Merge branch 'main' into patch-3

.devcontainer/devcontainer.json

@@ -17,7 +17,8 @@
 
 	// Install features. Type 'feature' in the VS Code command palette for a full list.
 	"features": {
-		"git-lfs": "latest"
+		"git-lfs": "latest",
+		"sshd": "latest"
 	 },
 
 	// Visual Studio Code extensions which help authoring for docs.github.com.
@@ -38,5 +39,8 @@
 
 	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "node"
-
+,
+	"hostRequirements": {
+		"memory": "8gb"
+	 }
 }

.github/CODEOWNERS

@@ -16,12 +16,11 @@ package-lock.json @github/docs-engineering
 package.json @github/docs-engineering
 
 # Localization
-/.github/actions-scripts/create-translation-batch-pr.js @github/docs-localization
-/.github/workflows/create-translation-batch-pr.yml @github/docs-localization
-/.github/workflows/crowdin.yml @github/docs-localization
-/crowdin*.yml @github/docs-engineering @github/docs-localization
-/translations/ @github/docs-engineering @github/docs-localization @Octomerger
-/translations/log/ @github/docs-localization @Octomerger
+/.github/actions-scripts/create-translation-batch-pr.js @github/docs-engineering
+/.github/workflows/create-translation-batch-pr.yml @github/docs-engineering
+/.github/workflows/crowdin.yml @github/docs-engineering
+/crowdin*.yml @github/docs-engineering
+/translations/ @Octomerger
 
 # Site Policy
 /content/site-policy/ @github/site-policy-admins

.github/actions-scripts/content-changes-table-comment.js

@@ -2,7 +2,6 @@
 
 import * as github from '@actions/github'
 import { setOutput } from '@actions/core'
-import got from 'got'
 
 import { getContents } from '../../script/helpers/git-utils.js'
 import parse from '../../lib/read-frontmatter.js'
@@ -48,13 +47,6 @@ const articleFiles = files.filter(
 
 const lines = await Promise.all(
   articleFiles.map(async (file) => {
-    // Action triggered on PR and after preview env is deployed. Check health to determine if preview env is ready (healthy)
-    let appUrlIsHealthy = false
-    try {
-      const res = await got.head(`${APP_URL}/healthz`, { retry: { limit: 0 } })
-      appUrlIsHealthy = res.statusCode === 200
-    } catch (err) {}
-
     const sourceUrl = file.blob_url
     const fileName = file.filename.slice(pathPrefix.length)
     const fileUrl = fileName.slice(0, fileName.lastIndexOf('.'))
@@ -78,8 +70,7 @@ const lines = await Promise.all(
     const { data } = parse(fileContents)
 
     let contentCell = ''
-    let previewCell = appUrlIsHealthy ? '' : '_Deployment pending..._'
-
+    let previewCell = ''
     let prodCell = ''
 
     if (file.status === 'added') contentCell = 'New file: '
@@ -107,16 +98,12 @@ const lines = await Promise.all(
           if (versions.toString() === nonEnterpriseDefaultVersion) {
             // omit version from fpt url
 
-            previewCell += appUrlIsHealthy ? `[${plan}](${APP_URL}/${fileUrl})<br>` : ''
+            previewCell += `[${plan}](${APP_URL}/${fileUrl})<br>`
             prodCell += `[${plan}](${PROD_URL}/${fileUrl})<br>`
           } else {
             // for non-versioned releases (ghae, ghec) use full url
 
-            if (appUrlIsHealthy) {
-              previewCell += appUrlIsHealthy
-                ? `[${plan}](${APP_URL}/${versions}/${fileUrl})<br>`
-                : ''
-            }
+            previewCell += `[${plan}](${APP_URL}/${versions}/${fileUrl})<br>`
             prodCell += `[${plan}](${PROD_URL}/${versions}/${fileUrl})<br>`
           }
         } else if (versions.length) {
@@ -126,9 +113,7 @@ const lines = await Promise.all(
           prodCell += `${plan}@ `
 
           versions.forEach((version) => {
-            previewCell += appUrlIsHealthy
-              ? `[${version.split('@')[1]}](${APP_URL}/${version}/${fileUrl}) `
-              : ''
+            previewCell += `[${version.split('@')[1]}](${APP_URL}/${version}/${fileUrl}) `
             prodCell += `[${version.split('@')[1]}](${PROD_URL}/${version}/${fileUrl}) `
           })
           previewCell += '<br>'

.github/actions-scripts/msft-create-translation-batch-pr.js

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 
+import fs from 'fs'
 import github from '@actions/github'
 
 const OPTIONS = Object.fromEntries(
@@ -32,6 +33,7 @@ const {
   BASE,
   HEAD,
   LANGUAGE,
+  BODY_FILE,
   GITHUB_TOKEN,
 } = OPTIONS
 const [OWNER, REPO] = GITHUB_REPOSITORY.split('/')
@@ -119,7 +121,7 @@ async function main() {
     title: TITLE,
     base: BASE,
     head: HEAD,
-    body: `New translation batch for ${LANGUAGE}. You can see the log in [\`translations/log/${LANGUAGE}-resets.csv\`](https://github.com/${OWNER}/${REPO}/tree/${HEAD}/translations/log/msft-${LANGUAGE}-resets.csv).`,
+    body: fs.readFileSync(BODY_FILE, 'utf8'),
     labels: ['translation-batch', `translation-batch-${LANGUAGE}`],
     owner: OWNER,
     repo: REPO,

.github/workflows/browser-test.yml

@@ -29,7 +29,7 @@ concurrency:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }}
     steps:
       - name: Checkout
         uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

.github/workflows/content-changes-table-comment.yml

@@ -5,10 +5,6 @@ name: Content Changes Table Comment
 # **Who does it impact**: docs-internal/docs maintainers and contributors
 
 on:
-  # Trigger this workflow after preview deployment runs
-  workflow_run:
-    workflows:
-      - Azure - Deploy Preview Environment
   workflow_dispatch:
   pull_request_target:
 
@@ -44,6 +40,7 @@ jobs:
           filters: |
             filterContentDir:
               - 'content/**/*'
+
   filterContentDir:
     needs: PR-Preview-Links
     if: ${{ needs.PR-Preview-Links.outputs.filterContentDir == 'true' }}

.github/workflows/msft-create-translation-batch-pr.yml

@@ -1,4 +1,4 @@
-name: Create translation Batch Pull Request
+name: Create translation Batch Pull Request (Microsoft)
 
 # **What it does**:
 #  - Creates one pull request per language after running a series of automated checks,
@@ -31,48 +31,39 @@ jobs:
       matrix:
         include:
           - language: es
-            crowdin_language: es-ES
             language_dir: translations/es-ES
             language_repo: github/docs-internal.es-es
 
           - language: ja
-            crowdin_language: ja-JP
             language_dir: translations/ja-JP
             language_repo: github/docs-internal.ja-jp
 
           - language: pt
-            crowdin_language: pt-BR
             language_dir: translations/pt-BR
             language_repo: github/docs-internal.pt-br
 
           - language: cn
-            crowdin_language: zh-CN
             language_dir: translations/zh-CN
             language_repo: github/docs-internal.zh-cn
 
           # We'll be ready to add the following languages in a future effort.
 
           # - language: ru
-          #   crowdin_language: ru-RU
           #   language_dir: translations/ru-RU
           #   language_repo: github/docs-internal.ru-ru
 
           # - language: ko
-          #   crowdin_language: ko-KR
           #   language_dir: translations/ko-KR
           #   language_repo: github/docs-internal.ko-kr
 
           # - language: fr
-          #   crowdin_language: fr-FR
           #   language_dir: translations/fr-FR
           #   language_repo: github/docs-internal.fr-fr
 
           # - language: de
-          #   crowdin_language: de-DE
           #   language_dir: translations/de-DE
           #   language_repo: github/docs-internal.de-de
 
-    # TODO: replace the branch name
     steps:
       - name: Set branch name
         id: set-branch
@@ -109,11 +100,10 @@ jobs:
       - name: Remove .git from the language-specific repo
         run: rm -rf ${{ matrix.language_dir }}/.git
 
-      # TODO: Rename this step
-      - name: Commit crowdin sync
+      - name: Commit translated files
         run: |
           git add ${{ matrix.language_dir }}
-          git commit -m "Add crowdin translations" || echo "Nothing to commit"
+          git commit -m "Add translations" || echo "Nothing to commit"
 
       - name: 'Setup node'
         uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
@@ -122,19 +112,16 @@ jobs:
 
       - run: npm ci
 
-      # step 6 in docs-engineering/crowdin.md
       - name: Homogenize frontmatter
         run: |
           node script/i18n/homogenize-frontmatter.js
           git add ${{ matrix.language_dir }} && git commit -m "Run script/i18n/homogenize-frontmatter.js" || echo "Nothing to commit"
 
-      # step 7 in docs-engineering/crowdin.md
       - name: Fix translation errors
         run: |
           node script/i18n/fix-translation-errors.js
           git add ${{ matrix.language_dir }} && git commit -m "Run script/i18n/fix-translation-errors.js" || echo "Nothing to commit"
 
-      # step 8b in docs-engineering/crowdin.md
       - name: Check rendering
         run: |
           node script/i18n/lint-translation-files.js --check rendering | tee -a /tmp/batch.log | cat
@@ -142,26 +129,18 @@ jobs:
 
       - name: Reset files with broken liquid tags
         run: |
-          node script/i18n/reset-files-with-broken-liquid-tags.js --language=${{ matrix.language }} | tee -a /tmp/batch.log | cat
-          git add ${{ matrix.language_dir }} && git commit -m "run script/i18n/reset-files-with-broken-liquid-tags.js --language=${{ matrix.language }}" || echo "Nothing to commit"
-
-      # step 5 in docs-engineering/crowdin.md using script from docs-internal#22709
-      - name: Reset known broken files
-        run: |
-          node script/i18n/reset-known-broken-translation-files.js | tee -a /tmp/batch.log | cat
-          git add ${{ matrix.language_dir }} && git commit -m "run script/i18n/reset-known-broken-translation-files.js" || echo "Nothing to commit"
-        env:
-          GITHUB_TOKEN: ${{ secrets.DOCUBOT_REPO_PAT }}
+          node script/i18n/msft-reset-files-with-broken-liquid-tags.js --language=${{ matrix.language }} | tee -a /tmp/batch.log | cat
+          git add ${{ matrix.language_dir }} && git commit -m "run script/i18n/msft-reset-files-with-broken-liquid-tags.js --language=${{ matrix.language }}" || echo "Nothing to commit"
 
       - name: Check in CSV report
         run: |
           mkdir -p translations/log
           csvFile=translations/log/msft-${{ matrix.language }}-resets.csv
-          script/i18n/report-reset-files.js --report-type=csv --language=${{ matrix.language }} --log-file=/tmp/batch.log > $csvFile
+          script/i18n/msft-report-reset-files.js --report-type=csv --language=${{ matrix.language }} --log-file=/tmp/batch.log > $csvFile
           git add -f $csvFile && git commit -m "Check in ${{ matrix.language }} CSV report" || echo "Nothing to commit"
 
       - name: Write the reported files that were reset to /tmp/pr-body.txt
-        run: script/i18n/report-reset-files.js --report-type=pull-request-body --language=${{ matrix.language }} --log-file=/tmp/batch.log > /tmp/pr-body.txt
+        run: script/i18n/msft-report-reset-files.js --report-type=pull-request-body --language=${{ matrix.language }} --log-file=/tmp/batch.log --csv-path=${{ steps.set-branch.outputs.BRANCH_NAME }}/translations/log/msft-${{ matrix.language }}-resets.csv > /tmp/pr-body.txt
 
       - name: Push filtered translations
         run: git push origin ${{ steps.set-branch.outputs.BRANCH_NAME }}

.github/workflows/needs-sme-stale-check.yaml

@@ -22,7 +22,7 @@ jobs:
         with:
           only-labels: needs SME
           remove-stale-when-updated: true
-          days-before-stale: 7 # adds stale label if no activity for 7 days
+          days-before-stale: 28 # adds stale label if no activity for 7 days - temporarily changed to 28 days as we work through the backlog
           stale-issue-message: 'This is a gentle bump for the docs team that this issue is waiting for technical review.'
           stale-issue-label: SME stale
           days-before-issue-close: -1 # never close

.gitignore

@@ -9,6 +9,7 @@ coverage/
 /assets/images/early-access
 /content/early-access
 /data/early-access
+/script/dev-toc/static
 .next
 .eslintcache
 *.tsbuildinfo

Dockerfile

@@ -71,9 +71,6 @@ COPY --chown=node:node --from=builder $APP_HOME/.next $APP_HOME/.next
 # We should always be running in production mode
 ENV NODE_ENV production
 
-# Whether to hide iframes, add warnings to external links
-ENV AIRGAP false
-
 # Preferred port for server.js
 ENV PORT 4000
 
@@ -90,7 +87,6 @@ COPY --chown=node:node assets ./assets
 COPY --chown=node:node content ./content
 COPY --chown=node:node lib ./lib
 COPY --chown=node:node middleware ./middleware
-COPY --chown=node:node feature-flags.json ./
 COPY --chown=node:node data ./data
 COPY --chown=node:node next.config.js ./
 COPY --chown=node:node server.js ./server.js

components/Link.tsx

@@ -1,12 +1,10 @@
 import NextLink from 'next/link'
 import { ComponentProps } from 'react'
-import { useMainContext } from 'components/context/MainContext'
 
 const { NODE_ENV } = process.env
 
 type Props = { locale?: string; disableClientTransition?: boolean } & ComponentProps<'a'>
 export function Link(props: Props) {
-  const { airGap } = useMainContext()
   const { href, locale, disableClientTransition = false, ...restProps } = props
 
   if (!href && NODE_ENV !== 'production') {
@@ -15,16 +13,6 @@ export function Link(props: Props) {
 
   const isExternal = href?.startsWith('http') || href?.startsWith('//')
 
-  // In airgap mode, add a tooltip to external links warning they may not work.
-  if (airGap && isExternal) {
-    if (restProps.className) {
-      restProps.className += ' tooltipped'
-    } else {
-      restProps.className = 'tooltipped'
-    }
-    restProps['aria-label'] = 'This link may not work in this environment.'
-  }
-
   if (disableClientTransition) {
     return (
       /* eslint-disable-next-line jsx-a11y/anchor-has-content */

components/README.md

@@ -1,6 +1,3 @@
 # Components
 
-⚠️ This area is a work-in-progress.
-
 This is the main source for our React components. They can be rendered by the server or the client via [Next.js](https://nextjs.org). The starting point for any component usage is the `pages/` directory, which uses a file-system routing paradigm to match paths to pages that then render these components.
-

components/context/MainContext.tsx

@@ -87,7 +87,6 @@ export type MainContextT = {
   isHomepageVersion: boolean
   isFPT: boolean
   data: DataT
-  airGap?: boolean
   error: string
   currentCategory?: string
   relativePath?: string
@@ -155,7 +154,6 @@ export const getMainContext = (req: any, res: any): MainContextT => {
         release_candidate: req.context.site.data.variables.release_candidate,
       },
     },
-    airGap: req.context.AIRGAP || false,
     currentCategory: req.context.currentCategory || '',
     currentPathWithoutLanguage: req.context.currentPathWithoutLanguage,
     relativePath: req.context.page?.relativePath,

components/context/PlaygroundContext.tsx

@@ -59,7 +59,8 @@ export const PlaygroundContextProvider = (props: { children: React.ReactNode })
   const router = useRouter()
   const [activeSectionIndex, setActiveSectionIndex] = useState(0)
   const [scrollToSection, setScrollToSection] = useState<number>()
-  const path = router.asPath.split('?')[0]
+  const path = router.asPath.split('?')[0].split('#')[0]
+
   const relevantArticles = articles.filter(({ slug }) => slug === path)
 
   const { langId } = router.query

components/hooks/useHasAccount.ts

@@ -0,0 +1,23 @@
+import { useState, useEffect } from 'react'
+import Cookies from 'js-cookie'
+
+// Measure if the user has a github.com account and signed in during this session.
+// The github.com sends the color_mode cookie every request when you sign in,
+// but does not delete the color_mode cookie on sign out.
+// You do not need to change your color mode settings to get this cookie,
+// this applies to every user regardless of if they changed this setting.
+// To test this, try a private browser tab.
+// We are using the color_mode cookie because it is not HttpOnly.
+// For users that haven't changed their session cookies recently,
+// we also can check for the browser-set `preferred_color_mode` cookie.
+export function useHasAccount() {
+  const [hasAccount, setHasAccount] = useState<boolean | null>(null)
+
+  useEffect(() => {
+    const cookieValue = Cookies.get('color_mode')
+    const altCookieValue = Cookies.get('preferred_color_mode')
+    setHasAccount(Boolean(cookieValue || altCookieValue))
+  }, [])
+
+  return { hasAccount }
+}

components/hooks/useSession.ts

@@ -1,28 +0,0 @@
-import { useEffect } from 'react'
-import useSWR from 'swr'
-
-export default async function fetcher<JSON = any>(
-  input: RequestInfo,
-  init?: RequestInit
-): Promise<JSON> {
-  const res = await fetch(input, init)
-  return res.json()
-}
-
-export type Session = {
-  isSignedIn: boolean
-  csrfToken?: string
-}
-
-// React hook version
-export function useSession() {
-  const { data: session, error } = useSWR<Session>('/api/session', fetcher)
-
-  useEffect(() => {
-    if (error) {
-      console.warn('An error occurred loading the user session', error)
-    }
-  }, [error])
-
-  return { session }
-}

components/hooks/useUserLanguage.ts

@@ -1,11 +1,14 @@
 import { useState, useEffect } from 'react'
 import Cookies from 'js-cookie'
+import { useRouter } from 'next/router'
 
-import { languageKeys } from '../../lib/languages.js'
+import { useLanguages } from 'components/context/LanguagesContext'
 import { PREFERRED_LOCALE_COOKIE_NAME } from '../../lib/constants.js'
 
 export function useUserLanguage() {
+  const { locale } = useRouter()
   const [userLanguage, setUserLanguage] = useState<string>('en')
+  const { languages } = useLanguages()
 
   useEffect(() => {
     const languagePreferred = [
@@ -18,11 +21,12 @@ export function useUserLanguage() {
       // the region. E.g. `en-US` but in our application, we don't use
       // the region.
       .map((lang) => lang && lang.slice(0, 2).toLowerCase())
-      .find((lang) => lang && languageKeys.includes(lang))
+      .find((lang) => lang && lang in languages)
+
     if (languagePreferred) {
       setUserLanguage(languagePreferred)
     }
-  }, [])
+  }, [locale])
 
   return { userLanguage }
 }

components/landing/LandingHero.tsx

@@ -3,7 +3,6 @@ import cx from 'classnames'
 import { useRouter } from 'next/router'
 import { LinkExternalIcon } from '@primer/octicons-react'
 
-import { useMainContext } from 'components/context/MainContext'
 import { Link } from 'components/Link'
 import { useProductLandingContext } from 'components/context/ProductLandingContext'
 import { useTranslation } from 'components/hooks/useTranslation'
@@ -11,7 +10,6 @@ import { useVersion } from 'components/hooks/useVersion'
 import { Lead } from 'components/ui/Lead'
 
 export const LandingHero = () => {
-  const { airGap } = useMainContext()
   const { product_video, shortTitle, title, beta_product, intro, introLinks } =
     useProductLandingContext()
   const { t } = useTranslation('product_landing')
@@ -56,16 +54,14 @@ export const LandingHero = () => {
       {product_video && (
         <div className="col-12 col-lg-6">
           <div className="position-relative" style={{ paddingBottom: '56.25%' }}>
-            {!airGap && (
-              <iframe
-                title={`${shortTitle} Video`}
-                className="top-0 left-0 position-absolute color-shadow-large rounded-1 width-full height-full"
-                src={renderIFrame ? product_video : ''}
-                frameBorder="0"
-                allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-                allowFullScreen
-              ></iframe>
-            )}
+            <iframe
+              title={`${shortTitle} Video`}
+              className="top-0 left-0 position-absolute color-shadow-large rounded-1 width-full height-full"
+              src={renderIFrame ? product_video : ''}
+              frameBorder="0"
+              allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
+              allowFullScreen
+            ></iframe>
           </div>
         </div>
       )}

components/lib/events.ts

@@ -8,7 +8,6 @@ const COOKIE_NAME = '_docs-events'
 const startVisitTime = Date.now()
 
 let initialized = false
-let csrfToken: string | undefined
 let cookieValue: string | undefined
 let pageEventId: string | undefined
 let maxScrollY = 0
@@ -85,8 +84,6 @@ function getMetaContent(name: string) {
 
 export function sendEvent({ type, version = '1.0.0', ...props }: SendEventProps) {
   const body = {
-    _csrf: csrfToken,
-
     type,
 
     context: {
@@ -273,8 +270,7 @@ function initPrintEvent() {
   })
 }
 
-export function initializeEvents(xcsrfToken: string) {
-  csrfToken = xcsrfToken // always update the csrfToken
+export function initializeEvents() {
   if (initialized) return
   initialized = true
   initPageAndExitEvent() // must come first

components/lib/experiment.ts

@@ -21,7 +21,7 @@ export function sendSuccess(test: string) {
   })
 }
 
-export default function experiment() {
+export function initializeExperiments() {
   if (initialized) return
   initialized = true
   // *** Example test code ***

components/lib/get-rest-code-samples.ts

@@ -25,7 +25,10 @@ export function getShellExample(operation: Operation, codeSample: CodeSample) {
 
   let requestBodyParams = ''
   if (codeSample?.request?.bodyParameters) {
-    requestBodyParams = `-d '${JSON.stringify(codeSample.request.bodyParameters)}'`
+    requestBodyParams = `-d '${JSON.stringify(codeSample.request.bodyParameters).replace(
+      /'/g,
+      "'\\''"
+    )}'`
 
     // If the content type is application/x-www-form-urlencoded the format of
     // the shell example is --data-urlencode param1=value1 --data-urlencode param2=value2

components/page-header/Header.tsx

@@ -6,7 +6,7 @@ import { useVersion } from 'components/hooks/useVersion'
 
 import { Link } from 'components/Link'
 import { useMainContext } from 'components/context/MainContext'
-import { useSession } from 'components/hooks/useSession'
+import { useHasAccount } from 'components/hooks/useHasAccount'
 import { LanguagePicker } from './LanguagePicker'
 import { HeaderNotifications } from 'components/page-header/HeaderNotifications'
 import { ProductPicker } from 'components/page-header/ProductPicker'
@@ -26,11 +26,10 @@ export const Header = () => {
   )
   const [scroll, setScroll] = useState(false)
 
-  const { session } = useSession()
+  const { hasAccount } = useHasAccount()
 
   const signupCTAVisible =
-    session &&
-    !session.isSignedIn &&
+    hasAccount === false && // don't show if `null`
     (currentVersion === 'free-pro-team@latest' || currentVersion === 'enterprise-cloud@latest')
 
   useEffect(() => {

components/playground/CodeLanguagePicker.tsx

@@ -13,6 +13,7 @@ export const CodeLanguagePicker = () => {
       <SubNav.Links>
         {codeLanguages.map((language) => (
           <SubNav.Link
+            key={language.id}
             as={Link}
             href={`${routePath}?langId=${language.id}`}
             selected={language.id === currentLanguage.id}

components/playground/editor/Editor.tsx

@@ -74,6 +74,7 @@ export const Editor: React.FC<Props> = ({ article }) => {
           {editorFiles.map((file, i) => {
             return (
               <button
+                key={file.fileName}
                 className={cx('btn-link Link--secondary no-underline mr-2 f6 py-2 px-3', {
                   'color-bg-subtle': i === selectedFileIndex,
                 })}

components/rest/ChildBodyParametersRows.tsx

@@ -4,7 +4,7 @@ import type { ChildParamsGroup } from './types'
 
 type Props = {
   slug: string
-  childParamsGroups: ChildParamsGroup[]
+  childParamsGroups?: ChildParamsGroup[]
 }
 
 export function ChildBodyParametersRows({ slug, childParamsGroups }: Props) {

content/README.md

@@ -265,7 +265,7 @@ includeGuides:
 ### `topics`
 - Purpose: Indicate the topics covered by the article. The topics are used to filter guides on some landing pages. For example, the guides at the bottom of [this page](https://docs.github.com/en/actions/guides) can be filtered by topics and the topics are listed under the guide intro. Topics are also added to all search records that get created for each page. The search records contain a `topics` property that is used to filter search results by topics. For more information, see the [Search](/contributing/search.md) contributing guide. Refer to the content models for more details around adding topics. A full list of  existing topics is located in the [allowed topics file](/data/allowed-topics.js). If topics in article frontmatter and the allow-topics list become out of sync, the [topics CI test](/tests/unit/search/topics.js) will fail.
 - Type: Array of `String`s
-- Optional: Topics are preferred for each article, but, there may be cases where existing articles don't yet have topics or a adding a topic to a new article may not add value.
+- Optional: Topics are preferred for each article, but, there may be cases where existing articles don't yet have topics or adding a topic to a new article may not add value.
 
 ### `contributor`
 - Purpose: Indicate an article is contributed and maintained by a third-party organization, typically a GitHub Technology Partner.

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md

@@ -70,7 +70,7 @@ The profile README is removed from your {% data variables.product.prodname_dotco
 - The repository is private.
 - The repository name no longer matches your username.
 
-The method you choose depends upon your needs, but if you're unsure, we recommend making your repository private. For steps on how to make your repository private, see ["Changing a repository's visibility."](/github/administering-a-repository/setting-repository-visibility#changing-a-repositorys-visibility)
+The method you choose depends upon your needs, but if you're unsure, we recommend making your repository private. For steps on how to make your repository private, see "[Changing a repository's visibility](/github/administering-a-repository/setting-repository-visibility#changing-a-repositorys-visibility)."
 
 ## Further reading
 

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-accessibility-settings.md

@@ -12,7 +12,7 @@ miniTocMaxHeadingLevel: 3
 
 ## About accessibility settings
 
-To accommodate your vision, hearing, motor, cognitive, or learning needs, you can customize the user interface for {% data variables.product.product_location %}.
+To create an experience on {% ifversion fpt or ghec or ghes %}{% data variables.product.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %} that fits your needs, you can customize the user interface. Accessibility settings can be essential for people with disabilities, but can be useful to anyone. For example, customization of keyboard shortcuts is essential to people who navigate using voice control, but can be useful to anyone when a keyboard shortcut for {% data variables.product.product_name %} clashes with another application shortcut.
 
 ## Managing accessibility settings
 
@@ -20,7 +20,7 @@ You can decide whether you want to use some or all keyboard shortcuts on {% ifve
 
 ### Managing keyboard shortcuts
 
-You can perform actions across the {% data variables.product.product_name %} website without using your mouse by using your keyboard instead. Keyboard shortcuts can be useful to save time for some people, but may interfere with accessibility if you don't intend to use the shortcuts.
+You can perform actions across the {% data variables.product.product_name %} website by using your keyboard alone. Keyboard shortcuts can be useful to save time, but can be activated accidentally or interfere with assistive technology.
 
 By default, all keyboard shortcuts are enabled on {% data variables.product.product_name %}. For more information, see "[Keyboard shortcuts](/get-started/using-github/keyboard-shortcuts)."
 
@@ -28,16 +28,17 @@ By default, all keyboard shortcuts are enabled on {% data variables.product.prod
 {% data reusables.user-settings.accessibility_settings %}
 1. Under "Keyboard shortcuts", manage settings for your keyboard shortcuts.
 
-   - Optionally, to disable or enable shortcut keys that don't use modifiers keys like <kbd>Control</kbd> or <kbd>Command</kbd>, under "General", deselect **Character keys**. If you disable character keys, you may still be able to trigger shortcuts for your web browser, and you can still trigger shortcuts for {% data variables.product.product_name %} that use a modifier key.
+   - To disable shortcut keys that don't use modifiers keys like <kbd>Control</kbd> or <kbd>Command</kbd>, under "General", deselect **Character keys**.
+     - If you disable character keys, you may still be able to trigger shortcuts for your web browser, and you can still trigger shortcuts for {% data variables.product.product_name %} that use a modifier key.
    {%- ifversion command-palette %}
-   - Optionally, to customize the keyboard shortcuts for triggering the command palette, under "Command palette", use the drop-down menus to choose a keyboard shortcut. For more information, see "[{% data variables.product.company_short %} Command Palette](/get-started/using-github/github-command-palette)."
+   - To customize the keyboard shortcuts for triggering the command palette, under "Command palette", use the drop-down menus to choose a keyboard shortcut. For more information, see "[{% data variables.product.company_short %} Command Palette](/get-started/using-github/github-command-palette)."
    {%- endif %}
 
 {% ifversion motion-management %}
 
 ### Managing motion
 
-You can control how {% data variables.product.product_name %} displays animated images.
+You can control how {% data variables.product.product_name %} displays animated _.gif_ images.
 
 By default, {% data variables.product.product_name %} syncs with your system-level preference for reduced motion. For more information, see the documentation or settings for your operating system.
 
@@ -45,6 +46,6 @@ By default, {% data variables.product.product_name %} syncs with your system-lev
 {% data reusables.user-settings.accessibility_settings %}
 1. Under "Motion", manage settings for motion.
 
-   - Optionally, to control how {% data variables.product.product_name %} displays animaged images, under "Autoplay animated images", select **Sync with system**, **Enabled**, or **Disabled**.
+   - To control how {% data variables.product.product_name %} displays animated images, under "Autoplay animated images", select **Sync with system**, **Enabled**, or **Disabled**.
 
-{% endif %}
+{% endif %}

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-your-theme-settings.md

@@ -32,6 +32,15 @@ You may want to use a dark theme to reduce power consumption on certain devices,
 1. Click the theme you'd like to use.
     - If you chose a single theme, click a theme.
 
+      {%- ifversion ghes = 3.5 %}
+      {% note %}
+
+      **Note**: The light high contrast theme was unavailable in {% data variables.product.product_name %} 3.5.0, 3.5.1, 3.5.2, and 3.5.3. The theme is available in 3.5.4 and later. For more information about upgrades, contact your site administrator.
+
+      For more information about determining the version of {% data variables.product.product_name %} you're using, see "[About versions of  {% data variables.product.prodname_docs %}](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server)."
+      {% endnote %}
+      {%- endif %}
+
       {% ifversion fpt or ghes > 3.2 or ghae or ghec %}![Radio buttons for the choice of a single theme](/assets/images/help/settings/theme-choose-a-single-theme-highcontrast.png){% else %}![Radio buttons for the choice of a single theme](/assets/images/help/settings/theme-choose-a-single-theme.png){% endif %}
     - If you chose to follow your system settings, click a day theme and a night theme.
 

content/actions/creating-actions/metadata-syntax-for-github-actions.md

@@ -433,7 +433,7 @@ runs:
 
 For more information about how the `entrypoint` executes, see "[Dockerfile support for {% data variables.product.prodname_actions %}](/actions/creating-actions/dockerfile-support-for-github-actions/#entrypoint)."
 
-### `post-entrypoint`
+### `runs.post-entrypoint`
 
 **Optional**  Allows you to run a cleanup script once the `runs.entrypoint` action has completed. {% data variables.product.prodname_actions %} uses `docker run` to launch this action. Because  {% data variables.product.prodname_actions %} runs the script inside a new container using the same base image, the runtime state is different from the main `entrypoint` container. You can access any state you need in either the workspace, `HOME`, or as a `STATE_` variable. The `post-entrypoint:` action always runs by default but you can override this using [`runs.post-if`](#runspost-if).
 
@@ -475,7 +475,7 @@ runs:
 
 ## `branding`
 
-You can use a color and [Feather](https://feathericons.com/) icon to create a badge to personalize and distinguish your action. Badges are shown next to your action name in [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions).
+**Optional** You can use a color and [Feather](https://feathericons.com/) icon to create a badge to personalize and distinguish your action. Badges are shown next to your action name in [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions).
 
 ### Example: Configuring branding for an action
 

content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md

@@ -99,7 +99,7 @@ Secrets stored in an environment are only available to workflow jobs that refere
    1. Enter the secret value.
    1. Click **Add secret**.
 
-You can also create and configure environments through the REST API. For more information, see "[Environments](/rest/reference/repos#environments)" and "[Secrets](/rest/reference/actions#secrets)."
+You can also create and configure environments through the REST API. For more information, see "[Deployment environments](/rest/deployments/environments)," "[GitHub Actions Secrets](/rest/actions/secrets)," and "[Deployment branch policies](/rest/deployments/branch-policies)."
 
 Running a workflow that references an environment that does not exist will create an environment with the referenced name. The newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.
 

content/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow.md

@@ -63,7 +63,7 @@ runs-on: [self-hosted, linux, x64, gpu]
 - `x64` - Only use a runner based on x64 hardware.
 - `gpu` - This custom label has been manually assigned to self-hosted runners with the GPU hardware installed. 
 
-These labels operate cumulatively, so a self-hosted runner’s labels must match all four to be eligible to process the job.
+These labels operate cumulatively, so a self-hosted runner must have all four labels to be eligible to process the job.
 
 ## Routing precedence for self-hosted runners
 

content/actions/learn-github-actions/contexts.md

@@ -470,6 +470,8 @@ The `runner` context contains information about the runner that is executing the
 | `runner.arch` | `string` | {% data reusables.actions.runner-arch-description %} |{% endif %}
 | `runner.temp` | `string` | {% data reusables.actions.runner-temp-directory-description %} |
 | `runner.tool_cache` | `string` | {% ifversion ghae %}{% data reusables.actions.self-hosted-runners-software %} {% else %} {% data reusables.actions.runner-tool-cache-description %} {% endif %}|
+| `runner.debug` | `string` | {% data reusables.actions.runner-debug-description %} |
+
 {%- comment %}
 The `runner.workspace` property is purposefully not documented. It is an early Actions property that now isn't relevant for users, compared to `github.workspace`. It is kept around for compatibility.
 | `runner.workspace` | `string` | |

content/actions/learn-github-actions/environment-variables.md

@@ -165,6 +165,7 @@ We strongly recommend that actions use environment variables to access the files
 {%- ifversion actions-runner-arch-envvars %}
 | `RUNNER_ARCH` | {% data reusables.actions.runner-arch-description %}
 {%- endif %} |
+| `RUNNER_DEBUG` | {% data reusables.actions.runner-debug-description %} |
 | `RUNNER_NAME` | {% data reusables.actions.runner-name-description %} For example, `Hosted Agent` |
 | `RUNNER_OS` | {% data reusables.actions.runner-os-description %} For example, `Windows` |
 | `RUNNER_TEMP` | {% data reusables.actions.runner-temp-directory-description %} For example, `D:\a\_temp` |

content/actions/learn-github-actions/expressions.md

@@ -125,14 +125,22 @@ env:
 
 Returns `true` if `search` contains `item`. If `search` is an array, this function returns `true` if the `item` is an element in the array. If `search` is a string, this function returns `true` if the `item` is a substring of `search`. This function is not case sensitive. Casts values to a string.
 
-#### Example using an array
-
-`contains(github.event.issue.labels.*.name, 'bug')` returns whether the issue related to the event has a label "bug".
-
 #### Example using a string
 
 `contains('Hello world', 'llo')` returns `true`.
 
+#### Example using an object filter
+
+`contains(github.event.issue.labels.*.name, 'bug')` returns `true` if the issue related to the event has a label "bug".
+
+For more information, see "[Object filters](#object-filters)."
+
+#### Example matching an array of strings
+
+Instead of writing `github.event_name == "push" || github.event_name == "pull_request"`, you can use `contains()` with `fromJson()` to check if an array of strings contains an `item`.
+
+For example, `contains(fromJson('["push", "pull_request"]'), github.event_name)` returns `true` if `github.event_name` is "push" or "pull_request".
+
 ### startsWith
 
 `startsWith( searchString, searchValue )`
@@ -221,7 +229,7 @@ jobs:
     needs: job1
     runs-on: ubuntu-latest
     strategy:
-      matrix: ${{fromJSON(needs.job1.outputs.matrix)}}
+      matrix: ${{ fromJSON(needs.job1.outputs.matrix) }}
     steps:
       - run: build
 ```
@@ -235,7 +243,7 @@ This workflow uses `fromJSON` to convert environment variables from a string to
 ```yaml
 name: print
 on: push
-env: 
+env:
   continue: true
   time: 3
 jobs:

content/actions/using-workflows/caching-dependencies-to-speed-up-workflows.md

@@ -121,7 +121,7 @@ jobs:
             {% raw %}${{ runner.os }}-build-{% endraw %}
             {% raw %}${{ runner.os }}-{% endraw %}
 
-      - if: {% raw %}${{ steps.cache-npm.outputs.cache-hit == 'false' }}{% endraw %}
+      - if: {% raw %}${{ steps.cache-npm.outputs.cache-hit != 'true' }}{% endraw %}
         name: List the state of node modules
         continue-on-error: true
         run: npm list
@@ -172,12 +172,12 @@ npm-d5ea0750
 
 ### Using the output of the `cache` action
 
-You can use the output of the `cache` action to do something based on whether a cache hit or miss occurred. If there is a cache miss (an exact match for a cache was not found for the specified `key`), the `cache-hit` output is set to `false`.
+You can use the output of the `cache` action to do something based on whether a cache hit or miss occurred. When an exact match is found for a cache for the specified `key`, the `cache-hit` output is set to `true`.
 
 In the example workflow above, there is a step that lists the state of the Node modules if a cache miss occurred:
 
 ```yaml
-- if: {% raw %}${{ steps.cache-npm.outputs.cache-hit == 'false' }}{% endraw %}
+- if: {% raw %}${{ steps.cache-npm.outputs.cache-hit != 'true' }}{% endraw %}
   name: List the state of node modules
   continue-on-error: true
   run: npm list

content/actions/using-workflows/workflow-commands-for-github-actions.md

@@ -25,7 +25,7 @@ versions:
 
 Actions can communicate with the runner machine to set environment variables, output values used by other actions, add debug messages to the output logs, and other tasks.
 
-Most workflow commands use the `echo` command in a specific format, while others are invoked by writing to a file. For more information, see ["Environment files".](#environment-files)
+Most workflow commands use the `echo` command in a specific format, while others are invoked by writing to a file. For more information, see "[Environment files](#environment-files)."
 
 ### Example
 
@@ -628,6 +628,12 @@ For multiline strings, you may use a delimiter with the following syntax.
 {delimiter}
 ```
 
+{% warning %}
+
+**Warning:** Make sure the delimiter you're using is randomly generated and unique for each run. For more information, see "[Understanding the risk of script injections](/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)".
+
+{% endwarning %}
+
 #### Example
 
 This example uses `EOF` as a delimiter, and sets the `JSON_RESPONSE` environment variable to the value of the `curl` response.

content/admin/configuration/configuring-your-enterprise/deploying-github-ae.md

@@ -20,9 +20,7 @@ After you purchase or start a trial of {% data variables.product.product_name %}
 
 ## Prerequisites
 
-- Before you can deploy {% data variables.product.product_name %}, you must request access from your {% data variables.product.company_short %} account team. {% data variables.product.company_short %} will enable deployment of {% data variables.product.product_name %} for your Azure subscription. If you haven't already purchased {% data variables.product.product_name %}, you can contact {% data variables.contact.contact_enterprise_sales %} to check your eligibility for a trial.
-
-- You must have permission to perform the `/register/action` operation for the resource provider in Azure. The permission is included in the `Contributor` and `Owner` roles. For more information, see [Azure resource providers and types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in the Microsoft documentation.
+You must have permission to perform the `/register/action` operation for the resource provider in Azure. The permission is included in the `Contributor` and `Owner` roles. For more information, see [Azure resource providers and types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in the Microsoft documentation.
 
 ## Deploying {% data variables.product.product_name %} with the {% data variables.actions.azure_portal %}
 

content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md

@@ -33,7 +33,8 @@ This article explains how site administrators can configure {% data variables.pr
 
 ## Review hardware requirements
 
-{%- ifversion ghes %}
+
+{%- ifversion ghes < 3.6 %}
 
 The CPU and memory resources available to {% data variables.product.product_location %} determine the number of jobs that can be run concurrently without performance loss. {% data reusables.actions.minimum-hardware %}
 
@@ -41,6 +42,13 @@ The peak quantity of concurrent jobs running without performance loss depends on
 
 {% endif %}
 
+{%- ifversion ghes > 3.5 %}
+
+The CPU and memory resources available to {% data variables.product.product_location %} determine the number of runners that can be configured without performance loss. {% data reusables.actions.minimum-hardware %}
+
+The peak quantity of connected runners without performance loss depends on such factors as job duration, artifact usage, number of repositories running Actions, and how much other work your instance is doing not related to Actions. Internal testing at GitHub demonstrated the following performance targets for GitHub Enterprise Server on a range of CPU and memory configurations:
+
+{% endif %}
 
 {%- ifversion ghes = 3.2 %}
 
@@ -80,6 +88,23 @@ Maximum concurrency was measured using multiple repositories, job duration of ap
 
 {%- endif %}
 
+
+{%- ifversion ghes = 3.6 %}
+
+{% data reusables.actions.hardware-requirements-3.6 %}
+
+{% data variables.product.company_short %} measured maximum connected runners using multiple repositories, job duration of approximately 10 minutes, and 10 MB artifact uploads. You may experience different performance depending on the overall levels of activity on your instance.
+
+{% note %}
+
+**Notes:**
+
+- Beginning with {% data variables.product.prodname_ghe_server %} 3.6, {% data variables.product.company_short %} documents connected runners as opposed to concurrent jobs. Connected runners represents the most runners you can connect and expect to utilize. It should also be noted that connecting more runners than you can expect to utilize can negatively impact performance.
+
+- Beginning with {% data variables.product.prodname_ghe_server %} 3.5, {% data variables.product.company_short %}'s internal testing uses 3rd generation CPUs to better reflect a typical customer configuration. This change in CPU represents a small portion of the changes to performance targets in this version of {% data variables.product.prodname_ghe_server %}.
+{% endnote %}
+{%- endif %}
+
 If you plan to enable {% data variables.product.prodname_actions %} for the users of an existing instance, review the levels of activity for users and automations on the instance and ensure that you have provisioned adequate CPU and memory for your users. For more information about monitoring the capacity and performance of {% data variables.product.prodname_ghe_server %}, see "[Monitoring your appliance](/admin/enterprise-management/monitoring-your-appliance)."
 
 For more information about minimum hardware requirements for {% data variables.product.product_location %}, see the hardware considerations for your instance's platform.

content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md

@@ -13,7 +13,7 @@ topics:
 permissions: Enterprise owners can use a recovery code to access an enterprise account.
 ---
 
-You can use a recovery code to access your enterprise account when a authentication configuration error or an issue with your identity provider (IdP) prevents you from using SSO. 
+You can use a recovery code to access your enterprise account when an authentication configuration error or an issue with your identity provider (IdP) prevents you from using SSO. 
 
 In order to access your enterprise account this way, you must have previously downloaded and stored the recovery codes for your enterprise. For more information, see "[Downloading your enterprise account's single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."
 

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md

@@ -85,6 +85,12 @@ For information on creating or accessing your access key ID and secret key, see
 {% ifversion streaming-oidc-s3 %}
 #### Setting up streaming to S3 with OpenID Connect
 
+{% note %}
+
+**Note:** Streaming to Amazon S3 with OpenID Connect is currently in beta and subject to change.
+
+{% endnote %}
+
 1. In AWS, add the {% data variables.product.prodname_dotcom %} OIDC provider to IAM. For more information, see [Creating OpenID Connect (OIDC) identity providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) in the AWS documentation.
 
    - For the provider URL, use `https://oidc-configuration.audit-log.githubusercontent.com`.

content/admin/overview/creating-an-enterprise-account.md

@@ -18,14 +18,15 @@ shortTitle: Create enterprise account
 
 {% data reusables.enterprise.create-an-enterprise-account %} If you pay by invoice, you can create an enterprise account yourself on {% data variables.product.prodname_dotcom %}. If not, you can [contact our sales team](https://github.com/enterprise/contact?ref_page=/pricing&ref_cta=Contact%20Sales&ref_loc=cards) to create an enterprise account for you.
 
-An enterprise account is included in {% data variables.product.prodname_ghe_cloud %}, so creating one will not affect your bill.
+An enterprise account is included with {% data variables.product.prodname_ghe_cloud %}. Creation of an enterprise account does not result in additional charges on your bill.
 
-When you create an enterprise account, your existing organization will automatically be owned by the enterprise account. All current owners of your organization will become owners of the enterprise account. All current billing managers of the organization will become billing managers of the new enterprise account. The current billing details of the organization, including the organization's billing email address, will become billing details of the new enterprise account.
+When you create an enterprise account that owns your existing organization on {% data variables.product.product_name %}, the organization's resources remain accessible to members at the same URLs. After you add your organization to the enterprise account, the following changes will apply to the organization.
 
-If the organization is connected to {% data variables.product.prodname_ghe_server %} or {% data variables.product.prodname_ghe_managed %} via {% data variables.product.prodname_github_connect %}, upgrading the organization to an enterprise account **will not** update the connection. If you want to connect to the new enterprise account, you must disable and re-enable {% data variables.product.prodname_github_connect %}.
+- Your existing organization will automatically be owned by the enterprise account.
+- {% data variables.product.company_short %} bills the enterprise account for usage within all organizations owned by the enterprise. The current billing details for the organization, including the organization's billing email address, will become billing details for the new enterprise account. For more information, see "[About billing for your enterprise](/billing/managing-billing-for-your-github-account/about-billing-for-your-enterprise)."
+- All current owners of your organization will become owners of the enterprise account, and all current billing managers of the organization will become billing managers of the new enterprise account. For more information, see "[Roles in an enterprise](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
 
-- "[Managing {% data variables.product.prodname_github_connect %}](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation
-- "[Managing {% data variables.product.prodname_github_connect %}](/github-ae@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_managed %} documentation
+For more information about the changes that apply to an organization after you add the organization to an enterprise, see "[Adding organizations to your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#about-addition-of-organizations-to-your-enterprise-account)."
 
 ## Creating an enterprise account on {% data variables.product.prodname_dotcom %}
 

content/admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md

@@ -75,11 +75,3 @@ Prior to migration, if a user has created a package in the {% data variables.pro
 {% data reusables.enterprise-accounts.packages-tab %}
 1. To the right of the number of packages to migrate, click **Re-run migration**. During the migration, {% data variables.product.product_name %} will display progress on this page.
 1. If the migration fails again, start from step 1 and re-run the migration.
-
-{% ifversion ghes %}
-
-## Monitoring traffic to the registries
-
-You can use visualize traffic to the Docker registry and {% data variables.product.prodname_container_registry %} from {% data variables.product.product_location %}'s monitor dashboard. The "GitHub Container Package Registry" graph can help you confirm that you've successfully migrated all images to the {% data variables.product.prodname_container_registry %}. In the graph, "v1" represents traffic to the Docker registry, and "v2" represents traffic to the {% data variables.product.prodname_container_registry %}. For more information, see "[Accessing the monitor dashboard](/admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard)."
-
-{% endif %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md

@@ -41,7 +41,7 @@ Before you can require 2FA for all organizations owned by your enterprise, you m
 
 - When you require two-factor authentication for your enterprise, members, outside collaborators, and billing managers (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their account within three months of their removal from your organization. For more information, see "[Reinstating a former member of your organization](/articles/reinstating-a-former-member-of-your-organization)."
 - Any organization owner, member, billing manager, or outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization.
-- If you're the sole owner of a enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required two-factor authentication for the enterprise.
+- If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required two-factor authentication for the enterprise.
 
 {% endwarning %}
 

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md

@@ -97,7 +97,7 @@ Across all organizations owned by your enterprise, you can allow members to crea
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.repositories-tab %}
 5. Under "Repository creation", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
-{% ifversion ghes or ghae %}
+{% ifversion ghes or ghae or ghec %}
 {% data reusables.enterprise-accounts.repo-creation-policy %}
 {% data reusables.enterprise-accounts.repo-creation-types %}
 {% else %}

content/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md

@@ -17,13 +17,26 @@ shortTitle: Add organizations
 permissions: Enterprise owners can add organizations to an enterprise.
 ---
 
-## About organizations
+## About addition of organizations to your enterprise account
 
 Your enterprise account can own organizations. Members of your enterprise can collaborate across related projects within an organization. For more information, see "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
 
-You can add a new or existing organization to your enterprise in your enterprise account's settings.
+You can add new organizations to your enterprise account. If you do not use {% data variables.product.prodname_emus %}, you can add existing organizations on {% data variables.product.product_location %} to your enterprise. You cannot add an existing organization from an {% data variables.product.prodname_emu_enterprise %} to a different enterprise.
 
-You can only add organizations this way to an existing enterprise account. {% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[Creating an enterprise account](/admin/overview/creating-an-enterprise-account)."
+{% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[Creating an enterprise account](/admin/overview/creating-an-enterprise-account)."
+
+After you add an existing organization to your enterprise, the organization's resources remain accessible to members at the same URLs, and the following changes will apply.
+
+- The organization's members will become members of the enterprise, and {% data variables.product.company_short %} will bill the enterprise account for the organization's usage. You must ensure that the enterprise account has enough licenses to accommodate any new members. For more information, see "[About billing for your enterprise](/billing/managing-billing-for-your-github-account/about-billing-for-your-enterprise)."
+- Enterprise owners can manage their role within the organization. For more information, see "[Managing your role in an organization owned by your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
+- Any policies applied to the enterprise will apply to the organization. For more information, see "[About enterprise policies](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)."
+- If SAML SSO is configured for the enterprise account, the enterprise's SAML configuration will apply to the organization. If the organization used SAML SSO, the enterprise account's configuration will replace the organization's configuration. SCIM is not available for enterprise accounts, so SCIM will be disabled for the organization. For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[Switching your SAML configuration from an organization to an enterprise account](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)."
+- If SAML SSO was configured for the organization, members' existing personal access tokens (PATs) or SSH keys that were authorized to access the organization's resources will be authorized to access the same resources. To access additional organizations owned by the enterprise, members must authorize the PAT or key. For more information, see "[Authorizing a personal access token for use with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[Authorizing an SSH key for use with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."
+- If the organization was connected to {% data variables.product.prodname_ghe_server %} or {% data variables.product.prodname_ghe_managed %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. For more information, see the following articles.
+
+  - "[Managing {% data variables.product.prodname_github_connect %}](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation
+  - "[Managing {% data variables.product.prodname_github_connect %}](/github-ae@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_managed %} documentation
+- If the organization used billed {% data variables.product.prodname_marketplace %} apps, the organization can continue to use the apps, but must pay the vendor directly. For more information, contact the app's vendor.
 
 ## Creating an organization in your enterprise account
 

content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md

@@ -1,6 +1,7 @@
 ---
 title: Viewing people in your enterprise
 intro: 'To audit access to enterprise-owned resources or user license usage, enterprise owners can view every administrator and member of the enterprise.'
+permissions: 'Enterprise owners can view the people in an enterprise.'
 redirect_from:
   - /github/setting-up-and-managing-your-enterprise-account/viewing-people-in-your-enterprise-account
   - /articles/viewing-people-in-your-enterprise-account
@@ -21,6 +22,20 @@ To audit access to your enterprise's resources and manage license usage, you can
 
 You can see all current enterprise members and enterprise administrators{% ifversion ghec %}, as well as pending invitations to become members and administrators{% endif %}. To make it easier to consume this information, you can search and filter the lists.
 
+{% ifversion ghec %}
+
+If {% data variables.product.prodname_github_connect %} is configured for your enterprise, when you filter a list of people in your enterprise, the following limitations apply.
+
+- The filter for two-factor authentication (2FA) status does not show people who only have an account on a {% data variables.product.prodname_ghe_server %} instance.
+- If you combine the filter for accounts on {% data variables.product.prodname_ghe_server %} instances with either the filter for organizations or 2FA status, you will not see any results.
+
+For more information about {% data variables.product.prodname_github_connect %}, see the following articles.
+
+- "[About {% data variables.product.prodname_github_connect %}](/enterprise-server/admin/configuration/configuring-github-connect/about-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation
+- "[About {% data variables.product.prodname_github_connect %}](/github-ae@latest/admin/configuration/configuring-github-connect/about-github-connect)" in the {% data variables.product.prodname_ghe_managed %} documentation
+
+{% endif %}
+
 ## Viewing enterprise administrators
 
 You can view all the current enterprise owners{% ifversion ghec %} and billing managers{% endif %} for your enterprise.{% ifversion enterprise-membership-view-improvements %} You can see useful information about each administrator{% ifversion ghec %} and filter the list by role{% endif %}.{% endif %} You can find a specific person by searching for their username or display name.

content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md

@@ -17,4 +17,4 @@ Before starting a paid subscription, you can set up a one-time 60-day trial to e
 
 The {% data variables.product.prodname_copilot %} subscription is available on a monthly or yearly cycle. If you choose a monthly billing cycle, you will be billed $10 per calendar month. If you choose a yearly billing cycle, you will be billed $100 per year. You can modify your billing cycle at any time, and the modification will be reflected from the start of your next billing cycle.
 
-A free subscription for {% data variables.product.prodname_copilot %} is available to verified students, and maintainers of popular open-source repositories on {% data variables.product.company_short %}. If you meet the criteria as an open source maintainer, you will be automatically notified when you visit the {% data variables.product.prodname_copilot %} subscription page. As a student, if you currently receive the {% data variables.product.prodname_student_pack %}, you will also be offered a free subscription when you visit the {% data variables.product.prodname_copilot %} subscription page. For more information about the {% data variables.product.prodname_student_pack %}, see "[Apply for a student developer pack](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-for-your-schoolwork/apply-for-a-student-developer-pack)."
+A free subscription for {% data variables.product.prodname_copilot %} is available to verified students, and maintainers of popular open-source repositories on {% data variables.product.company_short %}. If you meet the criteria as an open source maintainer, you will be automatically notified when you visit the {% data variables.product.prodname_copilot %} subscription page. As a student, if you currently receive the {% data variables.product.prodname_student_pack %}, you will also be offered a free subscription when you visit the {% data variables.product.prodname_copilot %} subscription page. For more information about the {% data variables.product.prodname_student_pack %}, see "[Apply to {% data variables.product.prodname_global_campus %} as a student](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/apply-to-github-global-campus-as-a-student)."

content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md

@@ -49,9 +49,9 @@ All data transferred out, when triggered by {% data variables.product.prodname_a
 
 Storage usage is shared with build artifacts produced by {% data variables.product.prodname_actions %} for repositories owned by your account. For more information, see "[About billing for {% data variables.product.prodname_actions %}](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."
 
-{% data variables.product.prodname_dotcom %} charges usage to the account that owns the repository where the package is published. If your account's usage surpasses these limits and you have set a spending limit above $0 USD, you will pay $0.008 USD per GB of storage per day and $0.50 USD per GB of data transfer.
+{% data variables.product.prodname_dotcom %} charges usage to the account that owns the repository where the package is published. If your account's usage surpasses these limits and you have set a spending limit above $0 USD, you will pay $0.25 USD per GB of storage per day and $0.50 USD per GB of data transfer.
 
-For example, if your organization uses {% data variables.product.prodname_team %}, allows unlimited spending, uses 150GB of storage, and has 50GB of data transfer out during a month, the organization would have overages of 148GB for storage and 40GB for data transfer for that month. The storage overage would cost $0.008 USD per GB per day or $37 USD. The overage for data transfer would cost $0.50 USD per GB or $20 USD. 
+For example, if your organization uses {% data variables.product.prodname_team %}, allows unlimited spending, uses 150GB of storage, and has 50GB of data transfer out during a month, the organization would have overages of 148GB for storage and 40GB for data transfer for that month. The storage overage would cost $0.25 USD per GB per day or $37 USD. The overage for data transfer would cost $0.50 USD per GB or $20 USD.
 
 {% data reusables.dotcom_billing.pricing_calculator.pricing_cal_packages %}
 

content/billing/managing-billing-for-your-github-account/about-billing-for-your-enterprise.md

@@ -45,7 +45,11 @@ You can see your current usage in your [Azure account portal](https://portal.azu
 
 {% ifversion ghec %}
 
-{% data variables.product.company_short %} bills monthly for the total number of licensed seats for your organization or enterprise account, as well as any additional services you use with {% data variables.product.prodname_ghe_cloud %}, such as {% data variables.product.prodname_actions %} minutes. For more information about the licensed seats portion of your bill, see "[About per-user pricing](/billing/managing-billing-for-your-github-account/about-per-user-pricing)."
+When you use an enterprise account on {% data variables.product.product_location %}, the enterprise account is the central point for all billing within your enterprise, including the organizations that your enterprise owns.
+
+If you use {% data variables.product.product_name %} with an individual organization and do not yet have an enterprise account, you create an enterprise account and add your organization. For more information, see "[Creating an enterprise account](/admin/overview/creating-an-enterprise-account)."
+
+{% data variables.product.company_short %} bills monthly for the total number of licensed seats for your enterprise account, as well as any additional services you use with {% data variables.product.prodname_ghe_cloud %}, such as {% data variables.product.prodname_actions %} minutes. If you use a standalone organization on {% data variables.product.product_name %}, you'll be billed at the organization level for all usage. For more information your bill's license seats, see "[About per-user pricing](/billing/managing-billing-for-your-github-account/about-per-user-pricing)."
 
 {% elsif ghes %}
 

content/billing/managing-billing-for-your-github-account/discounted-subscriptions-for-github-accounts.md

@@ -28,11 +28,11 @@ shortTitle: Discounted subscriptions
 
 ## Discounts for personal accounts
 
-In addition to the unlimited public and private repositories for students and faculty with {% data variables.product.prodname_free_user %}, verified students can apply for the {% data variables.product.prodname_student_pack %} to receive additional benefits from {% data variables.product.prodname_dotcom %} partners. For more information, see "[Apply for a student developer pack](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/apply-for-a-student-developer-pack)."
+In addition to the unlimited public and private repositories for students and faculty with {% data variables.product.prodname_free_user %}, verified students can apply for the {% data variables.product.prodname_student_pack %} to receive additional benefits from {% data variables.product.prodname_dotcom %} partners. For more information, see "[Apply to {% data variables.product.prodname_global_campus %} as a student](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/apply-to-github-global-campus-as-a-student)."
 
 ## Discounts for schools and universities
 
-Verified academic faculty can apply for {% data variables.product.prodname_team %} for teaching or academic research. For more information, see "[Use {% data variables.product.prodname_dotcom %} in your classroom and research](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-in-your-classroom-and-research)." You can also request educational materials goodies for your students. For more information, visit [{% data variables.product.prodname_education %}](https://education.github.com/).
+Verified academic faculty can apply for {% data variables.product.prodname_team %} for teaching or academic research. For more information, see "[{% data variables.product.prodname_global_campus %} for teachers](/free-pro-team@latest/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-teachers)." You can also request educational materials goodies for your students. For more information, visit [{% data variables.product.prodname_education %}](https://education.github.com/).
 
 ## Discounts for nonprofits and libraries
 

content/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud.md

@@ -22,6 +22,8 @@ To ensure that you see up-to-date license details on {% data variables.product.p
 
 If you don't want to enable {% data variables.product.prodname_github_connect %}, you can manually sync license usage by uploading a file from {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %}.
 
+When you synchronize license usage, only the user ID and email addresses for each user account on {% data variables.product.prodname_ghe_server %} are transmitted to {% data variables.product.prodname_ghe_cloud %}.
+
 {% data reusables.enterprise-licensing.view-consumed-licenses %}
 
 {% data reusables.enterprise-licensing.verified-domains-license-sync %}

content/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise.md

@@ -14,32 +14,57 @@ shortTitle: Troubleshoot license usage
 
 ## About unexpected license usage
 
-If the number of consumed licenses for your enterprise is unexpected, you can review your consumed license report to audit your license usage across all your enterprise deployments and subscriptions. If you find errors, you can try troubleshooting steps. For more information about viewing your license usage, see "[Viewing license usage for GitHub Enterprise](/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise)" and "[Viewing the subscription and usage for your enterprise account](/billing/managing-billing-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account)."
+If the number of consumed licenses for your enterprise is unexpected, you can review your consumed license report to audit your license usage across all your enterprise deployments and subscriptions. For more information, see "[Viewing license usage for GitHub Enterprise](/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise)" and "[Viewing the subscription and usage for your enterprise account](/billing/managing-billing-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account)."
 
-For privacy reasons, enterprise owners cannot directly access the details of user accounts.
+If you find errors, you can try troubleshooting steps.
+
+For privacy reasons, enterprise owners cannot directly access the details of user accounts unless you use {% data variables.product.prodname_emus %}.
 
 ## About the calculation of consumed licenses
 
-{% data variables.product.company_short %} bills for each person who uses deployments of {% data variables.product.prodname_ghe_server %}, is a member of an organization on {% data variables.product.prodname_ghe_cloud %}, or is a {% data variables.product.prodname_vs_subscriber %}. For more information about the people in your enterprise who are counted as consuming a license, see "[About per-user pricing](/billing/managing-billing-for-your-github-account/about-per-user-pricing)."
+{% data variables.product.company_short %} bills for each person who uses deployments of {% data variables.product.prodname_ghe_server %}, is a member of one of your organizations on {% data variables.product.prodname_ghe_cloud %}, or is a {% data variables.product.prodname_vs_subscriber %}. For more information about the people in your enterprise who consume a license, see "[About per-user pricing](/billing/managing-billing-for-your-github-account/about-per-user-pricing)."
 
-{% data reusables.enterprise-licensing.about-license-sync %}
+For each user to consume a single seat regardless of how many deployments they use, you must synchronize license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Syncing license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
+
+After you synchronize license usage, {% data variables.product.prodname_dotcom %} matches user accounts on {% data variables.product.prodname_ghe_server %} with user accounts on {% data variables.product.prodname_ghe_cloud %} by email address.
+
+First, we first check the primary email address of each user on {% data variables.product.prodname_ghe_server %}. Then, we attempt to match that address with the email address for a user account on {% data variables.product.prodname_ghe_cloud %}. If your enterprise uses SAML SSO, we first check the following SAML attributes for email addresses.
+
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
+- `username`
+- `NameID`
+- `emails`
+
+If no email addresses found in these attributes match the primary email address on {% data variables.product.prodname_ghe_server %}, or if your enterprise doesn't use SAML SSO, we then check each of the user's verified email addresses on {% data variables.product.prodname_ghe_cloud %}. For more information about verification of email addresses on {% data variables.product.prodname_dotcom_the_website %}, see "[Verifying your email address](/enterprise-cloud@latest/get-started/signing-up-for-github/verifying-your-email-address){% ifversion not ghec %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
 
 ## Fields in the consumed license files
 
 The {% data variables.product.prodname_dotcom_the_website %} license usage report and {% data variables.product.prodname_ghe_server %} exported license usage file include a variety of fields to help you troubleshoot license usage for your enterprise. 
+
 ### {% data variables.product.prodname_dotcom_the_website %} license usage report (CSV file)
 
 The license usage report for your enterprise is a CSV file that contains the following information about members of your enterprise. Some fields are specific to your {% data variables.product.prodname_ghe_cloud %} (GHEC) deployment, {% data variables.product.prodname_ghe_server %} (GHES) connected environments, or your {% data variables.product.prodname_vs %} subscriptions (VSS) with GitHub Enterprise.
 
 | Field | Description
 | ----- | -----------
-| Name | First and last name for the user's account on GHEC.
-| Handle or email | GHEC username, or the email address associated with the user's account on GHES.
-| Profile link | Link to the {% data variables.product.prodname_dotcom_the_website %} profile page for the user's account on GHEC.
-| License type | Can be one of: `Visual Studio subscription` or `Enterprise`.
-| License status | Identifies if a user account on {% data variables.product.prodname_dotcom_the_website %} successfully matched either a {% data variables.product.prodname_vs_subscriber %} or GHES user.<br><br>Can be one of: `Matched`, `Pending Invitation`, `Server Only`, blank.
-| Member roles | For each of the organizations the user belongs to on GHEC, the organization name and the person's role in that organization (`Owner` or `Member`) separated by a colon<br><br>Each organization is delimited by a comma.
-| Enterprise role | Can be one of: `Owner` or `Member`.
+| github_com_login | The username for the user's GHEC account
+| github_com_name | The display name for the user's GHEC account
+| github_com_profile | The URL for the user's profile page on GHEC
+| github_com_user	| Whether or not the user has an account on GHEC |
+| github_com_member_roles | For each of the organizations the user belongs to on GHEC, the organization name and the user's role in that organization (`Owner` or `Member`) separated by a colon<br><br>Organizations delimited by commas |
+| github_com_enterprise_role | Can be one of: `Owner`, `Member`, or `Outside collaborator`
+| github_com_verified_domain_emails | All email addresses associated with the user's GHEC account that match your enterprise's verified domains |
+| github_com_saml_name_id | The SAML username |
+| github_com_orgs_with_pending_invites | All pending invitations for the user's GHEC account to join organizations within your enterprise |
+| license_type | Can be one of: `Visual Studio subscription` or `Enterprise`
+| enterprise_server_user| Whether or not the user has at least one account on GHES |
+| enterprise_server_primary_emails | The primary email addresses associated with each of the user's GHES accounts |
+| enterprise_server_user_ids | For each of the user's GHES accounts, the account's user ID
+| total_user_accounts | The total number of accounts the person has across both GHEC and GHES
+| visual_studio_subscription_user | Whether or not the user is a {% data variables.product.prodname_vs_subscriber %} |
+| visual_studio_subscription_email | The email address associated with the user's VSS |
+| visual_studio_license_status | Whether the Visual Studio license has been matched to a {% data variables.product.company_short %} user |
 
 {% data variables.product.prodname_vs_subscriber %}s who are not yet members of at least one organization in your enterprise will be included in the report with a pending invitation status, and will be missing values for the "Name" or "Profile link" field.
 
@@ -59,32 +84,16 @@ Your {% data variables.product.prodname_ghe_server %} license usage is a JSON fi
 
 ## Troubleshooting consumed licenses
 
-If the number of consumed seats is unexpected, or if you've recently removed members from your enterprise, we recommend that you audit your license usage.
+To ensure that the each user is only consuming a single seat for different deployments and subscriptions, try the following troubleshooting steps.
 
-To determine which users are currently consuming seat licenses, first try reviewing the consumed licenses report for your enterprise{% ifversion ghes %} and/or an export of your {% data variables.product.prodname_ghe_server %} license usage{% endif %} for unexpected entries.
+1. To help identify users that are consuming multiple seats, if your enterprise uses verified domains for {% data variables.product.prodname_ghe_cloud %}, review the list of enterprise members who do not have an email address from a verified domain associated with their account on {% data variables.product.prodname_dotcom_the_website %}. Often, these are the users who erroneously consume more than one licensed seat. For more information, see "[Viewing members without an email address from a verified domain](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-members-without-an-email-address-from-a-verified-domain)."
 
-There are two especially common reasons for inaccurate or incorrect license seat counts.
-- The email addresses associated with a user do not match across your enterprise deployments and subscriptions.
-- An email address for a user was recently updated or verified to correct a mismatch, but a license sync job hasn't run since the update was made.
+   {% note %}
 
-When attempting to match users across enterprises, {% data variables.product.company_short %} identifies individuals by the verified email addresses associated with their {% data variables.product.prodname_dotcom_the_website %} account, and the primary email address associated with their {% data variables.product.prodname_ghe_server %} account and/or the email address assigned to the {% data variables.product.prodname_vs_subscriber %}.
+  **Note:** To make troubleshooting easier, we recommend using verified domains with your enterprise account on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Verifying or approving a domain for your enterprise](/enterprise-cloud@latest/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)."
 
-Your license usage is recalculated shortly after each license sync is performed. You can view the timestamp of the last license sync job, and, if a job hasn't run since an email address was updated or verified, to resolve an issue with your consumed license report you can manually trigger one. For more information, see "[Syncing license usage between GitHub Enterprise Server and GitHub Enterprise Cloud](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
-
-{% ifversion ghec or ghes %}
-If your enterprise uses verified domains, review the list of enterprise members who do not have an email address from a verified domain associated with their {% data variables.product.prodname_dotcom_the_website %} account. Often, these are the users who erroneously consume more than one licensed seat. For more information, see "[Viewing members without an email address from a verified domain](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-members-without-an-email-address-from-a-verified-domain)."
-{% endif %}
-
-{% note %}
-
-**Note:** For privacy reasons, your consumed license report only includes the email address associated with a user account on {% data variables.product.prodname_dotcom_the_website %} if the address is hosted by a verified domain. For this reason, we recommend using verified domains with your enterprise account on {% data variables.product.prodname_dotcom_the_website %}. Then, if one person is erroneously consuming multiple licenses, you can more easily troubleshoot, as you will have access to the email address that is being used for license deduplication.
-
-{% endnote %}
-
-{% ifversion ghec %}
-
-If your license includes {% data variables.product.prodname_vss_ghe %} and your enterprise also includes at least one {% data variables.product.prodname_ghe_server %} connected environment, we strongly recommend using {% data variables.product.prodname_github_connect %} to automatically synchronize your license usage. For more information, see "[About Visual Studio subscriptions with GitHub Enterprise](/enterprise-cloud@latest/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise)."
-
-{% endif %}
+  {% endnote %}
+1. After you identify users who are consuming multiple seats, make sure that the same email address is associated with all of the user's accounts. For more information about which email addresses must match, see "[About the calculation of consumed licenses](#about-the-calculation-of-consumed-licenses)."
+1. If an email address was recently updated or verified to correct a mismatch, view the timestamp of the last license sync job. If a job hasn't run since the correction was made, manually trigger a new job. For more information, see "[Syncing license usage between GitHub Enterprise Server and GitHub Enterprise Cloud](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
 
 If you still have questions about your consumed licenses after reviewing the troubleshooting information above, you can contact {% data variables.contact.github_support %} through the {% data variables.contact.contact_enterprise_portal %}.

content/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise.md

@@ -14,21 +14,20 @@ shortTitle: View license usage
 
 ## About license usage for {% data variables.product.prodname_enterprise %}
 
-{% ifversion ghec %}
+You can view license usage for {% data variables.product.product_name %} on {% data variables.product.product_location %}.
 
-You can view license usage for your enterprise account on {% data variables.product.prodname_ghe_cloud %} on {% data variables.product.prodname_dotcom_the_website %}.
+If you use both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %} and sync license usage between the products, you can view license usage for both on {% data variables.product.prodname_dotcom_the_website %}. For more information about license sync, see "[Syncing license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
 
-{% data reusables.enterprise-licensing.you-can-sync-for-a-combined-view %}
+{% ifversion ghes %}
 
-{% elsif ghes %}
+For more information about viewing license usage on {% data variables.product.prodname_dotcom_the_website %} and identifying when the last license sync occurred, see "[Viewing license usage for {% data variables.product.prodname_enterprise %}](/enterprise-cloud@latest/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
 
-You can view license usage for {% data variables.product.prodname_ghe_server %} on {% data variables.product.product_location %}.
+{% endif %}
 
-{% data reusables.enterprise-licensing.you-can-sync-for-a-combined-view %} For more information about the display of license usage on {% data variables.product.prodname_dotcom_the_website %} and identifying when the last license sync occurred, see "[Viewing license usage for {% data variables.product.prodname_enterprise %}](/enterprise-cloud@latest/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+You can also use the REST API to return consumed licenses data and the status of the license sync job. For more information, see "[GitHub Enterprise administration](/enterprise-cloud@latest/rest/enterprise-admin/license)" in the REST API documentation.
 
 To learn more about the license data associated with your enterprise account and how the number of consumed user seats are calculated, see "[Troubleshooting license usage for GitHub Enterprise](/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise)."
 
-{% endif %}
 
 ## Viewing license usage on {% ifversion ghec %}{% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}{% data variables.product.product_location %}{% endif %}
 

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md

@@ -204,15 +204,14 @@ To dismiss {% ifversion delete-code-scanning-alerts %}or delete{% endif %} alert
   ![Filter alerts by rule](/assets/images/enterprise/3.1/help/repository/code-scanning-filter-by-rule.png)
 {% endif %}{% endif %}
 1. If you want to dismiss an alert, it's important to explore the alert first, so that you can choose the correct dismissal reason. Click the alert you'd like to explore.
-
 ![Open an alert from the summary list](/assets/images/help/repository/code-scanning-click-alert.png)
-
-1. Review the alert, then click {% ifversion comment-dismissed-code-scanning-alert %}**Dismiss alert** and choose, or type, a reason for closing the alert. 
-  ![Screenshot of code scanning alert with dropdown to choose dismissal reason emphasized](/assets/images/help/repository/code-scanning-alert-drop-down-reason.png)
-{% else %}**Dismiss** and choose a reason for closing the alert.
+{%- ifversion comment-dismissed-code-scanning-alert %}
+1. Review the alert, then click **Dismiss alert** and choose, or type, a reason for closing the alert. 
+  ![Screenshot of code scanning alert with dropdown to choose dismissal reason emphasized](/assets/images/help/repository/code-scanning-alert-dropdown-reason.png)
+{%- else %}
+1. Review the alert, then click **Dismiss** and choose a reason for closing the alert.
   ![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
-{% endif %}
-
+{%- endif %}
    {% data reusables.code-scanning.choose-alert-dismissal-reason %}
 
    {% data reusables.code-scanning.false-positive-fix-codeql %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md

@@ -118,7 +118,7 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr
 
 An alternative way of closing an alert is to dismiss it. You can dismiss an alert if you don't think it needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} If you have write permission for the repository, the **Dismiss** button is available in code annotations and in the alerts summary. When you click **Dismiss** you will be prompted to choose a reason for closing the alert.
 {% ifversion comment-dismissed-code-scanning-alert %}
-![Screenshot of code scanning alert with dropdown to choose dismissal reason emphasized](/assets/images/help/repository/code-scanning-alert-drop-down-reason.png)
+![Screenshot of code scanning alert with dropdown to choose dismissal reason emphasized](/assets/images/help/repository/code-scanning-alert-dropdown-reason.png)
 {% else %}
 ![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
 {% endif %}

content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md

@@ -51,10 +51,10 @@ To use {% data variables.product.prodname_actions %} to upload a third-party SAR
 
 Your workflow will need to use the `upload-sarif` action, which is part of the `github/codeql-action` repository. It has input parameters that you can use to configure the upload. The main input parameters you'll use are:
 
-- `sarif-file`, which configures the file or directory of SARIF files to be uploaded. The directory or file path is relative to the root of the repository. 
+- `sarif-file`, which configures the file or directory of SARIF files to be uploaded. The directory or file path is relative to the root of the repository.
 - `category` (optional), which assigns a category for results in the SARIF file. This enables you to analyze the same commit in multiple ways and review the results using the {% data variables.product.prodname_code_scanning %} views in {% data variables.product.prodname_dotcom %}. For example, you can analyze using multiple tools, and in mono-repos, you can analyze different slices of the repository based on the subset of changed files.
 
-For more information see the [`upload-sarif` action](https://github.com/github/codeql-action/tree/v1/upload-sarif).
+For more information see the [`upload-sarif` action](https://github.com/github/codeql-action/tree/{% ifversion actions-node16-action %}v2{% else %}v1{% endif %}/upload-sarif).
 
 The `upload-sarif` action can be configured to run when the `push` and `scheduled` event occur. For more information about {% data variables.product.prodname_actions %}  events, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)."
 
@@ -66,7 +66,7 @@ If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` act
 
 You can create a new workflow that uploads SARIF files after you commit them to your repository. This is useful when the SARIF file is generated as an artifact outside of your repository.
 
-This example workflow runs anytime commits are pushed to the repository. The action uses the `partialFingerprints` property to determine if changes have occurred. In addition to running when commits are pushed, the workflow is scheduled to run once per week. For more information, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)." 
+This example workflow runs anytime commits are pushed to the repository. The action uses the `partialFingerprints` property to determine if changes have occurred. In addition to running when commits are pushed, the workflow is scheduled to run once per week. For more information, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)."
 
 This workflow uploads the `results.sarif` file located in the root of the repository. For more information about creating a workflow file, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
 
@@ -109,7 +109,7 @@ jobs:
 
 If you generate your third-party SARIF file as part of a continuous integration (CI) workflow, you can add the `upload-sarif` action as a step after running your CI tests. If you don't already have a CI workflow, you can create one using a {% data variables.product.prodname_actions %} template. For more information, see the "[{% data variables.product.prodname_actions %} quickstart](/actions/quickstart)."
 
-This example workflow runs anytime commits are pushed to the repository. The action uses the `partialFingerprints` property to determine if changes have occurred. In addition to running when commits are pushed, the workflow is scheduled to run once per week. For more information, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)." 
+This example workflow runs anytime commits are pushed to the repository. The action uses the `partialFingerprints` property to determine if changes have occurred. In addition to running when commits are pushed, the workflow is scheduled to run once per week. For more information, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)."
 
 The workflow shows an example of running the ESLint static analysis tool as a step in a workflow. The `Run ESLint` step runs the ESLint tool and outputs the `results.sarif` file. The workflow then uploads the `results.sarif` file to {% data variables.product.prodname_dotcom %} using the `upload-sarif` action. For more information about creating a workflow file, see "[Introduction to GitHub Actions](/actions/learn-github-actions/introduction-to-github-actions)."
 

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -182,22 +182,28 @@ If you schedule extensive work to upgrade a dependency, or decide that an alert
 
 ## Viewing and updating closed alerts
 
-{% tip %}
-
-**Tip:** You can only reopen alerts that have been previously dismissed. Closed alerts that have already been fixed cannot be reopened.
-{% endtip %}
+You can view all open alerts, and you can reopen alerts that have been previously dismissed. Closed alerts that have already been fixed cannot be reopened.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
 {% data reusables.repositories.sidebar-dependabot-alerts %}
-1. To just view closed alerts, click **Closed**.{% ifversion dependabot-bulk-alerts %}
-  ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed-checkbox.png){% else %}
-  ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed.png){% endif %}
-1. Click the alert that you would like to view or update.{% ifversion dependabot-bulk-alerts %}
-  ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert-checkbox.png){% else %}
-  ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert.png){% endif %}
+1. To just view closed alerts, click **Closed**.
+
+   {%- ifversion dependabot-bulk-alerts %}
+   ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed-checkbox.png)
+   {%- else %}
+   ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed.png)
+   {%- endif %}
+1. Click the alert that you would like to view or update.
+
+   {%- ifversion dependabot-bulk-alerts %}
+   ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert-checkbox.png)
+   {%- else %}
+   ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert.png)   {%- endif %}
 2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. Alerts that have already been fixed cannot be reopened.
-  ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png)
+
+   {% indented_data_reference reusables.enterprise.3-5-missing-feature spaces=3 %}
+   ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png)
 
 {% endif %}
 

content/code-security/guides.md

@@ -28,6 +28,8 @@ includeGuides:
   - /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
   - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
   - /code-security/secret-scanning/managing-alerts-from-secret-scanning
+  - /code-security/secret-scanning/protecting-pushes-with-secret-scanning
+  - /code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection
   - /code-security/secret-scanning/secret-scanning-patterns
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -67,9 +67,10 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
-{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion secret-scanning-custom-enterprise-35 %}
+{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion secret-scanning-custom-enterprise-35 or custom-pattern-dry-run-ga %}
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
+{%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {% endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
@@ -122,10 +123,11 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
-{%- ifversion secret-scanning-custom-enterprise-35 %}
+{%- ifversion secret-scanning-custom-enterprise-35 or custom-pattern-dry-run-ga %}
 1. When you're ready to test your new custom pattern, to identify matches in select repositories without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
+{%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {%- endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
@@ -141,7 +143,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 
 {% note %}
 
-{% ifversion secret-scanning-custom-enterprise-36 %}
+{% ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %}
 **Notes:**
 - At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run. 
 - Enterprise owners can only make use of dry runs on repositories that they have access to, and enterprise owners do not necessarily have access to all the organizations or repositories within the enterprise.
@@ -158,10 +160,11 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {% data reusables.enterprise-accounts.advanced-security-security-features %}
 1. Under "Secret scanning custom patterns", click {% ifversion ghes = 3.2 %}**New custom pattern**{% else %}**New pattern**{% endif %}.
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
-{%- ifversion secret-scanning-custom-enterprise-36 %}
+{%- ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %}
 1. When you're ready to test your new custom pattern, to identify matches in the enterprise without creating alerts, click **Save and dry run**.
-{% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
+{% data reusables.advanced-security.secret-scanning-dry-run-select-enterprise-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
+{%- ifversion secret-scanning-custom-enterprise-36 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {%- endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
@@ -175,7 +178,7 @@ When you save a change to a custom pattern, this closes all the {% data variable
    * For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](#defining-a-custom-pattern-for-an-organization)" above.
    * For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see "[Defining a custom pattern for an enterprise account](#defining-a-custom-pattern-for-an-enterprise-account)" above.
 2. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="The edit icon" %}.
-{%- ifversion secret-scanning-custom-enterprise-36 %}
+{%- ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga  %}
 3. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
 {%- endif %}
 4. When you have reviewed and tested your changes, click **Save changes**.

content/code-security/secret-scanning/index.md

@@ -21,5 +21,6 @@ children:
   - /managing-alerts-from-secret-scanning
   - /secret-scanning-patterns
   - /protecting-pushes-with-secret-scanning
+  - /pushing-a-branch-blocked-by-push-protection
 ---
 

content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md

@@ -13,7 +13,7 @@ topics:
   - Advanced Security
   - Alerts
   - Repositories
-shortTitle: Push protection
+shortTitle: Enable push protection
 ---
 
 {% data reusables.secret-scanning.beta %}
@@ -30,11 +30,7 @@ If a contributor bypasses a push protection block for a secret, {% data variable
 - adds the bypass event to the audit log.{% ifversion secret-scanning-push-protection-email %}
 - sends an email alert to organization owners, security managers, and repository administrators, with a link to the related secret and the reason why it was allowed.{% endif %}
 
-{% data variables.product.prodname_secret_scanning_caps %} as a push protection currently scans repositories for secrets issued by the following service providers.
-
-{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
-
-{% data reusables.secret-scanning.secret-list-private-push-protection %}
+For information on the secrets and service providers supported for push protection, see "[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-push-protection)."
 
 ## Enabling {% data variables.product.prodname_secret_scanning %} as a push protection
 
@@ -58,32 +54,24 @@ Organization owners, security managers, and repository administrators can enable
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-push-protection-repo %}
 
+## Using secret scanning as a push protection from the command line
 
-## Using {% data variables.product.prodname_secret_scanning %} as a push protection from the command line
-
-When you attempt to push a supported secret to a repository or organization with {% data variables.product.prodname_secret_scanning %} as a push protection enabled, {% data variables.product.prodname_dotcom %} will block the push. You can remove the secret from your commit or follow a provided URL to allow the push.
+{% data reusables.secret-scanning.push-protection-command-line-choice %}
 
 Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret. 
 
 ![Screenshot showing that a push is blocked when a user attempts to push a secret to a repository](/assets/images/help/repository/secret-scanning-push-protection-with-link.png)
 
-If you need to remove the secret from your latest commit (that is, `HEAD`) on the branch being pushed and any earlier commits that contain the secret, you can remove the secret from `HEAD`, then squash the commits between when the commit was introduced and the first version of `HEAD` for which the secret has been removed.
+{% data reusables.secret-scanning.push-protection-remove-secret %} For more information about remediating blocked secrets, see "[Pushing a branch blocked by push protection](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-on-the-command-line)."
 
-{% note %}
+If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see "[Removing sensitive data from a repository](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
 
-**Notes**: 
-
-* If your git configuration supports pushes to multiple branches, and not only to the default branch, your push may be blocked due to additional and unintended refs being pushed. For more information, see the [`push.default` options](https://git-scm.com/docs/git-config#Documentation/git-config.txt-pushdefault) in the Git Docs.
-* If {% data variables.product.prodname_secret_scanning %} upon a push times out, {% data variables.product.prodname_dotcom %} will still run a scan after the push.
-
-{% endnote %}
+{% data reusables.secret-scanning.push-protection-multiple-branch-note %}
 
 ### Allowing a blocked secret to be pushed
 
 If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you can allow the secret and specify the reason why it should be allowed.
 
-If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. For more information, see "[Removing sensitive data from a repository](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
-
 {% data reusables.secret-scanning.push-protection-allow-secrets-alerts %}
 
 {% data reusables.secret-scanning.push-protection-allow-email %}
@@ -97,9 +85,7 @@ If you confirm a secret is real and that you intend to fix it later, you should
 {% ifversion secret-scanning-push-protection-web-ui %}
 ## Using secret scanning as a push protection from the web UI
 
-When you use the web UI to attempt to commit a supported secret to a repository or organization with secret scanning as a push protection enabled, {% data variables.product.prodname_dotcom %} will block the commit. You will see a banner at the top of the page with information about the secret's location, and the secret will also be underlined in the file so you can easily find it.  
-
-  ![Screenshot showing commit in web ui blocked because of secret scanning push protection](/assets/images/help/repository/secret-scanning-push-protection-web-ui-commit-blocked-banner.png)
+{% data reusables.secret-scanning.push-protection-web-ui-choice %}
 
 {% data variables.product.prodname_dotcom %} will only display one detected secret at a time in the web UI. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
 
@@ -109,7 +95,11 @@ You can remove the secret from the file using the web UI. Once you remove the se
 
 ### Bypassing push protection for a secret
 
-If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you can allow the secret and specify the reason why it should be allowed. If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible.
+{% data reusables.secret-scanning.push-protection-remove-secret %} For more information about remediating blocked secrets, see "[Pushing a branch blocked by push protection](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-in-the-web-ui)." 
+
+If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For more information, see "[Removing sensitive data from a repository](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
+
+If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you can allow the secret and specify the reason why it should be allowed.
 
 {% data reusables.secret-scanning.push-protection-allow-secrets-alerts %}
 
@@ -124,4 +114,4 @@ If you confirm a secret is real and that you intend to fix it later, you should
 
 1. Click **Allow secret**.
 
-{% endif %}
+{% endif %}

content/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection.md

@@ -0,0 +1,57 @@
+---
+title: Pushing a branch blocked by push protection
+intro: 'The push protection feature of {% data variables.product.prodname_secret_scanning %} proactively protects you against leaked secrets in your repositories. You can resolve blocked pushes and, once the detected secret is removed, you can push changes to your working branch from the command line or the web UI.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+miniTocMaxHeadingLevel: 3
+versions:
+  feature: secret-scanning-push-protection
+type: how_to
+topics:
+  - Secret scanning
+  - Advanced Security
+  - Alerts
+  - Repositories
+shortTitle: Push a blocked branch
+---
+
+## About push protection for {% data variables.product.prodname_secret_scanning %}
+
+The push protection feature of {% data variables.product.prodname_secret_scanning %} helps to prevent security leaks by scanning for secrets before you push changes to your repository. {% data reusables.secret-scanning.push-protection-overview %} For information on the secrets and service providers supported for push protection, see "[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-push-protection)."
+
+{% data reusables.secret-scanning.push-protection-remove-secret %}
+
+{% tip %}
+
+**Tip** 
+If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you can allow the secret and specify the reason why it should be allowed. For more information about bypassing push protection for a secret, see "[Allowing a blocked secret to be pushed](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#allowing-a-blocked-secret-to-be-pushed)" and "[Bypassing push protection for a secret](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret)" for the command line and the web UI, respectively. 
+
+{% endtip %}
+
+## Resolving a blocked push on the command line
+
+{% data reusables.secret-scanning.push-protection-command-line-choice %}
+
+{% data reusables.secret-scanning.push-protection-multiple-branch-note %}
+
+If the blocked secret was introduced by the latest commit on your branch, you can follow the guidance below.
+
+1. Remove the secret from your code.
+1. Commit the changes, by using `git commit --amend`.
+1. Push your changes with `git push`.
+
+You can also remove the secret if the secret appears in an earlier commit in the Git history.
+
+1. Use `git log` to determine which commit surfaced in the push error came first in history.
+1. Start an interactive rebase with `git rebase -i <commit-id>~1`. <commit-id> is the id of the commit from step 1.
+1. Identify your commit to edit by changing `pick` to `edit` on the first line of the text that appears in the editor.
+1. Remove the secret from your code.
+1. Commit the change with `git commit --amend`.
+1. Run `git rebase --continue` to finish the rebase.
+
+## Resolving a blocked commit in the web UI
+
+{% data reusables.secret-scanning.push-protection-web-ui-choice %}
+
+To resolve a blocked commit in the web UI, you need to remove the secret from the file, or use the **Bypass protection** dropdown to allow the secret. For more information about bypassing push protection from the web UI, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret)."
+
+If you confirm a secret is real, you need to remove the secret from the file. Once you remove the secret, the banner at the top of the page will change and tell you that you can now commit your changes.

content/code-security/secret-scanning/secret-scanning-patterns.md

@@ -21,10 +21,11 @@ redirect_from:
 {% ifversion fpt or ghec %}
 ## About {% data variables.product.prodname_secret_scanning %} patterns
 
-{% data variables.product.product_name %} maintains two different sets of {% data variables.product.prodname_secret_scanning %} patterns:
+{% data variables.product.product_name %} maintains these different sets of {% data variables.product.prodname_secret_scanning %} patterns:
 
 1. **Partner patterns.** Used to detect potential secrets in all public repositories. For details, see "[Supported secrets for partner patterns](#supported-secrets-for-partner-patterns)."
-2. **Advanced security patterns.** Used to detect potential secrets in repositories with {% data variables.product.prodname_secret_scanning %} enabled. {% ifversion ghec %} For details, see "[Supported secrets for advanced security](#supported-secrets-for-advanced-security)."{% endif %}
+2. **Advanced security patterns.** Used to detect potential secrets in repositories with {% data variables.product.prodname_secret_scanning %} enabled. {% ifversion ghec %} For details, see "[Supported secrets for advanced security](#supported-secrets-for-advanced-security)."{% endif %}{% ifversion secret-scanning-push-protection %}
+3. **Push protection patterns.** Used to detect potential secrets in repositories with {% data variables.product.prodname_secret_scanning %} as a push protection enabled. For details, see "[Supported secrets for push protection](#supported-secrets-for-push-protection)."{% endif %}
 
 {% ifversion fpt %}
 Organizations using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %} can enable {% data variables.product.prodname_secret_scanning_GHAS %} on their repositories. For details of these patterns, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security).
@@ -59,6 +60,16 @@ If you use the REST API for secret scanning, you can use the `Secret type` to re
 {% data reusables.secret-scanning.partner-secret-list-private-repo %}
 {% endif %}
 
+{% ifversion secret-scanning-push-protection %}
+## Supported secrets for push protection
+
+{% data variables.product.prodname_secret_scanning_caps %} as a push protection currently scans repositories for secrets issued by the following service providers.
+
+{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
+
+{% data reusables.secret-scanning.secret-list-private-push-protection %}
+
+{% endif %}
 ## Further reading
 
 - "[Securing your repository](/code-security/getting-started/securing-your-repository)"

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md

@@ -96,7 +96,8 @@ The recommended formats explicitly define which versions are used for all direct
 {% endif %}
 
 {% ifversion github-actions-in-dependency-graph %}
-[†] {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs.<job_id>.uses` will be parsed as dependencies. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/using-workflows/workflow-syntax-for-github-actions)."
+[†] {% data reusables.enterprise.3-5-missing-feature %} {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs.<job_id>.uses` will be parsed as dependencies. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/using-workflows/workflow-syntax-for-github-actions)."
+
 {% endif %}
 
 [‡] If you list your Python dependencies within a `setup.py` file, we may not be able to parse and list every dependency in your project.

content/codespaces/developing-in-codespaces/connecting-to-a-private-network.md

@@ -18,11 +18,26 @@ By default, your codespaces have access to all resources on the public internet,
 
 ## Connecting to resources on a private network
 
-The currently supported method of accessing resources on a private network is to use a VPN. It is currently not recommended to allowlist codespaces IPs as this would allow all codespaces (both yours and those of other customers) access to the network protected resources.
+There are currently two methods of accessing resources on a private network within Codespaces.
+- Using a {% data variables.product.prodname_cli %} extension to configure your local machine as a gateway to remote resources.
+- Using a VPN. 
+
+### Using the GitHub CLI extension to access remote resources
+
+{% note %}
+
+**Note**: The {% data variables.product.prodname_cli %} extension is currently in beta and subject to change. 
+
+{% endnote %}
+
+The {% data variables.product.prodname_cli %} extension allows you to create a bridge between a codespace and your local machine, so that the codespace can access any remote resource that is accessible from your machine. The codespace uses your local machine as a network gateway to reach those resources. For more information, see "[Using {% data variables.product.prodname_cli %} to access remote resources](https://github.com/github/gh-net#codespaces-network-bridge)."
+
+   
+   
 
 ### Using a VPN to access resources behind a private network
 
-The easiest way to access resources behind a private network is to VPN into that network from within your codespace.
+As an alternative to the {% data variables.product.prodname_cli %} extension, you can use a VPN to access resources behind a private network from within your codespace.
 
 We recommend VPN tools like [OpenVPN](https://openvpn.net/) to access resources on a private network. For more information, see "[Using the OpenVPN client from GitHub Codespaces](https://github.com/codespaces-contrib/codespaces-openvpn)."
 

content/codespaces/developing-in-codespaces/creating-a-codespace.md

@@ -21,7 +21,7 @@ shortTitle: Create a codespace
 
 You can create a codespace on {% data variables.product.prodname_dotcom_the_website %}, in {% data variables.product.prodname_vscode %}, or by using {% data variables.product.prodname_cli %}. {% data reusables.codespaces.codespaces-are-personal %}
 
-Codespaces are associated with a specific branch of a repository and the repository cannot be empty. {% data reusables.codespaces.concurrent-codespace-limit %} For more information, see "[Deleting a codespace](/github/developing-online-with-codespaces/deleting-a-codespace)."
+Codespaces are associated with a specific branch of a repository and the repository cannot be empty. {% data reusables.codespaces.concurrent-codespace-limit %}
 
 
 When you create a codespace, a number of steps happen to create and connect you to your development environment:

content/codespaces/developing-in-codespaces/index.md

@@ -13,6 +13,7 @@ children:
   - /developing-in-a-codespace
   - /using-source-control-in-your-codespace
   - /using-github-codespaces-for-pull-requests
+  - /renaming-a-codespace
   - /deleting-a-codespace
   - /forwarding-ports-in-your-codespace
   - /default-environment-variables-for-your-codespace

content/codespaces/developing-in-codespaces/renaming-a-codespace.md

@@ -0,0 +1,54 @@
+---
+title: Renaming a codespace
+intro: You can use the {% data variables.product.prodname_cli %} to change the codespace display name to one of your choice.
+product: '{% data reusables.gated-features.codespaces %}'
+versions:
+  fpt: '*'
+  ghec: '*'
+type: how_to
+topics:
+  - Codespaces
+  - Fundamentals
+  - Developer
+shortTitle: Rename a codespace
+---
+
+## About renaming a codespace
+
+Each codespace is assigned an auto-generated display name. If you have multiple codespaces, the display name helps you to differentiate between codespaces. For example: `literate space parakeet`. You can change the display name for your codespace.
+
+To find the display name of a codespace:
+
+- On {% data variables.product.product_name %}, view your list of codespaces at https://github.com/codespaces.
+
+  ![Screenshot of the list of codespaces in GitHub](/assets/images/help/codespaces/codespaces-list-display-name.png)
+
+- In the {% data variables.product.prodname_vscode %} desktop application, or the {% data variables.product.prodname_vscode_shortname %} web client, click the Remote Explorer. The display name is shown below the repository name. For example: `symmetrical space telegram` in the screenshot below.
+
+  ![Screenshot of the Remote Explorer in VS Code](/assets/images/help/codespaces/codespaces-remote-explorer.png)
+
+- In a terminal window on your local machine, use this {% data variables.product.prodname_cli %} command: `gh codespace list`. 
+### Permanent codespace names
+
+In addition to the display name, when you create a codespace, a permanent name is also assigned to the codespace. The name is a combination of your {% data variables.product.company_short %} handle, the repository name, and some random characters. For example: `octocat-myrepo-gmc7`. You can't change this name.
+
+To find the permanent name of a codespace:
+
+* On {% data variables.product.product_name %}, the permanent name is shown in a pop-up when you hover over the **Open in browser** option on https://github.com/codespaces. 
+
+   ![Screenshot of the codespace name shown on hover over](/assets/images/help/codespaces/find-codespace-name-github.png)
+   
+* In a codespace, use this command in the terminal: `echo $CODESPACE_NAME`.
+* In a terminal window on your local machine, use this {% data variables.product.prodname_cli %} command: `gh codespace list`.
+
+## Renaming a codespace
+
+Changing the display name of a codespace can be useful if you have multiple codespaces that you will be using for an extended period. An appropriate name helps you identify a codespace that you use for a particular purpose. You can change the display name for your codespace by using the {% data variables.product.prodname_cli %}.
+
+To rename a codespace, use the `gh codespace edit` subcommand:
+
+```shell
+gh codespace edit -c <em>permanent name of the codespace</em> -d <em>new display name</em>
+```
+
+In this example, replace `permanent name of the codespace` with the permanent name of the codespace. Replace `new display name` with the desired display name.

content/codespaces/developing-in-codespaces/using-github-codespaces-with-github-cli.md

@@ -30,6 +30,7 @@ You can work with {% data variables.product.prodname_codespaces %} in the  {% da
   - [Copy a file to/from a codespace](#copy-a-file-tofrom-a-codespace)
   - [Modify ports in a codespace](#modify-ports-in-a-codespace)
   - [Access codespace logs](#access-codespace-logs)
+  - [Access remote resources](#access-remote-resources)
 
 ## Installing {% data variables.product.prodname_cli %}
 
@@ -197,3 +198,12 @@ gh codespace logs -c <em>codespace-name</em>
 ```
 
 For more information about the creation log, see "[{% data variables.product.prodname_github_codespaces %} logs](/codespaces/troubleshooting/github-codespaces-logs#creation-logs)."
+
+### Access remote resources 
+You can use the {% data variables.product.prodname_cli %} extension to create a bridge between a codespace and your local machine, so that the codespace can access any remote resource that is accessible from your machine. For more information on using the extension, see "[Using {% data variables.product.prodname_cli %} to access remote resources](https://github.com/github/gh-net#codespaces-network-bridge)."
+
+{% note %}
+
+**Note**: The {% data variables.product.prodname_cli %} extension is currently in beta and subject to change. 
+
+{% endnote %}

content/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds.md

@@ -22,6 +22,14 @@ When prebuilds are available for a particular branch of a repository, a particul
 
 ![The dialog box for choosing a machine type](/assets/images/help/codespaces/choose-custom-machine-type.png)
 
+## The prebuild process
+
+To create a prebuild you set up a prebuild configuration. When you save the configuration, a {% data variables.product.prodname_actions %} workflow runs to create each of the required prebuilds; one workflow per prebuild. Workflows also run whenever the prebuilds for your configuration need to be updated. This can happen at scheduled intervals, on pushes to a prebuild-enabled repository, or when you change the dev container configuration. For more information, see "[Configuring prebuilds](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-a-prebuild)."  
+
+When a prebuild configuration workflow runs, {% data variables.product.prodname_dotcom %} creates a temporary codespace, performing setup operations up to and including any `onCreateCommand` and `updateContentCommand` commands in the `devcontainer.json` file. No `postCreateCommand` commands are run during the creation of a prebuild. For more information about these commands, see the [`devcontainer.json` reference](https://code.visualstudio.com/docs/remote/devcontainerjson-reference#_devcontainerjson-properties) in the {% data variables.product.prodname_vscode_shortname %} documentation. A snapshot of the generated container is then taken and stored.
+
+When you create a codespace from a prebuild, {% data variables.product.prodname_dotcom %} downloads the existing container snapshot from storage and deploys it on a fresh virtual machine, completing the remaining commands specified in the dev container configuration. Since many operations have already been performed, such as cloning the repository, creating a codespace from a prebuild can be substantially quicker than creating one without a prebuild. This is true where the repository is large and/or `onCreateCommand` commands take a long time to run.
+
 ## About billing for {% data variables.product.prodname_codespaces %} prebuilds
 
 {% data reusables.codespaces.billing-for-prebuilds-default %} For details of {% data variables.product.prodname_codespaces %} storage pricing, see "[About billing for {% data variables.product.prodname_github_codespaces %}](/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces)." 
@@ -32,15 +40,15 @@ Use of codespaces created using prebuilds is charged at the same rate as regular
 
 ## About pushing changes to prebuild-enabled branches
 
-By default, each push to a branch that has a prebuild configuration results in a {% data variables.product.prodname_dotcom %}-managed Actions workflow run to update the prebuild template. The prebuild workflow has a concurrency limit of one workflow run at a time for a given prebuild configuration, unless changes were made that affect the dev container configuration for the associated repository. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers)." If a run is already in progress, the workflow run that was queued most recently queued will run next, after the current run completes. 
+By default, each push to a branch that has a prebuild configuration results in a {% data variables.product.prodname_dotcom %}-managed Actions workflow run to update the prebuild. The prebuild workflow has a concurrency limit of one workflow run at a time for a given prebuild configuration, unless changes were made that affect the dev container configuration for the associated repository. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers)." If a run is already in progress, the workflow run that was queued most recently queued will run next, after the current run completes. 
 
-With the prebuild template set to be updated on each push, it means that if there are very frequent pushes to your repository, prebuild template updates will occur at least as often as it takes to run the prebuild workflow. That is, if your workflow run typically takes one hour to complete, prebuilds will be created for your repository roughly hourly, if the run succeeds, or more often if there were pushes that change the dev container configuration on the branch.
+With the prebuild set to be updated on each push, it means that if there are very frequent pushes to your repository, prebuild updates will occur at least as often as it takes to run the prebuild workflow. That is, if your workflow run typically takes one hour to complete, prebuilds will be created for your repository roughly hourly, if the run succeeds, or more often if there were pushes that change the dev container configuration on the branch.
 
 For example, let's imagine 5 pushes are made, in quick succession, against a branch that has a prebuild configuration. In this situation:
 
-* A workflow run is started for the first push, to update the prebuild template.
+* A workflow run is started for the first push, to update the prebuild.
 * If the 4 remaining pushes do not affect the dev container configuration, the workflow runs for these are queued in a "pending" state. 
   
   If any of the remaining 4 pushes change the dev container configuration, then the service will not skip that one and will immediately run the prebuild creation workflow, updating the prebuild accordingly if it succeeds. 
 
-* Once the first run completes, workflow runs for pushes 2, 3, and 4 will be canceled, and the last queued workflow (for push 5) will run and update the prebuild template. 
+* Once the first run completes, workflow runs for pushes 2, 3, and 4 will be canceled, and the last queued workflow (for push 5) will run and update the prebuild. 

content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md

@@ -1,7 +1,7 @@
 ---
 title: Allowing a prebuild to access other repositories
 shortTitle: Allow external repo access
-intro: You can permit your prebuild template access to other {% data variables.product.prodname_dotcom %} repositories so that it can be built successfully.
+intro: You can permit your prebuild to access other {% data variables.product.prodname_dotcom %} repositories so that it can be built successfully.
 versions:
   fpt: '*'
   ghec: '*'
@@ -55,7 +55,7 @@ You will need to create a new personal account and then use this account to crea
 1. Sign back into the account that has admin access to the repository. 
 1. In the repository for which you want to create {% data variables.product.prodname_codespaces %} prebuilds, create a new {% data variables.product.prodname_codespaces %} repository secret called `CODESPACES_PREBUILD_TOKEN`, giving it the value of the token you created and copied. For more information, see "[Managing encrypted secrets for your repository and organization for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-codespaces-for-your-organization/managing-encrypted-secrets-for-your-repository-and-organization-for-github-codespaces#adding-secrets-for-a-repository)."
 
-The PAT will be used for all subsequent prebuild templates created for your repository. Unlike other {% data variables.product.prodname_codespaces %} repository secrets, the `CODESPACES_PREBUILD_TOKEN` secret is only used for prebuilding and will not be available to use in codespaces created from your repository.
+The PAT will be used for all subsequent prebuilds created for your repository. Unlike other {% data variables.product.prodname_codespaces %} repository secrets, the `CODESPACES_PREBUILD_TOKEN` secret is only used for prebuilding and will not be available to use in codespaces created from your repository.
 
 ## Further reading
 

content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md

@@ -15,7 +15,7 @@ permissions: People with admin access to a repository can configure prebuilds fo
 
 You can set up a prebuild configuration for the combination of a specific branch of your repository with a specific dev container configuration file.
 
-Any branches created from a prebuild-enabled parent branch will typically also get prebuilds for the same dev container configuration. This is because the prebuild template for child branches that use the same dev container configuration as the parent branch are, for the most part, identical, so developers can benefit from faster codespace creation times on those branches also. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers)."
+Any branches created from a prebuild-enabled parent branch will typically also get prebuilds for the same dev container configuration. This is because the prebuild for child branches that use the same dev container configuration as the parent branch are, for the most part, identical, so developers can benefit from faster codespace creation times on those branches also. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers)."
 
 Typically, when you configure prebuilds for a branch, prebuilds will be available for multiple machine types. However, if your repository is greater than 32 GB, prebuilds won't be available for 2-core and 4-core machine types, since the storage these provide is limited to 32 GB.
 
@@ -44,37 +44,37 @@ Before you can configure prebuilds for your project the following must be true:
 
    {% endnote %}
 
-1. Optionally, in the **Configuration file** drop-down menu that's displayed, choose the `devcontainer.json` configuration file that you want to use for this prebuild template. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers#devcontainerjson)."
+1. Optionally, in the **Configuration file** drop-down menu that's displayed, choose the `devcontainer.json` configuration file that you want to use for this prebuild. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers#devcontainerjson)."
 
    ![The configuration file drop-down menu](/assets/images/help/codespaces/prebuilds-choose-configfile.png)
 
-1. Choose how you want to automatically trigger updates of the prebuild template.
+1. Choose how you want to automatically trigger updates of the prebuild.
 
-   * **Every push** (the default setting) - With this setting, prebuild configurations will be updated on every push made to the given branch. This will ensure that codespaces generated from a prebuild template always contain the latest codespace configuration, including any recently added or updated dependencies.
-   * **On configuration change** - With this setting, prebuild configurations will be updated every time associated configuration files for a given repo and branch are updated. This ensures that changes to the dev container configuration files for the repository are used when a codespace is generated from a prebuild template. The Actions workflow that updates the prebuild template will run less often, so this option will use fewer Actions minutes. However, this option will not guarantee that codespaces always include recently added or updated dependencies, so these may have to be added or updated manually after a codespace has been created.
+   * **Every push** (the default setting) - With this setting, prebuild configurations will be updated on every push made to the given branch. This will ensure that codespaces generated from a prebuild always contain the latest codespace configuration, including any recently added or updated dependencies.
+   * **On configuration change** - With this setting, prebuild configurations will be updated every time associated configuration files for a given repo and branch are updated. This ensures that changes to the dev container configuration files for the repository are used when a codespace is generated from a prebuild. The Actions workflow that updates the prebuild will run less often, so this option will use fewer Actions minutes. However, this option will not guarantee that codespaces always include recently added or updated dependencies, so these may have to be added or updated manually after a codespace has been created.
    * **Scheduled** - With this setting, you can have your prebuild configurations update on a custom schedule that's defined by you. This can reduce consumption of Actions minutes, however, with this option, codespaces may be created that do not use the latest dev container configuration changes.
 
    ![The prebuild trigger options](/assets/images/help/codespaces/prebuilds-triggers.png)
 
-1. Optionally, select **Reduce prebuild available to only specific regions** to limit access to your prebuild template, then select which regions you want it to be available in. Developers can only create codespaces from a prebuild if they are located in a region you select. By default, your prebuild template is available to all regions where codespaces is available and storage costs apply for each region.
+1. Optionally, select **Reduce prebuild available to only specific regions** to limit access to your prebuild, then select which regions you want it to be available in. Developers can only create codespaces from a prebuild if they are located in a region you select. By default, your prebuild is available to all regions where codespaces is available and storage costs apply for each region.
 
    ![The region selection options](/assets/images/help/codespaces/prebuilds-regions.png)
 
    {% note %}
 
    **Notes**: 
-   * The prebuild template for each region will incur individual charges. You should, therefore, only enable prebuilds for regions in which you know they'll be used. For more information, see "[About {% data variables.product.prodname_github_codespaces %} prebuilds](/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds#about-billing-for-codespaces-prebuilds)."
+   * The prebuild for each region will incur individual charges. You should, therefore, only enable prebuilds for regions in which you know they'll be used. For more information, see "[About {% data variables.product.prodname_github_codespaces %} prebuilds](/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds#about-billing-for-codespaces-prebuilds)."
    * Developers can set their default region for {% data variables.product.prodname_codespaces %}, which can allow you to enable prebuilds for fewer regions. For more information, see "[Setting your default region for {% data variables.product.prodname_github_codespaces %}](/codespaces/customizing-your-codespace/setting-your-default-region-for-github-codespaces)."
 
    {% endnote %}
 
-1. Optionally, set the number of prebuild template versions to be retained. You can input any number between 1 and 5. The default number of saved versions is 2, which means that only the latest template version and the previous version are saved.
+1. Optionally, set the number of prebuild versions to be retained. You can input any number between 1 and 5. The default number of saved versions is 2, which means that only the latest template version and the previous version are saved.
 
-   Depending on your prebuild trigger settings, your prebuild template could change with each push or on each dev container configuration change. Retaining older versions of prebuild templates enables you to create a prebuild from an older commit with a different dev container configuration than the current prebuild template. Since there is a storage cost associated with retaining prebuild template versions, you can choose the number of versions to be retained based on the needs of your team. For more information on billing, see "[About billing for {% data variables.product.prodname_github_codespaces %}](/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)."
+   Depending on your prebuild trigger settings, your prebuild could change with each push or on each dev container configuration change. Retaining older versions of prebuilds enables you to create a prebuild from an older commit with a different dev container configuration than the current prebuild. Since there is a storage cost associated with retaining prebuild versions, you can choose the number of versions to be retained based on the needs of your team. For more information on billing, see "[About billing for {% data variables.product.prodname_github_codespaces %}](/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces#codespaces-pricing)."
 
-   If you set the number of prebuild template versions to save to 1, {% data variables.product.prodname_codespaces %} will only save the latest version of the prebuild template and will delete the older version each time the template is updated. This means you will not get a prebuilt codespace if you go back to an older dev container configuration.
+   If you set the number of prebuild versions to save to 1, {% data variables.product.prodname_codespaces %} will only save the latest version of the prebuild and will delete the older version each time the template is updated. This means you will not get a prebuilt codespace if you go back to an older dev container configuration.
 
-   ![The prebuild template history setting](/assets/images/help/codespaces/prebuilds-template-history-setting.png)
+   ![The prebuild history setting](/assets/images/help/codespaces/prebuilds-template-history-setting.png)
 
 1. Optionally, add users or teams to notify when the prebuild workflow run fails for this configuration. You can begin typing a username, team name, or full name, then click the name once it appears to add them to the list. The users or teams you add will receive an email when prebuild failures occur, containing a link to the workflow run logs to help with further investigation.
 
@@ -84,7 +84,7 @@ Before you can configure prebuilds for your project the following must be true:
 
    {% data reusables.codespaces.prebuilds-permission-authorization %}
 
-After you create a prebuild configuration it is listed on the {% data variables.product.prodname_codespaces %} page of your repository settings. A {% data variables.product.prodname_actions %} workflow is queued and then run to create prebuild templates in the regions you specified, based on the branch and dev container configuration file you selected. 
+After you create a prebuild configuration it is listed on the {% data variables.product.prodname_codespaces %} page of your repository settings. A {% data variables.product.prodname_actions %} workflow is queued and then run to create prebuilds in the regions you specified, based on the branch and dev container configuration file you selected. 
 
 ![Screenshot of the list of prebuild configurations](/assets/images/help/codespaces/prebuild-configs-list.png)
 
@@ -100,9 +100,9 @@ Prebuilds cannot use any user-level secrets while building your environment, bec
 
 ## Configuring time-consuming tasks to be included in the prebuild
 
-You can use the `onCreateCommand` and `updateContentCommand` commands in your `devcontainer.json` to include time-consuming processes as part of the prebuild template creation. For more information, see the {% data variables.product.prodname_vscode %} documentation, "[devcontainer.json reference](https://code.visualstudio.com/docs/remote/devcontainerjson-reference#_lifecycle-scripts)."
+You can use the `onCreateCommand` and `updateContentCommand` commands in your `devcontainer.json` to include time-consuming processes as part of the prebuild creation. For more information, see the {% data variables.product.prodname_vscode %} documentation, "[devcontainer.json reference](https://code.visualstudio.com/docs/remote/devcontainerjson-reference#_lifecycle-scripts)."
 
-`onCreateCommand` is run only once, when the prebuild template is created, whereas `updateContentCommand` is run at template creation and at subsequent template updates. Incremental builds should be included in `updateContentCommand` since they represent the source of your project and need to be included for every prebuild template update.
+`onCreateCommand` is run only once, when the prebuild is created, whereas `updateContentCommand` is run at template creation and at subsequent template updates. Incremental builds should be included in `updateContentCommand` since they represent the source of your project and need to be included for every prebuild update.
 
 ## Further reading
 

content/codespaces/prebuilding-your-codespaces/managing-prebuilds.md

@@ -16,7 +16,7 @@ miniTocMaxHeadingLevel: 3
 
 The prebuilds that you configure for a repository are created and updated using a {% data variables.product.prodname_actions %} workflow, managed by the {% data variables.product.prodname_github_codespaces %} service. 
 
-Depending on the settings in a prebuild configuration, the workflow to update the prebuild template may be triggered by these events:
+Depending on the settings in a prebuild configuration, the workflow to update the prebuild may be triggered by these events:
 
 * Creating or updating the prebuild configuration
 * Pushing a commit or a pull request to a branch that's configured to have prebuilds
@@ -24,7 +24,7 @@ Depending on the settings in a prebuild configuration, the workflow to update th
 * A schedule that you've defined in the prebuild configuration
 * Manually triggering the workflow
 
-The settings in the prebuild configuration determine which events automatically trigger an update of the prebuild template. For more information, see "[Configuring prebuilds](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-a-prebuild)." 
+The settings in the prebuild configuration determine which events automatically trigger an update of the prebuild. For more information, see "[Configuring prebuilds](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-a-prebuild)." 
 
 People with admin access to a repository can check the progress of prebuilds, edit, and delete prebuild configurations. 
 
@@ -61,7 +61,7 @@ This displays the workflow run history for prebuilds for the associated branch.
 
 ### Disabling a prebuild configuration
 
-To pause the update of prebuild templates for a configuration, you can disable workflow runs for the configuration. Disabling the workflow runs for a prebuild configuration does not delete any previously created prebuild templates for that configuration and, as a result, codespaces will continue to be generated from an existing prebuild template.
+To pause the update of prebuilds for a configuration, you can disable workflow runs for the configuration. Disabling the workflow runs for a prebuild configuration does not delete any previously created prebuilds for that configuration and, as a result, codespaces will continue to be generated from an existing prebuild.
 
 Disabling the workflow runs for a prebuild configuration is useful if you need to investigate template creation failures.
 
@@ -74,7 +74,7 @@ Disabling the workflow runs for a prebuild configuration is useful if you need t
 
 ### Deleting a prebuild configuration
 
-Deleting a prebuild configuration also deletes all previously created prebuild templates for that configuration. As a result, shortly after you delete a configuration, prebuilds generated by that configuration will no longer be available when you create a new codespace.
+Deleting a prebuild configuration also deletes all previously created prebuilds for that configuration. As a result, shortly after you delete a configuration, prebuilds generated by that configuration will no longer be available when you create a new codespace.
 
 After you delete a prebuild configuration, workflow runs for that configuration that have been queued or started will still run. They will be listed in the workflow run history, along with previously completed workflow runs.
 

content/codespaces/prebuilding-your-codespaces/testing-dev-container-changes.md

@@ -14,7 +14,7 @@ product: '{% data reusables.gated-features.codespaces %}'
 permissions: People with write permissions to a repository can create or edit the dev container configuration for a branch.
 ---
 
-Any changes you make to the dev container configuration for a prebuild-enabled branch will result in an update to the codespace configuration and the associated prebuild template. It’s therefore important to test such changes in a codespace from a test branch before committing your changes to a branch of your repository that's actively used. This will ensure you’re not introducing breaking changes for your team.
+Any changes you make to the dev container configuration for a prebuild-enabled branch will result in an update to the codespace configuration and the associated prebuild. It’s therefore important to test such changes in a codespace from a test branch before committing your changes to a branch of your repository that's actively used. This will ensure you’re not introducing breaking changes for your team.
 
 For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers)."
 
@@ -25,7 +25,7 @@ For more information, see "[Introduction to dev containers](/codespaces/setting-
 1. In the codespace, check out a test branch. For more information, see "[Using source control in your codespace](/codespaces/developing-in-codespaces/using-source-control-in-your-codespace#creating-or-switching-branches)."
 1. Make the required changes to the dev container configuration.
 1. Apply the changes by rebuilding the container. For more information, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers#applying-configuration-changes-to-a-codespace)."
-1. After everything looks good, we also recommend creating a new codespace from your test branch to ensure everything is working. You can then commit your changes to your repository's default branch, or an active feature branch, triggering an update of the prebuild template for that branch.
+1. After everything looks good, we also recommend creating a new codespace from your test branch to ensure everything is working. You can then commit your changes to your repository's default branch, or an active feature branch, triggering an update of the prebuild for that branch.
 
    {% note %}
    

content/codespaces/troubleshooting/troubleshooting-prebuilds.md

@@ -44,7 +44,7 @@ cat /workspaces/.codespaces/shared/environment-variables.json | jq '.ACTION_NAME
 
 You may notice that sometimes, when you create a new codespace from a prebuild-enabled branch, the "{% octicon "zap" aria-label="The zap icon" %} Prebuild Ready" label is not displayed in the dialog box for choosing a machine type. This means that prebuilds are not currently available.
 
-By default, each time you push to a prebuild-enabled branch, the prebuild template is updated. If the push involves a change to the dev container configuration then, while the update is in progress, the "{% octicon "zap" aria-label="The zap icon" %} Prebuild Ready" label is removed from the list of machine types. During this time you can still create codespaces without a prebuild template. If required, you can reduce the occasions on which prebuilds are unavailable for a repository by setting the prebuild template to be updated only when you make a change to your dev container configuration files, or only on a custom schedule. For more information, see "[Configuring prebuilds](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-a-prebuild)."
+By default, each time you push to a prebuild-enabled branch, the prebuild is updated. If the push involves a change to the dev container configuration then, while the update is in progress, the "{% octicon "zap" aria-label="The zap icon" %} Prebuild Ready" label is removed from the list of machine types. During this time you can still create codespaces without a prebuild. If required, you can reduce the occasions on which prebuilds are unavailable for a repository by setting the prebuild to be updated only when you make a change to your dev container configuration files, or only on a custom schedule. For more information, see "[Configuring prebuilds](/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-a-prebuild)."
 
 If your branch is not specifically enabled for prebuilds it may still benefit from prebuilds if it was branched from a prebuild-enabled branch. However, if the dev container configuration is changed on your branch, so that it's not the same as the configuration on the base branch, prebuilds will no longer be available on your branch.
 

content/communities/documenting-your-project-with-wikis/editing-wiki-content.md

@@ -26,7 +26,7 @@ topics:
 You can create links in wikis using the standard markup supported by your page, or using MediaWiki syntax. For example:
 
 - If your pages are rendered with Markdown, the link syntax is `[Link Text](full-URL-of-wiki-page)`.
-- With MediaWiki syntax, the link syntax is `[[Link Text|nameofwikipage]]`.
+- With MediaWiki syntax, the link syntax is `[[nameofwikipage|Link Text]]`.
 
 ## Adding images
 

content/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors.md

@@ -59,7 +59,7 @@ You can create default contribution guidelines for your organization{% ifversion
 If you're stumped, here are some good examples of contribution guidelines:
 
 - The Atom editor [contribution guidelines](https://github.com/atom/atom/blob/master/CONTRIBUTING.md).
-- The Ruby on Rails [contribution guidelines](https://github.com/rails/rails/blob/master/CONTRIBUTING.md).
+- The Ruby on Rails [contribution guidelines](https://github.com/rails/rails/blob/main/CONTRIBUTING.md).
 - The Open Government [contribution guidelines](https://github.com/opengovernment/opengovernment/blob/master/CONTRIBUTING.md).
 
 ## Further reading

content/education/contribute-with-github-community-exchange/getting-started-with-github-community-exchange.md

@@ -42,4 +42,4 @@ To report an abusive repository: Go to your {% data variables.product.prodname_c
 
 ## Further reading
 
-- "[About {% data variables.product.prodname_community_exchange %}](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-for-your-schoolwork/about-github-community-exchange)"
+- ""[About {% data variables.product.prodname_community_exchange %}](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/github-global-campus-for-students/about-github-community-exchange)""