From f932a7cca9a3c95d444b0518461d80f2080a44b5 Mon Sep 17 00:00:00 2001 From: Pallavi <96553709+pallsama@users.noreply.github.com> Date: Wed, 17 Dec 2025 03:25:58 -0800 Subject: [PATCH] Reducing downtime on starting replication (#58931) Co-authored-by: isaacmbrown --- data/release-notes/enterprise-server/3-14/20.yml | 2 ++ data/release-notes/enterprise-server/3-15/15.yml | 6 ++++-- data/release-notes/enterprise-server/3-16/11.yml | 6 ++++-- data/release-notes/enterprise-server/3-17/8.yml | 6 ++++-- data/release-notes/enterprise-server/3-18/2.yml | 4 +++- data/release-notes/enterprise-server/3-19/0.yml | 9 +++++---- 6 files changed, 22 insertions(+), 11 deletions(-) diff --git a/data/release-notes/enterprise-server/3-14/20.yml b/data/release-notes/enterprise-server/3-14/20.yml index 334303848c..7e5ff67286 100644 --- a/data/release-notes/enterprise-server/3-14/20.yml +++ b/data/release-notes/enterprise-server/3-14/20.yml @@ -27,6 +27,8 @@ sections: Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. diff --git a/data/release-notes/enterprise-server/3-15/15.yml b/data/release-notes/enterprise-server/3-15/15.yml index ae7b24804e..0c99e3cc0c 100644 --- a/data/release-notes/enterprise-server/3-15/15.yml +++ b/data/release-notes/enterprise-server/3-15/15.yml @@ -13,7 +13,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Site administrators using the Management Console would see overly verbose error messages on the maintenance page. These error messages were not cleared when a new request was made, and no message was displayed when maintenance mode changes were saved successfully. - | @@ -26,11 +26,13 @@ sections: When new Elasticsearch indexes were created, index routing memos could go to a read-only MySQL replica and fail, causing delays in audit log indexing after monthly rollovers. The memos are now written to the primary database rather than a read-only replica. changes: - | - A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. + A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. - | Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-16/11.yml b/data/release-notes/enterprise-server/3-16/11.yml index 2732fe0af2..fdbc7e3b1a 100644 --- a/data/release-notes/enterprise-server/3-16/11.yml +++ b/data/release-notes/enterprise-server/3-16/11.yml @@ -11,7 +11,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Site administrators using the Management Console would see overly verbose error messages on the maintenance page. These error messages were not cleared when a new request was made, and no message was displayed when maintenance mode changes were saved successfully. - | @@ -30,9 +30,11 @@ sections: When new Elasticsearch indexes were created, index routing memos could go to a read-only MySQL replica and fail, causing delays in audit log indexing after monthly rollovers. The memos are now written to the primary database rather than a read-only replica. changes: - | - A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. + A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. - | Administrators can add security key-backed (SK) SSH certificate authorities. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-17/8.yml b/data/release-notes/enterprise-server/3-17/8.yml index 52fec958e6..efab765158 100644 --- a/data/release-notes/enterprise-server/3-17/8.yml +++ b/data/release-notes/enterprise-server/3-17/8.yml @@ -11,7 +11,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Site administrators using the Management Console would see overly verbose error messages on the maintenance page. These error messages were not cleared when a new request was made, and no message was displayed when maintenance mode changes were saved successfully. - | @@ -34,11 +34,13 @@ sections: When new Elasticsearch indexes were created, index routing memos could go to a read-only MySQL replica and fail, causing delays in audit log indexing after monthly rollovers. The memos are now written to the primary database rather than a read-only replica. changes: - | - A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. + A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. - | Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-18/2.yml b/data/release-notes/enterprise-server/3-18/2.yml index 9a8d524a43..e424b438ac 100644 --- a/data/release-notes/enterprise-server/3-18/2.yml +++ b/data/release-notes/enterprise-server/3-18/2.yml @@ -13,7 +13,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Administrators running the `ghe-repl-decommission` script received an error. - | @@ -43,6 +43,8 @@ sections: Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-19/0.yml b/data/release-notes/enterprise-server/3-19/0.yml index e93aa3708f..050fe48a18 100644 --- a/data/release-notes/enterprise-server/3-19/0.yml +++ b/data/release-notes/enterprise-server/3-19/0.yml @@ -18,6 +18,9 @@ sections: # https://github.com/github/releases/issues/6908 - | Starting 3.19, new installations of GHES will have OpenTelemetry metrics enabled and Collectd metrics disabled by default. You have the option to toggle between the two. Upgraded instances will retain their current settings. In about two to three releases, OpenTelemetry metrics will become the only supported metrics. To learn about OTel metrics, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics). + # https://github.com/github/releases/issues/6922 + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] - heading: Migrations notes: @@ -199,14 +202,12 @@ sections: # https://github.com/github/releases/issues/6385 - | Enterprises using IP allowlists should verify and update their network settings to include the newly required IP ranges for importer migrations. Failure to allow these addresses prevents successful migrations. - # https://github.com/github/releases/issues/6019 + # https://github.com/github/releases/issues/6019 - | Projects now support up to 50,000 active items and 10,000 archived items. The previous limit was 1,200 items total. There is no option to opt out of this increased limit. known_issues: # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB - - | - **Note:** This list is not complete. Any new known issues that are identified for the 3.19 release will be added between now and the general availability release. - | Custom firewall rules are removed during the upgrade process. - | @@ -253,4 +254,4 @@ sections: - | Starting 3.21, networking-related syscalls will be disabled by default in the pre-receive hook environment. For enhanced security, hook environments will be placed in dedicated network namespaces. You will be able to override the default setting by setting pre-receive-hook-networking to enabled. As an alternative to many pre-receive hooks, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets#push-rulesets). - | - In 3.20, we will be retiring `Telegraf`. For context, this was a dark-shipped service running in the background and not part of any customer workflows. If you have discovered it and notice it is missing in a future release, we want to you to know we have intentionally removed it. + In 3.20, we will be retiring `Telegraf`. For context, this was a dark-shipped service running in the background and not part of any customer workflows. If you have discovered it and notice it is missing in a future release, we want to you to know we have intentionally removed it.