Merge branch 'main' into jules-4510

data/learning-tracks/actions.yml

@@ -36,6 +36,17 @@ deploy_to_the_cloud:
     - /actions/deployment/deploying-to-amazon-elastic-container-service
     - /actions/deployment/deploying-to-azure-app-service
     - /actions/deployment/deploying-to-google-kubernetes-engine
+adopting_github_actions_for_your_enterprise:
+  title: 'Adopt GitHub Actions for your enterprise'
+  description: 'Learn how to plan and implement a roll out of {% data variables.product.prodname_actions %} in your enterprise.'
+  guides:
+    - /actions/learn-github-actions/understanding-github-actions
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-ae
+    - /actions/security-guides/security-hardening-for-github-actions
 hosting_your_own_runners:
   title: 'Host your own runners'
   description: 'You can create self-hosted runners to run workflows in a highly customizable environment.'

data/learning-tracks/admin.yml

@@ -1,6 +1,9 @@
 get_started_with_github_ae:
   title: 'Get started with {% data variables.product.prodname_ghe_managed %}'
   description: 'Learn about {% data variables.product.prodname_ghe_managed %} and complete the initial configuration of a new enterprise.'
+  featured_track: true
+  versions:
+    ghae: '*'
   guides:
     - /admin/overview/about-github-ae
     - /admin/overview/about-data-residency
@@ -12,6 +15,8 @@ deploy_an_instance:
   title: 'Deploy an instance'
   description: 'Install {% data variables.product.prodname_ghe_server %} on your platform of choice and configure SAML authentication.'
   featured_track: true
+  versions:
+    ghes: '*'
   guides:
     - /admin/overview/system-overview
     - /admin/installation
@@ -23,6 +28,8 @@ deploy_an_instance:
 upgrade_your_instance:
   title: 'Upgrade your instance'
   description: 'Test upgrades in staging, notify users of maintenance, and upgrade your instance for the latest features and security updates.'
+  versions:
+    ghes: '*'
   guides:
     - /admin/enterprise-management/enabling-automatic-update-checks
     - /admin/installation/setting-up-a-staging-instance
@@ -31,9 +38,23 @@ upgrade_your_instance:
     - /admin/configuration/enabling-and-scheduling-maintenance-mode
     - /admin/enterprise-management/upgrading-github-enterprise-server
 
+adopting_github_actions_for_your_enterprise:
+  title: 'Adopt GitHub Actions for your enterprise'
+  description: 'Learn how to plan and implement a roll out of {% data variables.product.prodname_actions %} in your enterprise.'
+  guides:
+    - /actions/learn-github-actions/understanding-github-actions
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-ae
+    - /actions/security-guides/security-hardening-for-github-actions
+
 increase_fault_tolerance:
   title: 'Increase the fault tolerance of your instance'
   description: "Back up your developers' code and configure high availability (HA) to ensure the reliability of {% data variables.product.prodname_ghe_server %} in your environment."
+  versions:
+    ghes: '*'
   guides:
     - /admin/configuration/accessing-the-administrative-shell-ssh
     - /admin/configuration/configuring-backups-on-your-appliance
@@ -44,6 +65,8 @@ increase_fault_tolerance:
 improve_security_of_your_instance:
   title: 'Improve the security of your instance'
   description: "Review network configuration and security features, and harden the instance running {% data variables.product.prodname_ghe_server %} to protect your enterprise's data."
+  versions:
+    ghes: '*'
   guides:
     - /admin/configuration/enabling-private-mode
     - /admin/guides/installation/configuring-tls
@@ -58,6 +81,8 @@ improve_security_of_your_instance:
 configure_github_actions:
   title: 'Configure {% data variables.product.prodname_actions %}'
   description: 'Allow your developers to create, automate, customize, and execute powerful software development workflows for {% data variables.product.product_location %} with {% data variables.product.prodname_actions %}.'
+  versions:
+    ghes: '*'
   guides:
     - /admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server
     - /admin/github-actions/enforcing-github-actions-policies-for-your-enterprise
@@ -69,6 +94,8 @@ configure_github_actions:
 configure_github_advanced_security:
   title: 'Configure {% data variables.product.prodname_GH_advanced_security %}'
   description: "Improve the quality and security of your developers' code with {% data variables.product.prodname_GH_advanced_security %}."
+  versions:
+    ghes: '*'
   guides:
     - /admin/advanced-security/about-licensing-for-github-advanced-security
     - /admin/advanced-security/enabling-github-advanced-security-for-your-enterprise
@@ -79,6 +106,9 @@ configure_github_advanced_security:
 get_started_with_your_enterprise_account:
   title: 'Get started with your enterprise account'
   description: 'Get started with your enterprise account to centrally manage multiple organizations on {% data variables.product.product_name %}.'
+  versions:
+    ghes: '*'
+    ghec: '*'
   guides:
     - /admin/overview/about-enterprise-accounts
     - /billing/managing-billing-for-your-github-account/about-billing-for-your-enterprise

data/release-notes/enterprise-server/3-0/16.yml

@@ -7,6 +7,7 @@ sections:
     - 'Resque worker counts were displayed incorrectly during maintenance mode. {% comment %} https://github.com/github/enterprise2/pull/26898, https://github.com/github/enterprise2/pull/26883 {% endcomment %}'
     - 'Allocated memcached memory could be zero in clustering mode. {% comment %} https://github.com/github/enterprise2/pull/26927, https://github.com/github/enterprise2/pull/26832 {% endcomment %}'
     - 'Fixes {% data variables.product.prodname_pages %} builds so they take into account the NO_PROXY setting of the appliance. This is relevant to appliances configured with an HTTP proxy only. (update 2021-09-30) {% comment %} https://github.com/github/pages/pull/3360 {% endcomment %}'
+    - 'The GitHub Connect configuration of the source instance was always restored to new instances even when the `--config` option for `ghe-restore` was not used. This would lead to a conflict with the GitHub Connect connection and license synchronization if both the source and destination instances were online at the same time. The fix also requires updating backup-utils to 3.2.0 or higher. [updated: 2021-11-18]'
   known_issues:
     - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
     - Custom firewall rules are removed during the upgrade process.

data/release-notes/enterprise-server/3-0/20.yml

@@ -0,0 +1,21 @@
+date: '2021-11-23'
+sections:
+  security_fixes:
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - Pre-receive hooks would fail due to undefined `PATH`.
+    - 'Running `ghe-repl-setup` would return an error: `cannot create directory /data/user/elasticsearch: File exists` if the instance had previously been configured as a replica.'
+    - In large cluster environments, the authentication backend could be unavailable on a subset of frontend nodes.
+    - Some critical services may not have been available on backend nodes in GHES Cluster.
+  changes:
+    - An additional outer layer of `gzip` compression when creating a cluster support bundle with `ghe-cluster-suport-bundle` is now turned off by default. This outer compression can optionally be applied with the `ghe-cluster-suport-bundle -c` command line option.
+    - Upgraded collectd to version 5.12.0.
+    - We have added extra text to the admin console to remind users about the mobile apps' data collection for experience improvement purposes.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-1/12.yml

@@ -0,0 +1,24 @@
+date: '2021-11-23'
+sections:
+  security_fixes:
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - Running `ghe-repl-start` or `ghe-repl-status` would sometimes return errors connecting to the database when GitHub Actions was enabled.
+    - Pre-receive hooks would fail due to undefined `PATH`.
+    - 'Running `ghe-repl-setup` would return an error: `cannot create directory /data/user/elasticsearch: File exists` if the instance had previously been configured as a replica.'
+    - 'After setting up a high availability replica, `ghe-repl-status` included an error in the output: `unexpected unclosed action in command`.'
+    - In large cluster environments, the authentication backend could be unavailable on a subset of frontend nodes.
+    - Some critical services may not have been available on backend nodes in GHES Cluster.
+  changes:
+    - An additional outer layer of `gzip` compression when creating a cluster support bundle with `ghe-cluster-suport-bundle` is now turned off by default. This outer compression can optionally be applied with the `ghe-cluster-suport-bundle -c` command line option.
+    - Upgraded collectd to version 5.12.0.
+    - We have added extra text to the admin console to remind users about the mobile apps' data collection for experience improvement purposes.
+  known_issues:
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-1/8.yml

@@ -8,6 +8,7 @@ sections:
     - 'Allocated memcached memory could be zero in clustering mode. {% comment %} https://github.com/github/enterprise2/pull/26928, https://github.com/github/enterprise2/pull/26832 {% endcomment %}'
     - 'Non-empty binary files displayed an incorrect file type and size on the pull request "Files" tab. {% comment %} https://github.com/github/github/pull/192810, https://github.com/github/github/pull/172284, https://github.com/github/coding/issues/694 {% endcomment %}'
     - 'Fixes {% data variables.product.prodname_pages %} builds so they take into account the NO_PROXY setting of the appliance. This is relevant to appliances configured with an HTTP proxy only. (update 2021-09-30) {% comment %} https://github.com/github/pages/pull/3360 {% endcomment %}'
+    - 'The GitHub Connect configuration of the source instance was always restored to new instances even when the `--config` option for `ghe-restore` was not used. This would lead to a conflict with the GitHub Connect connection and license synchronization if both the source and destination instances were online at the same time. The fix also requires updating backup-utils to 3.2.0 or higher. [updated: 2021-11-18]'
   known_issues:
     - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
     - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.

data/release-notes/enterprise-server/3-2/4.yml

@@ -0,0 +1,28 @@
+date: '2021-11-23'
+sections:
+  security_fixes:
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - Running `ghe-repl-start` or `ghe-repl-status` would sometimes return errors connecting to the database when GitHub Actions was enabled.
+    - Pre-receive hooks would fail due to undefined `PATH`.
+    - 'Running `ghe-repl-setup` would return an error: `cannot create directory /data/user/elasticsearch: File exists` if the instance had previously been configured as a replica.'
+    - 'Running `ghe-support-bundle` returned an error: `integer expression expected`.'
+    - 'After setting up a high availability replica, `ghe-repl-status` included an error in the output: `unexpected unclosed action in command`.'
+    - In large cluster environments, the authentication backend could be unavailable on a subset of frontend nodes.
+    - Some critical services may not have been available on backend nodes in GHES Cluster.
+    - The repository permissions to the user returned by the `/repos` API would not return the full list.
+    - The `childTeams` connection on the `Team` object in the GraphQL schema produced incorrect results under some circumstances.
+    - In a high availability configuration, repository maintenance always showed up as failed in stafftools, even when it succeeded.
+    - User defined patterns would not detect secrets in files like `package.json` or `yarn.lock`.
+  changes:
+    - An additional outer layer of `gzip` compression when creating a cluster support bundle with `ghe-cluster-suport-bundle` is now turned off by default. This outer compression can optionally be applied with the `ghe-cluster-suport-bundle -c` command line option.
+    - Upgraded collectd to version 5.12.0.
+    - We have added extra text to the admin console to remind users about the mobile apps' data collection for experience improvement purposes.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/reusables/actions/about-actions.md

@@ -0,0 +1 @@
+{% data variables.product.prodname_actions %} helps you automate tasks within your software development life cycle.

data/reusables/actions/about-runners.md

@@ -0,0 +1 @@
+A runner is a server that has the [{% data variables.product.prodname_actions %} runner application](https://github.com/actions/runner) installed. You can use a runner hosted by {% data variables.product.prodname_dotcom %}, or you can host your own. 

data/reusables/actions/access-actions-on-dotcom.md

@@ -0,0 +1 @@
+If users in your enterprise need access to other actions from {% data variables.product.prodname_dotcom_the_website %} or {% data variables.product.prodname_marketplace %}, there are a few configuration options.

data/reusables/actions/actions-bundled-with-ghes.md

@@ -0,0 +1 @@
+Most official {% data variables.product.prodname_dotcom %}-authored actions are automatically bundled with {% data variables.product.product_name %}, and are captured at a point in time from {% data variables.product.prodname_marketplace %}.

data/reusables/actions/general-security-hardening.md

@@ -0,0 +1,3 @@
+## General security hardening for {% data variables.product.prodname_actions %} 
+
+If you want to learn more about security practices for {% data variables.product.prodname_actions %}, see "[Security hardening for {% data variables.product.prodname_actions %}](/actions/learn-github-actions/security-hardening-for-github-actions)."

data/reusables/actions/introducing-enterprise.md

@@ -0,0 +1 @@
+Before you get started, you should make a plan for how you'll introduce {% data variables.product.prodname_actions %} to your enterprise. For more information, see "[Introducing {% data variables.product.prodname_actions %} to your enterprise](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise)."

data/reusables/actions/migrating-enterprise.md

@@ -0,0 +1 @@
+If you're migrating your enterprise to {% data variables.product.prodname_actions %} from another provider, there are additional considerations. For more information, see "[Migrating your enterprise to {% data variables.product.prodname_actions %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions)."

data/reusables/actions/self-hosted-runner-ports-protocols.md

@@ -0,0 +1,3 @@
+{% ifversion ghes or ghae %}
+The connection between self-hosted runners and {% data variables.product.product_name %} is over HTTP (port 80) and HTTPS (port 443).
+{% endif %}

data/reusables/secret-scanning/api-beta.md

@@ -1,4 +1,4 @@
-{% ifversion ghes > 3.0 %}
+{% ifversion ghes > 3.0 or ghae-next %}
 
 {% note %}
 

data/reusables/secret-scanning/partner-secret-list-private-repo.md

@@ -187,6 +187,10 @@ Shopify | Shopify Private App Password | shopify_private_app_password
 Slack | Slack API Token | slack_api_token
 Slack | Slack Incoming Webhook URL | slack_incoming_webhook_url
 Slack | Slack Workflow Webhook URL | slack_workflow_webhook_url
+{%- ifversion fpt or ghec or ghes > 3.3 %}
+Square | Square Production Application Secret | square_production_application_secret{% endif %}
+{%- ifversion fpt or ghec or ghes > 3.3 %}
+Square | Square Sandbox Application Secret | square_sandbox_application_secret{% endif %}
 SSLMate | SSLMate API Key | sslmate_api_key
 SSLMate | SSLMate Cluster Secret | sslmate_cluster_secret
 Stripe | Stripe API Key | stripe_api_key

data/reusables/secret-scanning/partner-secret-list-public-repo.md

@@ -75,6 +75,8 @@ RubyGems | RubyGems API Key
 Samsara | Samsara API Token
 Samsara | Samsara OAuth Access Token
 SendGrid | SendGrid API Key
+Sendinblue | Sendinblue API Key
+Sendinblue | Sendinblue SMTP Key
 Shopify | Shopify App Shared Secret
 Shopify | Shopify Access Token
 Shopify | Shopify Custom App Access Token
@@ -91,4 +93,5 @@ Stripe | Stripe Test API Restricted Key
 Tencent Cloud | Tencent Cloud Secret ID
 Twilio | Twilio Account String Identifier
 Twilio | Twilio API Key
+Typeform | Typeform Personal Access Token
 Valour | Valour Access Token