 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'

20
data/release-notes/2-20/10.yml Normal file
View File

@@ -0,0 +1,20 @@
date: '2020-06-23'
sections:
security_fixes:
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/20746, https://github.com/github/enterprise2/pull/20727 {% endcomment %}'
bugs:
- 'Excessively large log events could lead to log forwarding instability when UDP was used as the transport mechanism. {% comment %} https://github.com/github/enterprise2/pull/20457, https://github.com/github/enterprise2/pull/20445 {% endcomment %}'
- "Automatic unsuspension of a user through SSO did not complete if the SSH keys attribute had keys already associated with the user's account. {% comment %} https://github.com/github/github/pull/143474, https://github.com/github/github/pull/142927 {% endcomment %}"
- 'The repository permission hash from the REST API indicated no access for business members who have pull access to internal repositories. {% comment %} https://github.com/github/github/pull/144755, https://github.com/github/github/pull/144292 {% endcomment %}'
- 'Previewing a GitHub App description written in markdown was not properly rendered. {% comment %} https://github.com/github/github/pull/145038, https://github.com/github/github/pull/133360 {% endcomment %}'
- 'The audit log did not include branch protection changes events. {% comment %} https://github.com/github/github/pull/145995, https://github.com/github/github/pull/145014 {% endcomment %}'
- "Trying to assign code review to a member of an empty team would result in a '500 Internal Server Error'. {% comment %} https://github.com/github/github/pull/146328, https://github.com/github/github/pull/139330 {% endcomment %}"
- 'Code review assignment using the load balancing algorithm could repeatedly assign to the same team member. {% comment %} https://github.com/github/github/pull/146329, https://github.com/github/github/pull/136504 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
- 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'

18
data/release-notes/2-20/11.yml Normal file
View File

@@ -0,0 +1,18 @@
date: '2020-07-09'
sections:
security_fixes:
- '**MEDIUM:** Updated nginx to 1.16.1 and addressed CVE-2019-20372. (updated 2020-07-22) {% comment %} https://github.com/github/enterprise2/pull/21251 {% endcomment %}'
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21088, https://github.com/github/enterprise2/pull/21036 {% endcomment %}'
bugs:
- 'Dependency graph was not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. {% comment %} https://github.com/github/enterprise2/pull/21260, https://github.com/github/enterprise2/pull/21102 {% endcomment %}'
- 'Certain log files did not rotate every 7 days. {% comment %} https://github.com/github/enterprise2/pull/21278, https://github.com/github/enterprise2/pull/21264 {% endcomment %}'
- 'Rapid reuse of webhook source ports resulted in rejected connections. {% comment %} https://github.com/github/enterprise2/pull/21289 {% endcomment %}'
- 'Incorrect background jobs could attempt to run on instances configured as passive replicas. {% comment %} https://github.com/github/enterprise2/pull/21318, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}'
- 'Internal repositories were not correctly included in search results for SAML-enabled orgs. {% comment %} https://github.com/github/github/pull/147503, https://github.com/github/github/pull/145692 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

16
data/release-notes/2-20/12.yml Normal file
View File

@@ -0,0 +1,16 @@
date: '2020-07-21'
sections:
security_fixes:
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21437, https://github.com/github/enterprise2/pull/21402, https://github.com/github/enterprise2/pull/21495, https://github.com/github/enterprise2/pull/21479 {% endcomment %}'
bugs:
- 'The Management Console monitor graphs would sometimes not display correctly on larger screens. {% comment %} https://github.com/github/enterprise2/pull/21397, https://github.com/github/enterprise2/pull/21381 {% endcomment %}'
- 'GitHub App Manifest creation flow was unusable in some scenarios when a SameSite Cookie policy was applied. {% comment %} https://github.com/github/github/pull/147826, https://github.com/github/github/pull/144121 {% endcomment %}'
changes:
- 'Improvements to HAProxy scaling. {% comment %} https://github.com/github/enterprise2/pull/21383 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

21
data/release-notes/2-20/13.yml Normal file
View File

@@ -0,0 +1,21 @@
date: '2020-08-11'
sections:
security_fixes:
- '**CRITICAL:** A remote code execution vulnerability was identified in GitHub Pages that could allow an attacker to execute commands as part building a GitHub Pages site. This issue was due to an outdated and vulnerable dependency used in the Pages build process. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. To mitigate this vulnerability, Kramdown has been updated to address CVE-2020-14001. {% comment %} https://github.com/github/pages/pull/2836, https://github.com/github/pages/pull/2827 {% endcomment %}'
- '**HIGH:** An attacker could inject a malicious argument into a Git sub-command when executed on GitHub Enterprise Server. This could allow an attacker to overwrite arbitrary files with partially user-controlled content and potentially execute arbitrary commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to access repositories within the GitHub Enterprise Server instance. However, due to other protections in place, we could not identify a way to actively exploit this vulnerability. This vulnerability was reported through the GitHub Security Bug Bounty program. {% comment %} https://github.com/github/github/pull/151097 {% endcomment %}'
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21811, https://github.com/github/enterprise2/pull/21700 {% endcomment %}'
bugs:
- 'A Consul configuration error prevented some background jobs from being processed on standalone instances. {% comment %} https://github.com/github/enterprise2/pull/21464 {% endcomment %}'
- 'The service memory allocation calculation could allocate an incorrect or unbounded memory allocation to a service resulting in poor system performance. {% comment %} https://github.com/github/enterprise2/pull/21716 {% endcomment %}'
- 'The virtualization platform for oVirt KVM systems was not properly detected, causing problems during upgrades. {% comment %} https://github.com/github/enterprise2/pull/21730, https://github.com/github/enterprise2/pull/21669 {% endcomment %}'
- "The error message for invalid authentication with a password via Git command line didn't populate the URL linking to adding the appropriate token or SSH key. {% comment %} https://github.com/github/github/pull/149714 {% endcomment %}"
- 'GitHub Connect was using a deprecated GitHub.com API endpoint. {% comment %} https://github.com/github/github/pull/150828, https://github.com/github/github/pull/150545 {% endcomment %}'
- 'Issues could not be sorted by *Recently updated* on repositories migrated to a new instance. {% comment %} https://github.com/github/github/pull/150843, https://github.com/github/github/pull/149330 {% endcomment %}'
- 'The 404 page contained GitHub.com contact and status links in the footer. {% comment %} https://github.com/github/github/pull/151316 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

12
data/release-notes/2-20/14.yml Normal file
View File

@@ -0,0 +1,12 @@
date: '2020-08-12'
sections:
bugs:
- 'Resolved an issue that could lead to high CPU usage while generating system configuration templates. {% comment %} https://github.com/github/enterprise2/pull/21784, https://github.com/github/enterprise2/pull/21741 {% endcomment %}'
- 'Recent changes to memory allocations could lead to a degradation in system performance {% comment %} https://github.com/github/enterprise2/pull/22067 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

24
data/release-notes/2-20/15.yml Normal file
View File

@@ -0,0 +1,24 @@
date: '2020-08-26'
sections:
security_fixes:
- >-
**CRITICAL:** A remote code execution vulnerability was identified in GitHub Pages that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. We have issued CVE-2020-10518. {% comment %} https://github.com/github/pages/pull/2883, https://github.com/github/pages/pull/2902, https://github.com/github/pages/pull/2894, https://github.com/github/pages/pull/2877, https://github.com/github/pages-gem/pull/700,
https://github.com/github/pages/pull/2890, https://github.com/github/pages/pull/2898, https://github.com/github/pages/pull/2909, https://github.com/github/pages/pull/2891, https://github.com/github/pages/pull/2884, https://github.com/github/pages/pull/2889 {% endcomment %}
- '**MEDIUM:** An improper access control vulnerability was identified that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and has been assigned [CVE-2020-10517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10517). The vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com). {% comment %} https://github.com/github/github/pull/151987, https://github.com/github/github/pull/151713 {% endcomment %}'
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21852, https://github.com/github/enterprise2/pull/21828, https://github.com/github/enterprise2/pull/22153, https://github.com/github/enterprise2/pull/21920, https://github.com/github/enterprise2/pull/22215, https://github.com/github/enterprise2/pull/22190 {% endcomment %}'
bugs:
- 'A message was not logged when the ghe-config-apply process had finished running ghe-es-auto-expand. {% comment %} https://github.com/github/enterprise2/pull/22177, https://github.com/github/enterprise2/pull/22171 {% endcomment %}'
- 'Excessive logging to the `syslog` file could occur on high-availability replicas if the primary appliance is unavailable. {% comment %} https://github.com/github/enterprise2/pull/22267, https://github.com/github/enterprise2/pull/22124 {% endcomment %}'
- "Database re-seeding on a replica could fail with an error: `Got packet bigger than 'max_allowed_packet'` {% comment %} https://github.com/github/enterprise2/pull/22321, https://github.com/github/enterprise2/pull/20063 {% endcomment %}"
- 'In some cases duplicate user data could cause a 500 error while running the ghe-license-usage script. {% comment %} https://github.com/github/github/pull/152638 {% endcomment %}'
changes:
- 'In a high availability or geo-replication configuration, replica instances would exit maintenance mode when ghe-config-apply ran. {% comment %} https://github.com/github/enterprise2/pull/21776, https://github.com/github/enterprise2/pull/21440 {% endcomment %}'
- "We've added support for the R5a and R5n AWS instance types. {% comment %} https://github.com/github/enterprise2/pull/21902, https://github.com/github/enterprise2/pull/21173 {% endcomment %}"
- 'Removed the license seat count information on the administrative SSH MOTD due to a performance issue impacting GitHub Enterprise Server clusters. {% comment %} https://github.com/github/enterprise2/pull/21993, https://github.com/github/enterprise2/pull/21870 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

12
data/release-notes/2-20/16.yml Normal file
View File

@@ -0,0 +1,12 @@
date: '2020-09-08'
sections:
bugs:
- 'A service health check caused session growth resulting in filesystem inode exhaustion. {% comment %} https://github.com/github/enterprise2/pull/22480, https://github.com/github/enterprise2/pull/22475 {% endcomment %}'
- "Upgrading using a hotpatch could fail with an error: `'libdbi1' was not found` {% comment %} https://github.com/github/enterprise2/pull/22558, https://github.com/github/enterprise2/pull/22552 {% endcomment %}"
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

12
data/release-notes/2-20/17.yml Normal file
View File

@@ -0,0 +1,12 @@
date: '2020-09-23'
sections:
security_fixes:
- '**MEDIUM**: ImageMagick has been updated to address [DSA-4715-1](https://www.debian.org/security/2020/dsa-4715). {% comment %} https://github.com/github/enterprise2/pull/22625, https://github.com/github/enterprise2/pull/22610 {% endcomment %}'
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/22601, https://github.com/github/enterprise2/pull/22592, https://github.com/github/enterprise2/pull/22605, https://github.com/github/enterprise2/pull/22426, https://github.com/github/enterprise2/pull/22718, https://github.com/github/enterprise2/pull/22699 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'

Some files were not shown because too many files have changed in this diff Show More