fix additional no trailing newlines

.devcontainer/devcontainer.json

@@ -34,6 +34,16 @@
                 "GitHub.copilot",
                 "GitHub.copilot-chat"
             ]
+        },
+        "codespaces": {
+            "repositories": {
+                // allow Codespaces to pull from separate repo when user has access
+                "github/docs-early-access": {
+                    "permissions": {
+                        "contents": "write"
+                    }
+                }
+            }
         }
     },
 
@@ -52,7 +62,7 @@
 
     // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
     "remoteUser": "node",
-	
+
     "hostRequirements": {
         "memory": "8gb"
     }

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md

@@ -52,7 +52,27 @@ You can also find a list of your recently visited repositories, teams, and proje
 
 ## Staying updated with activity from the community
 
-{% ifversion for-you-feed %}
+{% ifversion feed %}
+
+{% note %}
+
+**Note:** The new feed is currently in public beta and subject to change.
+
+{% endnote %}
+
+The feed is designed to help you discover relevant content from projects you follow, keep up with your friends and community members, and track recent activity in your communities.
+
+You can use the {% octicon "filter" aria-hidden="true" %} **Filter** dropdown in the upper right corner to filter the feed to show only the exact event types you'd like to see. For example, you'll see updates when someone you follow:
+
+- Stars a repository.
+- Follows another user.
+- Creates a public repository.
+- Opens an issue or pull request with `help wanted` or `good first issue` label on a repository you're watching.
+- Pushes commits to a repository you watch.
+- Forks a public repository.
+- Publishes a new release.
+
+{% else %}
 The main section of your dashboard has two activity feeds:
 
 - Following: Activity by people you follow and from repositories you watch.
@@ -62,24 +82,16 @@ The main section of your dashboard has two activity feeds:
 
 This feed shows activity from repositories and users you have shown a direct interest in, by following a user or watching a repository. For example, you'll see updates when a user you follow:
 
-{% else %}
-In the "All activity" section of your news feed, you can view updates from repositories you watch and users you follow.
-
-You'll see updates in your news feed when a user you follow:
-{% endif %}
-
 - Stars a repository.
-- Follows another user.{% ifversion fpt or ghes or ghec %}
+- Follows another user.
-- Creates a public repository.{% endif %}
+- Creates a public repository.
 - Opens an issue or pull request with "help wanted" or "good first issue" label on a repository you're watching.
-- Pushes commits to a repository you watch.{% ifversion fpt or ghes or ghec %}
+- Pushes commits to a repository you watch.
-- Forks a public repository.{% endif %}
+- Forks a public repository.
 - Publishes a new release.
 
 For more information about following people and watching repositories, see "[AUTOTITLE](/get-started/exploring-projects-on-github/following-people)" and "[AUTOTITLE](/get-started/quickstart/be-social)."
 
-{% ifversion for-you-feed %}
-
 ### For you feed
 
 {% note %}

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md

@@ -54,7 +54,8 @@ The repository owner has full control of the repository. In addition to the acti
 | Create security advisories | "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)" |
 | Display a sponsor button | "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)" |{% endif %}
 | Allow or disallow auto-merge for pull requests | "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository)" |
-| Manage webhooks and deploy keys	| "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)" |
+| Manage deploy keys | "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)" |
+| Manage webhooks | "[AUTOTITLE](/webhooks/about-webhooks)" |
 
 ## Collaborator access for a repository owned by a personal account
 

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md

@@ -74,6 +74,7 @@ Alternatively, if you want to use the HTTPS protocol for both accounts, you can
     ```shell copy
     echo "protocol=https`nhost=github.com" | git credential-manager erase
     ```
+
    - If the output is `wincred`, you're using the Windows Credential Manager. To clear the credentials, enter the following command.
 
      ```shell copy

content/actions/automating-builds-and-tests/about-continuous-integration.md

@@ -51,6 +51,7 @@ For a definition of common terms, see "[AUTOTITLE](/actions/learn-github-actions
 Browse the complete list of CI starter workflow offered by {% data variables.product.company_short %} in the {% ifversion fpt or ghec %}[actions/starter-workflows](https://github.com/actions/starter-workflows/tree/main/ci) repository{% else %} `actions/starter-workflows` repository on {% data variables.location.product_location %}{% endif %}.
 
 {% ifversion fpt or ghec %}
+
 ## Further reading
 
 - "[AUTOTITLE](/billing/managing-billing-for-github-actions)"

content/actions/automating-builds-and-tests/building-and-testing-go.md

@@ -29,35 +29,60 @@ You should already be familiar with YAML syntax and how it's used with {% data v
 
 We recommend that you have a basic understanding of the Go language. For more information, see [Getting started with Go](https://golang.org/doc/tutorial/getting-started).
 
-## Using the Go starter workflow
+## Using a Go starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Go starter workflow that should work for most Go projects. This guide includes examples that you can use to customize the starter workflow. For more information, see the [Go starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/go.yml).
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, add the starter workflow to the `.github/workflows` directory of your repository.
+{% data variables.product.prodname_dotcom %} provides a Go starter workflow that should work for most Go projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-```yaml copy
+{% data reusables.repositories.navigate-to-repo %}
-name: Go package
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "go".
+1. Filter the selection of workflows by clicking **Continuous integration**.
+1. On the "Go - by {% data variables.product.prodname_actions %}" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-on: [push]
+   ![Screenshot of the "Choose a workflow" page. The "Configure" button on the "Go" workflow is highlighted with an orange outline.](/assets/images/help/actions/starter-workflow-go.png)
 
-jobs:
+{%- ifversion ghes or ghae %}
-  build:
+   If you don't find the "Go - by {% data variables.product.prodname_actions %}" starter workflow, copy the following workflow code to a new file called `go.yml` in the `.github/workflows` directory of your repository.
 
-    runs-on: ubuntu-latest
+   ```yaml copy
-    steps:
+   name: Go
-      - uses: {% data reusables.actions.action-checkout %}
 
-      - name: Set up Go
+   on:
-        uses: {% data reusables.actions.action-setup-go %}
+     push:
-        with:
+       branches: [ "main" ]
-          go-version: '1.15'
+     pull_request:
+       branches: [ "main" ]
 
-      - name: Build
+   jobs:
-        run: go build -v ./...
+     build:
 
-      - name: Test
+       runs-on: self-hosted
-        run: go test -v ./...
+       steps:
-```
+         - uses: {% data reusables.actions.action-checkout %}
+
+         - name: Set up Go
+           uses: {% data reusables.actions.action-setup-go %}
+           with:
+             go-version: '1.20'
+
+         - name: Build
+           run: go build -v ./...
+
+         - name: Test
+           run: go test -v ./...
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the version of Go.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `go.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 ## Specifying a Go version
 
@@ -80,7 +105,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [ '1.14', '1.15', '1.16.x' ]
+        go-version: [ '1.19', '1.20', '1.21.x' ]
 
     steps:
       - uses: {% data reusables.actions.action-checkout %}
@@ -95,14 +120,14 @@ jobs:
 
 ### Using a specific Go version
 
-You can configure your job to use a specific version of Go, such as `1.16.2`. Alternatively, you can use semantic version syntax to get the latest minor release. This example uses the latest patch release of Go 1.16:
+You can configure your job to use a specific version of Go, such as `1.20.8`. Alternatively, you can use semantic version syntax to get the latest minor release. This example uses the latest patch release of Go 1.21:
 
 ```yaml copy
-      - name: Setup Go 1.16.x
+      - name: Setup Go 1.21.x
         uses: {% data reusables.actions.action-setup-go %}
         with:
           # Semantic version range syntax or exact version of Go
-          go-version: '1.16.x'
+          go-version: '1.21.x'
 ```
 
 ## Installing dependencies
@@ -115,7 +140,7 @@ You can use `go get` to install dependencies:
       - name: Setup Go
         uses: {% data reusables.actions.action-setup-go %}
         with:
-          go-version: '1.16.x'
+          go-version: '1.21.x'
       - name: Install dependencies
         run: |
           go get .
@@ -150,7 +175,7 @@ When caching is enabled, the `setup-go` action searches for the dependency file,
       - name: Setup Go
         uses: {% data reusables.actions.action-setup-go %}
         with:
-          go-version: '1.16.x'
+          go-version: '1.21.x'
           cache: true
 ```
 
@@ -187,7 +212,7 @@ jobs:
       - name: Setup Go
         uses: {% data reusables.actions.action-setup-go %}
         with:
-          go-version: '1.16.x'
+          go-version: '1.21.x'
       - name: Install dependencies
         run: go get .
       - name: Build
@@ -213,7 +238,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [ '1.14', '1.15', '1.16.x' ]
+        go-version: [ '1.19', '1.20', '1.21.x' ]
 
     steps:
       - uses: {% data reusables.actions.action-checkout %}

content/actions/automating-builds-and-tests/building-and-testing-java-with-ant.md

@@ -15,7 +15,6 @@ topics:
   - Java
   - Ant
 shortTitle: Build & test Java & Ant
-layout: inline
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}
@@ -40,39 +39,54 @@ We recommend that you have a basic understanding of Java and the Ant framework.
 
 {% data reusables.actions.enterprise-setup-prereq %}
 
-## Using the Ant starter workflow
+## Using an Ant starter workflow
 
-{% data variables.product.prodname_dotcom %} provides an Ant starter workflow that will work for most Ant-based Java projects. For more information, see the [Ant starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/ant.yml). {% data reusables.actions.workflows.starter-workflows %}
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, you can choose the preconfigured Ant starter workflow when you create a new workflow. For more information, see the "[AUTOTITLE](/actions/quickstart)."
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Ant that should work for most Java with Ant projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-You can also add this workflow manually by creating a new file in the `.github/workflows` directory of your repository.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "Java with Ant".
+1. On the "Java with Ant" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-```yaml annotate copy
+{%- ifversion ghes or ghae %}
-# {% data reusables.actions.workflows.workflow-syntax-name %}
-name: Java CI
 
-#
+   If you don't find the "Java with Ant" starter workflow, copy the following workflow code to a new file called `ant.yml` in the `.github/workflows` directory of your repository.
-on: [push]
+
-#
+   ```yaml copy
-jobs:
+   name: Java CI
-  build:
+
-    {% data reusables.actions.example-github-runner-comment %}
+   on:
-    runs-on: ubuntu-latest
+     push:
-#
+       branches: [ $default-branch ]
-    steps:
+     pull_request:
-      {% data reusables.actions.workflows.workflow-checkout-step-explainer %}
+       branches: [ $default-branch ]
-      - uses: {% data reusables.actions.action-checkout %}
+
-      {% data reusables.actions.workflows.setup-java-step-explainer %}
+   jobs:
-      - name: Set up JDK 17
+     build:
-        uses: {% data reusables.actions.action-setup-java %}
+       runs-on: ubuntu-latest
-        with:
+
-          java-version: '17'
+       steps:
-          distribution: 'temurin'
+       - uses: {% data reusables.actions.action-checkout %}
-      # This step runs the default target in your `build.xml` file in non-interactive mode.
+       - name: Set up JDK 11
-      - name: Build with Ant
+         uses: {% data reusables.actions.action-setup-java %}
-        run: ant -noinput -buildfile build.xml
+         with:
-```
+           java-version: '11'
+           distribution: 'temurin'
+       - name: Build with Ant
+         run: ant -noinput -buildfile build.xml
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the Java version.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `ant.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 {% data reusables.actions.java-jvm-architecture %}
 

content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md

@@ -15,7 +15,6 @@ topics:
   - Java
   - Gradle
 shortTitle: Build & test Java & Gradle
-layout: inline
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}
@@ -40,54 +39,62 @@ We recommend that you have a basic understanding of Java and the Gradle framewor
 
 {% data reusables.actions.enterprise-setup-prereq %}
 
-## Using the Gradle starter workflow
+## Using a Gradle starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Gradle starter workflow that will work for most Gradle-based Java projects. For more information, see the [Gradle starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml). {% data reusables.actions.workflows.starter-workflows %}
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, you can choose the preconfigured Gradle starter workflow when you create a new workflow. For more information, see the "[AUTOTITLE](/actions/quickstart)."
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Gradle that should work for most Java with Gradle projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-You can also add this workflow manually by creating a new file in the `.github/workflows` directory of your repository.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "Java with Gradle".
+1. On the "Java with Gradle" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-{% note %}
+{%- ifversion ghes or ghae %}
 
-**Notes:**
+   If you don't find the "Java with Gradle" starter workflow, copy the following workflow code to a new file called `gradle.yml` in the `.github/workflows` directory of your repository.
 
-- {% data reusables.actions.actions-not-certified-by-github %}
+   ```yaml copy
-- {% data reusables.actions.actions-use-sha-pinning %}
+   name: Java CI with Gradle
 
-{% endnote %}
+   on:
+     push:
+       branches: [ "main" ]
+     pull_request:
+       branches: [ "main" ]
 
-```yaml annotate copy
+   permissions:
-# {% data reusables.actions.workflows.workflow-syntax-name %}
+     contents: read
-name: Java CI
 
-#
+   jobs:
-on: [push]
+     build:
-#
+       runs-on: ubuntu-latest
-jobs:
-  build:
 
-    {% data reusables.actions.example-github-runner-comment %}
+       steps:
-    runs-on: ubuntu-latest
+       - uses: {% data reusables.actions.action-checkout %}
-#
+       - name: Set up JDK 11
-    steps:
+         uses: {% data reusables.actions.action-setup-java %}
-      {% data reusables.actions.workflows.workflow-checkout-step-explainer %}
+         with:
-      - uses: {% data reusables.actions.action-checkout %}
+           java-version: '11'
-      {% data reusables.actions.workflows.setup-java-step-explainer %}
+           distribution: 'temurin'
-      - name: Set up JDK 17
+       - name: Build with Gradle
-        uses: {% data reusables.actions.action-setup-java %}
+         uses: gradle/gradle-build-action@bd5760595778326ba7f1441bcf7e88b49de61a25 # v2.6.0
-        with:
+         with:
-          java-version: '17'
+           arguments: build
-          distribution: 'temurin'
+   ```
-      # The "Validate Gradle wrapper" step validates the checksums of Gradle Wrapper JAR files present in the source tree.
+
-      - name: Validate Gradle wrapper
+{%- endif %}
-        uses: gradle/wrapper-validation-action@ccb4328a959376b642e027874838f60f8e596de3
+
-      # The "Build with Gradle" step does a build using the `gradle/gradle-build-action` action provided by the Gradle organization on {% data variables.product.prodname_dotcom %}. The action takes care of invoking Gradle, collecting results, and caching state between jobs. For more information see [`gradle/gradle-build-action`](https://github.com/gradle/gradle-build-action).
+1. Edit the workflow as required. For example, change the Java version.
-      - name: Build with Gradle
+
-        uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629
+   {% indented_data_reference reusables.actions.third-party-actions spaces=3 %}
-        with:
+
-          arguments: build
+1. Click **Commit changes**.
-```
+
+{% ifversion fpt or ghec %}
+   The `gradle.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 {% data reusables.actions.java-jvm-architecture %}
 

content/actions/automating-builds-and-tests/building-and-testing-java-with-maven.md

@@ -15,7 +15,6 @@ topics:
   - Java
   - Maven
 shortTitle: Build & test Java with Maven
-layout: inline
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}
@@ -40,42 +39,59 @@ We recommend that you have a basic understanding of Java and the Maven framework
 
 {% data reusables.actions.enterprise-setup-prereq %}
 
-## Using the Maven starter workflow
+## Using a Maven starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Maven starter workflow that will work for most Maven-based Java projects. For more information, see the [Maven starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/maven.yml).
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, you can choose the preconfigured Maven starter workflow when you create a new workflow. For more information, see the "[AUTOTITLE](/actions/quickstart)."
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Maven that should work for most Java with Maven projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-You can also add this workflow manually by creating a new file in the `.github/workflows` directory of your repository.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "Java with Maven".
+1. On the "Java with Maven" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-```yaml annotate copy
+{%- ifversion ghes or ghae %}
-# {% data reusables.actions.workflows.workflow-syntax-name %}
-name: Java CI
 
-#
+   If you don't find the "Java with Maven" starter workflow, copy the following workflow code to a new file called `maven.yml` in the `.github/workflows` directory of your repository.
-on: [push]
-#
-jobs:
-  build:
 
-    {% data reusables.actions.example-github-runner-comment %}
+   ```yaml copy
-    runs-on: ubuntu-latest
+   name: Java CI with Maven
-#
-    steps:
-      {% data reusables.actions.workflows.workflow-checkout-step-explainer %}
-      - uses: {% data reusables.actions.action-checkout %}
-      {% data reusables.actions.workflows.setup-java-step-explainer %}
-      - name: Set up JDK 17
-        uses: {% data reusables.actions.action-setup-java %}
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-      # The "Build with Maven" step runs the Maven `package` target in non-interactive mode to ensure that your code builds, tests pass, and a package can be created.
-      - name: Build with Maven
-        run: mvn --batch-mode --update-snapshots package
-```
 
-{% data reusables.actions.workflows.starter-workflows %}
+   on:
+     push:
+       branches: [ "main" ]
+     pull_request:
+       branches: [ "main" ]
+
+   jobs:
+     build:
+       runs-on: ubuntu-latest
+
+       steps:
+       - uses: {% data reusables.actions.action-checkout %}
+       - name: Set up JDK 17
+         uses: {% data reusables.actions.action-setup-java %}
+         with:
+           java-version: '17'
+           distribution: 'temurin'
+           cache: maven
+       - name: Build with Maven
+         run: mvn -B package --file pom.xml
+
+       # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+       - name: Update dependency graph
+         uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the Java version.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `maven.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 {% data reusables.actions.java-jvm-architecture %}
 

content/actions/automating-builds-and-tests/building-and-testing-net.md

@@ -27,38 +27,57 @@ You should already be familiar with YAML syntax and how it's used with {% data v
 
 We recommend that you have a basic understanding of the .NET Core SDK. For more information, see [Getting started with .NET](https://dotnet.microsoft.com/learn).
 
-## Using the .NET starter workflow
+## Using a .NET starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a .NET starter workflow that should work for most .NET projects, and this guide includes examples that show you how to customize this starter workflow. For more information, see the [.NET starter workflow](https://github.com/actions/setup-dotnet).
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, add the starter workflow to the `.github/workflows` directory of your repository.
+{% data variables.product.prodname_dotcom %} provides a starter workflow for .NET that should work for most .NET projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-```yaml
+{% data reusables.repositories.navigate-to-repo %}
-name: dotnet package
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "dotnet".
+1. On the ".NET" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-on: [push]
+{%- ifversion ghes or ghae %}
 
-jobs:
+   If you don't find the ".NET" starter workflow, copy the following workflow code to a new file called `dotnet.yml` in the `.github/workflows` directory of your repository.
-  build:
 
-    runs-on: ubuntu-latest
+   ```yaml copy
-    strategy:
+   name: .NET
-      matrix:
-        dotnet-version: [ '3.1.x', '6.0.x' ]
 
-    steps:
+   on:
-      - uses: {% data reusables.actions.action-checkout %}
+     push:
-      - name: Setup .NET Core SDK {% raw %}${{ matrix.dotnet-version }}{% endraw %}
+       branches: [ "main" ]
-        uses: {% data reusables.actions.action-setup-dotnet %}
+     pull_request:
-        with:
+       branches: [ "main" ]
-          dotnet-version: {% raw %}${{ matrix.dotnet-version }}{% endraw %}
+
-      - name: Install dependencies
+   jobs:
-        run: dotnet restore
+     build:
-      - name: Build
+       runs-on: ubuntu-latest
-        run: dotnet build --configuration Release --no-restore
+
-      - name: Test
+       steps:
-        run: dotnet test --no-restore --verbosity normal
+       - uses: {% data reusables.actions.action-checkout %}
-```
+       - name: Setup .NET
+         uses: {% data reusables.actions.action-setup-dotnet %}
+         with:
+           dotnet-version: 6.0.x
+       - name: Restore dependencies
+         run: dotnet restore
+       - name: Build
+         run: dotnet build --no-restore
+       - name: Test
+         run: dotnet test --no-build --verbosity normal
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the .NET version.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `dotnet.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 ## Specifying a .NET version
 

content/actions/automating-builds-and-tests/building-and-testing-nodejs.md

@@ -16,7 +16,6 @@ topics:
   - Node
   - JavaScript
 shortTitle: Build & test Node.js
-layout: inline
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}
@@ -34,52 +33,61 @@ We recommend that you have a basic understanding of Node.js, YAML, workflow conf
 
 {% data reusables.actions.enterprise-setup-prereq %}
 
-## Using the Node.js starter workflow
+## Using a Node.js starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Node.js starter workflow that will work for most Node.js projects. This guide includes npm and Yarn examples that you can use to customize the starter workflow. For more information, see the [Node.js starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/node.js.yml).
+{% data reusables.actions.starter-workflow-get-started %}
 
-{% data reusables.actions.workflows.starter-workflows %}
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Node.js that should work for most Node.js projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-To get started quickly, add the starter workflow to the `.github/workflows` directory of your repository.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "Node.js".
+1. Filter the selection of workflows by clicking **Continuous integration**.
+1. On the "Node.js" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-```yaml annotate copy
+{%- ifversion ghes or ghae %}
-# {% data reusables.actions.workflows.workflow-syntax-name %}
-name: Node.js CI
 
-# This example workflow assumes that the default branch for your repository is `main`. If the default branch has a different name, edit this example and add your repository's default branch.
+   If you don't find the "Node.js" starter workflow, copy the following workflow code to a new file called `node.js.yml` in the `.github/workflows` directory of your repository.
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
 
-#
+   ```yaml copy
-jobs:
+   name: Node.js CI
-  build:
 
-    {% data reusables.actions.example-github-runner-comment %}
+   on:
-    runs-on: ubuntu-latest
+     push:
+       branches: [ "main" ]
+     pull_request:
+       branches: [ "main" ]
 
-    # This job uses a matrix strategy to run the job four times, once for each specified Node version. For more information, see "[AUTOTITLE](/actions/using-jobs/using-a-matrix-for-your-jobs)."
+   jobs:
-    strategy:
+     build:
-      matrix:
+       runs-on: ubuntu-latest
-        node-version: [14.x, 16.x, 18.x, 20.x]
+
-#
+       strategy:
-    steps:
+         matrix:
-      {% data reusables.actions.workflows.workflow-checkout-step-explainer %}
+           node-version: [14.x, 16.x, 18.x]
-      - uses: {% data reusables.actions.action-checkout %}
+           # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-      # This step uses the `actions/setup-node` action to set up Node.js for each version indicated by the `matrix.node-version` key above.
+
-      - name: Use Node.js {% raw %}${{ matrix.node-version }}{% endraw %}
+       steps:
-        uses: {% data reusables.actions.action-setup-node %}
+       - uses: {% data reusables.actions.action-checkout %}
-        with:
+       - name: Use Node.js {% raw %}${{ matrix.node-version }}{% endraw %}
-          node-version: {% raw %}${{ matrix.node-version }}{% endraw %}
+         uses: {% data reusables.actions.action-setup-node %}
-      # This step runs `npm ci` to install any dependencies listed in your `package.json` file.
+         with:
-      - run: npm ci
+           node-version: {% raw %}${{ matrix.node-version }}{% endraw %}
-      # This step runs the `build` script if there is one specified under the `scripts` key in your `package.json` file.
+           cache: 'npm'
-      - run: npm run build --if-present
+       - run: npm ci
-      # This step runs the `test` script that is specified under the `scripts` key in your `package.json` file.
+       - run: npm run build --if-present
-      - run: npm test
+       - run: npm test
-```
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the Node versions you want to use.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `node.js.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 ## Specifying the Node.js version
 
@@ -87,14 +95,14 @@ The easiest way to specify a Node.js version is by using the `setup-node` action
 
 The `setup-node` action takes a Node.js version as an input and configures that version on the runner. The `setup-node` action finds a specific version of Node.js from the tools cache on each runner and adds the necessary binaries to `PATH`, which persists for the rest of the job. Using the `setup-node` action is the recommended way of using Node.js with {% data variables.product.prodname_actions %} because it ensures consistent behavior across different runners and different versions of Node.js. If you are using a self-hosted runner, you must install Node.js and add it to `PATH`.
 
-The starter workflow includes a matrix strategy that builds and tests your code with four Node.js versions: 14.x, 16.x, 18.x, and 20.x. The 'x' is a wildcard character that matches the latest minor and patch release available for a version. Each version of Node.js specified in the `node-version` array creates a job that runs the same steps.
+The starter workflow includes a matrix strategy that builds and tests your code with the Node.js versions listed in `node-version`. The 'x' in the version number is a wildcard character that matches the latest minor and patch release available for a version. Each version of Node.js specified in the `node-version` array creates a job that runs the same steps.
 
 Each job can access the value defined in the matrix `node-version` array using the `matrix` context. The `setup-node` action uses the context as the `node-version` input. The `setup-node` action configures each job with a different Node.js version before building and testing code. For more information about matrix strategies and contexts, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix)" and "[AUTOTITLE](/actions/learn-github-actions/contexts)."
 
 ```yaml copy
 strategy:
   matrix:
-    node-version: [14.x, 16.x, 18.x, 20.x]
+    node-version: [14.x, 16.x, 18.x]
 
 steps:
 - uses: {% data reusables.actions.action-checkout %}
@@ -129,7 +137,7 @@ jobs:
       - name: Use Node.js
         uses: {% data reusables.actions.action-setup-node %}
         with:
-          node-version: '18.x'
+          node-version: '20.x'
       - run: npm ci
       - run: npm run build --if-present
       - run: npm test
@@ -156,7 +164,7 @@ steps:
 - name: Use Node.js
   uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '18.x'
+    node-version: '20.x'
 - name: Install dependencies
   run: npm ci
 ```
@@ -169,7 +177,7 @@ steps:
 - name: Use Node.js
   uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '18.x'
+    node-version: '20.x'
 - name: Install dependencies
   run: npm install
 ```
@@ -184,7 +192,7 @@ steps:
 - name: Use Node.js
   uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '18.x'
+    node-version: '20.x'
 - name: Install dependencies
   run: yarn --frozen-lockfile
 ```
@@ -197,7 +205,7 @@ steps:
 - name: Use Node.js
   uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '18.x'
+    node-version: '20.x'
 - name: Install dependencies
   run: yarn
 ```
@@ -219,7 +227,7 @@ steps:
   uses: {% data reusables.actions.action-setup-node %}
   with:
     always-auth: true
-    node-version: '18.x'
+    node-version: '20.x'
     registry-url: https://registry.npmjs.org
     scope: '@octocat'
 - name: Install dependencies
@@ -249,7 +257,7 @@ steps:
 - uses: {% data reusables.actions.action-checkout %}
 - uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '14'
+    node-version: '20'
     cache: 'npm'
 - run: npm install
 - run: npm test
@@ -262,7 +270,7 @@ steps:
 - uses: {% data reusables.actions.action-checkout %}
 - uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '14'
+    node-version: '20'
     cache: 'yarn'
 - run: yarn
 - run: yarn test
@@ -282,7 +290,7 @@ steps:
     version: 6.10.0
 - uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '14'
+    node-version: '20'
     cache: 'pnpm'
 - run: pnpm install
 - run: pnpm test
@@ -302,7 +310,7 @@ steps:
 - name: Use Node.js
   uses: {% data reusables.actions.action-setup-node %}
   with:
-    node-version: '18.x'
+    node-version: '20.x'
 - run: npm install
 - run: npm run build --if-present
 - run: npm test

content/actions/automating-builds-and-tests/building-and-testing-python.md

@@ -39,46 +39,68 @@ We recommend that you have a basic understanding of Python, PyPy, and pip. For m
 
 {% data reusables.actions.enterprise-setup-prereq %}
 
-## Using the Python starter workflow
+## Using a Python starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Python starter workflow that should work for most Python projects. This guide includes examples that you can use to customize the starter workflow. For more information, see the [Python starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/python-package.yml).
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, add the starter workflow to the `.github/workflows` directory of your repository.
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Python that should work for most Python projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-```yaml copy
+{% data reusables.repositories.navigate-to-repo %}
-name: Python package
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "Python application".
+1. On the "Python application" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-on: [push]
+{%- ifversion ghes or ghae %}
 
-jobs:
+   If you don't find the "Python application" starter workflow, copy the following workflow code to a new file called `python-app.yml` in the `.github/workflows` directory of your repository.
-  build:
 
-    runs-on: ubuntu-latest
+   ```yaml copy
-    strategy:
+   name: Python application
-      matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
 
-    steps:
+   on:
-      - uses: {% data reusables.actions.action-checkout %}
+     push:
-      - name: Set up Python {% raw %}${{ matrix.python-version }}{% endraw %}
+       branches: [ "main" ]
-        uses: {% data reusables.actions.action-setup-python %}
+     pull_request:
-        with:
+       branches: [ "main" ]
-          python-version: {% raw %}${{ matrix.python-version }}{% endraw %}
+
-      - name: Install dependencies
+   permissions:
-        run: |
+     contents: read
-          python -m pip install --upgrade pip
+
-          pip install ruff pytest
+   jobs:
-          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+     build:
-      - name: Lint with ruff
+       runs-on: ubuntu-latest
-        run: |
+
-          # stop the build if there are Python syntax errors or undefined names
+       steps:
-          ruff --format=github --select=E9,F63,F7,F82 --target-version=py37 .
+       - uses: {% data reusables.actions.action-checkout %}
-          # default set of ruff rules with GitHub Annotations
+       - name: Set up Python 3.10
-          ruff --format=github --target-version=py37 .
+         uses: {% data reusables.actions.action-setup-python %}
-      - name: Test with pytest
+         with:
-        run: |
+           python-version: "3.10"
-          pytest
+       - name: Install dependencies
-```
+         run: |
+           python -m pip install --upgrade pip
+           pip install flake8 pytest
+           if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+       - name: Lint with flake8
+         run: |
+           # stop the build if there are Python syntax errors or undefined names
+           flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+           # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+           flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+       - name: Test with pytest
+         run: |
+           pytest
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the Python version.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `python-app.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 ## Specifying a Python version
 

content/actions/automating-builds-and-tests/building-and-testing-ruby.md

@@ -28,41 +28,67 @@ We recommend that you have a basic understanding of Ruby, YAML, workflow configu
 - [Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)
 - [Ruby in 20 minutes](https://www.ruby-lang.org/en/documentation/quickstart/)
 
-## Using the Ruby starter workflow
+## Using a Ruby starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Ruby starter workflow that will work for most Ruby projects. For more information, see the [Ruby starter workflow](https://github.com/actions/starter-workflows/blob/master/ci/ruby.yml).
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, add the starter workflow to the `.github/workflows` directory of your repository. The workflow shown below assumes that the default branch for your repository is `main`.
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Ruby that should work for most Ruby projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-```yaml
+{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.actions.actions-not-certified-by-github-comment %}
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "ruby".
+1. Filter the selection of workflows by clicking **Continuous integration**.
+1. On the "Ruby" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-{% data reusables.actions.actions-use-sha-pinning-comment %}
+{%- ifversion ghes or ghae %}
 
-name: Ruby
+   If you don't find the "Ruby" starter workflow, copy the following workflow code to a new file called `ruby.yml` in the `.github/workflows` directory of your repository.
 
-on:
+   ```yaml copy
-  push:
+   name: Ruby
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
 
-jobs:
+   on:
-  test:
+     push:
+       branches: [ "main" ]
+     pull_request:
+       branches: [ "main" ]
 
-    runs-on: ubuntu-latest
+   permissions:
+     contents: read
 
-    steps:
+   jobs:
-      - uses: {% data reusables.actions.action-checkout %}
+     test:
-      - name: Set up Ruby
+       runs-on: ubuntu-latest
-        uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1
+       strategy:
-        with:
+         matrix:
-          ruby-version: '3.1'
+           ruby-version: ['2.6', '2.7', '3.0']
-      - name: Install dependencies
+
-        run: bundle install
+       steps:
-      - name: Run tests
+       - uses: {% data reusables.actions.action-checkout %}
-        run: bundle exec rake
+       - name: Set up Ruby
-```
+       # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+       # change this to (see https://github.com/ruby/setup-ruby#versioning):
+       # uses: ruby/setup-ruby@v1
+         uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
+         with:
+           ruby-version: {% raw %}${{ matrix.ruby-version }}{% endraw %}
+           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+       - name: Run tests
+         run: bundle exec rake
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the Ruby versions you want to use.
+
+   {% indented_data_reference reusables.actions.third-party-actions spaces=3 %}
+
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `ruby.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 ## Specifying the Ruby version
 

content/actions/automating-builds-and-tests/building-and-testing-swift.md

@@ -30,29 +30,52 @@ You should already be familiar with YAML syntax and how it's used with {% data v
 
 We recommend that you have a basic understanding of Swift packages. For more information, see "[Swift Packages](https://developer.apple.com/documentation/swift_packages)" in the Apple developer documentation.
 
-## Using the Swift starter workflow
+## Using a Swift starter workflow
 
-{% data variables.product.prodname_dotcom %} provides a Swift starter workflow that should work for most Swift projects, and this guide includes examples that show you how to customize this starter workflow. For more information, see the [Swift starter workflow](https://github.com/actions/starter-workflows/blob/main/ci/swift.yml).
+{% data reusables.actions.starter-workflow-get-started %}
 
-To get started quickly, add the starter workflow to the `.github/workflows` directory of your repository.
+{% data variables.product.prodname_dotcom %} provides a starter workflow for Swift that should work for most Swift projects. The subsequent sections of this guide give examples of how you can customize this starter workflow.
 
-```yaml copy
+{% data reusables.repositories.navigate-to-repo %}
-name: Swift
+{% data reusables.repositories.actions-tab %}
+{% data reusables.actions.new-starter-workflow %}
+1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "swift".
+1. Filter the selection of workflows by clicking **Continuous integration**.
+1. On the "Swift" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.
 
-on: [push]
+{%- ifversion ghes or ghae %}
 
-jobs:
+   If you don't find the "Swift" starter workflow, copy the following workflow code to a new file called `swift.yml` in the `.github/workflows` directory of your repository.
-  build:
 
-    runs-on: macos-latest
+   ```yaml copy
+   name: Swift
 
-    steps:
+   on:
-      - uses: {% data reusables.actions.action-checkout %}
+     push:
-      - name: Build
+       branches: [ "main" ]
-        run: swift build
+     pull_request:
-      - name: Run tests
+       branches: [ "main" ]
-        run: swift test
+
-```
+   jobs:
+     build:
+       runs-on: macos-latest
+
+       steps:
+       - uses: {% data reusables.actions.action-checkout %}
+       - name: Build
+         run: swift build -v
+       - name: Run tests
+         run: swift test -v
+   ```
+
+{%- endif %}
+
+1. Edit the workflow as required. For example, change the branch on which the workflow will run.
+1. Click **Commit changes**.
+
+{% ifversion fpt or ghec %}
+   The `swift.yml` workflow file is added to the `.github/workflows` directory of your repository.
+{% endif %}
 
 ## Specifying a Swift version
 

content/actions/creating-actions/creating-a-composite-action.md

@@ -83,17 +83,18 @@ Before you begin, you'll create a repository on {% ifversion ghae %}{% data vari
         - run: echo Hello ${{ inputs.who-to-greet }}.
           shell: bash
         - id: random-number-generator{% endraw %}
-{%- ifversion actions-save-state-set-output-envs %}
+          {%- ifversion actions-save-state-set-output-envs %}
           run: echo "random-number=$(echo $RANDOM)" >> $GITHUB_OUTPUT
-{%- else %}
+          {%- else %}
           run: echo "::set-output name=random-number::$(echo $RANDOM)"
-{%- endif %}{% raw %}
+          {%- endif %}{% raw %}
           shell: bash
         - run: echo "${{ github.action_path }}" >> $GITHUB_PATH
           shell: bash
         - run: goodbye.sh
           shell: bash
     ```
+
     {% endraw %}
     This file defines the `who-to-greet` input, maps the random generated number to the `random-number` output variable, adds the action's path to the runner system path (to locate the `goodbye.sh` script during execution), and runs the `goodbye.sh` script.
 

content/actions/creating-actions/creating-a-docker-container-action.md

@@ -102,11 +102,12 @@ Next, the script gets the current time and sets it as an output variable that ac
 
    echo "Hello $1"
    time=$(date)
-{%- ifversion actions-save-state-set-output-envs %}
+   {%- ifversion actions-save-state-set-output-envs %}
    echo "time=$time" >> $GITHUB_OUTPUT
-{%- else %}
+   {%- else %}
    echo "::set-output name=time::$time"
-{%- endif %}
+   {%- endif %}
+
    ```
 
    If `entrypoint.sh` executes without any errors, the action's status is set to `success`. You can also explicitly set exit codes in your action's code to provide an action's status. For more information, see "[AUTOTITLE](/actions/creating-actions/setting-exit-codes-for-actions)."
@@ -114,8 +115,8 @@ Next, the script gets the current time and sets it as an output variable that ac
 1. Make your `entrypoint.sh` file executable. Git provides a way to explicitly change the permission mode of a file so that it doesn’t get reset every time there is a clone/fork.
 
    ```shell copy
-   $ git add entrypoint.sh
+   git add entrypoint.sh
-   $ git update-index --chmod=+x entrypoint.sh
+   git update-index --chmod=+x entrypoint.sh
    ```
 
 1. Optionally, to check the permission mode of the file in the git index, run the following command.
@@ -266,6 +267,7 @@ jobs:
           name: workspace_artifacts
           path: {% raw %}${{ github.workspace }}{% endraw %}
 ```
+
 For more information about uploading build output as an artifact, see "[AUTOTITLE](/actions/using-workflows/storing-workflow-data-as-artifacts)."
 
 ## Example Docker container actions on {% data variables.product.prodname_dotcom_the_website %}

content/actions/creating-actions/creating-a-javascript-action.md

@@ -36,7 +36,7 @@ Once you complete this project, you should understand how to build your own Java
 
 Before you begin, you'll need to download Node.js and create a public {% data variables.product.prodname_dotcom %} repository.
 
-1. Download and install Node.js 16.x, which includes npm.
+1. Download and install Node.js 20.x, which includes npm.
 
    https://nodejs.org/en/download/
 1. Create a new public repository on {% data variables.location.product_location %} and call it "hello-world-javascript-action". For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository)."
@@ -71,7 +71,7 @@ outputs:
   time: # id of output
     description: 'The time we greeted you'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'index.js'
 ```
 

content/actions/creating-actions/metadata-syntax-for-github-actions.md

@@ -157,11 +157,11 @@ For more information on how to use context syntax, see "[AUTOTITLE](/actions/lea
 
 **Required** Configures the path to the action's code and the runtime used to execute the code.
 
-### Example: Using Node.js v16
+### Example: Using Node.js v20
 
 ```yaml
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'main.js'
 ```
 
@@ -169,7 +169,7 @@ runs:
 
 **Required** The runtime used to execute the code specified in [`main`](#runsmain).
 
-- Use `node16` for Node.js v16.
+- Use `node20` for Node.js v20.
 
 ### `runs.main`
 
@@ -183,7 +183,7 @@ In this example, the `pre:` action runs a script called `setup.js`:
 
 ```yaml
 runs:
-  using: 'node16'
+  using: 'node20'
   pre: 'setup.js'
   main: 'index.js'
   post: 'cleanup.js'
@@ -210,7 +210,7 @@ In this example, the `post:` action runs a script called `cleanup.js`:
 
 ```yaml
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'index.js'
   post: 'cleanup.js'
 ```

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md

@@ -80,7 +80,7 @@ This procedure demonstrates how to create the service account for your GKE integ
    gcloud iam service-accounts list
    ```
 
-1. Add roles to the service account. 
+1. Add roles to the service account.
 
    {% note %}
 

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md

@@ -52,7 +52,7 @@ To configure the role and trust in IAM, see the AWS documentation "[Configure AW
 
 {% endnote %}
 
-Edit the trust policy to add the `sub` field to the validation conditions. For example:
+Edit the trust policy, adding the `sub` field to the validation conditions. For example:
 
 ```json copy
 "Condition": {
@@ -63,6 +63,17 @@ Edit the trust policy to add the `sub` field to the validation conditions. For e
 }
 ```
 
+If you use a workflow with an environment, the `sub` field must reference the environment name: `repo:OWNER/REPOSITORY:environment:NAME`. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token)."
+
+```json{:copy}
+"Condition": {
+  "StringEquals": {
+    "{% ifversion ghes %}HOSTNAME/_services/token{% else %}token.actions.githubusercontent.com{% endif %}:aud": "sts.amazonaws.com",
+    "{% ifversion ghes %}HOSTNAME/_services/token{% else %}token.actions.githubusercontent.com{% endif %}:sub": "repo:octo-org/octo-repo:environment:prod"
+  }
+}
+```
+
 In the following example, `StringLike` is used with a wildcard operator (`*`) to allow any branch, pull request merge branch, or environment from the `octo-org/octo-repo` organization and repository to assume a role in AWS.
 
 ```json copy

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md

@@ -34,7 +34,7 @@ This guide gives an overview of how to configure Azure to trust {% data variable
 
   {% endnote %}
 
-- Make sure that the value of the issuer claim that's included with the JSON Web Token (JWT) is set to a publicly routable URL. For more information, see "[AUTOTITLE](/enterprise-server@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)." 
+- Make sure that the value of the issuer claim that's included with the JSON Web Token (JWT) is set to a publicly routable URL. For more information, see "[AUTOTITLE](/enterprise-server@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)."
 {% endif %}
 
 ## Adding the Federated Credentials to Azure

content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md

@@ -45,6 +45,7 @@ topics:
 | Running tests on the runner | `npm test`|
 
 ## Example workflow
+
 The following workflow was created by the {% data variables.product.prodname_dotcom %} Docs Engineering team. The workflow runs tests against the code in a pull request. To review the latest version of this file in the [`github/docs`](https://github.com/github/docs) repository, see [`test.yml`](https://github.com/github/docs/blob/main/.github/workflows/test.yml).
 
 ```yaml annotate copy

content/actions/guides.md

@@ -18,7 +18,7 @@ includeGuides:
   - /actions/quickstart
   - /actions/learn-github-actions/understanding-github-actions
   - /actions/creating-actions/creating-a-docker-container-action
-  - /actions/using-workflows/using-starter-workflows
+  - /actions/learn-github-actions/using-starter-workflows
   - /actions/automating-builds-and-tests/building-and-testing-python
   - /actions/automating-builds-and-tests/building-and-testing-nodejs
   - /actions/publishing-packages/about-packaging-with-github-actions

content/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -46,6 +46,7 @@ type: tutorial
 {% endif %}
 
 {% ifversion ghec or ghes or ghae %}
+
 ## Changing which organizations can access a runner group
 
 {%- ifversion fpt or ghec or ghes %}
@@ -110,12 +111,14 @@ You can edit the name of your runner groups at the enterprise and organization l
 - [Changing the name of an enterprise runner group](#changing-the-name-of-an-enterprise-runner-group)
 
 ### Changing the name of an organization runner group
+
 {% endif %}
 
 {% data reusables.actions.runner-groups-org-navigation %}
 {% data reusables.actions.changing-the-name-of-a-runner-group %}
 
 {% ifversion ghes or ghec or ghae %}
+
 ### Changing the name of an enterprise runner group
 
 {% data reusables.actions.runner-groups-enterprise-navigation %}
@@ -135,6 +138,7 @@ You can edit the name of your runner groups at the enterprise and organization l
 - [Moving an enterprise runner to a group](#moving-an-enterprise-runner-to-a-group)
 
 ### Moving an organization runner to a group
+
 {% endif %}
 
 {% data reusables.organizations.navigate-to-org %}
@@ -143,6 +147,7 @@ You can edit the name of your runner groups at the enterprise and organization l
 {% data reusables.actions.moving-a-runner-to-a-group %}
 
 {% ifversion ghes or ghec or ghae %}
+
 ### Moving an enterprise runner to a group
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -161,12 +166,14 @@ You can edit the name of your runner groups at the enterprise and organization l
 - [Removing a runner group from an enterprise](#removing-a-runner-group-from-an-enterprise)
 
 ### Removing a runner group from an organization
+
 {% endif %}
 
 {% data reusables.actions.runner-groups-org-navigation %}
 {% data reusables.actions.removing-a-runner-group %}
 
 {% ifversion ghes or ghec or ghae %}
+
 ### Removing a runner group from an enterprise
 
 {% data reusables.actions.runner-groups-enterprise-navigation %}

content/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners.md

@@ -87,12 +87,34 @@ By default, the self-hosted runner application verifies the TLS certificate for
 
 To disable TLS certification verification in the self-hosted runner application, set the `GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY` environment variable to `1` before configuring and running the self-hosted runner application.
 
+{% linux %}
+
 ```shell
 export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1
 ./config.sh --url https://github.com/YOUR-ORG/YOUR-REPO --token
 ./run.sh
 ```
 
+{% endlinux %}
+{% mac %}
+
+```shell
+export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1
+./config.sh --url https://github.com/YOUR-ORG/YOUR-REPO --token
+./run.sh
+```
+
+{% endmac %}
+{% windows %}
+
+```powershell
+[Environment]::SetEnvironmentVariable('GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY', '1')
+./config.cmd --url https://github.com/YOUR-ORG/YOUR-REPO --token
+./run.sh
+```
+
+{% endwindows %}
+
 {% warning %}
 
 **Warning**: Disabling TLS verification is not recommended since TLS provides privacy and data integrity between the self-hosted runner application and {% data variables.product.product_name %}. We recommend that you install the {% data variables.product.product_name %} certificate in the operating system certificate store for your self-hosted runner. For guidance on how to install the {% data variables.product.product_name %} certificate, check with your operating system vendor.

content/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md

@@ -37,6 +37,7 @@ You can create custom labels for runners at the repository{% ifversion ghec or g
 {% data reusables.actions.self-hosted-runners-create-label-steps %}
 
 {% ifversion ghec or ghes or ghae %}
+
 ### Creating a custom label for an enterprise runner
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -46,6 +47,7 @@ You can create custom labels for runners at the repository{% ifversion ghec or g
 {% data reusables.actions.self-hosted-runners-create-label-steps %}
 
 {% endif %}
+
 ## Assigning a label to a self-hosted runner
 
 You can assign labels to self-hosted runners at the repository{% ifversion ghec or ghes or ghae %}, organization, and enterprise{% else %} and organization{% endif %} levels.
@@ -65,6 +67,7 @@ You can assign labels to self-hosted runners at the repository{% ifversion ghec
 {% data reusables.actions.self-hosted-runner-assign-label-steps %}
 
 {% ifversion ghec or ghes or ghae %}
+
 ### Assigning a label to an enterprise runner
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -75,6 +78,7 @@ You can assign labels to self-hosted runners at the repository{% ifversion ghec
 {% data reusables.actions.self-hosted-runner-assign-label-steps %}
 
 {% endif %}
+
 ## Removing a custom label from a self-hosted runner
 
 You can remove custom labels from self-hosted runners at the repository{% ifversion ghec or ghes or ghae %}, organization, and enterprise{% else %} and organization{% endif %} levels.
@@ -94,6 +98,7 @@ You can remove custom labels from self-hosted runners at the repository{% ifvers
 {% data reusables.actions.self-hosted-runner-remove-label-steps %}
 
 {% ifversion ghec or ghes or ghae %}
+
 ### Removing a custom label from an enterprise runner
 
 {% data reusables.enterprise-accounts.access-enterprise %}

content/actions/index.md

@@ -14,7 +14,7 @@ featuredLinks:
     - /actions/publishing-packages/about-packaging-with-github-actions
     - /actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting
   guideCards:
-    - /actions/using-workflows/using-starter-workflows
+    - /actions/learn-github-actions/using-starter-workflows
     - /actions/publishing-packages/publishing-nodejs-packages
     - /actions/automating-builds-and-tests/building-and-testing-powershell
   popular:

content/actions/learn-github-actions/index.md

@@ -25,6 +25,7 @@ children:
   - /expressions
   - /contexts
   - /variables
+  - /using-starter-workflows  
   - /usage-limits-billing-and-administration
 ---
 

content/actions/learn-github-actions/using-starter-workflows.md

@@ -9,7 +9,7 @@ redirect_from:
   - /actions/building-and-testing-code-with-continuous-integration/setting-up-continuous-integration-using-github-actions
   - /actions/guides/setting-up-continuous-integration-using-workflow-templates
   - /actions/learn-github-actions/using-workflow-templates
-  - /actions/learn-github-actions/using-starter-workflows
+  - /actions/using-workflows/using-starter-workflows
 versions:
   fpt: '*'
   ghes: '*'
@@ -26,21 +26,24 @@ topics:
 
 ## About starter workflows
 
-{% data variables.product.product_name %} offers starter workflows for a variety of languages and tooling. When you set up workflows in your repository, {% data variables.product.product_name %} analyzes the code in your repository and recommends workflows based on the language and framework in your repository. For example, if you use [Node.js](https://nodejs.org/en/), {% data variables.product.product_name %} will suggest a starter workflow file that installs your Node.js packages and runs your tests.{% ifversion actions-starter-template-ui %} You can search and filter to find relevant starter workflows.{% endif %}
+Starter workflows are templates that help you to create your own {% data variables.product.prodname_actions %} workflows for a repository. They offer an alternative to starting from a blank workflow file and are useful because some of the work will already have been done for you.
+
+{% data variables.product.product_name %} offers starter workflows for a variety of languages and tooling. When you set up workflows in your repository, {% data variables.product.product_name %} analyzes the code in your repository and recommends workflows based on the language and framework in your repository. For example, if you use Node.js, {% data variables.product.product_name %} will suggest a starter workflow file that installs your Node.js packages and runs your tests.{% ifversion actions-starter-template-ui %} You can search and filter to find relevant starter workflows.{% endif %}
 
 {% data reusables.actions.starter-workflow-categories %}
 
-You can also create your own starter workflow to share with your organization. These starter workflows will appear alongside the {% data variables.product.product_name %}-provided starter workflows. For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
+You can also create your own starter workflow to share with your organization. These starter workflows will appear alongside the {% data variables.product.product_name %}-provided starter workflows. Anyone with write access to the organization's `github` repository can set up a starter workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
 
-## Using starter workflows
+## Choosing and using a starter workflow
-
-Anyone with write permission to a repository can set up {% data variables.product.prodname_actions %} starter workflows for CI/CD or other automation.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
-1. If you already have a workflow in your repository, click **New workflow**.
+{% data reusables.actions.new-starter-workflow %}
 1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Find the starter workflow that you want to use, then click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}.{% ifversion actions-starter-template-ui %} To help you find the starter workflow that you want, you can search for keywords or filter by category.{% endif %}
-1. If the starter workflow contains comments detailing additional setup steps, follow these steps. Many of the starter workflow have corresponding guides. For more information, see the [{% data variables.product.prodname_actions %} guides](/actions/guides).
+1. If the starter workflow contains comments detailing additional setup steps, follow these steps.
+
+   There are guides to accompany many of the starter workflows for building and testing projects. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests)."
+
 1. Some starter workflows use secrets. For example, {% raw %}`${{ secrets.npm_token }}`{% endraw %}. If the starter workflow uses a secret, store the value described in the secret name as a secret in your repository. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)."
 1. Optionally, make additional changes. For example, you might want to change the value of `on` to change when the workflow runs.
 1. Click **Start commit**.
@@ -51,7 +54,6 @@ Anyone with write permission to a repository can set up {% data variables.produc
 - "[AUTOTITLE](/actions/automating-builds-and-tests/about-continuous-integration)"
 - "[AUTOTITLE](/actions/managing-workflow-runs)"
 - "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/about-monitoring-and-troubleshooting)"
-- "[AUTOTITLE](/actions/learn-github-actions)"
 {% ifversion fpt or ghec %}
 - "[AUTOTITLE](/billing/managing-billing-for-github-actions)"
 {% endif %}

content/actions/learn-github-actions/variables.md

@@ -224,7 +224,7 @@ You can access environment variable values using the `env` context{% ifversion a
 
 In addition to runner environment variables, {% data variables.product.prodname_actions %} allows you to set and read `env` key values using contexts. Environment variables and contexts are intended for use at different points in the workflow.
 
-The `run` steps in a workflow, or in a referenced action, are processed by a runner. As a result, you can use runner environment variables here, using the appropriate syntax for the shell you are using on the runner - for example, `$NAME` for the bash shell on a Linux runner, or `$env:NAME` for PowerShell on a Windows runner. In most cases you can also use contexts, with the syntax {% raw %}`${{ CONTEXT.PROPERTY }}`{% endraw %}, to access the same value. The difference is that the context will be interpolated and replaced by a string before the job is sent to a runner. 
+The `run` steps in a workflow, or in a referenced action, are processed by a runner. As a result, you can use runner environment variables here, using the appropriate syntax for the shell you are using on the runner - for example, `$NAME` for the bash shell on a Linux runner, or `$env:NAME` for PowerShell on a Windows runner. In most cases you can also use contexts, with the syntax {% raw %}`${{ CONTEXT.PROPERTY }}`{% endraw %}, to access the same value. The difference is that the context will be interpolated and replaced by a string before the job is sent to a runner.
 
 However, you cannot use runner environment variables in parts of a workflow that are processed by {% data variables.product.prodname_actions %} and are not sent to the runner. Instead, you must use contexts. For example, an `if` conditional, which determines whether a job or step is sent to the runner, is always processed by {% data variables.product.prodname_actions %}. You must therefore use a context in an `if` conditional statement to access the value of an variable.
 
@@ -249,7 +249,7 @@ jobs:
 
 {% endraw %}
 
-In this modification of the earlier example, we've introduced an `if` conditional. The workflow step is now only run if `DAY_OF_WEEK` is set to "Monday". We access this value from the `if` conditional statement by using the [`env` context](/actions/learn-github-actions/contexts#env-context). The `env` context is not required for the variables referenced within the `run` command. They are referenced as runner environment variables and are interpolated after the job is received by the runner. We could, however, have chosen to interpolate those variables before sending the job to the runner, by using contexts. The resulting output would be the same. 
+In this modification of the earlier example, we've introduced an `if` conditional. The workflow step is now only run if `DAY_OF_WEEK` is set to "Monday". We access this value from the `if` conditional statement by using the [`env` context](/actions/learn-github-actions/contexts#env-context). The `env` context is not required for the variables referenced within the `run` command. They are referenced as runner environment variables and are interpolated after the job is received by the runner. We could, however, have chosen to interpolate those variables before sending the job to the runner, by using contexts. The resulting output would be the same.
 
 {% raw %}
 

content/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer.md

@@ -184,6 +184,7 @@ To perform a dry run of migrating a Bitbucket pipeline to {% data variables.prod
 ```bash
 gh actions-importer dry-run bitbucket --workspace :workspace --repository :repo --output-dir tmp/dry-run
 ```
+
 ### Inspecting the converted workflows
 
 You can view the logs of the dry run and the converted workflow files in the specified output directory.
@@ -205,6 +206,7 @@ To migrate a Bitbucket pipeline to {% data variables.product.prodname_actions %}
 ```bash
 gh actions-importer migrate bitbucket --workspace :workspace --repository :repo --target-url https://github.com/:owner/:repo --output-dir tmp/dry-run
 ```
+
 The command's output includes the URL of the pull request that adds the converted workflow to your repository. An example of a successful output is similar to the following:
 
 ```bash

content/actions/publishing-packages/publishing-docker-images.md

@@ -141,7 +141,7 @@ The `build-push-action` options required for {% data variables.product.prodname_
 - `context`: Defines the build's context as the set of files located in the specified path.{% endif %}
 - `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.{% ifversion fpt or ghec %}
 - `tags` and `labels`: These are populated by output from `metadata-action`.{% else %}
-- `tags`: Must be set in the format {% ifversion ghes %}`{% data reusables.package_registry.container-registry-hostname %}/OWNER/REPOSITORY/IMAGE_NAME:VERSION`. 
+- `tags`: Must be set in the format {% ifversion ghes %}`{% data reusables.package_registry.container-registry-hostname %}/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
   
    For example, for an image named `octo-image` stored on {% data variables.product.prodname_ghe_server %} at `https://HOSTNAME/octo-org/octo-repo`, the `tags` option should be set to `{% data reusables.package_registry.container-registry-hostname %}/octo-org/octo-repo/octo-image:latest`{% else %}`docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
   

content/actions/publishing-packages/publishing-nodejs-packages.md

@@ -73,7 +73,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: {% data reusables.actions.action-setup-node %}
         with:
-          node-version: '16.x'
+          node-version: '20.x'
           registry-url: 'https://registry.npmjs.org'
       - run: npm ci
       - run: npm publish
@@ -136,7 +136,7 @@ jobs:
       # Setup .npmrc file to publish to GitHub Packages
       - uses: {% data reusables.actions.action-setup-node %}
         with:
-          node-version: '16.x'
+          node-version: '20.x'
           registry-url: 'https://npm.pkg.github.com'
           # Defaults to the user or organization that owns the workflow file
           scope: '@octocat'
@@ -171,7 +171,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: {% data reusables.actions.action-setup-node %}
         with:
-          node-version: '16.x'
+          node-version: 20.x'
           registry-url: 'https://registry.npmjs.org'
           # Defaults to the user or organization that owns the workflow file
           scope: '@octocat'

content/actions/security-guides/automatic-token-authentication.md

@@ -100,7 +100,7 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau
 
 {% note %}
 
-**Notes:** 
+**Notes:**
 - When a workflow is triggered by the [`pull_request_target`](/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event, the `GITHUB_TOKEN` is granted read/write repository permission, even when it is triggered from a public fork. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)."
 - Private repositories can control whether pull requests from forks can run workflows, and can configure the permissions assigned to `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)."
 - {% data reusables.actions.workflow-runs-dependabot-note %}

content/actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners.md

@@ -50,6 +50,7 @@ For example, the following diagram has a runner group named `grp-ubuntu-20.04-16
 {% data reusables.actions.section-using-unique-names-for-runner-groups %}
 
 {% ifversion ghec %}
+
 ## Changing which organizations can access a runner group
 
 {% data reusables.actions.hosted-runner-security-admonition %}
@@ -112,12 +113,14 @@ You can rename runner groups at the enterprise and organization levels.
 - [Changing the name of an enterprise runner group](##changing-the-name-of-an-enterprise-runner-group)
 
 ### Changing the name of an organization runner group
+
 {% endif %}
 
 {% data reusables.actions.runner-groups-org-navigation %}
 {% data reusables.actions.changing-the-name-of-a-runner-group %}
 
 {% ifversion ghec %}
+
 ### Changing the name of an enterprise runner group
 
 {% data reusables.actions.runner-groups-enterprise-navigation %}
@@ -133,6 +136,7 @@ You can rename runner groups at the enterprise and organization levels.
 - [Moving an enterprise runner to a group](#moving-an-enterprise-runner-to-a-group)
 
 ### Moving an organization runner to a group
+
 {% endif %}
 
 {% data reusables.organizations.navigate-to-org %}
@@ -141,6 +145,7 @@ You can rename runner groups at the enterprise and organization levels.
 {% data reusables.actions.moving-a-runner-to-a-group %}
 
 {% ifversion ghec %}
+
 ### Moving an enterprise runner to a group
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -159,12 +164,14 @@ You can rename runner groups at the enterprise and organization levels.
 - [Removing a runner group from an enterprise](#removing-a-runner-group-from-an-enterprise)
 
 ### Removing a runner group from an organization
+
 {% endif %}
 
 {% data reusables.actions.runner-groups-org-navigation %}
 {% data reusables.actions.removing-a-runner-group %}
 
 {% ifversion ghec %}
+
 ### Removing a runner group from an enterprise
 
 {% data reusables.actions.runner-groups-enterprise-navigation %}

content/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners.md

@@ -10,6 +10,7 @@ redirect_from:
 ---
 
 {% ifversion ghec %}
+
 ## Adding a {% data variables.actions.hosted_runner %} to an enterprise
 
 Enterprise owners can add {% data variables.actions.hosted_runner %}s to an enterprise and assign them to organizations. By default, when a {% data variables.actions.hosted_runner %} is created for an enterprise, it is added to a default runner group that all organizations in the enterprise have access to. While all organizations are granted access to the runner, the repositories in each organization **are not** granted access. For each organization, an organization owner must configure the runner group to specify which repositories have access to the enterprise runner. For more information, see "[Allowing repositories to access a runner group](#allowing-repositories-to-access-a-runner-group)."
@@ -69,6 +70,7 @@ You can edit the name of your {% data variables.actions.hosted_runner %}s.
 - [Changing the name of an enterprise runner](#changing-the-name-of-an-enterprise-runner)
 
 ### Changing the name of an organization runner
+
 {% endif %}
 
 {% data reusables.organizations.navigate-to-org %}
@@ -78,6 +80,7 @@ You can edit the name of your {% data variables.actions.hosted_runner %}s.
 {% data reusables.actions.rename-larger-runner %}
 
 {% ifversion ghec %}
+
 ### Changing the name of an enterprise runner
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -95,7 +98,9 @@ You can control the maximum number of jobs allowed to run concurrently for speci
 {% ifversion ghec %}
 - [Configuring autoscaling for an organization runner](#configuring-autoscaling-for-an-organization-runner)
 - [Configuring autoscaling for an enterprise runner](#configuring-autoscaling-for-an-enterprise-runner)
+
 ### Configuring autoscaling for an organization runner
+
 {% endif %}
 
 {% data reusables.organizations.navigate-to-org %}
@@ -105,6 +110,7 @@ You can control the maximum number of jobs allowed to run concurrently for speci
 {% data reusables.actions.configure-autoscaling-for-larger-runners %}
 
 {% ifversion ghec %}
+
 ### Configuring autoscaling for an enterprise runner
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -133,6 +139,7 @@ The number of available IP addresses in the assigned ranges does not restrict nu
 - [Creating static IP addresses for enterprise runners](#creating-static-ip-addresses-for-enterprise-runners)
 
 ### Creating static IP addresses for organization runners
+
 {% endif %}
 
 {% data reusables.organizations.navigate-to-org %}
@@ -142,6 +149,7 @@ The number of available IP addresses in the assigned ranges does not restrict nu
 {% data reusables.actions..networking-for-larger-runners %}
 
 {% ifversion ghec %}
+
 ### Creating static IP addresses for enterprise runners
 
 {% data reusables.enterprise-accounts.access-enterprise %}

content/actions/using-jobs/assigning-permissions-to-jobs.md

@@ -25,7 +25,7 @@ versions:
 
 ## Setting the `GITHUB_TOKEN` permissions for all jobs in a workflow
 
-You can specify `permissions` at the top level of a workflow, so that the setting applies to all jobs in the workflow. 
+You can specify `permissions` at the top level of a workflow, so that the setting applies to all jobs in the workflow.
 
 ### Example: Setting the `GITHUB_TOKEN` permissions for an entire workflow
 

content/actions/using-workflows/about-workflows.md

@@ -50,7 +50,7 @@ For more on managing workflow runs, such as re-running, cancelling, or deleting
 
 {% data reusables.actions.workflow-template-overview %}
 
-For more information on using and creating starter workflows, see "[AUTOTITLE](/actions/using-workflows/using-starter-workflows)" and "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
+For more information on using and creating starter workflows, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)" and "[AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization)."
 
 ## Advanced workflow features
 

content/actions/using-workflows/creating-starter-workflows-for-your-organization.md

@@ -114,4 +114,4 @@ To add another starter workflow, add your files to the same `workflow-templates`
 
 ## Next steps
 
-To continue learning about {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/using-workflows/using-starter-workflows)."
+To continue learning about {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows)."

content/actions/using-workflows/index.md

@@ -33,7 +33,6 @@ children:
   - /caching-dependencies-to-speed-up-workflows
   - /storing-workflow-data-as-artifacts
   - /creating-starter-workflows-for-your-organization
-  - /using-starter-workflows
   - /sharing-workflows-secrets-and-runners-with-your-organization
   - /using-github-cli-in-workflows
 ---

content/actions/using-workflows/reusing-workflows.md

@@ -265,7 +265,7 @@ When you call a reusable workflow, you can only use the following keywords in th
 
   - If `jobs.<job_id>.permissions` is not specified in the calling job, the called workflow will have the default permissions for the `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)."
   - The `GITHUB_TOKEN` permissions passed from the caller workflow can be only downgraded (not elevated) by the called workflow.
-  - If you use `jobs.<job_id>.concurrency.cancel-in-progress: true`, don't use the same value for `jobs.<job_id>.concurrency.group` in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in {% raw %}${{ github.workflow }}{% endraw %}, so using this context as the value of `jobs.<job_id>.concurrency.group` in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs. 
+  - If you use `jobs.<job_id>.concurrency.cancel-in-progress: true`, don't use the same value for `jobs.<job_id>.concurrency.group` in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in {% raw %}${{ github.workflow }}{% endraw %}, so using this context as the value of `jobs.<job_id>.concurrency.group` in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs.
 
    {% endnote %}
 

content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md

@@ -277,6 +277,7 @@ On an instance in a high-availability configuration, after you restore to new di
 To remediate after the restoration completes and before starting replication, you can tear down stale UUIDs using `ghe-repl-teardown`. If you need further assistance, contact {% data variables.contact.contact_ent_support %}.
 
 {% ifversion backup-utilities-progress %}
+
 ## Monitoring backup or restoration progress
 
 During a backup or restoration operation, you can use the `ghe-backup-progress` utility on your backup host to monitor the operation's progress. The utility prints the progress of each job sequentially.

content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md

@@ -46,24 +46,28 @@ To ensure users can sign into the new target instance, ensure that your environm
    ```shell copy
    ssh -p 122 admin@HOSTNAME
    ```
+
 {%- ifversion ghes = 3.7 %}
 1. To display a list of encryption and decryption keys, run the following command.
 
    ```shell copy
    ghe-config secrets.github.encrypted-column-keying-material
    ```
+
 {%- elsif ghes = 3.8 or ghes = 3.9 %}
 1. To display a list of decryption keys, run the following command.
 
    ```shell copy
    ghe-config secrets.github.encrypted-column-keying-material
    ```
+
 1. Copy the output to a safe and temporary location.
 1. To display a list of encryption keys, run the following command.
 
    ```shell copy
    ghe-config secrets.github.encrypted-column-current-encryption-key
    ```
+
 1. Copy the output to a safe and temporary location.
 {%- endif %}
 1. SSH into the destination {% data variables.product.product_name %} instance where you restored the backup. Replace HOSTNAME with the actual hostname of your instance.
@@ -71,6 +75,7 @@ To ensure users can sign into the new target instance, ensure that your environm
    ```shell copy
    ssh -p 122 admin@HOSTNAME
    ```
+
 1. Enable maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#enabling-maintenance-mode-immediately-or-scheduling-a-maintenance-window-for-a-later-time)."
 1. To verify that the destination instance is ready for configuration, run the following {% ifversion ghes = 3.7 %}command{% elsif ghes = 3.8 or ghes = 3.9 %}commands{% endif %}. There should be no output displayed.
 
@@ -80,29 +85,34 @@ To ensure users can sign into the new target instance, ensure that your environm
    ghe-config secrets.github.encrypted-column-current-encryption-key
    {%- endif %}
    ```
+
 {%- ifversion ghes = 3.7 %}
 1. To update the list of keys on the destination instance, run the following command. Replace KEY-LIST with the output from step 1.
 
    ```shell copy
    ghe-config secrets.github.encrypted-column-keying-material "KEY-LIST"
    ```
+
 {%- elsif ghes = 3.8 or ghes = 3.9 %}
 1. To update the decryption keys on the destination instance, run the following command. Replace DECRYPTION-KEY-LIST with the output from step 1.
 
    ```shell copy
    ghe-config secrets.github.encrypted-column-keying-material "DECRYPTION-KEY-LIST"
    ```
+
 1. To update the encryption key on the destination instance, run the following command. Replace ENCRYPTION-KEY with the output from step 4.
 
    ```shell copy
    ghe-config secrets.github.encrypted-column-current-encryption-key "ENCRYPTION-KEY"
    ```
+
 {%- endif %}
 1. To apply the configuration, run the following command.
 
     ```shell copy
     ghe-config-apply
     ```
+
 1. Wait for the configuration run to complete.
 1. To ensure that the target instance's configuration contains the keys, run the following {% ifversion ghes = 3.7 %}command{% elsif ghes = 3.8 or ghes = 3.9 %}commands{% endif %} and verify that the output matches step 1{% ifversion ghes = 3.8 or ghes = 3.9 %} and step 4{% endif %}.
 
@@ -112,6 +122,7 @@ To ensure users can sign into the new target instance, ensure that your environm
    ghe-config secrets.github.encrypted-column-current-encryption-key
    {%- endif %}
    ```
+
 1. Have a user sign into the destination instance. If any issues arise, contact {% data variables.contact.enterprise_support %}. For more information, see "[AUTOTITLE](/support/contacting-github-support)."
 
 {% endif %}

content/admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules.md

@@ -69,6 +69,7 @@ We do not recommend customizing UFW as it can complicate some troubleshooting is
 
 1. Configure a custom firewall rule.
 1. Check the status of each new rule with the `status numbered` command.
+
    ```shell
    sudo ufw status numbered
    ```

content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md

@@ -107,6 +107,7 @@ Optionally, organization owners can further restrict the access policy of the ru
 For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)."
 
 ## 5. Automatically scale your self-hosted runners
+
 {% ifversion actions-runner-controller %}Optionally, you can use {% data variables.product.prodname_actions_runner_controller %} (ARC) to automatically scale self-hosted runners. {% data reusables.actions.actions-runner-controller-about-arc %}
 
 {% else %}Optionally, you can build custom tooling to automatically scale the self-hosted runners for {% ifversion ghec or ghae %}your enterprise{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. For example, your tooling can respond to webhook events from {% data variables.location.product_location %} to automatically scale a cluster of runner machines. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners)."

content/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md

@@ -90,7 +90,7 @@ This example demonstrates using the `actions-sync` tool to sync an individual ac
    - `--destination-token`: A {% data variables.product.pat_generic %} for the destination enterprise instance.
    - `--destination-url`: The URL of the destination enterprise instance.
    - `--repo-name`: The action repository to sync. This takes the format of `owner/repository:destination_owner/destination_repository`.
-   
+
      - The above example syncs the [`actions/stale`](https://github.com/actions/stale) repository to the `synced-actions/actions-stale` repository on the destination enterprise instance. You must create the organization named `synced-actions` in your enterprise before running the above command.
      - If you omit `:destination_owner/destination_repository`, the tool uses the original owner and repository name for your enterprise. Before running the command, you must create a new organization in your enterprise that matches the owner name of the action. Consider using a central organization to store the synced actions in your enterprise, as this means you will not need to create multiple new organizations if you sync actions from different owners.
      - You can sync multiple actions by replacing the `--repo-name` parameter with `--repo-name-list` or `--repo-name-list-file`. For more information, see the [`actions-sync` README](https://github.com/actions/actions-sync#actions-sync).

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md

@@ -117,9 +117,9 @@ Before your developers can use {% data variables.product.prodname_ghe_cloud %} w
 
    Your contact on the GitHub Sales team will work with you to create your new {% data variables.enterprise.prodname_emu_enterprise %}. You'll need to provide the email address for the user who will set up your enterprise and a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} For more information, see "[Usernames and profile information](#usernames-and-profile-information)."
 
-1. After we create your enterprise, you will receive an email from {% data variables.product.prodname_dotcom %} inviting you to choose a password for your enterprise's setup user, which will be the first owner in the enterprise. Use an incognito or private browsing window when setting the password and saving the recovery codes for the user. The setup user is only used to configure single sign-on and SCIM provisioning integration for the enterprise. It will no longer be allowed to access enterprise or organization settings once SSO is configured, unless an SSO recovery code is used. 
+1. After we create your enterprise, you will receive an email from {% data variables.product.prodname_dotcom %} inviting you to choose a password for your enterprise's setup user, which will be the first owner in the enterprise. Use an incognito or private browsing window when setting the password and saving the recovery codes for the user. The setup user is only used to configure single sign-on and SCIM provisioning integration for the enterprise. It will no longer be allowed to access enterprise or organization settings once SSO is configured, unless an SSO recovery code is used.
 
-   The setup user's username is your enterprise's shortcode suffixed with `_admin`, for example `fabrikam_admin`. If you need to sign in as the setup user later, you can enter the username and password at any login page. A link to the login page is also provided on the SSO page, for convenience. 
+   The setup user's username is your enterprise's shortcode suffixed with `_admin`, for example `fabrikam_admin`. If you need to sign in as the setup user later, you can enter the username and password at any login page. A link to the login page is also provided on the SSO page, for convenience.
 
    {% note %}
 

content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/including-data-about-github-actions-in-server-statistics.md

@@ -36,4 +36,5 @@ If you enable the collection of data about {% data variables.product.prodname_ac
    ```shell{:copy}
    ghe-config app.github.enable-actions-usage-stats true
    ```
+
 {% data reusables.enterprise.apply-configuration %}

content/admin/monitoring-managing-and-updating-your-instance/caching-repositories/configuring-a-repository-cache.md

@@ -55,6 +55,7 @@ Then, when told to fetch `https://github.example.com/myorg/myrepo`, Git will ins
       ```
       ghe-repl-setup -a PRIMARY-IP
       ```
+
 1. To configure the repository cache, use the `ghe-repl-node` command and include the necessary parameters.
     - Set a `cache-location` for the repository cache, replacing _CACHE-LOCATION_ with an alphanumeric identifier, such as the region where the cache is deployed.  The _CACHE-LOCATION_ value must not be any of the subdomains reserved for use with subdomain isolation, such as `assets` or `media`.  For a list of reserved names, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation#about-subdomain-isolation)."
     - Set a `cache-domain` for the repository cache, replacing _EXTERNAL-CACHE-DOMAIN_ with the hostname Git clients will use to access the repository cache. If you do not specify a `cache-domain`, {% data variables.product.product_name %} will prepend the _CACHE-LOCATION_ value as a subdomain to the hostname configured for your instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-a-hostname)."

content/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md

@@ -32,9 +32,9 @@ To fail over to replica nodes, you must have configured high availability replic
 1. SSH into the primary MySQL node in the replica cluster. For more information, see "[AUTOTITLE](/enterprise/admin/configuration/accessing-the-administrative-shell-ssh#enabling-access-to-the-administrative-shell-via-ssh)."
 1. To begin the failover to the secondary cluster and configure the nodes to respond to requests, run the following command.
 
-    ```shell
+   ```shell
-  ghe-cluster-failover
+   ghe-cluster-failover
-  ```
+   ```
 
 {% data reusables.enterprise_clustering.configuration-finished %}
 1. Update the DNS record to point to the IP address of the load balancer for your replica cluster. After the TTL period expires, requests will be directed to the replica cluster.

content/admin/monitoring-managing-and-updating-your-instance/configuring-high-availability/creating-a-high-availability-replica.md

@@ -100,6 +100,7 @@ This example configuration uses a primary and two replicas, which are located in
    ```
 
 1. To apply the configuration, use the `ghe-config-apply` command on the primary.
+
    ```shell
    (primary)$ ghe-config-apply
    ```

content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance.md

@@ -133,16 +133,19 @@ If you cannot upgrade {% data variables.location.product_location %}, then you c
    ```shell copy
    ghe-maintenance -s
    ```
+
 1. Update consul template for nomad:
 
    ```shell copy
    sudo sed -i.bak '/kill_signal/i \      kill_timeout = "10m"' /etc/consul-templates/etc/nomad-jobs/mysql/mysql.hcl.ctmpl
    ```
+
 1. Render consul template for nomad:
 
    ```shell copy
    sudo consul-template -once -template /etc/consul-templates/etc/nomad-jobs/mysql/mysql.hcl.ctmpl:/etc/nomad-jobs/mysql/mysql.hcl
    ```
+
 1. Verify current `kill_timeout` setting:
 
    ```shell copy
@@ -154,26 +157,31 @@ If you cannot upgrade {% data variables.location.product_location %}, then you c
    ```shell copy
    "KillTimeout": 5000000000
    ```
+
 1. Stop MySQL:
 
    ```shell copy
    nomad job stop mysql
    ```
+
 1. Run new MySQL job:
 
    ```shell copy
    nomad job run /etc/nomad-jobs/mysql/mysql.hcl
    ```
+
 1. Verify kill_timeout has been updated:
 
    ```shell copy
    nomad job inspect mysql | grep KillTimeout
    ```
+
    Expected response:
 
    ```shell copy
    "KillTimeout": 600000000000,
    ```
+
 1. Take instance out of maintenance mode:
 
    ```shell copy

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md

@@ -24,7 +24,7 @@ topics:
   - Policies
 shortTitle: GitHub Actions policies
 ---
- 
+
 
 ## About policies for {% data variables.product.prodname_actions %} in your enterprise
 
@@ -41,7 +41,7 @@ You can choose to disable {% data variables.product.prodname_actions %} for all
 {% data reusables.enterprise-accounts.actions-tab %}
 1. Under "Policies", select your options.
 
-   {% indented_data_reference reusables.actions.actions-use-policy-settings spaces=3 %}
+   {% data reusables.actions.actions-use-policy-settings %}
 
    {%- ifversion ghes or ghae %}
    {% note %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md

@@ -27,14 +27,14 @@ If you're an organization owner, you can enable {% data variables.product.prodna
 
 {% note %}
 
-**Note:** If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings)." 
+**Note:** If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings)."
 
 {% endnote %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 1. Under "{% octicon "law" aria-hidden="true" %} Policies," click **Codespaces**.
-1. On the {% data variables.product.prodname_github_codespaces %} policies page, under "Manage organization access to {% data variables.product.prodname_github_codespaces %}," select whether to enable {% data variables.product.prodname_github_codespaces %} in your organizations' private and internal repositories. 
+1. On the {% data variables.product.prodname_github_codespaces %} policies page, under "Manage organization access to {% data variables.product.prodname_github_codespaces %}," select whether to enable {% data variables.product.prodname_github_codespaces %} in your organizations' private and internal repositories.
 
    You can enable for all organizations, enable for specific organizations, or disable for all organizations.
 1. Click **Save**.

content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md

@@ -81,6 +81,7 @@ The following sections will lead you through setting up the following components
 1. Create a Ruby file named `server.rb`. This file will contain all the code for your app. You will add content to this file later.
 1. If the directory doesn't already include a `.gitignore` file, add a `.gitignore` file. You will add content to this file later. For more information about `.gitignore` files, see "[AUTOTITLE](/get-started/getting-started-with-git/ignoring-files)."
 1. Create a file named `Gemfile`. This file will describe the gem dependencies that your Ruby code needs. Add the following contents to your `Gemfile`:
+
    ```ruby copy
    source 'http://rubygems.org'
 
@@ -92,7 +93,9 @@ The following sections will lead you through setting up the following components
    gem 'dotenv'
    gem 'git'
    ```
+
 1. Create a file named `config.ru`. This file will configure your Sinatra server to run. Add the following contents to your `config.ru` file:
+
    ```ruby copy
    require './server'
    run GHAapp
@@ -103,17 +106,22 @@ The following sections will lead you through setting up the following components
 In order to develop your app locally, you can use a webhook proxy URL to forward webhook events from {% data variables.product.company_short %} to your computer or codespace. This tutorial uses Smee.io to provide a webhook proxy URL and forward events.
 
 1. In a terminal, run the following command to install the Smee client:
+
    ```shell copy
    npm install --global smee-client
    ```
+
 1. In your browser, navigate to https://smee.io/.
 1. Click **Start a new channel**.
 1. Copy the full URL under "Webhook Proxy URL".
 1. In the terminal, run the following command to start the Smee client. Replace `YOUR_DOMAIN` with the Webhook Proxy URL you copied in the previous step.
+
    ```shell copy
    smee --url YOUR_DOMAIN --path /event_handler --port 3000
    ```
+
    You should see output like the following:
+
    ```shell
    Forwarding https://smee.io/YOUR_DOMAIN to http://127.0.0.1:3000/event_handler
    Connected https://smee.io/YOUR_DOMAIN

content/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app.md

@@ -36,8 +36,8 @@ include the client secret in your native application, however web applications s
 
 You can fill out every other piece of information however you like, except the
 **Authorization callback URL**. This is the most important piece to securely setting
-up your application. It's the callback URL that {% data variables.product.product_name %} 
+up your application. It's the callback URL that {% data variables.product.product_name %}
-returns the user to after successful authentication. Ownership of that URL is what ensures 
+returns the user to after successful authentication. Ownership of that URL is what ensures
 that users sign into your app, instead of leaking tokens to an attacker.
 
 Since we're running a regular Sinatra server, the location of the local instance
@@ -64,7 +64,7 @@ end
 
 Your client ID and client secret come from [your application's configuration
 page][app settings]. We recommend storing these values as
-[environment variables][about env vars] for ease of replacement and use -- 
+[environment variables][about env vars] for ease of replacement and use --
 which is exactly what we've done here.
 
 Next, in _views/index.erb_, paste this content:
@@ -125,7 +125,7 @@ end
 ```
 
 After a successful app authentication, {% data variables.product.product_name %} provides a temporary `code` value.
-You'll need to `POST` this code back to {% data variables.product.product_name %} with your client secret 
+You'll need to `POST` this code back to {% data variables.product.product_name %} with your client secret
 in exchange for an `access_token`.
 To simplify our GET and POST HTTP requests, we're using the [rest-client][REST Client].
 Note that you'll probably never access the API through REST. For a more serious
@@ -158,10 +158,10 @@ checked for those as well.
 Also, since there's a hierarchical relationship between scopes, you should
 check if you were granted any higher levels of the required scope. For example,
 if the application had asked for `user` scope, it won't have been granted explicitly the
-`user:email` scope. In that case, it would receive a token with the `user` scope, which 
+`user:email` scope. In that case, it would receive a token with the `user` scope, which
 would work for requesting the user's email address, even though it doesn't explicitly include
-`user:email` on the token. Checking for both `user` and `user:email` ensures that you 
+`user:email` on the token. Checking for both `user` and `user:email` ensures that you
-check for both scenarios. 
+check for both scenarios.
 
 Checking for scopes only before making requests is not enough since it's possible
 that users will change the scopes in between your check and the actual request.

content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md

@@ -42,7 +42,7 @@ For more information about authorizing {% data variables.product.prodname_github
 
 Organization owners can install {% data variables.product.prodname_github_apps %} on their organization.
 
-For enterprises that pay by credit card, enterprise owners who are also organization owners can install {% data variables.product.prodname_github_apps %} on organizations within their enterprise. 
+For enterprises that pay by credit card, enterprise owners who are also organization owners can install {% data variables.product.prodname_github_apps %} on organizations within their enterprise.
 
 Admins of repositories that are owned by an organization can also install {% data variables.product.prodname_github_apps %} on the organization if they only grant the app access to repositories that they are an admin of and if the app does not request any organization resources. Organization owners can prevent outside collaborators who are repository admins from installing {% data variables.product.prodname_github_apps %}.
 

content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md

@@ -31,5 +31,6 @@ Some authenticators allow passkeys to be used with nearby devices. For example,
 1. On your nearby device, follow the prompts to complete the authentication process. For example, if you are using an iPhone, you might perform FaceID or enter your passcode.
 
 ## Further reading
+
 - [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)
 - [AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)

content/authentication/keeping-your-account-and-data-secure/sudo-mode.md

@@ -63,6 +63,7 @@ To confirm access for sudo mode, you {% ifversion totp-and-mobile-sudo-challenge
 {%- endif %}
 
 {% ifversion passkeys %}
+
 ## Confirming access using a passkey
 
 You must have a passkey registered to your account to confirm access to your account for sudo mode using a passkey. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)."

content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md

@@ -51,6 +51,7 @@ If you've set up a security key on your account, and your browser supports secur
 1. Select the appropriate option in the prompt. Depending on your security key configuration, you may type a PIN, complete a biometric prompt, or use a physical security key.
 
 {% ifversion passkeys %}
+
 ### Using a passkey
 
 If you have enabled 2FA, and you have added a passkey to your account, you can use the passkey to sign in. Since passkeys satisfy both password and 2FA requirements, you can complete your sign in with a single step. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)" and "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey)."

content/authentication/troubleshooting-ssh/error-permission-denied-publickey.md

@@ -78,7 +78,7 @@ $ ssh -T git@{% data variables.command_line.codeblock %}
 
    {% data reusables.desktop.windows_git_for_windows_turn_on_ssh_agent %}
 
-   {% indented_data_reference reusables.desktop.note-start-ssh-agent spaces=3 %}
+   {% data reusables.desktop.note-start-ssh-agent %}
 
 1. Verify that you have a private key generated and loaded into SSH.
 

content/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md

@@ -26,7 +26,7 @@ redirect_from:
 
 {% data reusables.codespaces.codespaces-free-for-personal-intro %}
 
-Organizations can choose whether codespaces created from their repositories will be user-owned or organization-owned. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)." An organization pays for a codespace if all the following things are true. 
+Organizations can choose whether codespaces created from their repositories will be user-owned or organization-owned. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)." An organization pays for a codespace if all the following things are true.
 
 - The organization has chosen for codespaces to be organization-owned.
 {% data reusables.codespaces.when-an-org-pays %}
@@ -218,7 +218,7 @@ Usage of codespaces created from a forked repository will be billed to your pers
 
 For example, consider a member, or outside collaborator, of an organization that has allowed billing for codespaces for that user. If the user has permission to fork an organization-owned private repository, they can subsequently create and use a codespace for the new repository at the organization's expense. This is because the organization is the owner of the parent repository. Note that the organization owner can remove the user's access to the private repository, the forked repository, and therefore also the codespace. The organization owner can also delete the parent repository which will also delete the forked repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-forking-policy-for-your-repository)."
 
-{% data reusables.codespaces.prebuilds-billing-for-forks %} 
+{% data reusables.codespaces.prebuilds-billing-for-forks %}
 
 ## How billing is handled when a repository is transferred to another organization
 

content/billing/managing-billing-for-github-marketplace-apps/downgrading-the-billing-plan-for-a-github-marketplace-app.md

@@ -49,7 +49,7 @@ When you downgrade an app, your subscription remains active until the end of you
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.billing-tab %}
-1. In the "Marketplace apps" tab, find the app you want to downgrade. 
+1. In the "Marketplace apps" tab, find the app you want to downgrade.
 1. Next to the organization where you want to downgrade the app, select **{% octicon "kebab-horizontal" aria-label="More" %}** and then click **Change plan**.
 1. Select the **Edit your plan** dropdown and click an account's plan to edit.
 {% data reusables.marketplace.choose-new-plan %}

content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md

@@ -78,7 +78,7 @@ To connect your Azure subscription, you must have owner permissions to the Azure
 1. In the "Access" section of the sidebar, click **{% octicon "credit-card" aria-hidden="true" %} Billing and plans**.
 1. Under "Billing Management", to the right of "Metered billing via Azure", click **Add Azure Subscription**.
 1. To sign in to your Microsoft account, follow the prompts.
-1. Review the "Permissions requested" prompt. If you agree with the terms, click **Accept**. 
+1. Review the "Permissions requested" prompt. If you agree with the terms, click **Accept**.
 
    {% data reusables.enterprise-accounts.azure-admin-approval-required-message %}
 1. Under "Select a subscription", select the Azure Subscription ID that you want to connect to your enterprise. {% data reusables.enterprise-accounts.tenant-app-permissions %}

content/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan.md

@@ -89,6 +89,7 @@ To reduce the number of paid seats your organization uses, you can remove member
 1. Review the information about your new payment on your next billing date, then click **Remove seats**.
 
 {% ifversion ghec %}
+
 ## Downgrading your enterprise account's plan
 
 Enterprise accounts are only available with {% data variables.product.prodname_enterprise %}, so it's not possible to downgrade an enterprise account to another plan.

content/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md

@@ -21,7 +21,7 @@ redirect_from:
 
 GHAS is a suite of tools that requires active participation from developers across your enterprise. To realize the best return on your investment, you must learn how to use, apply, and maintain GHAS.
 
-We’ve created a phased approach to GHAS rollouts developed from industry and GitHub best practices. We expect most customers will want to follow these phases, based on our experience helping customers with a successful deployment of {% data variables.product.prodname_GH_advanced_security %}, but you may need to modify this approach to meet the needs of your company. 
+We’ve created a phased approach to GHAS rollouts developed from industry and GitHub best practices. We expect most customers will want to follow these phases, based on our experience helping customers with a successful deployment of {% data variables.product.prodname_GH_advanced_security %}, but you may need to modify this approach to meet the needs of your company.
 
 Enabling GHAS across a large organization can be broken down into six core phases.
 

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md

@@ -163,10 +163,11 @@ For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scannin
 
    ![Screenshot showing a starter workflow file open for editing. The "Documentation" button is highlighted with an orange outline.](/assets/images/help/security/actions-workflows-documentation.png)
 
-   For more information, see "[AUTOTITLE](/actions/using-workflows/using-starter-workflows#using-starter-workflows)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
+   For more information, see "[AUTOTITLE](/actions/learn-github-actions/using-starter-workflows#choosing-and-using-a-starter-workflow)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
 
 {% endif %}
 {% ifversion ghes < 3.5 %}
+
 ## Reasons for the "Analysis not found" message
 
 If you used a pull request to add {% data variables.product.prodname_code_scanning %} to the repository, you will initially see an "Analysis not found" message when you click **Details** on the "{% data variables.product.prodname_code_scanning_caps %} results / TOOL NAME" check in a pull request.

content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md

@@ -54,6 +54,7 @@ If the code in a repository changes to include {% ifversion code-scanning-defaul
 
 {% endif %}
 {% ifversion org-enable-code-scanning %}
+
 ## Configuring default setup for all eligible repositories in an organization
 
 Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)."
@@ -80,6 +81,7 @@ Through the "Code security and analysis" page of your organization's settings, y
 {% data variables.product.prodname_code_scanning_caps %} is configured at the repository level. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
 {% endif %}
 {% ifversion code-security-multi-repo-enablement %}
+
 ## Configuring default setup for a subset of repositories in an organization
 
 Through security overview for your organization, you can find eligible repositories for default setup, then enable default setup across each of those repositories simultaneously. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)."

content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md

@@ -26,6 +26,7 @@ If your codebase depends on a library or framework that is not recognized by the
 If you need to change any other aspects of your {% data variables.product.prodname_code_scanning %} configuration, consider configuring advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)."
 
 {% ifversion code-scanning-without-workflow-310 %}
+
 ## Customizing your existing configuration of default setup
 
 {% data reusables.repositories.navigate-to-repo %}
@@ -38,6 +39,7 @@ If you need to change any other aspects of your {% data variables.product.prodna
 1. To update your configuration, as well as run an initial analysis of your code with the new configuration, click **Save changes**. All future analyses will use your new configuration.
 
 {% else %}
+
 ## Changing the selected query suite for your configuration of default setup
 
 {% data reusables.repositories.navigate-to-repo %}

content/code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory.md

@@ -18,11 +18,14 @@ versions:
 On very large projects, you may see `Error: "Out of disk"` or `Error: "Out of memory"` on self-hosted runners when running {% data variables.product.prodname_codeql %}. In this case, you may need to increase the memory or disk space available on your runners. You can review the recommended hardware resources for running {% data variables.product.prodname_codeql %} to make sure your self-hosted runners meet those requirements. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql)."
 
 {% else %}
+
 ## Use self-hosted runners
 
 Self-hosted runners offer more control of hardware, operating system, and software tools than {% data variables.product.company_short %}-hosted runners can provide. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." You can review the recommended hardware resources for running {% data variables.product.prodname_codeql %} to make sure your self-hosted runners meet those requirements. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql)."
 
 {% ifversion actions-hosted-runners %}
+
 ## Use larger runners
+
 You can use larger runners, which are {% data variables.product.company_short %}-hosted runners with more RAM, CPU, and disk space than standard runners. These runners have the runner application and other tools preinstalled. For more information about larger runners and the specifications you can use with them, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners)."{% endif %}
 {% endif %}

content/code-security/code-scanning/troubleshooting-sarif-uploads/missing-token.md

@@ -21,7 +21,7 @@ redirect_from:
 A GitHub token is required to upload SARIF results but none was specified
 ```
 
-This error is reported if the upload process does not reference an authentication method, or if that method has the wrong permission. The permissions required to upload SARIF file to a repository are the same no matter what process you use to upload the data. 
+This error is reported if the upload process does not reference an authentication method, or if that method has the wrong permission. The permissions required to upload SARIF file to a repository are the same no matter what process you use to upload the data.
 
 - Fine-grained {% data variables.product.pat_generic_plural %} require `write` scope for the repository.
 - Classic {% data variables.product.pat_generic_plural %} require `security_events` scope for the repository{% ifversion fpt or ghec %} for private or internal repositories. You can use tokens with the `public_repo` scope for public repositories.{% endif %}

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md

@@ -80,6 +80,7 @@ codeql database analyze <database> --format=<format> \
     --sarif-category=<language-specifier> --output=<output> \
     {% ifversion codeql-packs %}<packs,queries>{% else %}<queries>{% endif %}
 ```
+
 {% endnote %}
 
 You must specify `<database>`, `--format`, and `--output`. You can specify additional options depending on what analysis you want to do.
@@ -130,6 +131,7 @@ $ codeql database analyze /codeql-dbs/example-repo \
 ```
 
 {% ifversion code-scanning-tool-status-page %}
+
 ### Adding file coverage information to your results for monitoring
 
 You can optionally submit file coverage information to {% data variables.product.product_name %} for display on the {% data variables.code-scanning.tool_status_page %} for {% data variables.product.prodname_code_scanning %}. For more information about file coverage information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page#how-codeql-defines-scanned-files)."

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md

@@ -49,6 +49,7 @@ The other files and directories within the pack should be logically organized. F
 their own top-level directories.
 
 {% ifversion codeql-packs %}
+
 ## Downloading and using {% data variables.product.prodname_codeql %} query packs
 
 The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries{% ifversion codeql-model-packs-java %}, while model packs (beta) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default{% endif %}. For more information about query packs, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries)." {% ifversion codeql-model-packs-java %} For information about writing your own model packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack)."{% endif %}
@@ -190,6 +191,7 @@ For more information about writing your own model packs, see "[AUTOTITLE](/code-
 {% endif %}
 
 {% ifversion query-pack-compatibility %}
+
 ### About published packs
 
 When a pack is published for use in analyses, the `codeql pack create` or `codeql pack publish` command verifies that the content is complete and also adds some additional pieces of content to it:

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md

@@ -113,6 +113,7 @@ After you extract the {% data variables.product.prodname_codeql_cli %} bundle, y
 - `/<extraction-root>/codeql/codeql resolve qlpacks` otherwise.
 
 Extract from successful output:
+
 ```shell
 codeql/cpp-all (/<extraction-root>/qlpacks/codeql/cpp-all/<version>)
 codeql/cpp-examples (/<extraction-root>/qlpacks/codeql/cpp-examples/<version>)

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md

@@ -76,6 +76,7 @@ codeql github upload-results \
 There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.product_name %} shortly afterward. You can see alerts directly in the pull request or on the **Security** tab for branches, depending on the code you checked out. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
 
 {% ifversion code-scanning-tool-status-page %}
+
 ## Uploading diagnostic information to {% data variables.product.product_name %} if the analysis fails
 
 When {% data variables.product.prodname_codeql_cli %} finishes analyzing a database successfully, it gathers diagnostic information such as file coverage, warnings, and errors, and includes it in the SARIF file with the results. When you upload the SARIF file to {% data variables.product.company_short %} the diagnostic information is displayed on the {% data variables.product.prodname_code_scanning %} {% data variables.code-scanning.tool_status_page %} for the repository to make it easy to see how well {% data variables.product.prodname_codeql %} is working and debug any problems. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page)."

content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md

@@ -34,6 +34,7 @@ default-suite-file: default-queries.qls # optional, a pointer to a query-suite i
 license: # optional, the license under which the pack is published
 dependencies: # map from CodeQL pack name to version range
 ```
+
 - `name:` must follow the `<scope>/<pack>` format, where `<scope>` is the {% data variables.product.prodname_dotcom %} organization that you will publish to and <pack> is the name for the pack.
 
 - A maximum of one of `default-suite` or `default-suite-file` is allowed. These are two different ways to define a default query suite to be run, the first by specifying queries directly in the qlpack.yml file and the second by specifying a query suite in the pack.
@@ -207,6 +208,7 @@ The following properties are supported in `qlpack.yml` files.
 
 - Required by all packs.
 - Defines the scope of the pack, where the {% data variables.product.prodname_codeql %} pack is published, and the name of the pack defined using alphanumeric characters and hyphens. It must be unique as {% data variables.product.prodname_codeql %} cannot differentiate between {% data variables.product.prodname_codeql %} packs with identical names. Use the pack name to specify queries to run using `database analyze` and to define dependencies between {% data variables.product.prodname_codeql %} packs (see examples below). For example:
+
   ```yaml
   name: octo-org/security-queries
   ```
@@ -215,11 +217,13 @@ The following properties are supported in `qlpack.yml` files.
 
 - Required by all packs that are published.
 - Defines a semantic version for this {% data variables.product.prodname_codeql %} pack that must adhere to the [SemVer v2.0.0 specification](https://semver.org/spec/v2.0.0.html). For example:
+
   ```yaml
   version: 0.0.0
   ```
 
 {% ifversion codeql-model-packs-java %}
+
 #### `dataExtensions`
 
 - Required by model packs.
@@ -230,6 +234,7 @@ The following properties are supported in `qlpack.yml` files.
 
 - Required by query and library packs that define {% data variables.product.prodname_codeql %} package dependencies on other packs. Model packs cannot define any dependencies and use `extensionTargets` instead.
 - Defines a map from pack references to the semantic version range that is compatible with this pack. Supported for {% data variables.product.prodname_codeql_cli %} versions v2.6.0 and later. For example:
+
   ```yaml
   dependencies:
     codeql/cpp-all: ^0.0.2
@@ -239,6 +244,7 @@ The following properties are supported in `qlpack.yml` files.
 
 - Required by packs that export a set of default queries to run.
 - Defines the path to a query suite file relative to the package root, containing all of the queries that are run by default when this pack is passed to the `codeql database analyze` command. Supported from CLI version v2.6.0 and onwards. Only one of `defaultSuiteFile` or `defaultSuite` can be defined. For example:
+
   ```yaml
   defaultSuiteFile: cpp-code-scanning.qls
   ```
@@ -247,6 +253,7 @@ The following properties are supported in `qlpack.yml` files.
 
 - Required by packs that export a set of default queries to run.
 - Defines an inlined query suite containing all of the queries that are run by default when this pack is passed to the `codeql database analyze` command. Supported from CLI version v2.6.0 and onwards. Only one of `defaultSuiteFile` or `defaultSuite` can be defined. For example:
+
   ```yaml
   defaultSuite:
     queries: .
@@ -255,6 +262,7 @@ The following properties are supported in `qlpack.yml` files.
   ```
 
 {% ifversion codeql-model-packs-java %}
+
 #### `extensionTargets`
 
 - Required by model packs.
@@ -283,6 +291,7 @@ The following properties are supported in `qlpack.yml` files.
 
 - Required by library packs.
 - Defines a boolean value that indicates whether or not this pack is a library pack. Library packs do not contain queries and are not compiled. Query packs can ignore this field or explicitly set it to `false`. For example:
+
   ```yaml
   library: true
   ```
@@ -291,68 +300,88 @@ The following properties are supported in `qlpack.yml` files.
 
 - Optional for packs that define query suites.
 - Defines the path to a directory in the pack that contains the query suites you want to make known to the {% data variables.product.prodname_codeql_cli %}, defined relative to the pack directory. {% data variables.product.prodname_codeql %} pack users can run "well-known" suites stored in this directory by specifying the pack name, without providing their full path. This is not supported for {% data variables.product.prodname_codeql %} packs downloaded from the Container registry. For more information about query suites, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites)." For example:
+
   ```yaml
   suites: octo-org-query-suites
   ```
 
 #### `tests`
+
 - Optional for packs containing {% data variables.product.prodname_codeql %} tests. Ignored for packs without tests.
 - Defines the path to a directory within the pack that contains tests, defined relative to the pack directory. Use `.` to specify the whole pack. Any queries in this directory are run as tests when `test run` is run with the `--strict-test-discovery` option. These queries are ignored by query suite definitions that use `queries` or `qlpack` instructions to ask for all queries in a particular pack. If this property is missing, then `.` is assumed. For example:
+
   ```yaml
   tests: .
   ```
 
 #### `extractor`
+
 - Required by all packs containing {% data variables.product.prodname_codeql %} tests.
 - Defines the {% data variables.product.prodname_codeql %} language extractor to use when running the {% data variables.product.prodname_codeql %} tests in the pack. For more information about testing queries, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries)." For example:
+
   ```yaml
   extractor: javascript
   ```
 
 #### `authors`
+
 - Optional.
 - Defines metadata that will be displayed on the packaging search page in the packages section of the account that the {% data variables.product.prodname_codeql %} pack is published to. For example:
+
   ```yaml
   authors: author1@github.com,author2@github.com
   ```
 
 #### `license`
+
 - Optional.
 - Defines metadata that will be displayed on the packaging search page in the packages section of the account that the {% data variables.product.prodname_codeql %} pack is published to. For a list of allowed licenses, see [SPDX License List](https://spdx.org/licenses/) in the SPDX Specification. For example:
+
   ```yaml
   license: MIT
   ```
 
 #### `description`
+
 - Optional.
 - Defines metadata that will be displayed on the packaging search page in the packages section of the account that the {% data variables.product.prodname_codeql %} pack is published to. For example:
+
   ```yaml
   description: Human-readable description of the contents of the {% data variables.product.prodname_codeql %} pack.
   ```
 
 #### `libraryPathDependencies`
+
 - Optional, deprecated. Use the `dependencies` property instead.
 - Previously used to define the names of any {% data variables.product.prodname_codeql %} packs that this {% data variables.product.prodname_codeql %} pack depends on, as an array. This gives the pack access to any libraries, database schema, and query suites defined in the dependency. For example:
+
   ```yaml
   libraryPathDependencies: codeql/javascript-all
   ```
 
 #### `dbscheme`
+
 - Required by core language packs only.
 - Defines the path to the [database schema](https://codeql.github.com/docs/codeql-overview/codeql-glossary/#codeql-database-schema) for all libraries and queries written for this {% data variables.product.prodname_codeql %} language (see example below). For example:
+
   ```yaml
   dbscheme: semmlecode.python.dbscheme
   ```
+
 #### `upgrades`
+
 - Required by core language packs only.
 - Defines the path to a directory within the pack that contains database upgrade scripts, defined relative to the pack directory. Database upgrades are used internally to ensure that a database created with a different version of the {% data variables.product.prodname_codeql_cli %} is compatible with the current version of the CLI. For example:
+
   ```yaml
   upgrades: .
   ```
 
 #### `warnOnImplicitThis`
+
 - Optional. Defaults to `false` if the `warnOnImplicitThis` property is not defined.
 - Defines a boolean that specifies whether or not the compiler should emit warnings about member predicate calls with implicit `this` call receivers, that is, without an explicit receiver. Supported from {% data variables.product.prodname_codeql_cli %} version 2.13.2 and onwards. For example:
+
   ```yaml
   warnOnImplicitThis: true
   ```

content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md

@@ -144,7 +144,7 @@ other custom queries. For example, `custom-queries/java/queries/EmptyThen.ql`.
 
 1. Create a {% data variables.product.prodname_codeql %} pack for your Java tests by adding a `qlpack.yml` file with the following contents to `custom-queries/java/tests`, updating the `dependencies` to match the name of your {% data variables.product.prodname_codeql %} pack of custom queries:
 
-   {% indented_data_reference reusables.codeql-cli.test-qlpack spaces=3 %}
+   {% data reusables.codeql-cli.test-qlpack %}
 
 1. Run `codeql pack install` in the root of the test directory. This generates a `codeql-pack.lock.yml` file that specifies all of the transitive dependencies required to run queries in this pack.
 
@@ -232,5 +232,6 @@ into {% data variables.product.prodname_codeql %} for VS Code, execute `EmptyThe
 `Test.java` example code. For more information, see "[Analyzing your projects](https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/#analyzing-your-projects)" in the {% data variables.product.prodname_codeql %} for VS Code help.
 
 ## Further reading
+
 - "[{% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/#codeql-queries)"
 - "[Testing {% data variables.product.prodname_codeql %} queries in Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/testing-codeql-queries-in-visual-studio-code/#testing-codeql-queries-in-visual-studio-code)."

content/code-security/dependabot/dependabot-alert-rules/about-dependabot-alert-rules.md

@@ -0,0 +1,46 @@
+---
+title: About Dependabot alert rules
+intro: 'You can use {% data variables.product.prodname_dependabot %} alert rules to auto-triage alerts, so you can reduce false positives and better prioritize the alerts that you''re interested in.'
+permissions: 'People with write permissions can view {% data variables.product.prodname_dependabot %} alert rules for the repository. People with with admin permissions to a repository, or the security manager role for the repository, can enable or disable {% data variables.product.prodname_dependabot %} alert rules for the repository{% ifversion dependabot-alert-custom-rules-repo-level %}, as well as create custom alert rules{% endif %}.'
+versions:
+  feature: dependabot-alert-rules-auto-dismissal-npm-dev-dependencies
+type: overview
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+shortTitle: About alert rules
+redirect_from:
+  - /code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts
+---
+
+{% data reusables.dependabot.github-alert-rules-beta %}
+
+## About {% data variables.product.prodname_dependabot %} alert rules
+
+{% data variables.product.prodname_dependabot %} alert rules allow you to instruct {% data variables.product.prodname_dependabot %} to automatically dismiss or reopen certain alerts, based on complex logic from a variety of contextual criteria.
+
+{% ifversion dependabot-alert-custom-rules-repo-level %}
+There are two types of {% data variables.product.prodname_dependabot %} alert rules:
+
+- A {% data variables.product.company_short %}-curated rule, called `Dismiss low impact alerts`
+- User-created custom rules
+
+The {% data variables.product.company_short %}-curated rule, `Dismiss low impact alerts`, auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. The rule has been curated to reduce false positives and reduce alert fatigue. The rule is enabled by default for public repositories and can be opted into for private repositories. However, you cannot modify {% data variables.product.company_short %}-curated rules. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/using-github-curated-alert-rules-to-prioritize-dependabot-alerts)."
+
+With user-created custom rules, you can create your own rules to automatically dismiss or reopen alerts based on your own criteria, such as severity, package name, CWE, and more. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/customizing-alert-rules-to-prioritize-dependabot-alerts)."{% endif %}
+
+Whilst you may find it useful to auto-dismiss alerts, you can still reopen auto-dismissed alerts and filter to see which alerts have been auto-dismissed. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/managing-automatically-dismissed-alerts)."
+
+Additionally, auto-dismissed alerts are still available for reporting and reviewing, and can be auto-reopened if the alert metadata changes, for example:
+- If you change the scope of a dependency from development to production.
+- If {% data variables.product.company_short %} modifies certain metadata for the related advisory.
+
+Auto-dismissed alerts are defined by the `resolution:auto-dismiss` close reason. Automatic dismissal activity is included in alert webhooks, REST and GraphQL APIs, and the audit log. For more information, see "[AUTOTITLE](/rest/dependabot/alerts)" in the REST API documentation, and the "`repository_vulnerability_alert`" section in "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#repository_vulnerability_alert-category-actions)."
+
+## Further reading
+
+- [AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/using-github-curated-alert-rules-to-prioritize-dependabot-alerts)
+- [AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/customizing-alert-rules-to-prioritize-dependabot-alerts)

content/code-security/dependabot/dependabot-alert-rules/customizing-alert-rules-to-prioritize-dependabot-alerts.md

@@ -0,0 +1,52 @@
+---
+title: Customizing alert rules to prioritize Dependabot alerts
+intro: 'You can create your own alert rules to auto-triage alerts.'
+permissions: 'People with write permissions can view  {% data variables.product.prodname_dependabot %} alert rules for the repository. People with with admin permissions to a repository, or the security manager role for the repository, can enable or disable {% data variables.product.prodname_dependabot %} alert rules for the repository{% ifversion dependabot-alert-custom-rules-repo-level %}, as well as create custom alert rules{% endif %}'
+product: '{% data reusables.gated-features.dependabot-alert-rules %}'
+versions:
+  feature: dependabot-alert-rules-auto-dismissal-npm-dev-dependencies
+type: how_to
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+shortTitle: Custom alert rules
+---
+
+{% data reusables.dependabot.github-alert-rules-beta %}
+
+## About custom alert rules
+
+You can create your own {% data variables.product.prodname_dependabot %} alert rules based on alert criteria. You can choose to auto-dismiss alerts indefinitely, or snooze alerts until a patch becomes available. Since any rules that you create apply to both future and current alerts, you can also use alert rules to manage your {% data variables.product.prodname_dependabot_alerts %} in bulk.
+
+You can create rules using the following criteria:
+
+- Dependency scope (`devDependency` or `runtime`)
+- Package name
+- CWE
+- Severity
+- Patch availability
+- Manifest path
+- Ecosystem
+
+## Adding a custom rule to your repository
+
+You can add a custom rule to your {% ifversion fpt %}public and private{% elsif ghec or ghes %}public, private, and internal{% endif %} repositories.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. Under "{% data variables.product.prodname_dependabot_alerts %}", click {% octicon "gear" aria-label="The Gear icon" %} close to "{% data variables.product.prodname_dependabot %} rules".
+
+   ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png)
+
+1. Click **New ruleset**.
+
+   ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-new-ruleset.png)
+
+1. Under "Name", describe what this rule will do.
+1. Under "Alert criteria", select the criteria you want to use to filter alerts.
+1. Under "Rules", select the action you want to take on alerts that match the criteria.
+1. Click **Create rule**.

content/code-security/dependabot/dependabot-alert-rules/index.md

@@ -0,0 +1,21 @@
+---
+title: Prioritizing Dependabot alerts with Dependabot alert rules
+shortTitle: Dependabot alert rules
+intro: 'You can use {% data variables.product.prodname_dependabot %} alert rules to auto-triage {% data variables.product.prodname_dependabot_alerts %}.'
+allowTitleToDifferFromFilename: true
+versions:
+  feature: dependabot-alert-rules-auto-dismissal-npm-dev-dependencies
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+children:
+  - /about-dependabot-alert-rules
+  - /using-github-curated-alert-rules-to-prioritize-dependabot-alerts
+  - /customizing-alert-rules-to-prioritize-dependabot-alerts
+  - /managing-automatically-dismissed-alerts
+---
+
+{% data reusables.dependabot.github-alert-rules-beta %}

content/code-security/dependabot/dependabot-alert-rules/managing-automatically-dismissed-alerts.md

@@ -0,0 +1,39 @@
+---
+title: Managing alerts that have been automatically dismissed by an alert rule
+intro: 'You can filter to see which alerts have been auto-dismissed by an alert rule, and you can reopen dismissed alerts.'
+allowTitleToDifferFromFilename: true
+versions:
+  feature: dependabot-alert-rules-auto-dismissal-npm-dev-dependencies
+type: how_to
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+shortTitle: Manage auto-dismissed alerts
+---
+
+{% data reusables.dependabot.github-alert-rules-beta %}
+
+## Managing automatically dismissed alerts
+
+{% note %}
+
+**Note:** The {% data variables.product.prodname_dependabot_alerts %} page defaults to showing open alerts. To filter and view auto-dismissed alerts, you must first clear the `is:open` default filter from the view.
+
+{% endnote %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+1. To filter to see all closed alerts, click **{% octicon "check" aria-hidden="true" %} Closed**. Alternatively, use the `is:closed` filter query in the search bar.
+
+   ![Screenshot of the "Dependabot Alerts" page. A button, labelled "Closed" is highlighted with an orange outline.](/assets/images/help/repository/dependabot-alerts-closed-tab.png)
+
+1. To see all auto-dismissed alerts, select **Closed as**, then in the dropdown menu, click **Auto-dismissed**.
+
+   ![Screenshot of the "Dependabot Alerts" page. A button, labelled "Closed as" is highlighted with an orange outline.](/assets/images/help/repository/dependabot-alerts-closed-as.png)
+
+1. To reopen an auto-dismissed alert, to the left of the alert title, click the checkbox adjacent to the alert, then click **Reopen**.
+
+   ![Screenshot of an alert title on the "Dependabot Alerts" page. To the left of the alert, a checkbox is highlighted in an orange outline.](/assets/images/help/repository/dependabot-reopen-closed-alert.png)

content/code-security/dependabot/dependabot-alert-rules/using-github-curated-alert-rules-to-prioritize-dependabot-alerts.md

@@ -0,0 +1,95 @@
+---
+title: Using GitHub-curated alert rules to prioritize Dependabot alerts
+intro: 'You can use a {% data variables.product.company_short %}-curated alert rule to auto-dismiss low impact development alerts for npm dependencies.'
+permissions: 'People with write permissions can view {% data variables.product.prodname_dependabot %} alert rules for the repository. People with with admin permissions to a repository, or the security manager role for the repository, can enable or disable {% data variables.product.prodname_dependabot %} alert rules for the repository.'
+versions:
+  feature: dependabot-alert-rules-auto-dismissal-npm-dev-dependencies
+type: how_to
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+shortTitle: GitHub-curated alert rules
+---
+
+{% data reusables.dependabot.github-alert-rules-beta %}
+
+## About {% data variables.product.company_short %}-curated alert rules
+
+The {% data variables.product.company_short %}-curated alert rule, `Dismiss low impact alerts`, auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities:
+
+- Are unlikely to be exploitable in a developer (non-production or runtime) environment.
+- May relate to resource management, programming and logic, and information disclosure issues.
+- At worst, have limited effects like slow builds or long-running tests.
+- Are not indicative of issues in production.
+
+{% note %}
+
+**Note:** Automatic dismissal of low impact development alerts is currently only supported for npm.
+
+{% endnote %}
+
+The {% data variables.product.company_short %}-curated `Dismiss low impact alerts` rule includes vulnerabilities relating to resource management, programming and logic, and information disclosure issues. For more information, see "[Publicly disclosed CWEs used by the `Dismiss low impact alerts` rule](#publicly-disclosed-cwes-used-by-the-dismiss-low-impact-alerts-rule)."
+
+Filtering out these low impact alerts allows you to focus on alerts that matter to you, without having to worry about missing potentially high-risk development-scoped alerts.
+
+By default, {% data variables.product.company_short %}-curated {% data variables.product.prodname_dependabot %} alert rules are enabled on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling alert rules for their repository.
+
+## Enabling the `Dismiss low impact alerts` rule for your private repository
+
+{% ifversion fpt or ghec %}You first need to enable {% data variables.product.prodname_dependabot_alerts %} for the repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts#managing-dependabot-alerts-for-your-repository)."{% elsif ghes %}{% data variables.product.prodname_dependabot_alerts %} for your repository can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% ifversion dependabot-alert-custom-rules-repo-level %}
+1. Under "{% data variables.product.prodname_dependabot_alerts %}", click {% octicon "gear" aria-label="The Gear icon" %} close to "{% data variables.product.prodname_dependabot %} rules".
+
+   ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png)
+
+1. Select **Dismiss low impact alerts**.
+1. Click **Save rules**.
+{% else %}
+1. Under "{% data variables.product.prodname_dependabot_alerts %}", click **Dismiss low impact alerts**.
+
+   ![Screenshot of the "Code security and analysis" page for a repository. The "Dismiss low impact alerts" option is highlighted with an orange outline.](/assets/images/help/repository/enable-autodismissal-low-impact-dependabot-alerts.png)
+
+{% endif %}
+
+## Publicly disclosed CWEs used by the `Dismiss low impact alerts` rule
+
+Along with the `ecosystem:npm` and `scope:development` alert metadata, we use the following {% data variables.product.company_short %}-curated Common Weakness Enumerations (CWEs) to filter out low impact alerts for the `Dismiss low impact alerts` rule. We regularly improve this list and vulnerability patterns covered by built-in rules.
+
+### Resource Management Issues
+
+- CWE-400 Uncontrolled Resource Consumption
+- CWE-770 Allocation of Resources Without Limits or Throttling
+- CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)
+- CWE-908 Use of Uninitialized Resource
+- CWE-1333 Inefficient Regular Expression Complexity
+- CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
+- CWE-674 Uncontrolled Recursion
+- CWE-1119 Excessive Use of Unconditional Branching
+
+### Programming and Logic Errors
+
+- CWE-185 Incorrect Regular Expression
+- CWE-754 Improper Check for Unusual or Exceptional Conditions
+- CWE-755 Improper Handling of Exceptional Conditions
+- CWE-248 Uncaught Exception
+- CWE-252 Unchecked Return Value
+- CWE-391 Unchecked Error Condition
+- CWE-696 Incorrect Behavior Order
+- CWE-1254 Incorrect Comparison Logic Granularity
+- CWE-665 Improper Initialization
+- CWE-703 Improper Check or Handling of Exceptional Conditions
+- CWE-178 Improper Handling of Case Sensitivity
+
+### Information Disclosure Issues
+
+- CWE-544 Missing Standardized Error Handling Mechanism
+- CWE-377 Insecure Temporary File
+- CWE-451 User Interface (UI) Misrepresentation of Critical Information
+- CWE-668 Exposure of Resource to Wrong Sphere

content/code-security/dependabot/dependabot-alerts/index.md

@@ -18,7 +18,5 @@ children:
   - /about-dependabot-alerts
   - /configuring-dependabot-alerts
   - /viewing-and-updating-dependabot-alerts
-  - /using-alert-rules-to-prioritize-dependabot-alerts
   - /configuring-notifications-for-dependabot-alerts
 ---
-

content/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts.md

@@ -1,174 +0,0 @@
----
-title: Using alert rules to prioritize Dependabot alerts
-intro: 'You can use {% data variables.product.prodname_dependabot %} alert rules to filter out false positive alerts or alerts you''re not interested in.'
-permissions: 'People with write permissions can view  {% data variables.product.prodname_dependabot %} alert rules for the repository. People with with admin permissions to a repository, or the security manager role for the repository, can enable or disable {% data variables.product.prodname_dependabot %} alert rules for the repository{% ifversion dependabot-alert-custom-rules-repo-level %}, as well as create custom alert rules{% endif %}.'
-versions:
-  feature: dependabot-alert-rules-auto-dismissal-npm-dev-dependencies
-type: how_to
-topics:
-  - Dependabot
-  - Alerts
-  - Vulnerabilities
-  - Repositories
-  - Dependencies
-shortTitle: Alert rules
----
-
-{% data reusables.dependabot.github-alert-rules-beta %}
-
-## About {% data variables.product.prodname_dependabot %} alert rules
-
-{% data variables.product.prodname_dependabot %} alert rules allow you to instruct {% data variables.product.prodname_dependabot %} to automatically dismiss or reopen certain alerts, based on complex logic from a variety of contextual criteria.
-
-{% ifversion dependabot-alert-custom-rules-repo-level %}
-There are two types of {% data variables.product.prodname_dependabot %} alert rules:
-
-- {% data variables.product.company_short %}-curated rules
-- User-created custom rules
-
-{% data variables.product.company_short %}-curated rules are enabled by default for public repositories and can be opted into for private repositories. However, it's important to note that you cannot modify the {% data variables.product.company_short %}-curated rules. With user-created custom rules, you can create your own rules to automatically dismiss or reopen alerts based on your own criteria.{% endif %}
-
-Whilst you may find it useful to auto-dismiss low impact alerts, you can still reopen auto-dismissed alerts and filter to see which alerts have been auto-dismissed. For more information, see "[Managing automatically dismissed alerts](#managing-automatically-dismissed-alerts)."
-
-Additionally, auto-dismissed alerts are still available for reporting and reviewing, and can be auto-reopened if the alert metadata changes, for example:
-- If you change the scope of a dependency from development to production.
-- If {% data variables.product.company_short %} modifies certain metadata for the related advisory.
-
-Auto-dismissed alerts are defined by the `resolution:auto-dismiss` close reason. Automatic dismissal activity is included in alert webhooks, REST and GraphQL APIs, and the audit log. For more information, see "[AUTOTITLE](/rest/dependabot/alerts)" in the REST API documentation, and the "`repository_vulnerability_alert` " section in "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#repository_vulnerability_alert)."
-
-## About {% data variables.product.company_short %}-curated rules
-
-{% note %}
-
-**Note:** Automatic dismissal of low impact development alerts is currently only supported for npm.
-
-{% endnote %}
-
-When enabled, the built-in `Dismiss low impact alerts` rule auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities:
-
-- Are unlikely to be exploitable in a developer (non-production or runtime) environment.
-- May relate to resource management, programming and logic, and information disclosure issues.
-- At worst, have limited effects like slow builds or long-running tests.
-- Are not indicative of issues in production.
-
-This {% data variables.product.company_short %}-curated `Dismiss low impact alerts` rule includes vulnerabilities relating to resource management, programming and logic, and information disclosure issues. For more information, see "[Publicly disclosed CWEs used by the `Dismiss low impact alerts` rule](#publicly-disclosed-cwes-used-by-the-dismiss-low-impact-alerts-rule)."
-
-Filtering out these low impact alerts allows you to focus on alerts that matter to you, without having to worry about missing potentially high-risk development-scoped alerts.
-
-By default, {% data variables.product.company_short %}-curated {% data variables.product.prodname_dependabot %} alert rules are enabled on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling alert rules for their repository.
-
-### Enabling the  `Dismiss low impact alerts` rule for your private repository
-
-{% ifversion fpt or ghec %}You first need to enable {% data variables.product.prodname_dependabot_alerts %} for the repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts#managing-dependabot-alerts-for-your-repository)."{% elsif ghes %}{% data variables.product.prodname_dependabot_alerts %} for your repository can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% ifversion dependabot-alert-custom-rules-repo-level %}
-1. Under "{% data variables.product.prodname_dependabot_alerts %}", click {% octicon "gear" aria-label="The Gear icon" %} close to "{% data variables.product.prodname_dependabot %} rules".
-
-   ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png)
-
-1. Select **Dismiss low impact alerts**.
-1. Click **Save rules**.
-{% else %}
-1. Under "{% data variables.product.prodname_dependabot_alerts %}", click **Dismiss low impact alerts**.
-
-   ![Screenshot of the "Code security and analysis" page for a repository. The "Dismiss low impact alerts" option is highlighted with an orange outline.](/assets/images/help/repository/enable-autodismissal-low-impact-dependabot-alerts.png)
-
-{% endif %}
-
-{% ifversion dependabot-alert-custom-rules-repo-level %}
-## About user-created custom rules
-
-You can create your own {% data variables.product.prodname_dependabot %} alert rules based on alert criteria.
-
-- Dependency scope (`devDependency` or `runtime`)
-- Package name
-- CWE
-- Severity
-- Patch availability
-- Manifest path
-- Ecosystem
-
-### Adding a custom rule to your repository
-
-You can add a custom rule to your {% ifversion fpt %}public and private{% elsif ghec or ghes %}public, private, and internal{% endif %} repositories.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.prodname_dependabot_alerts %}", click {% octicon "gear" aria-label="The Gear icon" %} close to "{% data variables.product.prodname_dependabot %} rules".
-
-   ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png)
-
-1. Click **New ruleset**.
-
-   ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-new-ruleset.png)
-
-1. Under "Name", describe what this rule will do.
-1. Under "Alert criteria", select the criteria you want to use to filter alerts.
-1. Under "Rules", select the action you want to take on alerts that match the criteria.
-1. Click **Create rule**.
-
-{% endif %}
-
-## Managing automatically dismissed alerts
-
-You can filter to see which alerts have been auto-dismissed, and you can reopen dismissed alerts.
-
-{% note %}
-
-**Note:** The {% data variables.product.prodname_dependabot_alerts %} page defaults to showing open alerts. To filter and view auto-dismissed alerts, you must first clear the `is:open` default filter from the view.
-
-{% endnote %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-1. To filter to see all closed alerts, click **{% octicon "check" aria-hidden="true" %} Closed**. Alternatively, use the `is:closed` filter query in the search bar.
-
-   ![Screenshot of the "Dependabot Alerts" page. A button, labelled "Closed" is highlighted with an orange outline.](/assets/images/help/repository/dependabot-alerts-closed-tab.png)
-
-1. To see all auto-dismissed alerts, select **Closed as**, then in the dropdown menu, click **Auto-dismissed**.
-
-   ![Screenshot of the "Dependabot Alerts" page. A button, labelled "Closed as" is highlighted with an orange outline.](/assets/images/help/repository/dependabot-alerts-closed-as.png)
-
-1. To reopen an auto-dismissed alert, to the left of the alert title, click the checkbox adjacent to the alert, then click **Reopen**.
-
-   ![Screenshot of an alert title on the "Dependabot Alerts" page. To the left of the alert, a checkbox is highlighted in an orange outline.](/assets/images/help/repository/dependabot-reopen-closed-alert.png)
-
-## Publicly disclosed CWEs used by the `Dismiss low impact alerts` rule
-
-Along with the `ecosystem:npm` and `scope:development` alert metadata, we use the following {% data variables.product.company_short %}-curated Common Weakness Enumerations (CWEs) to filter out low impact alerts for the `Dismiss low impact alerts` rule. We regularly improve this list and vulnerability patterns covered by built-in rules.
-
-### Resource Management Issues
-
-- CWE-400 Uncontrolled Resource Consumption
-- CWE-770 Allocation of Resources Without Limits or Throttling
-- CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)
-- CWE-908 Use of Uninitialized Resource
-- CWE-1333 Inefficient Regular Expression Complexity
-- CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
-- CWE-674 Uncontrolled Recursion
-- CWE-1119 Excessive Use of Unconditional Branching
-
-### Programming and Logic Errors
-
-- CWE-185 Incorrect Regular Expression
-- CWE-754 Improper Check for Unusual or Exceptional Conditions
-- CWE-755 Improper Handling of Exceptional Conditions
-- CWE-248 Uncaught Exception
-- CWE-252 Unchecked Return Value
-- CWE-391 Unchecked Error Condition
-- CWE-696 Incorrect Behavior Order
-- CWE-1254 Incorrect Comparison Logic Granularity
-- CWE-665 Improper Initialization
-- CWE-703 Improper Check or Handling of Exceptional Conditions
-- CWE-178 Improper Handling of Case Sensitivity
-
-### Information Disclosure Issues
-
-- CWE-544 Missing Standardized Error Handling Mechanism
-- CWE-377 Insecure Temporary File
-- CWE-451 User Interface (UI) Misrepresentation of Critical Information
-- CWE-668 Exposure of Resource to Wrong Sphere

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -48,7 +48,7 @@ You can also audit actions taken in response to {% data variables.product.prodna
 
 {% data variables.product.company_short %} helps you prioritize fixing {% data variables.product.prodname_dependabot_alerts %}. {% ifversion dependabot-most-important-sort-option %} By default, {% data variables.product.prodname_dependabot_alerts %} are sorted by importance. The "Most important" sort order helps you prioritize which {% data variables.product.prodname_dependabot_alerts %} to focus on first. Alerts are ranked based on their potential impact, actionability, and relevance. Our prioritization calculation is constantly being improved and includes factors like CVSS score, dependency scope, and whether vulnerable function calls are found for the alert.
 {% ifversion dependabot-alert-rules-auto-dismissal-npm-dev-dependencies %}
-You can also use alert rules to prioritize {% data variables.product.prodname_dependabot_alerts %}. For more information, see “[AUTOTITLE](/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts).”
+You can also use alert rules to prioritize {% data variables.product.prodname_dependabot_alerts %}. For more information, see “[AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/about-dependabot-alert-rules).”
 {% endif %}
 
 {% data reusables.dependabot.dependabot-alerts-filters %}

content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md

@@ -327,6 +327,7 @@ If you use the same configuration as in the example above, bumping the `requests
    `pip dev: bump requests from 1.0.0 to 1.0.1`
 
 {% ifversion dependabot-version-updates-groups %}
+
 ### `groups`
 
 {% data reusables.dependabot.dependabot-version-updates-groups-supported %}

content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md

@@ -141,6 +141,7 @@ updates:
 ```
 
 {% ifversion dependabot-version-updates-groups %}
+
 ## Grouping {% data variables.product.prodname_dependabot_version_updates %} into one pull request
 
 {% data reusables.dependabot.dependabot-version-updates-groups-about %}

content/code-security/dependabot/index.md

@@ -16,8 +16,8 @@ topics:
   - Dependencies
 children:
   - /dependabot-alerts
+  - /dependabot-alert-rules
   - /dependabot-security-updates
   - /dependabot-version-updates
   - /working-with-dependabot
 ---
-

content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md

@@ -117,7 +117,7 @@ registries:
 
 #### Notes
 
-{% data variables.product.prodname_dependabot %} works with any container registries that implement the Open Container Initiative (OCI) Distribution Specification. For more information, see [https://github.com/opencontainers/distribution-spec/blob/main/spec.md](https://github.com/opencontainers/distribution-spec/blob/main/spec.md). 
+{% data variables.product.prodname_dependabot %} works with any container registries that implement the Open Container Initiative (OCI) Distribution Specification. For more information, see [https://github.com/opencontainers/distribution-spec/blob/main/spec.md](https://github.com/opencontainers/distribution-spec/blob/main/spec.md).
 
 {% data variables.product.prodname_dependabot %} supports authentication to private registries via a central token service or HTTP Basic Auth. For more information, see [Token Authentication Specification](https://docs.docker.com/registry/spec/auth/token/) in the Docker documentation and [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) on Wikipedia.
 
@@ -238,7 +238,7 @@ registry=https://<private-registry-url>/<org-name>
 
 {% endraw %}
 
-Aternatively you can add the private registry URL to an existing `.npmrc` file using the following command. 
+Aternatively you can add the private registry URL to an existing `.npmrc` file using the following command.
 
 {% raw %}
 
@@ -277,13 +277,14 @@ npm can be configured to use the private registry's URL in lockfiles with `repla
 ```shell
 npm config set replace-registry-host "never"
 ```
+
 {% endraw %}
 
 If you use `replace-registry-host`, you must locally run `npm install` in order to regenerate the lockfile to use the private registry URL. {% data variables.product.prodname_dependabot %} will use the same URL when providing updates.
 
 Once the registry is configured, you can also run `npm login` to verify that your configuration is correct and valid. The lockfile can also be regenerated to use the new private registry by running `npm install` again.
 
-You need to ensure that the `.npmrc` file is checked into the same directory as the project's `package.json` and that the file doesn't include any environment variables or secrets. 
+You need to ensure that the `.npmrc` file is checked into the same directory as the project's `package.json` and that the file doesn't include any environment variables or secrets.
 If you use a monorepo, the `.npmrc` file should live in the project's root directory.
 
 #### Configuring {% data variables.product.prodname_dependabot %} to send registry requests through a specified base URL
@@ -332,7 +333,7 @@ registries:
 
 {% endraw %}
 
-#### Notes 
+#### Notes
 
 You can also use a token in your `dependabot.yml` file. {% data reusables.dependabot.token-is-github-pat %}
 
@@ -377,6 +378,7 @@ registries:
     username: octocat@example.com
     password: ${{secrets.MY_AZURE_DEVOPS_TOKEN}}
 ```
+
 {% endraw %}
 {% raw %}
 
@@ -387,7 +389,9 @@ registries:
     url: https://pypi.fury.io/my_org
     token: ${{secrets.MY_GEMFURY_TOKEN}}
 ```
+
 {% endraw %}
+
 #### Notes
 
 {% data reusables.dependabot.access-private-dependencies-link %}
@@ -407,6 +411,7 @@ registries:
     url: https://npm.pkg.github.com/<org-name>
     token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
 ```
+
 {% endraw %}
 
 - For private registries, you have to check in a `.yarnrc.yml` file (for Yarn 3) or a `.yarnrc` file (for Yarn Classic).
@@ -445,12 +450,12 @@ If the `yarn.lock` file doesn't list the private registry as the dependency sour
     - Manually set the private registry to the `.yarnrc` file by adding the registry to a `.yarnrc.yml` file in the project root with the key registry, or
     - Perform the same action by running `yarn config set registry <private registry URL>` in your terminal.
 
-   Example of a `.yarnrc` with a private registry defined:    
+   Example of a `.yarnrc` with a private registry defined:
    `registry https://nexus.example.com/repository/yarn-all`
 
 #### Yarn Berry (v3)
 
-For information on the configuration, see [Settings (.yarnrc.yml)](https://yarnpkg.com/configuration/yarnrc/) in the Yarn documentation. 
+For information on the configuration, see [Settings (.yarnrc.yml)](https://yarnpkg.com/configuration/yarnrc/) in the Yarn documentation.
 
 As with Yarn Classic, you can either specify the private registry configuration in the `dependabot.yml` file, or set up Yarn Berry according to the package manager instructions.
 
@@ -506,7 +511,7 @@ If the `yarn.lock` file doesn't list the private registry as the dependency sour
 
    Example of a `.yarnrc.yml` file with a private registry configured:  
  `npmRegistryServer: "https://nexus.example.com/repository/yarn-all"`
-   
+
    For more information, see [npmRegistryServer](https://yarnpkg.com/configuration/yarnrc#npmRegistryServer) in the Yarn documentation.
 
 #### Notes
@@ -621,4 +626,4 @@ If you are restricting which IPs can reach your Nexus host, you need to add the
       - "3.217.93.44/32"
 For more information, see [Securing Nexus Repository Manager](https://help.sonatype.com/repomanager3/planning-your-implementation/securing-nexus-repository-manager) in the Sonatype documentation.
 
-  Registries can be proxied to reach out to a public registry in case a dependency is not available in the private regstry.{% ifversion dependabot-private-registries %} However, you may want {% data variables.product.prodname_dependabot %} to only access the private registry and not access the public regsitry at all. For more information, see [Quick Start Guide - Proxying Maven and NPM](https://help.sonatype.com/repomanager3/planning-your-implementation/quick-start-guide---proxying-maven-and-npm)" in the Sonatype documentation, and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries)."{% endif %} 
+  Registries can be proxied to reach out to a public registry in case a dependency is not available in the private regstry.{% ifversion dependabot-private-registries %} However, you may want {% data variables.product.prodname_dependabot %} to only access the private registry and not access the public regsitry at all. For more information, see [Quick Start Guide - Proxying Maven and NPM](https://help.sonatype.com/repomanager3/planning-your-implementation/quick-start-guide---proxying-maven-and-npm)" in the Sonatype documentation, and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries)."{% endif %}

content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md

@@ -165,9 +165,9 @@ allow:
         # this group will always be empty
 ```
 
-In this example, {% data variables.product.prodname_dependabot %} will: 
+In this example, {% data variables.product.prodname_dependabot %} will:
 1. Look at your dependency list and restrict the job to dependencies used in `production` only.
-1. Try to create a group called `development-dependencies` which is a subset of this reduced list. 
+1. Try to create a group called `development-dependencies` which is a subset of this reduced list.
 1. Work out that the `development-dependencies` group is empty as all `development` dependencies were removed in step 1.
 1. **Individually** update all the dependencies that are not in the group. As the group for dependencies in production is empty, {% data variables.product.prodname_dependabot %} will ignore the group, and create a separate pull request for each dependency.
 

content/code-security/getting-started/dependabot-quickstart-guide.md

@@ -70,7 +70,7 @@ If {% data variables.product.prodname_dependabot_alerts %} are enabled for a rep
 
    ![Screenshot showing the list of Dependabot alerts for the demo repository.](/assets/images/help/repository/dependabot-alerts-list-demo-repo.png)
 
-   You can filter {% data variables.product.prodname_dependabot_alerts %} in the list, using a variety of filters or labels. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#prioritizing-dependabot-alerts)."{% ifversion dependabot-alert-rules-auto-dismissal-npm-dev-dependencies %} You can also use {% data variables.product.prodname_dependabot %} alert rules to filter out false positive alerts or alerts you're not interested in. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts)."{% endif %}
+   You can filter {% data variables.product.prodname_dependabot_alerts %} in the list, using a variety of filters or labels. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#prioritizing-dependabot-alerts)."{% ifversion dependabot-alert-rules-auto-dismissal-npm-dev-dependencies %} You can also use {% data variables.product.prodname_dependabot %} alert rules to filter out false positive alerts or alerts you're not interested in. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alert-rules/about-dependabot-alert-rules)."{% endif %}
 
 1. Click the "Command Injection in lodash" alert on the _javascript/package-lock.json_ file. The details page for the alert will show the following information (note that some information may not apply to all alerts):
    - Whether {% data variables.product.prodname_dependabot %} created a pull request that will fix the vulnerability. You can review the suggested security update by clicking **Review security update**.
@@ -95,6 +95,7 @@ If {% data variables.product.prodname_dependabot_alerts %} are enabled for a rep
    ![Screenshot of the detailed page of an alert in the demo repository, showing the information displayed on the right-side of the page.](/assets/images/help/repository/more-alert-details-demo-repo.png)
 
 For more information about viewing, prioritizing, and sorting {% data variables.product.prodname_dependabot_alerts %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)."
+
 ## Fixing or dismissing a {% data variables.product.prodname_dependabot %} alert
 
 You can fix or dismiss {% data variables.product.prodname_dependabot_alerts %} on {% data variables.product.prodname_dotcom %}. Let's continue to use the forked repository as an example, and the "Command Injection in lodash" alert described in the previous section.

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -89,6 +89,7 @@ You can configure a _secret_scanning.yml_ file to exclude directories from {% da
 {% data reusables.files.add-file %}
 1. In the file name field, type _.github/secret_scanning.yml_.
 1. Under **Edit new file**, type `paths-ignore:` followed by the paths you want to exclude from {% data variables.product.prodname_secret_scanning %}.
+
     ``` yaml
     paths-ignore:
       - "foo/bar/*.js"

content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md

@@ -67,6 +67,7 @@ shortTitle: Manage secret alerts
 {% endif %}
 
 {% ifversion secret-scanning-validity-check-partner-patterns %}
+
 ## Validating partner patterns
 
 {% data reusables.secret-scanning.validity-check-partner-patterns-beta %}
@@ -74,7 +75,7 @@ shortTitle: Manage secret alerts
 
 You can allow {% data variables.product.prodname_secret_scanning %} to check the validity of a secret found in your repository by sending it to the relevant partner.
 
-You can enable automatic validity checks for supported partner patterns in the code security settings for your repository, organization, or enterprise. {% data variables.product.company_short %} will periodically send the pattern to the relevant partner to check the secret's validity and display the validation status of the secret in the alert view. 
+You can enable automatic validity checks for supported partner patterns in the code security settings for your repository, organization, or enterprise. {% data variables.product.company_short %} will periodically send the pattern to the relevant partner to check the secret's validity and display the validation status of the secret in the alert view.
 
  For more information on enabling automatic validation checks for partner patterns in your repository, organization, or enterprise, see "[Allowing validity checks for partner patterns in a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository)," "[Allowing validity checks for partner patterns in an organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)," and "[Managing Advanced Security features](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)."
 

content/codespaces/customizing-your-codespace/setting-your-default-editor-for-github-codespaces.md

@@ -17,7 +17,7 @@ On the settings page, you can set your editor preference so that when you create
 - {% data variables.product.prodname_vscode %} (desktop application)
 - {% data variables.product.prodname_vscode %} (web client application)
 - JetBrains Gateway - for opening codespaces in a JetBrains IDE
-- JupyterLab - the web interface for Project Jupyter 
+- JupyterLab - the web interface for Project Jupyter
 
 {% data reusables.codespaces.template-codespaces-default-editor %}
 
@@ -35,11 +35,11 @@ If you want to work on a codespace in a JetBrains IDE you must install the JetBr
 
    - {% data reusables.codespaces.application-installed-locally %}<br><br>
 
-   - If you choose **{% data variables.product.prodname_vscode %}**, {% data variables.product.prodname_github_codespaces %} will automatically open in the desktop application when you next create or open a codespace. 
+   - If you choose **{% data variables.product.prodname_vscode %}**, {% data variables.product.prodname_github_codespaces %} will automatically open in the desktop application when you next create or open a codespace.
 
      You may need to allow access to both your browser and {% data variables.product.prodname_vscode %} for it to open successfully.<br><br>
-     
+
-   - If you choose **JetBrains Gateway**, the Gateway application will automatically open when you next create or open a codespace. 
+   - If you choose **JetBrains Gateway**, the Gateway application will automatically open when you next create or open a codespace.
 
    - If you choose **JetBrains Gateway**, the Gateway application will automatically open when you next create or open a codespace.
 

content/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization.md

@@ -66,7 +66,7 @@ When a user creates a codespace, they're told who will pay for it, and therefore
 
 When you change your ownership settings, existing codespaces can transfer to a new owner.
 
-If you change from **organization ownership** to **user ownership**, codespaces that are currently owned by your organization will be transferred to the ownership of the user who created the codespace. Before you make this change, you should ask each user to review the codespaces that will be transferred to their ownership. These codespaces will now incur usage on the user's personal account. 
+If you change from **organization ownership** to **user ownership**, codespaces that are currently owned by your organization will be transferred to the ownership of the user who created the codespace. Before you make this change, you should ask each user to review the codespaces that will be transferred to their ownership. These codespaces will now incur usage on the user's personal account.
 
 If you change from **user ownership** to **organization ownership**, existing codespaces may be transferred to your organization's ownership. A codespace will be transferred if the user who currently owns the codespace is a member or collaborator, and you have enabled {% data variables.product.prodname_github_codespaces %} for this user. Otherwise, a codespace will remain under the ownership of the user.
 

content/codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types.md

@@ -65,7 +65,7 @@ If you add an organization-wide policy, you should set it to the largest choice
    - "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports)"
    - "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period)"
    - "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces)"
-   
+
 1. After you've finished adding constraints to your policy, click **Save**.
 
 The policy will be applied to all new codespaces that are billable to your organization. The machine type constraint is also applied to existing codespaces when someone attempts to restart a stopped codespace or reconnect to an active codespace.

content/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/specifying-recommended-secrets-for-a-repository.md

@@ -32,7 +32,7 @@ Recommended secrets are listed at the bottom of the page.
 
 Each recommended secret is displayed in one of three ways:
 
-- If the person has not set the recommended secret in their {% data variables.product.prodname_codespaces %} settings, an input box is displayed, allowing them to create the secret now. A description and link to more information are displayed if you have configured them. Entering a value is optional. 
+- If the person has not set the recommended secret in their {% data variables.product.prodname_codespaces %} settings, an input box is displayed, allowing them to create the secret now. A description and link to more information are displayed if you have configured them. Entering a value is optional.
 - If the person has already created the recommended secret but has not associated it with this repository, they can select a checkbox to add this association. Doing so is optional.
 - If the person has already created the recommended secret and associated it with this repository, a preselected checkbox is displayed.
 

content/codespaces/troubleshooting/troubleshooting-included-usage.md

@@ -45,7 +45,7 @@ For billing purposes, {% data variables.product.prodname_codespaces %} storage i
 
 ### Where did my monthly storage go?
 
-Deleting codespaces you're not using will avoid using up the free storage included in your personal account unnecessarily. However, if you have set up prebuild configurations, your included storage may continue to diminish during your monthly billing cycle. 
+Deleting codespaces you're not using will avoid using up the free storage included in your personal account unnecessarily. However, if you have set up prebuild configurations, your included storage may continue to diminish during your monthly billing cycle.
 
 Although prebuilds are not listed on the "Your codespaces" page, prebuilds created for a repository consume storage even if you do not currently have any codespaces for that repository. To avoid this, you can delete the prebuilds configurations you set up. For more information, see "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds)" and "[AUTOTITLE](/codespaces/prebuilding-your-codespaces/managing-prebuilds#deleting-a-prebuild-configuration)."
 

content/contributing/collaborating-on-github-docs/label-reference.md

@@ -10,8 +10,8 @@ You can use labels to locate a particular type of issue. For example, click the
 
 | Label | Description |
 | --- | --- |
-| [`help wanted`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) | Problems or updates that anyone in the community can start working on. | 
+| [`help wanted`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) | Problems or updates that anyone in the community can start working on. |
-| [`good first issue`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) | Problems or updates we think are ideal for beginners. | 
+| [`good first issue`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) | Problems or updates we think are ideal for beginners. |
-| [`content`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3Acontent) | Problems or updates in the content on docs.github.com. These will usually require some knowledge of Markdown. | 
+| [`content`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3Acontent) | Problems or updates in the content on docs.github.com. These will usually require some knowledge of Markdown. |
-| [`engineering`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3Aengineering) | Problems or updates involving the functionality of the docs.github.com website. Fixing these issues will usually require some knowledge of JavaScript/Node.js or YAML. | 
+| [`engineering`](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3Aengineering) | Problems or updates involving the functionality of the docs.github.com website. Fixing these issues will usually require some knowledge of JavaScript/Node.js or YAML. |
-| [`codespaces`](https://github.com/github/docs/labels/codespaces)<br> [`desktop`](https://github.com/github/docs/labels/desktop)<br> [`graphql`](https://github.com/github/docs/labels/graphql) | Labels for filtering issues by a product or documentation area. | 
+| [`codespaces`](https://github.com/github/docs/labels/codespaces)<br> [`desktop`](https://github.com/github/docs/labels/desktop)<br> [`graphql`](https://github.com/github/docs/labels/graphql) | Labels for filtering issues by a product or documentation area. |