From 7c1ce68e2638b9554c20bb9e55f9d8ebee2daa8a Mon Sep 17 00:00:00 2001 From: Jules Parker <19994093+jules-p@users.noreply.github.com> Date: Thu, 25 Nov 2021 11:26:05 +0100 Subject: [PATCH 1/2] version out environments for deployment from ghes < 3.1 --- .../introducing-github-actions-to-your-enterprise.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md index 85a750a3f9..fbfffa1e54 100644 --- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md +++ b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md @@ -22,7 +22,7 @@ Before you introduce {% data variables.product.prodname_actions %} to a large en ## Governance and compliance -Your should create a plan to govern your enterprise's use of {% data variables.product.prodname_actions %} and meet your compliance obligations. +Your should create a plan to govern your enterprise's use of {% data variables.product.prodname_actions %} and meet your compliance obligations. Determine which actions your developers will be allowed to use. {% ifversion ghes %}First, decide whether you'll enable access to actions from outside your instance. {% data reusables.actions.access-actions-on-dotcom %} For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)." @@ -55,8 +55,8 @@ You should plan where you'll store your secrets. We recommend storing secrets in In {% data variables.product.prodname_dotcom %}, you can store secrets at the repository or organization level. Secrets at the repository level can be limited to workflows in certain environments, such as production or testing. For more information, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." ![Screenshot of a list of secrets](/assets/images/help/settings/actions-org-secrets-list.png) - -You should consider adding manual approval protection for sensitive environments, so that workflows must be approved before getting access to the environments' secrets. For more information, see "[Using environments for deployments](/actions/deployment/targeting-different-environments/using-environments-for-deployment)." +{% ifversion ghes > 3.0 %} +You should consider adding manual approval protection for sensitive environments, so that workflows must be approved before getting access to the environments' secrets. For more information, see "[Using environments for deployments](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."{% endif %} ### Security considerations for third-party actions @@ -121,4 +121,4 @@ For more detailed usage data, you{% else %}You{% endif %} can use webhooks to su Make a plan for how your enterprise can pass the information from these webhooks into a data archiving system. You can consider using "CEDAR.GitHub.Collector", an open source tool that collects and processes webhook data from {% data variables.product.prodname_dotcom %}. For more information, see the [`Microsoft/CEDAR.GitHub.Collector` repository](https://github.com/microsoft/CEDAR.GitHub.Collector/). -You should also plan how you'll enable your teams to get the data they need from your archiving system. \ No newline at end of file +You should also plan how you'll enable your teams to get the data they need from your archiving system. From 05c293173581acb72947f8c01f217330283bae83 Mon Sep 17 00:00:00 2001 From: Jules Parker <19994093+jules-p@users.noreply.github.com> Date: Thu, 25 Nov 2021 12:30:45 +0100 Subject: [PATCH 2/2] adds other necessary versions! --- .../introducing-github-actions-to-your-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md index fbfffa1e54..9d1e765d83 100644 --- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md +++ b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md @@ -55,7 +55,7 @@ You should plan where you'll store your secrets. We recommend storing secrets in In {% data variables.product.prodname_dotcom %}, you can store secrets at the repository or organization level. Secrets at the repository level can be limited to workflows in certain environments, such as production or testing. For more information, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." ![Screenshot of a list of secrets](/assets/images/help/settings/actions-org-secrets-list.png) -{% ifversion ghes > 3.0 %} +{% ifversion fpt or ghes > 3.0 or ghec or ghae %} You should consider adding manual approval protection for sensitive environments, so that workflows must be approved before getting access to the environments' secrets. For more information, see "[Using environments for deployments](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."{% endif %} ### Security considerations for third-party actions