Merge pull request #33157 from github/repo-sync

Repo sync
2025-12-25 11:03:37 -05:00 · 2024-05-24 08:56:32 -07:00
parent 1154e268c7 8c721399d6
commit e86ff32b2d
5 changed files with 73 additions and 74 deletions
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md
@@ -28,11 +28,10 @@ You can add self-hosted runners at various levels in the management hierarchy:
 {% data reusables.actions.self-hosted-runner-architecture %} {% data reusables.actions.runner-app-open-source %} When a new version is released, the runner application automatically updates itself when a job is assigned to the runner, or within a week of release if the runner hasn't been assigned any jobs.

 {% ifversion ghes %}
-{% note %}

-**Note:** {% data reusables.actions.upgrade-runners-before-upgrade-ghes %}
+> [!NOTE]
+> {% data reusables.actions.upgrade-runners-before-upgrade-ghes %}

-{% endnote %}
 {% endif %}

 {% data reusables.actions.self-hosted-runner-auto-removal %}
@@ -157,63 +156,9 @@ You must ensure that the machine has the appropriate network access with at leas

 You can use the REST API to get meta information about {% data variables.product.company_short %}, including the IP addresses of {% data variables.product.company_short %} services. For more information about the domains and IP addresses used, see "[AUTOTITLE](/rest/meta/meta)."

-{% note %}
+{% data reusables.actions.domain-name-cname-recursive-firewall-rules %}

-**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant.
-
-{% endnote %}
-
-**Needed for essential operations:**
-
-```shell copy
-github.com
-api.github.com
-*.actions.githubusercontent.com
-```
-
-**Needed for downloading actions:**
-
-```shell copy
-codeload.github.com
-ghcr.io
-*.actions.githubusercontent.com
-```
-
-**Needed for uploading/downloading job summaries, logs, workflow artifacts, and caches:**
-
-```shell copy
-results-receiver.actions.githubusercontent.com
-*.blob.core.windows.net
-```
-
-**Needed for runner version updates:**
-
-```shell copy
-objects.githubusercontent.com
-objects-origin.githubusercontent.com
-github-releases.githubusercontent.com
-github-registry-files.githubusercontent.com
-```
-
-**Needed for retrieving OIDC tokens:**
-
-```shell copy
-*.actions.githubusercontent.com
-```
-
-**Needed for downloading or publishing packages or containers to {% data variables.product.prodname_dotcom %} Packages:**
-
-```shell copy
-*.pkg.github.com
-ghcr.io
-```
-
-**Needed for {% data variables.large_files.product_name_long %}**
-
-```shell copy
-github-cloud.githubusercontent.com
-github-cloud.s3.amazonaws.com
-```
+{% data reusables.actions.runner-essential-communications %}

 In addition, your workflow may require access to other network resources.

@@ -245,11 +190,7 @@ ghcr.io
 *.actions.githubusercontent.com
 ```

-{% note %}
-
-**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant.
-
-{% endnote %}
+{% data reusables.actions.domain-name-cname-recursive-firewall-rules %}

 {% endif %}

--- a/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md
+++ b/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md
@@ -32,11 +32,8 @@ Using {% data variables.product.prodname_dotcom %}-hosted runners requires netwo

 {% ifversion github-hosted-runners-emus-entitlements %}

-{% note %}
-
-**Note:** {% data reusables.actions.entitlement-minutes-emus %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
-
-{% endnote %}
+> [!NOTE]
+> {% data reusables.actions.entitlement-minutes-emus %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."

 {% endif %}

@@ -122,11 +119,8 @@ While the job runs, the logs and output can be viewed in the {% data variables.p

 {% data variables.product.prodname_dotcom %}-hosted Linux runners support hardware acceleration for Android SDK tools, which makes running Android tests much faster and consumes fewer minutes. For more information on Android hardware acceleration, see [Configure hardware acceleration for the Android Emulator](https://developer.android.com/studio/run/emulator-acceleration) in the Android Developers documentation.

-{% note %}
-
-**Note:** The `-latest` runner images are the latest stable images that {% data variables.product.prodname_dotcom %} provides, and might not be the most recent version of the operating system available from the operating system vendor.
-
-{% endnote %}
+> [!NOTE]
+> The `-latest` runner images are the latest stable images that {% data variables.product.prodname_dotcom %} provides, and might not be the most recent version of the operating system available from the operating system vendor.

 {% warning %}

@@ -208,6 +202,16 @@ Since there are so many IP address ranges for {% data variables.product.prodname

 The list of {% data variables.product.prodname_actions %} IP addresses returned by the API is updated once a week.

+## Communication requirements for {% data variables.product.prodname_dotcom %}-hosted runners and {% data variables.product.product_name %}
+
+A {% data variables.product.prodname_dotcom %}-hosted runner must establish connections to {% data variables.product.prodname_dotcom %}-owned endpoints to perform essential communication operations. In addition, your runner may require access to additional networks that you specify or utilize within an action.
+
+To ensure proper communications for {% data variables.product.prodname_dotcom %}-hosted runners between networks within your configuration, ensure that the following communications are allowed.
+
+{% data reusables.actions.domain-name-cname-recursive-firewall-rules %}
+
+{% data reusables.actions.runner-essential-communications %}
+
 ## The `etc/hosts` file

 {% data reusables.actions.runners-etc-hosts-file %}
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md
@@ -19,6 +19,7 @@ topics:

 - This feature is currently in beta and subject to change.
 - Merge protection with rulesets is not related to status checks. For more information about status checks, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks)."
+- Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup.

 {% endnote %}

--- a/data/reusables/actions/domain-name-cname-recursive-firewall-rules.md
+++ b/data/reusables/actions/domain-name-cname-recursive-firewall-rules.md
@@ -0,0 +1,2 @@
+> [!NOTE]
+> Some of the domains listed are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed will remain constant.
--- a/data/reusables/actions/runner-essential-communications.md
+++ b/data/reusables/actions/runner-essential-communications.md
@@ -0,0 +1,51 @@
+**Needed for essential operations:**
+
+```shell copy
+github.com
+api.github.com
+*.actions.githubusercontent.com
+```
+
+**Needed for downloading actions:**
+
+```shell copy
+codeload.github.com
+ghcr.io
+*.actions.githubusercontent.com
+```
+
+**Needed for uploading/downloading job summaries, logs, workflow artifacts, and caches:**
+
+```shell copy
+results-receiver.actions.githubusercontent.com
+*.blob.core.windows.net
+```
+
+**Needed for runner version updates:**
+
+```shell copy
+objects.githubusercontent.com
+objects-origin.githubusercontent.com
+github-releases.githubusercontent.com
+github-registry-files.githubusercontent.com
+```
+
+**Needed for retrieving OIDC tokens:**
+
+```shell copy
+*.actions.githubusercontent.com
+```
+
+**Needed for downloading or publishing packages or containers to {% data variables.product.prodname_dotcom %} Packages:**
+
+```shell copy
+*.pkg.github.com
+ghcr.io
+```
+
+**Needed for {% data variables.large_files.product_name_long %}**
+
+```shell copy
+github-cloud.githubusercontent.com
+github-cloud.s3.amazonaws.com
+```